HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: linux-libre-arm-generic: Add mitigation for CVE-2017-1000364.
[jackhill/guix/guix.git] / guix / download.scm
CommitLineData
233e7676 1;;; GNU Guix --- Functional package management for GNU
95001d4b 2;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
9884d7ec 3;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
95001d4b 4;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
fe224d20 5;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
9c97afe8 6;;; Copyright © 2016 David Craven <david@craven.ch>
58f91e4d 7;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
62cab99c 8;;;
233e7676 9;;; This file is part of GNU Guix.
62cab99c 10;;;
233e7676 11;;; GNU Guix is free software; you can redistribute it and/or modify it
62cab99c
LC		 12;;; under the terms of the GNU General Public License as published by
13;;; the Free Software Foundation; either version 3 of the License, or (at
14;;; your option) any later version.
15;;;
233e7676 16;;; GNU Guix is distributed in the hope that it will be useful, but
62cab99c
LC		 17;;; WITHOUT ANY WARRANTY; without even the implied warranty of
18;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19;;; GNU General Public License for more details.
20;;;
21;;; You should have received a copy of the GNU General Public License
233e7676 22;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
62cab99c
LC		 23
24(define-module (guix download)
25 #:use-module (ice-9 match)
26 #:use-module (guix derivations)
27 #:use-module (guix packages)
e87f0591 28 #:use-module (guix store)
b5b73a82 29 #:use-module ((guix build download) #:prefix build:)
6f8f8ccb
LC		 30 #:use-module (guix monads)
31 #:use-module (guix gexp)
62cab99c 32 #:use-module (guix utils)
d8907ac4 33 #:use-module (web uri)
483f1158 34 #:use-module (srfi srfi-1)
94d222ad 35 #:use-module (srfi srfi-26)
ec4d308a 36 #:export (%mirrors
861693f3 37 url-fetch
95001d4b 38 url-fetch/tarbomb
814b099a 39 url-fetch/zipbomb
861693f3 40 download-to-store))
62cab99c
LC		 41
42;;; Commentary:
43;;;
44;;; Produce fixed-output derivations with data fetched over HTTP or FTP.
45;;;
46;;; Code:
47
94d222ad
LC		 48(define %mirrors
49 ;; Mirror lists used when `mirror://' URLs are passed.
50 (let* ((gnu-mirrors
51 '(;; This one redirects to a (supposedly) nearby and (supposedly)
52 ;; up-to-date mirror.
53 "http://ftpmirror.gnu.org/"
54
55 "ftp://ftp.cs.tu-berlin.de/pub/gnu/"
94d222ad
LC		 56 "ftp://ftp.funet.fi/pub/mirrors/ftp.gnu.org/gnu/"
57
58 ;; This one is the master repository, and thus it's always
59 ;; up-to-date.
60 "http://ftp.gnu.org/pub/gnu/")))
61 `((gnu ,@gnu-mirrors)
62 (gcc
63 "ftp://ftp.nluug.nl/mirror/languages/gcc/"
64 "ftp://ftp.fu-berlin.de/unix/languages/gcc/"
65 "ftp://ftp.irisa.fr/pub/mirrors/gcc.gnu.org/gcc/"
66 "ftp://gcc.gnu.org/pub/gcc/"
67 ,@(map (cut string-append <> "/gcc") gnu-mirrors))
68 (gnupg
b23c1a71 69 "http://gd.tuwien.ac.at/privacy/gnupg/"
d57b88be 70 "ftp://mirrors.dotsrc.org/gcrypt/"
94d222ad 71 "ftp://mirror.cict.fr/gnupg/"
d57b88be
AE		 72 "http://artfiles.org/gnupg.org"
73 "ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/"
74 "ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/"
75 "http://www.crysys.hu/"
76 "ftp://ftp.hi.is/pub/mirrors/gnupg/"
77 "ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/"
78 "ftp://ftp.bit.nl/mirror/gnupg/"
79 "ftp://ftp.surfnet.nl/pub/security/gnupg/"
80 "ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/"
81 "ftp://ftp.sunet.se/pub/security/gnupg/"
82 "ftp://mirror.switch.ch/mirror/gnupg/"
83 "ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/"
84 "ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/"
85 "ftp://ftp.ring.gr.jp/pub/net/gnupg/"
86 "ftp://ftp.gnupg.org/gcrypt/")
71eb5c10
LC		 87 (gnome
88 "http://ftp.belnet.be/ftp.gnome.org/"
89 "http://ftp.linux.org.uk/mirrors/ftp.gnome.org/"
90 "http://ftp.gnome.org/pub/GNOME/"
93897a45 91 "https://download.gnome.org/"
71eb5c10 92 "http://mirror.yandex.ru/mirrors/ftp.gnome.org/")
442c2c99 93 (hackage
4c13aad0 94 "http://hackage.haskell.org/")
94d222ad 95 (savannah
a4eabecd 96 "http://download.savannah.gnu.org/releases/"
94d222ad
LC		 97 "ftp://ftp.twaren.net/Unix/NonGNU/"
98 "ftp://mirror.csclub.uwaterloo.ca/nongnu/"
99 "ftp://mirror.publicns.net/pub/nongnu/"
100 "ftp://savannah.c3sl.ufpr.br/"
101 "http://ftp.cc.uoc.gr/mirrors/nongnu.org/"
102 "http://ftp.twaren.net/Unix/NonGNU/"
103 "http://mirror.csclub.uwaterloo.ca/nongnu/"
104 "http://nongnu.askapache.com/"
105 "http://savannah.c3sl.ufpr.br/"
3f6d5b8a
LC		 106 "http://download.savannah.gnu.org/releases-noredirect/"
107 "http://download-mirror.savannah.gnu.org/releases/")
321dc4df 108 (sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/
fe224d20 109 "http://downloads.sourceforge.net/project/"
cd4c41fd
LC		 110 "http://ufpr.dl.sourceforge.net/project/"
111 "http://heanet.dl.sourceforge.net/project/"
112 "http://freefr.dl.sourceforge.net/project/"
113 "http://internode.dl.sourceforge.net/project/"
114 "http://jaist.dl.sourceforge.net/project/"
115 "http://kent.dl.sourceforge.net/project/"
116 "http://liquidtelecom.dl.sourceforge.net/project/"
117 "http://nbtelecom.dl.sourceforge.net/project/"
118 "http://nchc.dl.sourceforge.net/project/"
119 "http://ncu.dl.sourceforge.net/project/"
120 "http://netcologne.dl.sourceforge.net/project/"
121 "http://netix.dl.sourceforge.net/project/"
122 "http://pilotfiber.dl.sourceforge.net/project/"
123 "http://superb-sea2.dl.sourceforge.net/project/"
124 "http://tenet.dl.sourceforge.net/project/"
125 "http://vorboss.dl.sourceforge.net/project/"
126 "http://netassist.dl.sourceforge.net/project/")
7c7b802c
MB		 127 (netfilter.org ; https://www.netfilter.org/mirrors.html
128 "http://ftp.netfilter.org/pub/"
129 "ftp://ftp.es.netfilter.org/mirrors/netfilter/"
130 "ftp://ftp.hu.netfilter.org/"
131 "ftp://www.lt.netfilter.org/pub/")
b40b259f 132 (kernel.org
b40b259f
LC		 133 "http://ramses.wh2.tu-dresden.de/pub/mirrors/kernel.org/"
134 "http://linux-kernel.uio.no/pub/"
135 "http://kernel.osuosl.org/pub/"
5d9cd707
LC		 136 "ftp://ftp.funet.fi/pub/mirrors/ftp.kernel.org/pub/"
137 "http://ftp.be.debian.org/pub/"
138 "http://mirror.linux.org.au/")
47f9db41
LC		 139 (apache ; from http://www.apache.org/mirrors/dist.html
140 "http://www.eu.apache.org/dist/"
141 "http://www.us.apache.org/dist/"
142 "ftp://gd.tuwien.ac.at/pub/infosys/servers/http/apache/dist/"
143 "http://apache.belnet.be/"
144 "http://mirrors.ircam.fr/pub/apache/"
f06afd4d
LC		 145 "http://apache-mirror.rbc.ru/pub/apache/"
146
147 ;; As a last resort, try the archive.
148 "http://archive.apache.org/dist/")
149acc29 149 (xorg ; from http://www.x.org/wiki/Releases/Download
0820a58b 150 "http://www.x.org/releases/" ; main mirrors
149acc29
AE		 151 "ftp://mirror.csclub.uwaterloo.ca/x.org/" ; North America
152 "ftp://xorg.mirrors.pair.com/"
153 "http://mirror.csclub.uwaterloo.ca/x.org/"
154 "http://xorg.mirrors.pair.com/"
155 "http://mirror.us.leaseweb.net/xorg/"
156 "ftp://artfiles.org/x.org/" ; Europe
157 "ftp://ftp.chg.ru/pub/X11/x.org/"
158 "ftp://ftp.fu-berlin.de/unix/X11/FTP.X.ORG/"
159 "ftp://ftp.gwdg.de/pub/x11/x.org/"
160 "ftp://ftp.mirrorservice.org/sites/ftp.x.org/"
161 "ftp://ftp.ntua.gr/pub/X11/"
162 "ftp://ftp.piotrkosoft.net/pub/mirrors/ftp.x.org/"
163 "ftp://ftp.portal-to-web.de/pub/mirrors/x.org/"
164 "ftp://ftp.solnet.ch/mirror/x.org/"
149acc29
AE		 165 "ftp://gd.tuwien.ac.at/X11/"
166 "ftp://mi.mirror.garr.it/mirrors/x.org/"
167 "ftp://mirror.cict.fr/x.org/"
168 "ftp://mirror.switch.ch/mirror/X11/"
169 "ftp://mirrors.ircam.fr/pub/x.org/"
170 "ftp://x.mirrors.skynet.be/pub/ftp.x.org/"
171 "ftp://ftp.cs.cuhk.edu.hk/pub/X11" ; East Asia
172 "ftp://ftp.u-aizu.ac.jp/pub/x11/x.org/"
173 "ftp://ftp.yz.yamagata-u.ac.jp/pub/X11/x.org/"
174 "ftp://ftp.kaist.ac.kr/x.org/"
175 "ftp://mirrors.go-part.com/xorg/"
176 "http://x.cs.pu.edu.tw/"
6af31019
LC		 177 "ftp://ftp.is.co.za/pub/x.org") ; South Africa
178 (cpan ; from http://www.cpan.org/SITES.html
8aa5e15e 179 "http://mirror.ibcp.fr/pub/CPAN/"
6af31019
LC		 180 "ftp://ftp.ciril.fr/pub/cpan/"
181 "ftp://artfiles.org/cpan.org/"
182 "http://www.cpan.org/"
183 "ftp://cpan.rinet.ru/pub/mirror/CPAN/"
6af31019
LC		 184 "ftp://cpan.inode.at/"
185 "ftp://cpan.iht.co.il/"
186 "ftp://ftp.osuosl.org/pub/CPAN/"
187 "ftp://ftp.nara.wide.ad.jp/pub/CPAN/"
188 "http://mirrors.163.com/cpan/"
552ffa02
EF		 189 "ftp://cpan.mirror.ac.za/"
190 "http://cpan.mirrors.ionfish.org/"
191 "http://cpan.mirror.dkm.cz/pub/CPAN/"
192 "http://cpan.mirror.iphh.net/"
193 "http://mirrors.teentelecom.net/CPAN/"
194 "http://mirror.teklinks.com/CPAN/"
195 "http://cpan.weepeetelecom.be/"
196 "http://mirrors.xservers.ro/CPAN/"
197 "http://cpan.yimg.com/"
198 "http://mirror.yazd.ac.ir/cpan/"
199 "http://ftp.belnet.be/ftp.cpan.org/")
cb7e4867
RW		 200 (cran
201 ;; Arbitrary mirrors from http://cran.r-project.org/mirrors.html
202 ;; This one automatically redirects to servers worldwide
c009bb5a 203 "http://cran.r-project.org/"
cb7e4867
RW		 204 "http://cran.rstudio.com/"
205 "http://cran.univ-lyon1.fr/"
cb7e4867
RW		 206 "http://cran.ism.ac.jp/"
207 "http://cran.stat.auckland.ac.nz/"
208 "http://cran.mirror.ac.za/"
209 "http://cran.csie.ntu.edu.tw/")
6d763bdd
AE		 210 (imagemagick
211 ;; from http://www.imagemagick.org/script/download.php
212 ;; (without mirrors that are unavailable or not up to date)
213 ;; mirrors keeping old versions at the top level
6d763bdd
AE		 214 "ftp://sunsite.icm.edu.pl/packages/ImageMagick/"
215 ;; mirrors moving old versions to "legacy"
6d763bdd 216 "ftp://mirror.aarnet.edu.au/pub/imagemagick/"
7fa37abc 217 "http://mirror.checkdomain.de/imagemagick/"
6d763bdd
AE		 218 "ftp://ftp.kddlabs.co.jp/graphics/ImageMagick/"
219 "ftp://ftp.u-aizu.ac.jp/pub/graphics/image/ImageMagick/imagemagick.org/"
220 "ftp://ftp.nluug.nl/pub/ImageMagick/"
221 "http://ftp.surfnet.nl/pub/ImageMagick/"
222 "http://mirror.searchdaimon.com/ImageMagick"
223 "ftp://ftp.tpnet.pl/pub/graphics/ImageMagick/"
7fa37abc 224 "http://mirror.is.co.za/pub/imagemagick/"
6d763bdd
AE		 225 "http://mirrors-usa.go-parts.com/mirrors/ImageMagick/"
226 "ftp://ftp.fifi.org/pub/ImageMagick/"
227 "http://www.imagemagick.org/download/"
228 ;; one legacy location as a last resort
229 "http://www.imagemagick.org/download/legacy/")
e0029b74
LC		 230 (debian
231 "http://ftp.de.debian.org/debian/"
232 "http://ftp.fr.debian.org/debian/"
6b287c5c 233 "http://ftp.debian.org/debian/"
ff02b826
DC		 234 "http://archive.debian.org/debian/")
235 (kde
112f089d 236 "http://download.kde.org"
ff02b826
DC		 237 ;; Mirrors from http://files.kde.org/extra/mirrors.html
238 ;; Europe
239 "http://mirror.easyname.at/kde"
240 "http://mirror.karneval.cz/pub/kde"
241 "http://ftp.fi.muni.cz/pub/kde/"
242 "http://mirror.oss.maxcdn.com/kde/"
243 "http://ftp5.gwdg.de/pub/linux/kde/"
244 "http://ftp-stud.fht-esslingen.de/Mirrors/ftp.kde.org/pub/kde/"
245 "http://mirror.klaus-uwe.me/kde/ftp/"
246 "http://kde.beta.mirror.ga/"
247 "http://kde.alpha.mirror.ga/"
248 "http://mirror.netcologne.de/kde"
249 "http://vesta.informatik.rwth-aachen.de/ftp/pub/mirror/kde/"
250 "http://ftp.rz.uni-wuerzburg.de/pub/unix/kde/"
251 "http://mirrors.dotsrc.org/kde/"
252 "http://ftp.funet.fi/pub/mirrors/ftp.kde.org/pub/kde/"
253 "http://kde-mirror.freenux.org/"
254 "http://mirrors.ircam.fr/pub/KDE/"
255 "http://www-ftp.lip6.fr/pub/X11/kde/"
256 "http://fr2.rpmfind.net/linux/KDE/"
257 "http://kde.mirror.anlx.net/"
258 "http://www.mirrorservice.org/sites/ftp.kde.org/pub/kde/"
259 "http://ftp.heanet.ie/mirrors/ftp.kde.org/"
260 "http://ftp.nluug.nl/pub/windowing/kde/"
261 "http://ftp.surfnet.nl/windowing/kde/"
262 "http://ftp.icm.edu.pl/pub/unix/kde/"
263 "http://ftp.pbone.net/pub/kde/"
264 "http://piotrkosoft.net/pub/mirrors/ftp.kde.org/"
265 "http://mirrors.fe.up.pt/pub/kde/"
266 "http://ftp.iasi.roedu.net/pub/mirrors/ftp.kde.org/"
267 "http://ftp.acc.umu.se/mirror/kde.org/ftp/"
268 "http://kde.ip-connect.vn.ua/"
269 ;; North America
270 "http://mirror.its.dal.ca/kde/"
271 "http://mirror.csclub.uwaterloo.ca/kde/"
272 "http://mirror.cc.columbia.edu/pub/software/kde/"
273 "http://mirrors-usa.go-parts.com/kde"
274 "http://kde.mirrors.hoobly.com/"
275 "http://ftp.ussg.iu.edu/kde/"
276 "http://mirrors.mit.edu/kde/"
277 "http://kde.mirrors.tds.net/pub/kde/"
278 ;; Oceania
279 "http://ftp.kddlabs.co.jp/pub/X11/kde/"
280 "http://kde.mirror.uber.com.au/"))))
94d222ad 281
53216419
LC		 282(define %mirror-file
283 ;; Copy of the list of mirrors to a file. This allows us to keep a single
284 ;; copy in the store, and computing it here avoids repeated calls to
285 ;; 'object->string'.
286 (plain-file "mirrors" (object->string %mirrors)))
287
cd436bf0
LC		 288(define %content-addressed-mirrors
289 ;; List of content-addressed mirrors. Each mirror is represented as a
ab84b927
LC		 290 ;; procedure that takes a file name, an algorithm (symbol) and a hash
291 ;; (bytevector), and returns a URL or #f.
40f788b9 292 ;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>.
cd436bf0 293 ;; TODO: Add more.
ab84b927 294 '(list (lambda (file algo hash)
40f788b9
LC		 295 ;; Files served by 'guix publish' are accessible under a single
296 ;; hash algorithm.
297 (string-append "http://mirror.hydra.gnu.org/file/"
298 file "/" (symbol->string algo) "/"
299 (bytevector->nix-base32-string hash)))
300 (lambda (file algo hash)
cd436bf0
LC		 301 ;; 'tarballs.nixos.org' supports several algorithms.
302 (string-append "http://tarballs.nixos.org/"
303 (symbol->string algo) "/"
304 (bytevector->nix-base32-string hash)))))
305
306(define %content-addressed-mirror-file
307 ;; Content-addressed mirrors stored in a file.
308 (plain-file "content-addressed-mirrors"
309 (object->string %content-addressed-mirrors)))
310
6f8f8ccb 311(define (gnutls-package)
6119ebf1 312 "Return the default GnuTLS package."
9884d7ec 313 (let ((module (resolve-interface '(gnu packages tls))))
6f8f8ccb 314 (module-ref module 'gnutls)))
94d222ad 315
05ceb8dc
LC		 316(define built-in-builders*
317 (let ((cache (make-weak-key-hash-table)))
318 (lambda ()
319 "Return, as a monadic value, the list of built-in builders supported by
320the daemon."
321 (lambda (store)
322 ;; Memoize the result to avoid repeated RPCs.
323 (values (or (hashq-ref cache store)
324 (let ((result (built-in-builders store)))
325 (hashq-set! cache store result)
326 result))
327 store)))))
94d222ad 328
05ceb8dc
LC		 329(define* (built-in-download file-name url
330 #:key system hash-algo hash
331 mirrors content-addressed-mirrors
332 (guile 'unused))
333 "Download FILE-NAME from URL using the built-in 'download' builder.
62cab99c 334
05ceb8dc
LC		 335This is an \"out-of-band\" download in that the returned derivation does not
336explicitly depend on Guile, GnuTLS, etc. Instead, the daemon performs the
337download by itself using its own dependencies."
338 (mlet %store-monad ((mirrors (lower-object mirrors))
339 (content-addressed-mirrors
340 (lower-object content-addressed-mirrors)))
341 (raw-derivation file-name "builtin:download" '()
342 #:system system
343 #:hash-algo hash-algo
344 #:hash hash
345 #:inputs `((,mirrors)
346 (,content-addressed-mirrors))
347
348 ;; Honor the user's proxy and locale settings.
349 #:leaked-env-vars '("http_proxy" "https_proxy"
350 "LC_ALL" "LC_MESSAGES" "LANG"
351 "COLUMNS")
352
353 #:env-vars `(("url" . ,(object->string url))
354 ("mirrors" . ,mirrors)
355 ("content-addressed-mirrors"
4c80d4c4
LC		 356 . ,content-addressed-mirrors))
357
358 ;; Do not offload this derivation because we cannot be
359 ;; sure that the remote daemon supports the 'download'
360 ;; built-in. We may remove this limitation when support
361 ;; for that built-in is widespread.
362 #:local-build? #t)))
05ceb8dc
LC		 363
364(define* (in-band-download file-name url
365 #:key system hash-algo hash
366 mirrors content-addressed-mirrors
367 guile)
368 "Download FILE-NAME from URL using a normal, \"in-band\" fixed-output
369derivation.
370
371This is now deprecated since it has the drawback of causing bootstrapping
372issues: we may need to build GnuTLS just to be able to download the source of
373GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>."
483f1158
LC		 374 (define need-gnutls?
375 ;; True if any of the URLs need TLS support.
376 (let ((https? (cut string-prefix? "https://" <>)))
377 (match url
378 ((? string?)
379 (https? url))
380 ((url ...)
381 (any https? url)))))
382
6f8f8ccb 383 (define builder
e9b046fd
LC		 384 (with-imported-modules '((guix build download)
385 (guix build utils)
386 (guix ftp-client)
387 (guix base32)
388 (guix base64))
389 #~(begin
390 #+(if need-gnutls?
6f8f8ccb 391
e9b046fd
LC		 392 ;; Add GnuTLS to the inputs and to the load path.
393 #~(eval-when (load expand eval)
394 (set! %load-path
395 (cons (string-append #+(gnutls-package)
396 "/share/guile/site/"
397 (effective-version))
398 %load-path)))
399 #~#t)
6f8f8ccb 400
e9b046fd
LC		 401 (use-modules (guix build download)
402 (guix base32))
cd436bf0 403
e9b046fd
LC		 404 (let ((value-from-environment (lambda (variable)
405 (call-with-input-string
406 (getenv variable)
407 read))))
408 (url-fetch (value-from-environment "guix download url")
409 #$output
05ceb8dc 410 #:mirrors (call-with-input-file #$mirrors read)
ced20032 411
e9b046fd
LC		 412 ;; Content-addressed mirrors.
413 #:hashes
414 (value-from-environment "guix download hashes")
415 #:content-addressed-mirrors
05ceb8dc 416 (primitive-load #$content-addressed-mirrors)
bc3c41ce
LC		 417
418 ;; No need to validate certificates since we know the
419 ;; hash of the expected result.
420 #:verify-certificate? #f)))))
6f8f8ccb 421
6c5b56f9 422 (mlet %store-monad ((guile (package->derivation guile system)))
05ceb8dc
LC		 423 (gexp->derivation file-name builder
424 #:guile-for-build guile
425 #:system system
426 #:hash-algo hash-algo
427 #:hash hash
428
429 ;; Use environment variables and a fixed script
430 ;; name so there's only one script in store for
431 ;; all the downloads.
432 #:script-name "download"
433 #:env-vars
434 `(("guix download url" . ,(object->string url))
435 ("guix download hashes"
436 . ,(object->string `((,hash-algo . ,hash)))))
437
438 ;; Honor the user's proxy settings.
439 #:leaked-env-vars '("http_proxy" "https_proxy")
440
441 ;; In general, offloading downloads is not a good
442 ;; idea. Daemons before 0.8.3 would also
443 ;; interpret this as "do not substitute" (see
444 ;; <https://bugs.gnu.org/18747>.)
445 #:local-build? #t)))
446
447(define* (url-fetch url hash-algo hash
448 #:optional name
449 #:key (system (%current-system))
450 (guile (default-guile)))
451 "Return a fixed-output derivation that fetches URL (a string, or a list of
452strings denoting alternate URLs), which is expected to have hash HASH of type
453HASH-ALGO (a symbol). By default, the file name is the base name of URL;
454optionally, NAME can specify a different file name.
455
456When one of the URL starts with mirror://, then its host part is
457interpreted as the name of a mirror scheme, taken from %MIRROR-FILE.
458
459Alternately, when URL starts with file://, return the corresponding file name
460in the store."
461 (define file-name
462 (match url
463 ((head _ ...)
464 (basename head))
465 (_
466 (basename url))))
467
882383a9
LC		 468 (let ((uri (and (string? url) (string->uri url))))
469 (if (or (and (string? url) (not uri))
470 (and uri (memq (uri-scheme uri) '(#f file))))
f220a838
LC		 471 (interned-file (if uri (uri-path uri) url)
472 (or name file-name))
05ceb8dc
LC		 473 (mlet* %store-monad ((builtins (built-in-builders*))
474 (download -> (if (member "download" builtins)
475 built-in-download
476 in-band-download)))
477 (download (or name file-name) url
478 #:guile guile
479 #:system system
480 #:hash-algo hash-algo
481 #:hash hash
482 #:mirrors %mirror-file
483 #:content-addressed-mirrors
484 %content-addressed-mirror-file)))))
62cab99c 485
95001d4b
LC		 486(define* (url-fetch/tarbomb url hash-algo hash
487 #:optional name
488 #:key (system (%current-system))
489 (guile (default-guile)))
490 "Similar to 'url-fetch' but unpack the file from URL in a directory of its
491own. This helper makes it easier to deal with \"tar bombs\"."
58f91e4d
TGR		 492 (define file-name
493 (match url
494 ((head _ ...)
495 (basename head))
496 (_
497 (basename url))))
95001d4b
LC		 498 (define gzip
499 (module-ref (resolve-interface '(gnu packages compression)) 'gzip))
500 (define tar
501 (module-ref (resolve-interface '(gnu packages base)) 'tar))
502
503 (mlet %store-monad ((drv (url-fetch url hash-algo hash
58f91e4d
TGR		 504 (string-append "tarbomb-"
505 (or name file-name))
95001d4b
LC		 506 #:system system
507 #:guile guile)))
508 ;; Take the tar bomb, and simply unpack it as a directory.
58f91e4d 509 (gexp->derivation (or name file-name)
95001d4b
LC		 510 #~(begin
511 (mkdir #$output)
512 (setenv "PATH" (string-append #$gzip "/bin"))
513 (chdir #$output)
514 (zero? (system* (string-append #$tar "/bin/tar")
515 "xf" #$drv)))
516 #:local-build? #t)))
517
814b099a
TGR		 518(define* (url-fetch/zipbomb url hash-algo hash
519 #:optional name
520 #:key (system (%current-system))
521 (guile (default-guile)))
522 "Similar to 'url-fetch' but unpack the zip file at URL in a directory of its
523own. This helper makes it easier to deal with \"zip bombs\"."
524 (define file-name
525 (match url
526 ((head _ ...)
527 (basename head))
528 (_
529 (basename url))))
530 (define unzip
531 (module-ref (resolve-interface '(gnu packages zip)) 'unzip))
532
533 (mlet %store-monad ((drv (url-fetch url hash-algo hash
534 (string-append "zipbomb-"
535 (or name file-name))
536 #:system system
537 #:guile guile)))
538 ;; Take the zip bomb, and simply unpack it as a directory.
539 (gexp->derivation (or name file-name)
540 #~(begin
541 (mkdir #$output)
542 (chdir #$output)
543 (zero? (system* (string-append #$unzip "/bin/unzip")
544 #$drv)))
545 #:local-build? #t)))
546
861693f3 547(define* (download-to-store store url #:optional (name (basename url))
64b8695c
LC		 548 #:key (log (current-error-port)) recursive?
549 (verify-certificate? #t))
861693f3 550 "Download from URL to STORE, either under NAME or URL's basename if
a43b55f1 551omitted. Write progress reports to LOG. RECURSIVE? has the same effect as
64b8695c
LC		 552the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines
553whether or not to validate HTTPS server certificates."
d8907ac4
LC		 554 (define uri
555 (string->uri url))
556
d91a8791 557 (if (or (not uri) (memq (uri-scheme uri) '(file #f)))
a43b55f1 558 (add-to-store store name recursive? "sha256"
d91a8791 559 (if uri (uri-path uri) url))
d8907ac4
LC		 560 (call-with-temporary-output-file
561 (lambda (temp port)
562 (let ((result
563 (parameterize ((current-output-port log))
64b8695c
LC		 564 (build:url-fetch url temp
565 #:mirrors %mirrors
566 #:verify-certificate?
567 verify-certificate?))))
d8907ac4
LC		 568 (close port)
569 (and result
a43b55f1 570 (add-to-store store name recursive? "sha256" temp)))))))
861693f3 571
62cab99c 572;;; download.scm ends here
jackhill's copy of GNU Guix: https://guix.gnu.org/