Commit | Line | Data |
---|---|---|
233e7676 | 1 | ;;; GNU Guix --- Functional package management for GNU |
95001d4b | 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> |
9884d7ec | 3 | ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr> |
95001d4b | 4 | ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch> |
fe224d20 | 5 | ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com> |
9c97afe8 | 6 | ;;; Copyright © 2016 David Craven <david@craven.ch> |
58f91e4d | 7 | ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> |
62cab99c | 8 | ;;; |
233e7676 | 9 | ;;; This file is part of GNU Guix. |
62cab99c | 10 | ;;; |
233e7676 | 11 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
62cab99c LC |
12 | ;;; under the terms of the GNU General Public License as published by |
13 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
14 | ;;; your option) any later version. | |
15 | ;;; | |
233e7676 | 16 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
62cab99c LC |
17 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
18 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | ;;; GNU General Public License for more details. | |
20 | ;;; | |
21 | ;;; You should have received a copy of the GNU General Public License | |
233e7676 | 22 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
62cab99c LC |
23 | |
24 | (define-module (guix download) | |
25 | #:use-module (ice-9 match) | |
26 | #:use-module (guix derivations) | |
27 | #:use-module (guix packages) | |
e87f0591 | 28 | #:use-module (guix store) |
b5b73a82 | 29 | #:use-module ((guix build download) #:prefix build:) |
6f8f8ccb LC |
30 | #:use-module (guix monads) |
31 | #:use-module (guix gexp) | |
62cab99c | 32 | #:use-module (guix utils) |
d8907ac4 | 33 | #:use-module (web uri) |
483f1158 | 34 | #:use-module (srfi srfi-1) |
94d222ad | 35 | #:use-module (srfi srfi-26) |
ec4d308a | 36 | #:export (%mirrors |
861693f3 | 37 | url-fetch |
95001d4b | 38 | url-fetch/tarbomb |
814b099a | 39 | url-fetch/zipbomb |
861693f3 | 40 | download-to-store)) |
62cab99c LC |
41 | |
42 | ;;; Commentary: | |
43 | ;;; | |
44 | ;;; Produce fixed-output derivations with data fetched over HTTP or FTP. | |
45 | ;;; | |
46 | ;;; Code: | |
47 | ||
94d222ad LC |
48 | (define %mirrors |
49 | ;; Mirror lists used when `mirror://' URLs are passed. | |
50 | (let* ((gnu-mirrors | |
51 | '(;; This one redirects to a (supposedly) nearby and (supposedly) | |
52 | ;; up-to-date mirror. | |
53 | "http://ftpmirror.gnu.org/" | |
54 | ||
55 | "ftp://ftp.cs.tu-berlin.de/pub/gnu/" | |
94d222ad LC |
56 | "ftp://ftp.funet.fi/pub/mirrors/ftp.gnu.org/gnu/" |
57 | ||
58 | ;; This one is the master repository, and thus it's always | |
59 | ;; up-to-date. | |
60 | "http://ftp.gnu.org/pub/gnu/"))) | |
61 | `((gnu ,@gnu-mirrors) | |
62 | (gcc | |
63 | "ftp://ftp.nluug.nl/mirror/languages/gcc/" | |
64 | "ftp://ftp.fu-berlin.de/unix/languages/gcc/" | |
65 | "ftp://ftp.irisa.fr/pub/mirrors/gcc.gnu.org/gcc/" | |
66 | "ftp://gcc.gnu.org/pub/gcc/" | |
67 | ,@(map (cut string-append <> "/gcc") gnu-mirrors)) | |
68 | (gnupg | |
b23c1a71 | 69 | "http://gd.tuwien.ac.at/privacy/gnupg/" |
d57b88be | 70 | "ftp://mirrors.dotsrc.org/gcrypt/" |
94d222ad | 71 | "ftp://mirror.cict.fr/gnupg/" |
d57b88be AE |
72 | "http://artfiles.org/gnupg.org" |
73 | "ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/" | |
74 | "ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/" | |
75 | "http://www.crysys.hu/" | |
76 | "ftp://ftp.hi.is/pub/mirrors/gnupg/" | |
77 | "ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/" | |
78 | "ftp://ftp.bit.nl/mirror/gnupg/" | |
79 | "ftp://ftp.surfnet.nl/pub/security/gnupg/" | |
80 | "ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/" | |
81 | "ftp://ftp.sunet.se/pub/security/gnupg/" | |
82 | "ftp://mirror.switch.ch/mirror/gnupg/" | |
83 | "ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/" | |
84 | "ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/" | |
85 | "ftp://ftp.ring.gr.jp/pub/net/gnupg/" | |
86 | "ftp://ftp.gnupg.org/gcrypt/") | |
71eb5c10 LC |
87 | (gnome |
88 | "http://ftp.belnet.be/ftp.gnome.org/" | |
89 | "http://ftp.linux.org.uk/mirrors/ftp.gnome.org/" | |
90 | "http://ftp.gnome.org/pub/GNOME/" | |
93897a45 | 91 | "https://download.gnome.org/" |
71eb5c10 | 92 | "http://mirror.yandex.ru/mirrors/ftp.gnome.org/") |
442c2c99 | 93 | (hackage |
4c13aad0 | 94 | "http://hackage.haskell.org/") |
94d222ad | 95 | (savannah |
a4eabecd | 96 | "http://download.savannah.gnu.org/releases/" |
94d222ad LC |
97 | "ftp://ftp.twaren.net/Unix/NonGNU/" |
98 | "ftp://mirror.csclub.uwaterloo.ca/nongnu/" | |
99 | "ftp://mirror.publicns.net/pub/nongnu/" | |
100 | "ftp://savannah.c3sl.ufpr.br/" | |
101 | "http://ftp.cc.uoc.gr/mirrors/nongnu.org/" | |
102 | "http://ftp.twaren.net/Unix/NonGNU/" | |
103 | "http://mirror.csclub.uwaterloo.ca/nongnu/" | |
104 | "http://nongnu.askapache.com/" | |
105 | "http://savannah.c3sl.ufpr.br/" | |
3f6d5b8a LC |
106 | "http://download.savannah.gnu.org/releases-noredirect/" |
107 | "http://download-mirror.savannah.gnu.org/releases/") | |
321dc4df | 108 | (sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/ |
fe224d20 | 109 | "http://downloads.sourceforge.net/project/" |
cd4c41fd LC |
110 | "http://ufpr.dl.sourceforge.net/project/" |
111 | "http://heanet.dl.sourceforge.net/project/" | |
112 | "http://freefr.dl.sourceforge.net/project/" | |
113 | "http://internode.dl.sourceforge.net/project/" | |
114 | "http://jaist.dl.sourceforge.net/project/" | |
115 | "http://kent.dl.sourceforge.net/project/" | |
116 | "http://liquidtelecom.dl.sourceforge.net/project/" | |
117 | "http://nbtelecom.dl.sourceforge.net/project/" | |
118 | "http://nchc.dl.sourceforge.net/project/" | |
119 | "http://ncu.dl.sourceforge.net/project/" | |
120 | "http://netcologne.dl.sourceforge.net/project/" | |
121 | "http://netix.dl.sourceforge.net/project/" | |
122 | "http://pilotfiber.dl.sourceforge.net/project/" | |
123 | "http://superb-sea2.dl.sourceforge.net/project/" | |
124 | "http://tenet.dl.sourceforge.net/project/" | |
125 | "http://vorboss.dl.sourceforge.net/project/" | |
126 | "http://netassist.dl.sourceforge.net/project/") | |
7c7b802c MB |
127 | (netfilter.org ; https://www.netfilter.org/mirrors.html |
128 | "http://ftp.netfilter.org/pub/" | |
129 | "ftp://ftp.es.netfilter.org/mirrors/netfilter/" | |
130 | "ftp://ftp.hu.netfilter.org/" | |
131 | "ftp://www.lt.netfilter.org/pub/") | |
b40b259f | 132 | (kernel.org |
b40b259f LC |
133 | "http://ramses.wh2.tu-dresden.de/pub/mirrors/kernel.org/" |
134 | "http://linux-kernel.uio.no/pub/" | |
135 | "http://kernel.osuosl.org/pub/" | |
5d9cd707 LC |
136 | "ftp://ftp.funet.fi/pub/mirrors/ftp.kernel.org/pub/" |
137 | "http://ftp.be.debian.org/pub/" | |
138 | "http://mirror.linux.org.au/") | |
47f9db41 LC |
139 | (apache ; from http://www.apache.org/mirrors/dist.html |
140 | "http://www.eu.apache.org/dist/" | |
141 | "http://www.us.apache.org/dist/" | |
142 | "ftp://gd.tuwien.ac.at/pub/infosys/servers/http/apache/dist/" | |
143 | "http://apache.belnet.be/" | |
144 | "http://mirrors.ircam.fr/pub/apache/" | |
f06afd4d LC |
145 | "http://apache-mirror.rbc.ru/pub/apache/" |
146 | ||
147 | ;; As a last resort, try the archive. | |
148 | "http://archive.apache.org/dist/") | |
149acc29 | 149 | (xorg ; from http://www.x.org/wiki/Releases/Download |
0820a58b | 150 | "http://www.x.org/releases/" ; main mirrors |
149acc29 AE |
151 | "ftp://mirror.csclub.uwaterloo.ca/x.org/" ; North America |
152 | "ftp://xorg.mirrors.pair.com/" | |
153 | "http://mirror.csclub.uwaterloo.ca/x.org/" | |
154 | "http://xorg.mirrors.pair.com/" | |
155 | "http://mirror.us.leaseweb.net/xorg/" | |
156 | "ftp://artfiles.org/x.org/" ; Europe | |
157 | "ftp://ftp.chg.ru/pub/X11/x.org/" | |
158 | "ftp://ftp.fu-berlin.de/unix/X11/FTP.X.ORG/" | |
159 | "ftp://ftp.gwdg.de/pub/x11/x.org/" | |
160 | "ftp://ftp.mirrorservice.org/sites/ftp.x.org/" | |
161 | "ftp://ftp.ntua.gr/pub/X11/" | |
162 | "ftp://ftp.piotrkosoft.net/pub/mirrors/ftp.x.org/" | |
163 | "ftp://ftp.portal-to-web.de/pub/mirrors/x.org/" | |
164 | "ftp://ftp.solnet.ch/mirror/x.org/" | |
149acc29 AE |
165 | "ftp://gd.tuwien.ac.at/X11/" |
166 | "ftp://mi.mirror.garr.it/mirrors/x.org/" | |
167 | "ftp://mirror.cict.fr/x.org/" | |
168 | "ftp://mirror.switch.ch/mirror/X11/" | |
169 | "ftp://mirrors.ircam.fr/pub/x.org/" | |
170 | "ftp://x.mirrors.skynet.be/pub/ftp.x.org/" | |
171 | "ftp://ftp.cs.cuhk.edu.hk/pub/X11" ; East Asia | |
172 | "ftp://ftp.u-aizu.ac.jp/pub/x11/x.org/" | |
173 | "ftp://ftp.yz.yamagata-u.ac.jp/pub/X11/x.org/" | |
174 | "ftp://ftp.kaist.ac.kr/x.org/" | |
175 | "ftp://mirrors.go-part.com/xorg/" | |
176 | "http://x.cs.pu.edu.tw/" | |
6af31019 LC |
177 | "ftp://ftp.is.co.za/pub/x.org") ; South Africa |
178 | (cpan ; from http://www.cpan.org/SITES.html | |
8aa5e15e | 179 | "http://mirror.ibcp.fr/pub/CPAN/" |
6af31019 LC |
180 | "ftp://ftp.ciril.fr/pub/cpan/" |
181 | "ftp://artfiles.org/cpan.org/" | |
182 | "http://www.cpan.org/" | |
183 | "ftp://cpan.rinet.ru/pub/mirror/CPAN/" | |
6af31019 LC |
184 | "ftp://cpan.inode.at/" |
185 | "ftp://cpan.iht.co.il/" | |
186 | "ftp://ftp.osuosl.org/pub/CPAN/" | |
187 | "ftp://ftp.nara.wide.ad.jp/pub/CPAN/" | |
188 | "http://mirrors.163.com/cpan/" | |
552ffa02 EF |
189 | "ftp://cpan.mirror.ac.za/" |
190 | "http://cpan.mirrors.ionfish.org/" | |
191 | "http://cpan.mirror.dkm.cz/pub/CPAN/" | |
192 | "http://cpan.mirror.iphh.net/" | |
193 | "http://mirrors.teentelecom.net/CPAN/" | |
194 | "http://mirror.teklinks.com/CPAN/" | |
195 | "http://cpan.weepeetelecom.be/" | |
196 | "http://mirrors.xservers.ro/CPAN/" | |
197 | "http://cpan.yimg.com/" | |
198 | "http://mirror.yazd.ac.ir/cpan/" | |
199 | "http://ftp.belnet.be/ftp.cpan.org/") | |
cb7e4867 RW |
200 | (cran |
201 | ;; Arbitrary mirrors from http://cran.r-project.org/mirrors.html | |
202 | ;; This one automatically redirects to servers worldwide | |
c009bb5a | 203 | "http://cran.r-project.org/" |
cb7e4867 RW |
204 | "http://cran.rstudio.com/" |
205 | "http://cran.univ-lyon1.fr/" | |
cb7e4867 RW |
206 | "http://cran.ism.ac.jp/" |
207 | "http://cran.stat.auckland.ac.nz/" | |
208 | "http://cran.mirror.ac.za/" | |
209 | "http://cran.csie.ntu.edu.tw/") | |
6d763bdd AE |
210 | (imagemagick |
211 | ;; from http://www.imagemagick.org/script/download.php | |
212 | ;; (without mirrors that are unavailable or not up to date) | |
213 | ;; mirrors keeping old versions at the top level | |
6d763bdd AE |
214 | "ftp://sunsite.icm.edu.pl/packages/ImageMagick/" |
215 | ;; mirrors moving old versions to "legacy" | |
6d763bdd | 216 | "ftp://mirror.aarnet.edu.au/pub/imagemagick/" |
7fa37abc | 217 | "http://mirror.checkdomain.de/imagemagick/" |
6d763bdd AE |
218 | "ftp://ftp.kddlabs.co.jp/graphics/ImageMagick/" |
219 | "ftp://ftp.u-aizu.ac.jp/pub/graphics/image/ImageMagick/imagemagick.org/" | |
220 | "ftp://ftp.nluug.nl/pub/ImageMagick/" | |
221 | "http://ftp.surfnet.nl/pub/ImageMagick/" | |
222 | "http://mirror.searchdaimon.com/ImageMagick" | |
223 | "ftp://ftp.tpnet.pl/pub/graphics/ImageMagick/" | |
7fa37abc | 224 | "http://mirror.is.co.za/pub/imagemagick/" |
6d763bdd AE |
225 | "http://mirrors-usa.go-parts.com/mirrors/ImageMagick/" |
226 | "ftp://ftp.fifi.org/pub/ImageMagick/" | |
227 | "http://www.imagemagick.org/download/" | |
228 | ;; one legacy location as a last resort | |
229 | "http://www.imagemagick.org/download/legacy/") | |
e0029b74 LC |
230 | (debian |
231 | "http://ftp.de.debian.org/debian/" | |
232 | "http://ftp.fr.debian.org/debian/" | |
6b287c5c | 233 | "http://ftp.debian.org/debian/" |
ff02b826 DC |
234 | "http://archive.debian.org/debian/") |
235 | (kde | |
112f089d | 236 | "http://download.kde.org" |
ff02b826 DC |
237 | ;; Mirrors from http://files.kde.org/extra/mirrors.html |
238 | ;; Europe | |
239 | "http://mirror.easyname.at/kde" | |
240 | "http://mirror.karneval.cz/pub/kde" | |
241 | "http://ftp.fi.muni.cz/pub/kde/" | |
242 | "http://mirror.oss.maxcdn.com/kde/" | |
243 | "http://ftp5.gwdg.de/pub/linux/kde/" | |
244 | "http://ftp-stud.fht-esslingen.de/Mirrors/ftp.kde.org/pub/kde/" | |
245 | "http://mirror.klaus-uwe.me/kde/ftp/" | |
246 | "http://kde.beta.mirror.ga/" | |
247 | "http://kde.alpha.mirror.ga/" | |
248 | "http://mirror.netcologne.de/kde" | |
249 | "http://vesta.informatik.rwth-aachen.de/ftp/pub/mirror/kde/" | |
250 | "http://ftp.rz.uni-wuerzburg.de/pub/unix/kde/" | |
251 | "http://mirrors.dotsrc.org/kde/" | |
252 | "http://ftp.funet.fi/pub/mirrors/ftp.kde.org/pub/kde/" | |
253 | "http://kde-mirror.freenux.org/" | |
254 | "http://mirrors.ircam.fr/pub/KDE/" | |
255 | "http://www-ftp.lip6.fr/pub/X11/kde/" | |
256 | "http://fr2.rpmfind.net/linux/KDE/" | |
257 | "http://kde.mirror.anlx.net/" | |
258 | "http://www.mirrorservice.org/sites/ftp.kde.org/pub/kde/" | |
259 | "http://ftp.heanet.ie/mirrors/ftp.kde.org/" | |
260 | "http://ftp.nluug.nl/pub/windowing/kde/" | |
261 | "http://ftp.surfnet.nl/windowing/kde/" | |
262 | "http://ftp.icm.edu.pl/pub/unix/kde/" | |
263 | "http://ftp.pbone.net/pub/kde/" | |
264 | "http://piotrkosoft.net/pub/mirrors/ftp.kde.org/" | |
265 | "http://mirrors.fe.up.pt/pub/kde/" | |
266 | "http://ftp.iasi.roedu.net/pub/mirrors/ftp.kde.org/" | |
267 | "http://ftp.acc.umu.se/mirror/kde.org/ftp/" | |
268 | "http://kde.ip-connect.vn.ua/" | |
269 | ;; North America | |
270 | "http://mirror.its.dal.ca/kde/" | |
271 | "http://mirror.csclub.uwaterloo.ca/kde/" | |
272 | "http://mirror.cc.columbia.edu/pub/software/kde/" | |
273 | "http://mirrors-usa.go-parts.com/kde" | |
274 | "http://kde.mirrors.hoobly.com/" | |
275 | "http://ftp.ussg.iu.edu/kde/" | |
276 | "http://mirrors.mit.edu/kde/" | |
277 | "http://kde.mirrors.tds.net/pub/kde/" | |
278 | ;; Oceania | |
279 | "http://ftp.kddlabs.co.jp/pub/X11/kde/" | |
644e5f17 TGR |
280 | "http://kde.mirror.uber.com.au/") |
281 | (openbsd | |
282 | "https://ftp.openbsd.org/pub/OpenBSD/" | |
283 | ;; Anycast CDN redirecting to your friendly local mirror. | |
284 | "https://mirrors.evowise.com/pub/OpenBSD/" | |
285 | ;; Other HTTPS mirrors from https://www.openbsd.org/ftp.html | |
286 | "https://mirror.aarnet.edu.au/pub/OpenBSD/" | |
287 | "https://ftp2.eu.openbsd.org/pub/OpenBSD/" | |
288 | "https://openbsd.c3sl.ufpr.br/pub/OpenBSD/" | |
289 | "https://openbsd.ipacct.com/pub/OpenBSD/" | |
290 | "https://ftp.OpenBSD.org/pub/OpenBSD/" | |
291 | "https://openbsd.cs.toronto.edu/pub/OpenBSD/" | |
292 | "https://openbsd.delfic.org/pub/OpenBSD/" | |
293 | "https://openbsd.mirror.netelligent.ca/pub/OpenBSD/" | |
294 | "https://mirrors.ucr.ac.cr/pub/OpenBSD/" | |
295 | "https://mirrors.dotsrc.org/pub/OpenBSD/" | |
296 | "https://mirror.one.com/pub/OpenBSD/" | |
297 | "https://ftp.fr.openbsd.org/pub/OpenBSD/" | |
298 | "https://ftp2.fr.openbsd.org/pub/OpenBSD/" | |
299 | "https://mirrors.ircam.fr/pub/OpenBSD/" | |
300 | "https://ftp.spline.de/pub/OpenBSD/" | |
301 | "https://mirror.hs-esslingen.de/pub/OpenBSD/" | |
302 | "https://ftp.halifax.rwth-aachen.de/openbsd/" | |
303 | "https://ftp.hostserver.de/pub/OpenBSD/" | |
304 | "https://ftp.fau.de/pub/OpenBSD/" | |
305 | "https://ftp.cc.uoc.gr/pub/OpenBSD/" | |
306 | "https://openbsd.hk/pub/OpenBSD/" | |
307 | "https://ftp.heanet.ie/pub/OpenBSD/" | |
308 | "https://openbsd.mirror.garr.it/pub/OpenBSD/" | |
309 | "https://mirror.litnet.lt/pub/OpenBSD/" | |
310 | "https://mirror.meerval.net/pub/OpenBSD/" | |
311 | "https://ftp.nluug.nl/pub/OpenBSD/" | |
312 | "https://ftp.bit.nl/pub/OpenBSD/" | |
313 | "https://mirrors.dalenys.com/pub/OpenBSD/" | |
314 | "https://ftp.icm.edu.pl/pub/OpenBSD/" | |
315 | "https://ftp.rnl.tecnico.ulisboa.pt/pub/OpenBSD/" | |
316 | "https://mirrors.pidginhost.com/pub/OpenBSD/" | |
317 | "https://mirror.yandex.ru/pub/OpenBSD/" | |
318 | "https://ftp.eu.openbsd.org/pub/OpenBSD/" | |
319 | "https://ftp.yzu.edu.tw/pub/OpenBSD/" | |
320 | "https://www.mirrorservice.org/pub/OpenBSD/" | |
321 | "https://anorien.csc.warwick.ac.uk/pub/OpenBSD/" | |
322 | "https://mirror.bytemark.co.uk/pub/OpenBSD/" | |
323 | "https://mirrors.sonic.net/pub/OpenBSD/" | |
324 | "https://ftp3.usa.openbsd.org/pub/OpenBSD/" | |
325 | "https://mirrors.syringanetworks.net/pub/OpenBSD/" | |
326 | "https://openbsd.mirror.constant.com/pub/OpenBSD/" | |
327 | "https://ftp4.usa.openbsd.org/pub/OpenBSD/" | |
328 | "https://ftp5.usa.openbsd.org/pub/OpenBSD/" | |
329 | "https://mirror.esc7.net/pub/OpenBSD/")))) | |
94d222ad | 330 | |
53216419 LC |
331 | (define %mirror-file |
332 | ;; Copy of the list of mirrors to a file. This allows us to keep a single | |
333 | ;; copy in the store, and computing it here avoids repeated calls to | |
334 | ;; 'object->string'. | |
335 | (plain-file "mirrors" (object->string %mirrors))) | |
336 | ||
cd436bf0 LC |
337 | (define %content-addressed-mirrors |
338 | ;; List of content-addressed mirrors. Each mirror is represented as a | |
ab84b927 LC |
339 | ;; procedure that takes a file name, an algorithm (symbol) and a hash |
340 | ;; (bytevector), and returns a URL or #f. | |
40f788b9 | 341 | ;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>. |
cd436bf0 | 342 | ;; TODO: Add more. |
ab84b927 | 343 | '(list (lambda (file algo hash) |
40f788b9 LC |
344 | ;; Files served by 'guix publish' are accessible under a single |
345 | ;; hash algorithm. | |
346 | (string-append "http://mirror.hydra.gnu.org/file/" | |
347 | file "/" (symbol->string algo) "/" | |
348 | (bytevector->nix-base32-string hash))) | |
349 | (lambda (file algo hash) | |
cd436bf0 LC |
350 | ;; 'tarballs.nixos.org' supports several algorithms. |
351 | (string-append "http://tarballs.nixos.org/" | |
352 | (symbol->string algo) "/" | |
353 | (bytevector->nix-base32-string hash))))) | |
354 | ||
355 | (define %content-addressed-mirror-file | |
356 | ;; Content-addressed mirrors stored in a file. | |
357 | (plain-file "content-addressed-mirrors" | |
358 | (object->string %content-addressed-mirrors))) | |
359 | ||
6f8f8ccb | 360 | (define (gnutls-package) |
6119ebf1 | 361 | "Return the default GnuTLS package." |
9884d7ec | 362 | (let ((module (resolve-interface '(gnu packages tls)))) |
6f8f8ccb | 363 | (module-ref module 'gnutls))) |
94d222ad | 364 | |
05ceb8dc LC |
365 | (define built-in-builders* |
366 | (let ((cache (make-weak-key-hash-table))) | |
367 | (lambda () | |
368 | "Return, as a monadic value, the list of built-in builders supported by | |
369 | the daemon." | |
370 | (lambda (store) | |
371 | ;; Memoize the result to avoid repeated RPCs. | |
372 | (values (or (hashq-ref cache store) | |
373 | (let ((result (built-in-builders store))) | |
374 | (hashq-set! cache store result) | |
375 | result)) | |
376 | store))))) | |
94d222ad | 377 | |
05ceb8dc LC |
378 | (define* (built-in-download file-name url |
379 | #:key system hash-algo hash | |
380 | mirrors content-addressed-mirrors | |
381 | (guile 'unused)) | |
382 | "Download FILE-NAME from URL using the built-in 'download' builder. | |
62cab99c | 383 | |
05ceb8dc LC |
384 | This is an \"out-of-band\" download in that the returned derivation does not |
385 | explicitly depend on Guile, GnuTLS, etc. Instead, the daemon performs the | |
386 | download by itself using its own dependencies." | |
387 | (mlet %store-monad ((mirrors (lower-object mirrors)) | |
388 | (content-addressed-mirrors | |
389 | (lower-object content-addressed-mirrors))) | |
390 | (raw-derivation file-name "builtin:download" '() | |
391 | #:system system | |
392 | #:hash-algo hash-algo | |
393 | #:hash hash | |
394 | #:inputs `((,mirrors) | |
395 | (,content-addressed-mirrors)) | |
396 | ||
397 | ;; Honor the user's proxy and locale settings. | |
398 | #:leaked-env-vars '("http_proxy" "https_proxy" | |
399 | "LC_ALL" "LC_MESSAGES" "LANG" | |
400 | "COLUMNS") | |
401 | ||
402 | #:env-vars `(("url" . ,(object->string url)) | |
403 | ("mirrors" . ,mirrors) | |
404 | ("content-addressed-mirrors" | |
4c80d4c4 LC |
405 | . ,content-addressed-mirrors)) |
406 | ||
407 | ;; Do not offload this derivation because we cannot be | |
408 | ;; sure that the remote daemon supports the 'download' | |
409 | ;; built-in. We may remove this limitation when support | |
410 | ;; for that built-in is widespread. | |
411 | #:local-build? #t))) | |
05ceb8dc LC |
412 | |
413 | (define* (in-band-download file-name url | |
414 | #:key system hash-algo hash | |
415 | mirrors content-addressed-mirrors | |
416 | guile) | |
417 | "Download FILE-NAME from URL using a normal, \"in-band\" fixed-output | |
418 | derivation. | |
419 | ||
420 | This is now deprecated since it has the drawback of causing bootstrapping | |
421 | issues: we may need to build GnuTLS just to be able to download the source of | |
422 | GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>." | |
483f1158 LC |
423 | (define need-gnutls? |
424 | ;; True if any of the URLs need TLS support. | |
425 | (let ((https? (cut string-prefix? "https://" <>))) | |
426 | (match url | |
427 | ((? string?) | |
428 | (https? url)) | |
429 | ((url ...) | |
430 | (any https? url))))) | |
431 | ||
6f8f8ccb | 432 | (define builder |
e9b046fd LC |
433 | (with-imported-modules '((guix build download) |
434 | (guix build utils) | |
435 | (guix ftp-client) | |
436 | (guix base32) | |
437 | (guix base64)) | |
438 | #~(begin | |
439 | #+(if need-gnutls? | |
6f8f8ccb | 440 | |
e9b046fd LC |
441 | ;; Add GnuTLS to the inputs and to the load path. |
442 | #~(eval-when (load expand eval) | |
443 | (set! %load-path | |
444 | (cons (string-append #+(gnutls-package) | |
445 | "/share/guile/site/" | |
446 | (effective-version)) | |
447 | %load-path))) | |
448 | #~#t) | |
6f8f8ccb | 449 | |
e9b046fd LC |
450 | (use-modules (guix build download) |
451 | (guix base32)) | |
cd436bf0 | 452 | |
e9b046fd LC |
453 | (let ((value-from-environment (lambda (variable) |
454 | (call-with-input-string | |
455 | (getenv variable) | |
456 | read)))) | |
457 | (url-fetch (value-from-environment "guix download url") | |
458 | #$output | |
05ceb8dc | 459 | #:mirrors (call-with-input-file #$mirrors read) |
ced20032 | 460 | |
e9b046fd LC |
461 | ;; Content-addressed mirrors. |
462 | #:hashes | |
463 | (value-from-environment "guix download hashes") | |
464 | #:content-addressed-mirrors | |
05ceb8dc | 465 | (primitive-load #$content-addressed-mirrors) |
bc3c41ce LC |
466 | |
467 | ;; No need to validate certificates since we know the | |
468 | ;; hash of the expected result. | |
469 | #:verify-certificate? #f))))) | |
6f8f8ccb | 470 | |
6c5b56f9 | 471 | (mlet %store-monad ((guile (package->derivation guile system))) |
05ceb8dc LC |
472 | (gexp->derivation file-name builder |
473 | #:guile-for-build guile | |
474 | #:system system | |
475 | #:hash-algo hash-algo | |
476 | #:hash hash | |
477 | ||
478 | ;; Use environment variables and a fixed script | |
479 | ;; name so there's only one script in store for | |
480 | ;; all the downloads. | |
481 | #:script-name "download" | |
482 | #:env-vars | |
483 | `(("guix download url" . ,(object->string url)) | |
484 | ("guix download hashes" | |
485 | . ,(object->string `((,hash-algo . ,hash))))) | |
486 | ||
487 | ;; Honor the user's proxy settings. | |
488 | #:leaked-env-vars '("http_proxy" "https_proxy") | |
489 | ||
490 | ;; In general, offloading downloads is not a good | |
491 | ;; idea. Daemons before 0.8.3 would also | |
492 | ;; interpret this as "do not substitute" (see | |
493 | ;; <https://bugs.gnu.org/18747>.) | |
494 | #:local-build? #t))) | |
495 | ||
496 | (define* (url-fetch url hash-algo hash | |
497 | #:optional name | |
498 | #:key (system (%current-system)) | |
499 | (guile (default-guile))) | |
500 | "Return a fixed-output derivation that fetches URL (a string, or a list of | |
501 | strings denoting alternate URLs), which is expected to have hash HASH of type | |
502 | HASH-ALGO (a symbol). By default, the file name is the base name of URL; | |
503 | optionally, NAME can specify a different file name. | |
504 | ||
505 | When one of the URL starts with mirror://, then its host part is | |
506 | interpreted as the name of a mirror scheme, taken from %MIRROR-FILE. | |
507 | ||
508 | Alternately, when URL starts with file://, return the corresponding file name | |
509 | in the store." | |
510 | (define file-name | |
511 | (match url | |
512 | ((head _ ...) | |
513 | (basename head)) | |
514 | (_ | |
515 | (basename url)))) | |
516 | ||
882383a9 LC |
517 | (let ((uri (and (string? url) (string->uri url)))) |
518 | (if (or (and (string? url) (not uri)) | |
519 | (and uri (memq (uri-scheme uri) '(#f file)))) | |
f220a838 LC |
520 | (interned-file (if uri (uri-path uri) url) |
521 | (or name file-name)) | |
05ceb8dc LC |
522 | (mlet* %store-monad ((builtins (built-in-builders*)) |
523 | (download -> (if (member "download" builtins) | |
524 | built-in-download | |
525 | in-band-download))) | |
526 | (download (or name file-name) url | |
527 | #:guile guile | |
528 | #:system system | |
529 | #:hash-algo hash-algo | |
530 | #:hash hash | |
531 | #:mirrors %mirror-file | |
532 | #:content-addressed-mirrors | |
533 | %content-addressed-mirror-file))))) | |
62cab99c | 534 | |
95001d4b LC |
535 | (define* (url-fetch/tarbomb url hash-algo hash |
536 | #:optional name | |
537 | #:key (system (%current-system)) | |
538 | (guile (default-guile))) | |
539 | "Similar to 'url-fetch' but unpack the file from URL in a directory of its | |
540 | own. This helper makes it easier to deal with \"tar bombs\"." | |
58f91e4d TGR |
541 | (define file-name |
542 | (match url | |
543 | ((head _ ...) | |
544 | (basename head)) | |
545 | (_ | |
546 | (basename url)))) | |
95001d4b LC |
547 | (define gzip |
548 | (module-ref (resolve-interface '(gnu packages compression)) 'gzip)) | |
549 | (define tar | |
550 | (module-ref (resolve-interface '(gnu packages base)) 'tar)) | |
551 | ||
552 | (mlet %store-monad ((drv (url-fetch url hash-algo hash | |
58f91e4d TGR |
553 | (string-append "tarbomb-" |
554 | (or name file-name)) | |
95001d4b LC |
555 | #:system system |
556 | #:guile guile))) | |
557 | ;; Take the tar bomb, and simply unpack it as a directory. | |
58f91e4d | 558 | (gexp->derivation (or name file-name) |
95001d4b LC |
559 | #~(begin |
560 | (mkdir #$output) | |
561 | (setenv "PATH" (string-append #$gzip "/bin")) | |
562 | (chdir #$output) | |
563 | (zero? (system* (string-append #$tar "/bin/tar") | |
564 | "xf" #$drv))) | |
565 | #:local-build? #t))) | |
566 | ||
814b099a TGR |
567 | (define* (url-fetch/zipbomb url hash-algo hash |
568 | #:optional name | |
569 | #:key (system (%current-system)) | |
570 | (guile (default-guile))) | |
571 | "Similar to 'url-fetch' but unpack the zip file at URL in a directory of its | |
572 | own. This helper makes it easier to deal with \"zip bombs\"." | |
573 | (define file-name | |
574 | (match url | |
575 | ((head _ ...) | |
576 | (basename head)) | |
577 | (_ | |
578 | (basename url)))) | |
579 | (define unzip | |
148585c2 | 580 | (module-ref (resolve-interface '(gnu packages compression)) 'unzip)) |
814b099a TGR |
581 | |
582 | (mlet %store-monad ((drv (url-fetch url hash-algo hash | |
583 | (string-append "zipbomb-" | |
584 | (or name file-name)) | |
585 | #:system system | |
586 | #:guile guile))) | |
587 | ;; Take the zip bomb, and simply unpack it as a directory. | |
588 | (gexp->derivation (or name file-name) | |
589 | #~(begin | |
590 | (mkdir #$output) | |
591 | (chdir #$output) | |
592 | (zero? (system* (string-append #$unzip "/bin/unzip") | |
593 | #$drv))) | |
594 | #:local-build? #t))) | |
595 | ||
861693f3 | 596 | (define* (download-to-store store url #:optional (name (basename url)) |
64b8695c LC |
597 | #:key (log (current-error-port)) recursive? |
598 | (verify-certificate? #t)) | |
861693f3 | 599 | "Download from URL to STORE, either under NAME or URL's basename if |
a43b55f1 | 600 | omitted. Write progress reports to LOG. RECURSIVE? has the same effect as |
64b8695c LC |
601 | the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines |
602 | whether or not to validate HTTPS server certificates." | |
d8907ac4 LC |
603 | (define uri |
604 | (string->uri url)) | |
605 | ||
d91a8791 | 606 | (if (or (not uri) (memq (uri-scheme uri) '(file #f))) |
a43b55f1 | 607 | (add-to-store store name recursive? "sha256" |
d91a8791 | 608 | (if uri (uri-path uri) url)) |
d8907ac4 LC |
609 | (call-with-temporary-output-file |
610 | (lambda (temp port) | |
611 | (let ((result | |
612 | (parameterize ((current-output-port log)) | |
64b8695c LC |
613 | (build:url-fetch url temp |
614 | #:mirrors %mirrors | |
615 | #:verify-certificate? | |
616 | verify-certificate?)))) | |
d8907ac4 LC |
617 | (close port) |
618 | (and result | |
a43b55f1 | 619 | (add-to-store store name recursive? "sha256" temp))))))) |
861693f3 | 620 | |
62cab99c | 621 | ;;; download.scm ends here |