Commit | Line | Data |
---|---|---|
233e7676 | 1 | ;;; GNU Guix --- Functional package management for GNU |
95001d4b | 2 | ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> |
9884d7ec | 3 | ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr> |
95001d4b | 4 | ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch> |
fe224d20 | 5 | ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com> |
9c97afe8 | 6 | ;;; Copyright © 2016 David Craven <david@craven.ch> |
58f91e4d | 7 | ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> |
62cab99c | 8 | ;;; |
233e7676 | 9 | ;;; This file is part of GNU Guix. |
62cab99c | 10 | ;;; |
233e7676 | 11 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
62cab99c LC |
12 | ;;; under the terms of the GNU General Public License as published by |
13 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
14 | ;;; your option) any later version. | |
15 | ;;; | |
233e7676 | 16 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
62cab99c LC |
17 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
18 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | ;;; GNU General Public License for more details. | |
20 | ;;; | |
21 | ;;; You should have received a copy of the GNU General Public License | |
233e7676 | 22 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
62cab99c LC |
23 | |
24 | (define-module (guix download) | |
25 | #:use-module (ice-9 match) | |
26 | #:use-module (guix derivations) | |
27 | #:use-module (guix packages) | |
e87f0591 | 28 | #:use-module (guix store) |
b5b73a82 | 29 | #:use-module ((guix build download) #:prefix build:) |
6f8f8ccb LC |
30 | #:use-module (guix monads) |
31 | #:use-module (guix gexp) | |
62cab99c | 32 | #:use-module (guix utils) |
d8907ac4 | 33 | #:use-module (web uri) |
483f1158 | 34 | #:use-module (srfi srfi-1) |
94d222ad | 35 | #:use-module (srfi srfi-26) |
ec4d308a | 36 | #:export (%mirrors |
861693f3 | 37 | url-fetch |
95001d4b | 38 | url-fetch/tarbomb |
814b099a | 39 | url-fetch/zipbomb |
861693f3 | 40 | download-to-store)) |
62cab99c LC |
41 | |
42 | ;;; Commentary: | |
43 | ;;; | |
44 | ;;; Produce fixed-output derivations with data fetched over HTTP or FTP. | |
45 | ;;; | |
46 | ;;; Code: | |
47 | ||
94d222ad LC |
48 | (define %mirrors |
49 | ;; Mirror lists used when `mirror://' URLs are passed. | |
50 | (let* ((gnu-mirrors | |
51 | '(;; This one redirects to a (supposedly) nearby and (supposedly) | |
52 | ;; up-to-date mirror. | |
53 | "http://ftpmirror.gnu.org/" | |
54 | ||
55 | "ftp://ftp.cs.tu-berlin.de/pub/gnu/" | |
94d222ad LC |
56 | "ftp://ftp.funet.fi/pub/mirrors/ftp.gnu.org/gnu/" |
57 | ||
58 | ;; This one is the master repository, and thus it's always | |
59 | ;; up-to-date. | |
60 | "http://ftp.gnu.org/pub/gnu/"))) | |
61 | `((gnu ,@gnu-mirrors) | |
62 | (gcc | |
63 | "ftp://ftp.nluug.nl/mirror/languages/gcc/" | |
64 | "ftp://ftp.fu-berlin.de/unix/languages/gcc/" | |
65 | "ftp://ftp.irisa.fr/pub/mirrors/gcc.gnu.org/gcc/" | |
66 | "ftp://gcc.gnu.org/pub/gcc/" | |
67 | ,@(map (cut string-append <> "/gcc") gnu-mirrors)) | |
68 | (gnupg | |
b23c1a71 | 69 | "http://gd.tuwien.ac.at/privacy/gnupg/" |
d57b88be | 70 | "ftp://mirrors.dotsrc.org/gcrypt/" |
94d222ad | 71 | "ftp://mirror.cict.fr/gnupg/" |
d57b88be AE |
72 | "http://artfiles.org/gnupg.org" |
73 | "ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/" | |
74 | "ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/" | |
75 | "http://www.crysys.hu/" | |
76 | "ftp://ftp.hi.is/pub/mirrors/gnupg/" | |
77 | "ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/" | |
78 | "ftp://ftp.bit.nl/mirror/gnupg/" | |
79 | "ftp://ftp.surfnet.nl/pub/security/gnupg/" | |
80 | "ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/" | |
81 | "ftp://ftp.sunet.se/pub/security/gnupg/" | |
82 | "ftp://mirror.switch.ch/mirror/gnupg/" | |
83 | "ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/" | |
84 | "ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/" | |
85 | "ftp://ftp.ring.gr.jp/pub/net/gnupg/" | |
86 | "ftp://ftp.gnupg.org/gcrypt/") | |
71eb5c10 LC |
87 | (gnome |
88 | "http://ftp.belnet.be/ftp.gnome.org/" | |
89 | "http://ftp.linux.org.uk/mirrors/ftp.gnome.org/" | |
90 | "http://ftp.gnome.org/pub/GNOME/" | |
93897a45 | 91 | "https://download.gnome.org/" |
71eb5c10 | 92 | "http://mirror.yandex.ru/mirrors/ftp.gnome.org/") |
442c2c99 | 93 | (hackage |
4c13aad0 | 94 | "http://hackage.haskell.org/") |
94d222ad | 95 | (savannah |
a4eabecd | 96 | "http://download.savannah.gnu.org/releases/" |
94d222ad LC |
97 | "ftp://ftp.twaren.net/Unix/NonGNU/" |
98 | "ftp://mirror.csclub.uwaterloo.ca/nongnu/" | |
99 | "ftp://mirror.publicns.net/pub/nongnu/" | |
100 | "ftp://savannah.c3sl.ufpr.br/" | |
101 | "http://ftp.cc.uoc.gr/mirrors/nongnu.org/" | |
102 | "http://ftp.twaren.net/Unix/NonGNU/" | |
103 | "http://mirror.csclub.uwaterloo.ca/nongnu/" | |
104 | "http://nongnu.askapache.com/" | |
105 | "http://savannah.c3sl.ufpr.br/" | |
3f6d5b8a LC |
106 | "http://download.savannah.gnu.org/releases-noredirect/" |
107 | "http://download-mirror.savannah.gnu.org/releases/") | |
321dc4df | 108 | (sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/ |
fe224d20 | 109 | "http://downloads.sourceforge.net/project/" |
cd4c41fd LC |
110 | "http://ufpr.dl.sourceforge.net/project/" |
111 | "http://heanet.dl.sourceforge.net/project/" | |
112 | "http://freefr.dl.sourceforge.net/project/" | |
113 | "http://internode.dl.sourceforge.net/project/" | |
114 | "http://jaist.dl.sourceforge.net/project/" | |
115 | "http://kent.dl.sourceforge.net/project/" | |
116 | "http://liquidtelecom.dl.sourceforge.net/project/" | |
117 | "http://nbtelecom.dl.sourceforge.net/project/" | |
118 | "http://nchc.dl.sourceforge.net/project/" | |
119 | "http://ncu.dl.sourceforge.net/project/" | |
120 | "http://netcologne.dl.sourceforge.net/project/" | |
121 | "http://netix.dl.sourceforge.net/project/" | |
122 | "http://pilotfiber.dl.sourceforge.net/project/" | |
123 | "http://superb-sea2.dl.sourceforge.net/project/" | |
124 | "http://tenet.dl.sourceforge.net/project/" | |
125 | "http://vorboss.dl.sourceforge.net/project/" | |
126 | "http://netassist.dl.sourceforge.net/project/") | |
b40b259f | 127 | (kernel.org |
b40b259f LC |
128 | "http://ramses.wh2.tu-dresden.de/pub/mirrors/kernel.org/" |
129 | "http://linux-kernel.uio.no/pub/" | |
130 | "http://kernel.osuosl.org/pub/" | |
5d9cd707 LC |
131 | "ftp://ftp.funet.fi/pub/mirrors/ftp.kernel.org/pub/" |
132 | "http://ftp.be.debian.org/pub/" | |
133 | "http://mirror.linux.org.au/") | |
47f9db41 LC |
134 | (apache ; from http://www.apache.org/mirrors/dist.html |
135 | "http://www.eu.apache.org/dist/" | |
136 | "http://www.us.apache.org/dist/" | |
137 | "ftp://gd.tuwien.ac.at/pub/infosys/servers/http/apache/dist/" | |
138 | "http://apache.belnet.be/" | |
139 | "http://mirrors.ircam.fr/pub/apache/" | |
f06afd4d LC |
140 | "http://apache-mirror.rbc.ru/pub/apache/" |
141 | ||
142 | ;; As a last resort, try the archive. | |
143 | "http://archive.apache.org/dist/") | |
149acc29 | 144 | (xorg ; from http://www.x.org/wiki/Releases/Download |
0820a58b | 145 | "http://www.x.org/releases/" ; main mirrors |
149acc29 AE |
146 | "ftp://mirror.csclub.uwaterloo.ca/x.org/" ; North America |
147 | "ftp://xorg.mirrors.pair.com/" | |
148 | "http://mirror.csclub.uwaterloo.ca/x.org/" | |
149 | "http://xorg.mirrors.pair.com/" | |
150 | "http://mirror.us.leaseweb.net/xorg/" | |
151 | "ftp://artfiles.org/x.org/" ; Europe | |
152 | "ftp://ftp.chg.ru/pub/X11/x.org/" | |
153 | "ftp://ftp.fu-berlin.de/unix/X11/FTP.X.ORG/" | |
154 | "ftp://ftp.gwdg.de/pub/x11/x.org/" | |
155 | "ftp://ftp.mirrorservice.org/sites/ftp.x.org/" | |
156 | "ftp://ftp.ntua.gr/pub/X11/" | |
157 | "ftp://ftp.piotrkosoft.net/pub/mirrors/ftp.x.org/" | |
158 | "ftp://ftp.portal-to-web.de/pub/mirrors/x.org/" | |
159 | "ftp://ftp.solnet.ch/mirror/x.org/" | |
149acc29 AE |
160 | "ftp://gd.tuwien.ac.at/X11/" |
161 | "ftp://mi.mirror.garr.it/mirrors/x.org/" | |
162 | "ftp://mirror.cict.fr/x.org/" | |
163 | "ftp://mirror.switch.ch/mirror/X11/" | |
164 | "ftp://mirrors.ircam.fr/pub/x.org/" | |
165 | "ftp://x.mirrors.skynet.be/pub/ftp.x.org/" | |
166 | "ftp://ftp.cs.cuhk.edu.hk/pub/X11" ; East Asia | |
167 | "ftp://ftp.u-aizu.ac.jp/pub/x11/x.org/" | |
168 | "ftp://ftp.yz.yamagata-u.ac.jp/pub/X11/x.org/" | |
169 | "ftp://ftp.kaist.ac.kr/x.org/" | |
170 | "ftp://mirrors.go-part.com/xorg/" | |
171 | "http://x.cs.pu.edu.tw/" | |
6af31019 LC |
172 | "ftp://ftp.is.co.za/pub/x.org") ; South Africa |
173 | (cpan ; from http://www.cpan.org/SITES.html | |
8aa5e15e | 174 | "http://mirror.ibcp.fr/pub/CPAN/" |
6af31019 LC |
175 | "ftp://ftp.ciril.fr/pub/cpan/" |
176 | "ftp://artfiles.org/cpan.org/" | |
177 | "http://www.cpan.org/" | |
178 | "ftp://cpan.rinet.ru/pub/mirror/CPAN/" | |
6af31019 LC |
179 | "ftp://cpan.inode.at/" |
180 | "ftp://cpan.iht.co.il/" | |
181 | "ftp://ftp.osuosl.org/pub/CPAN/" | |
182 | "ftp://ftp.nara.wide.ad.jp/pub/CPAN/" | |
183 | "http://mirrors.163.com/cpan/" | |
552ffa02 EF |
184 | "ftp://cpan.mirror.ac.za/" |
185 | "http://cpan.mirrors.ionfish.org/" | |
186 | "http://cpan.mirror.dkm.cz/pub/CPAN/" | |
187 | "http://cpan.mirror.iphh.net/" | |
188 | "http://mirrors.teentelecom.net/CPAN/" | |
189 | "http://mirror.teklinks.com/CPAN/" | |
190 | "http://cpan.weepeetelecom.be/" | |
191 | "http://mirrors.xservers.ro/CPAN/" | |
192 | "http://cpan.yimg.com/" | |
193 | "http://mirror.yazd.ac.ir/cpan/" | |
194 | "http://ftp.belnet.be/ftp.cpan.org/") | |
cb7e4867 RW |
195 | (cran |
196 | ;; Arbitrary mirrors from http://cran.r-project.org/mirrors.html | |
197 | ;; This one automatically redirects to servers worldwide | |
c009bb5a | 198 | "http://cran.r-project.org/" |
cb7e4867 RW |
199 | "http://cran.rstudio.com/" |
200 | "http://cran.univ-lyon1.fr/" | |
cb7e4867 RW |
201 | "http://cran.ism.ac.jp/" |
202 | "http://cran.stat.auckland.ac.nz/" | |
203 | "http://cran.mirror.ac.za/" | |
204 | "http://cran.csie.ntu.edu.tw/") | |
6d763bdd AE |
205 | (imagemagick |
206 | ;; from http://www.imagemagick.org/script/download.php | |
207 | ;; (without mirrors that are unavailable or not up to date) | |
208 | ;; mirrors keeping old versions at the top level | |
6d763bdd AE |
209 | "ftp://sunsite.icm.edu.pl/packages/ImageMagick/" |
210 | ;; mirrors moving old versions to "legacy" | |
211 | "http://mirrors-au.go-parts.com/mirrors/ImageMagick/" | |
212 | "ftp://mirror.aarnet.edu.au/pub/imagemagick/" | |
7fa37abc | 213 | "http://mirror.checkdomain.de/imagemagick/" |
6d763bdd AE |
214 | "ftp://ftp.kddlabs.co.jp/graphics/ImageMagick/" |
215 | "ftp://ftp.u-aizu.ac.jp/pub/graphics/image/ImageMagick/imagemagick.org/" | |
216 | "ftp://ftp.nluug.nl/pub/ImageMagick/" | |
217 | "http://ftp.surfnet.nl/pub/ImageMagick/" | |
218 | "http://mirror.searchdaimon.com/ImageMagick" | |
219 | "ftp://ftp.tpnet.pl/pub/graphics/ImageMagick/" | |
220 | "http://mirrors-ru.go-parts.com/mirrors/ImageMagick/" | |
7fa37abc | 221 | "http://mirror.is.co.za/pub/imagemagick/" |
6d763bdd AE |
222 | "http://mirrors-uk.go-parts.com/mirrors/ImageMagick/" |
223 | "http://mirrors-usa.go-parts.com/mirrors/ImageMagick/" | |
224 | "ftp://ftp.fifi.org/pub/ImageMagick/" | |
225 | "http://www.imagemagick.org/download/" | |
226 | ;; one legacy location as a last resort | |
227 | "http://www.imagemagick.org/download/legacy/") | |
e0029b74 LC |
228 | (debian |
229 | "http://ftp.de.debian.org/debian/" | |
230 | "http://ftp.fr.debian.org/debian/" | |
6b287c5c | 231 | "http://ftp.debian.org/debian/" |
ff02b826 DC |
232 | "http://archive.debian.org/debian/") |
233 | (kde | |
112f089d | 234 | "http://download.kde.org" |
ff02b826 DC |
235 | ;; Mirrors from http://files.kde.org/extra/mirrors.html |
236 | ;; Europe | |
237 | "http://mirror.easyname.at/kde" | |
238 | "http://mirror.karneval.cz/pub/kde" | |
239 | "http://ftp.fi.muni.cz/pub/kde/" | |
240 | "http://mirror.oss.maxcdn.com/kde/" | |
241 | "http://ftp5.gwdg.de/pub/linux/kde/" | |
242 | "http://ftp-stud.fht-esslingen.de/Mirrors/ftp.kde.org/pub/kde/" | |
243 | "http://mirror.klaus-uwe.me/kde/ftp/" | |
244 | "http://kde.beta.mirror.ga/" | |
245 | "http://kde.alpha.mirror.ga/" | |
246 | "http://mirror.netcologne.de/kde" | |
247 | "http://vesta.informatik.rwth-aachen.de/ftp/pub/mirror/kde/" | |
248 | "http://ftp.rz.uni-wuerzburg.de/pub/unix/kde/" | |
249 | "http://mirrors.dotsrc.org/kde/" | |
250 | "http://ftp.funet.fi/pub/mirrors/ftp.kde.org/pub/kde/" | |
251 | "http://kde-mirror.freenux.org/" | |
252 | "http://mirrors.ircam.fr/pub/KDE/" | |
253 | "http://www-ftp.lip6.fr/pub/X11/kde/" | |
254 | "http://fr2.rpmfind.net/linux/KDE/" | |
255 | "http://kde.mirror.anlx.net/" | |
256 | "http://www.mirrorservice.org/sites/ftp.kde.org/pub/kde/" | |
257 | "http://ftp.heanet.ie/mirrors/ftp.kde.org/" | |
258 | "http://ftp.nluug.nl/pub/windowing/kde/" | |
259 | "http://ftp.surfnet.nl/windowing/kde/" | |
260 | "http://ftp.icm.edu.pl/pub/unix/kde/" | |
261 | "http://ftp.pbone.net/pub/kde/" | |
262 | "http://piotrkosoft.net/pub/mirrors/ftp.kde.org/" | |
263 | "http://mirrors.fe.up.pt/pub/kde/" | |
264 | "http://ftp.iasi.roedu.net/pub/mirrors/ftp.kde.org/" | |
265 | "http://ftp.acc.umu.se/mirror/kde.org/ftp/" | |
266 | "http://kde.ip-connect.vn.ua/" | |
267 | ;; North America | |
268 | "http://mirror.its.dal.ca/kde/" | |
269 | "http://mirror.csclub.uwaterloo.ca/kde/" | |
270 | "http://mirror.cc.columbia.edu/pub/software/kde/" | |
271 | "http://mirrors-usa.go-parts.com/kde" | |
272 | "http://kde.mirrors.hoobly.com/" | |
273 | "http://ftp.ussg.iu.edu/kde/" | |
274 | "http://mirrors.mit.edu/kde/" | |
275 | "http://kde.mirrors.tds.net/pub/kde/" | |
276 | ;; Oceania | |
277 | "http://ftp.kddlabs.co.jp/pub/X11/kde/" | |
278 | "http://kde.mirror.uber.com.au/")))) | |
94d222ad | 279 | |
53216419 LC |
280 | (define %mirror-file |
281 | ;; Copy of the list of mirrors to a file. This allows us to keep a single | |
282 | ;; copy in the store, and computing it here avoids repeated calls to | |
283 | ;; 'object->string'. | |
284 | (plain-file "mirrors" (object->string %mirrors))) | |
285 | ||
cd436bf0 LC |
286 | (define %content-addressed-mirrors |
287 | ;; List of content-addressed mirrors. Each mirror is represented as a | |
ab84b927 LC |
288 | ;; procedure that takes a file name, an algorithm (symbol) and a hash |
289 | ;; (bytevector), and returns a URL or #f. | |
40f788b9 | 290 | ;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>. |
cd436bf0 | 291 | ;; TODO: Add more. |
ab84b927 | 292 | '(list (lambda (file algo hash) |
40f788b9 LC |
293 | ;; Files served by 'guix publish' are accessible under a single |
294 | ;; hash algorithm. | |
295 | (string-append "http://mirror.hydra.gnu.org/file/" | |
296 | file "/" (symbol->string algo) "/" | |
297 | (bytevector->nix-base32-string hash))) | |
298 | (lambda (file algo hash) | |
cd436bf0 LC |
299 | ;; 'tarballs.nixos.org' supports several algorithms. |
300 | (string-append "http://tarballs.nixos.org/" | |
301 | (symbol->string algo) "/" | |
302 | (bytevector->nix-base32-string hash))))) | |
303 | ||
304 | (define %content-addressed-mirror-file | |
305 | ;; Content-addressed mirrors stored in a file. | |
306 | (plain-file "content-addressed-mirrors" | |
307 | (object->string %content-addressed-mirrors))) | |
308 | ||
6f8f8ccb | 309 | (define (gnutls-package) |
6119ebf1 | 310 | "Return the default GnuTLS package." |
9884d7ec | 311 | (let ((module (resolve-interface '(gnu packages tls)))) |
6f8f8ccb | 312 | (module-ref module 'gnutls))) |
94d222ad | 313 | |
05ceb8dc LC |
314 | (define built-in-builders* |
315 | (let ((cache (make-weak-key-hash-table))) | |
316 | (lambda () | |
317 | "Return, as a monadic value, the list of built-in builders supported by | |
318 | the daemon." | |
319 | (lambda (store) | |
320 | ;; Memoize the result to avoid repeated RPCs. | |
321 | (values (or (hashq-ref cache store) | |
322 | (let ((result (built-in-builders store))) | |
323 | (hashq-set! cache store result) | |
324 | result)) | |
325 | store))))) | |
94d222ad | 326 | |
05ceb8dc LC |
327 | (define* (built-in-download file-name url |
328 | #:key system hash-algo hash | |
329 | mirrors content-addressed-mirrors | |
330 | (guile 'unused)) | |
331 | "Download FILE-NAME from URL using the built-in 'download' builder. | |
62cab99c | 332 | |
05ceb8dc LC |
333 | This is an \"out-of-band\" download in that the returned derivation does not |
334 | explicitly depend on Guile, GnuTLS, etc. Instead, the daemon performs the | |
335 | download by itself using its own dependencies." | |
336 | (mlet %store-monad ((mirrors (lower-object mirrors)) | |
337 | (content-addressed-mirrors | |
338 | (lower-object content-addressed-mirrors))) | |
339 | (raw-derivation file-name "builtin:download" '() | |
340 | #:system system | |
341 | #:hash-algo hash-algo | |
342 | #:hash hash | |
343 | #:inputs `((,mirrors) | |
344 | (,content-addressed-mirrors)) | |
345 | ||
346 | ;; Honor the user's proxy and locale settings. | |
347 | #:leaked-env-vars '("http_proxy" "https_proxy" | |
348 | "LC_ALL" "LC_MESSAGES" "LANG" | |
349 | "COLUMNS") | |
350 | ||
351 | #:env-vars `(("url" . ,(object->string url)) | |
352 | ("mirrors" . ,mirrors) | |
353 | ("content-addressed-mirrors" | |
4c80d4c4 LC |
354 | . ,content-addressed-mirrors)) |
355 | ||
356 | ;; Do not offload this derivation because we cannot be | |
357 | ;; sure that the remote daemon supports the 'download' | |
358 | ;; built-in. We may remove this limitation when support | |
359 | ;; for that built-in is widespread. | |
360 | #:local-build? #t))) | |
05ceb8dc LC |
361 | |
362 | (define* (in-band-download file-name url | |
363 | #:key system hash-algo hash | |
364 | mirrors content-addressed-mirrors | |
365 | guile) | |
366 | "Download FILE-NAME from URL using a normal, \"in-band\" fixed-output | |
367 | derivation. | |
368 | ||
369 | This is now deprecated since it has the drawback of causing bootstrapping | |
370 | issues: we may need to build GnuTLS just to be able to download the source of | |
371 | GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>." | |
483f1158 LC |
372 | (define need-gnutls? |
373 | ;; True if any of the URLs need TLS support. | |
374 | (let ((https? (cut string-prefix? "https://" <>))) | |
375 | (match url | |
376 | ((? string?) | |
377 | (https? url)) | |
378 | ((url ...) | |
379 | (any https? url))))) | |
380 | ||
6f8f8ccb | 381 | (define builder |
e9b046fd LC |
382 | (with-imported-modules '((guix build download) |
383 | (guix build utils) | |
384 | (guix ftp-client) | |
385 | (guix base32) | |
386 | (guix base64)) | |
387 | #~(begin | |
388 | #+(if need-gnutls? | |
6f8f8ccb | 389 | |
e9b046fd LC |
390 | ;; Add GnuTLS to the inputs and to the load path. |
391 | #~(eval-when (load expand eval) | |
392 | (set! %load-path | |
393 | (cons (string-append #+(gnutls-package) | |
394 | "/share/guile/site/" | |
395 | (effective-version)) | |
396 | %load-path))) | |
397 | #~#t) | |
6f8f8ccb | 398 | |
e9b046fd LC |
399 | (use-modules (guix build download) |
400 | (guix base32)) | |
cd436bf0 | 401 | |
e9b046fd LC |
402 | (let ((value-from-environment (lambda (variable) |
403 | (call-with-input-string | |
404 | (getenv variable) | |
405 | read)))) | |
406 | (url-fetch (value-from-environment "guix download url") | |
407 | #$output | |
05ceb8dc | 408 | #:mirrors (call-with-input-file #$mirrors read) |
ced20032 | 409 | |
e9b046fd LC |
410 | ;; Content-addressed mirrors. |
411 | #:hashes | |
412 | (value-from-environment "guix download hashes") | |
413 | #:content-addressed-mirrors | |
05ceb8dc | 414 | (primitive-load #$content-addressed-mirrors) |
bc3c41ce LC |
415 | |
416 | ;; No need to validate certificates since we know the | |
417 | ;; hash of the expected result. | |
418 | #:verify-certificate? #f))))) | |
6f8f8ccb | 419 | |
6c5b56f9 | 420 | (mlet %store-monad ((guile (package->derivation guile system))) |
05ceb8dc LC |
421 | (gexp->derivation file-name builder |
422 | #:guile-for-build guile | |
423 | #:system system | |
424 | #:hash-algo hash-algo | |
425 | #:hash hash | |
426 | ||
427 | ;; Use environment variables and a fixed script | |
428 | ;; name so there's only one script in store for | |
429 | ;; all the downloads. | |
430 | #:script-name "download" | |
431 | #:env-vars | |
432 | `(("guix download url" . ,(object->string url)) | |
433 | ("guix download hashes" | |
434 | . ,(object->string `((,hash-algo . ,hash))))) | |
435 | ||
436 | ;; Honor the user's proxy settings. | |
437 | #:leaked-env-vars '("http_proxy" "https_proxy") | |
438 | ||
439 | ;; In general, offloading downloads is not a good | |
440 | ;; idea. Daemons before 0.8.3 would also | |
441 | ;; interpret this as "do not substitute" (see | |
442 | ;; <https://bugs.gnu.org/18747>.) | |
443 | #:local-build? #t))) | |
444 | ||
445 | (define* (url-fetch url hash-algo hash | |
446 | #:optional name | |
447 | #:key (system (%current-system)) | |
448 | (guile (default-guile))) | |
449 | "Return a fixed-output derivation that fetches URL (a string, or a list of | |
450 | strings denoting alternate URLs), which is expected to have hash HASH of type | |
451 | HASH-ALGO (a symbol). By default, the file name is the base name of URL; | |
452 | optionally, NAME can specify a different file name. | |
453 | ||
454 | When one of the URL starts with mirror://, then its host part is | |
455 | interpreted as the name of a mirror scheme, taken from %MIRROR-FILE. | |
456 | ||
457 | Alternately, when URL starts with file://, return the corresponding file name | |
458 | in the store." | |
459 | (define file-name | |
460 | (match url | |
461 | ((head _ ...) | |
462 | (basename head)) | |
463 | (_ | |
464 | (basename url)))) | |
465 | ||
882383a9 LC |
466 | (let ((uri (and (string? url) (string->uri url)))) |
467 | (if (or (and (string? url) (not uri)) | |
468 | (and uri (memq (uri-scheme uri) '(#f file)))) | |
f220a838 LC |
469 | (interned-file (if uri (uri-path uri) url) |
470 | (or name file-name)) | |
05ceb8dc LC |
471 | (mlet* %store-monad ((builtins (built-in-builders*)) |
472 | (download -> (if (member "download" builtins) | |
473 | built-in-download | |
474 | in-band-download))) | |
475 | (download (or name file-name) url | |
476 | #:guile guile | |
477 | #:system system | |
478 | #:hash-algo hash-algo | |
479 | #:hash hash | |
480 | #:mirrors %mirror-file | |
481 | #:content-addressed-mirrors | |
482 | %content-addressed-mirror-file))))) | |
62cab99c | 483 | |
95001d4b LC |
484 | (define* (url-fetch/tarbomb url hash-algo hash |
485 | #:optional name | |
486 | #:key (system (%current-system)) | |
487 | (guile (default-guile))) | |
488 | "Similar to 'url-fetch' but unpack the file from URL in a directory of its | |
489 | own. This helper makes it easier to deal with \"tar bombs\"." | |
58f91e4d TGR |
490 | (define file-name |
491 | (match url | |
492 | ((head _ ...) | |
493 | (basename head)) | |
494 | (_ | |
495 | (basename url)))) | |
95001d4b LC |
496 | (define gzip |
497 | (module-ref (resolve-interface '(gnu packages compression)) 'gzip)) | |
498 | (define tar | |
499 | (module-ref (resolve-interface '(gnu packages base)) 'tar)) | |
500 | ||
501 | (mlet %store-monad ((drv (url-fetch url hash-algo hash | |
58f91e4d TGR |
502 | (string-append "tarbomb-" |
503 | (or name file-name)) | |
95001d4b LC |
504 | #:system system |
505 | #:guile guile))) | |
506 | ;; Take the tar bomb, and simply unpack it as a directory. | |
58f91e4d | 507 | (gexp->derivation (or name file-name) |
95001d4b LC |
508 | #~(begin |
509 | (mkdir #$output) | |
510 | (setenv "PATH" (string-append #$gzip "/bin")) | |
511 | (chdir #$output) | |
512 | (zero? (system* (string-append #$tar "/bin/tar") | |
513 | "xf" #$drv))) | |
514 | #:local-build? #t))) | |
515 | ||
814b099a TGR |
516 | (define* (url-fetch/zipbomb url hash-algo hash |
517 | #:optional name | |
518 | #:key (system (%current-system)) | |
519 | (guile (default-guile))) | |
520 | "Similar to 'url-fetch' but unpack the zip file at URL in a directory of its | |
521 | own. This helper makes it easier to deal with \"zip bombs\"." | |
522 | (define file-name | |
523 | (match url | |
524 | ((head _ ...) | |
525 | (basename head)) | |
526 | (_ | |
527 | (basename url)))) | |
528 | (define unzip | |
529 | (module-ref (resolve-interface '(gnu packages zip)) 'unzip)) | |
530 | ||
531 | (mlet %store-monad ((drv (url-fetch url hash-algo hash | |
532 | (string-append "zipbomb-" | |
533 | (or name file-name)) | |
534 | #:system system | |
535 | #:guile guile))) | |
536 | ;; Take the zip bomb, and simply unpack it as a directory. | |
537 | (gexp->derivation (or name file-name) | |
538 | #~(begin | |
539 | (mkdir #$output) | |
540 | (chdir #$output) | |
541 | (zero? (system* (string-append #$unzip "/bin/unzip") | |
542 | #$drv))) | |
543 | #:local-build? #t))) | |
544 | ||
861693f3 | 545 | (define* (download-to-store store url #:optional (name (basename url)) |
64b8695c LC |
546 | #:key (log (current-error-port)) recursive? |
547 | (verify-certificate? #t)) | |
861693f3 | 548 | "Download from URL to STORE, either under NAME or URL's basename if |
a43b55f1 | 549 | omitted. Write progress reports to LOG. RECURSIVE? has the same effect as |
64b8695c LC |
550 | the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines |
551 | whether or not to validate HTTPS server certificates." | |
d8907ac4 LC |
552 | (define uri |
553 | (string->uri url)) | |
554 | ||
d91a8791 | 555 | (if (or (not uri) (memq (uri-scheme uri) '(file #f))) |
a43b55f1 | 556 | (add-to-store store name recursive? "sha256" |
d91a8791 | 557 | (if uri (uri-path uri) url)) |
d8907ac4 LC |
558 | (call-with-temporary-output-file |
559 | (lambda (temp port) | |
560 | (let ((result | |
561 | (parameterize ((current-output-port log)) | |
64b8695c LC |
562 | (build:url-fetch url temp |
563 | #:mirrors %mirrors | |
564 | #:verify-certificate? | |
565 | verify-certificate?)))) | |
d8907ac4 LC |
566 | (close port) |
567 | (and result | |
a43b55f1 | 568 | (add-to-store store name recursive? "sha256" temp))))))) |
861693f3 | 569 | |
62cab99c | 570 | ;;; download.scm ends here |