[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/05: substitute: Make '%allow-unauthenticated-substitutes?' public.
From: |
guix-commits |
Subject: |
03/05: substitute: Make '%allow-unauthenticated-substitutes?' public. |
Date: |
Tue, 26 Nov 2019 18:03:34 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 434138e2f26b28bb5cc83e62327aae8ed0902475
Author: Ludovic Courtès <address@hidden>
Date: Tue Nov 26 12:30:45 2019 +0100
substitute: Make '%allow-unauthenticated-substitutes?' public.
* guix/scripts/substitute.scm (warn-about-missing-authentication): New
procedure.
(%allow-unauthenticated-substitutes?): Turn into a public parameter and
use 'warn-about-missing-authentication'.
(valid-narinfo?): Adjust accordingly.
* tests/substitute.scm (call-with-narinfo): Likewise.
---
guix/scripts/substitute.scm | 22 +++++++++++++++-------
tests/substitute.scm | 6 ++----
2 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm
index 992b21d..ba2fb29 100755
--- a/guix/scripts/substitute.scm
+++ b/guix/scripts/substitute.scm
@@ -86,6 +86,8 @@
read-narinfo
write-narinfo
+ %allow-unauthenticated-substitutes?
+
substitute-urls
guix-substitute))
@@ -118,15 +120,21 @@
(string-append %state-directory "/substitute/cache"))
(string-append (cache-directory #:ensure? #f) "/substitute")))
+(define (warn-about-missing-authentication)
+ (warning (G_ "authentication and authorization of substitutes \
+disabled!~%"))
+ #t)
+
(define %allow-unauthenticated-substitutes?
;; Whether to allow unchecked substitutes. This is useful for testing
;; purposes, and should be avoided otherwise.
- (and (and=> (getenv "GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES")
- (cut string-ci=? <> "yes"))
- (begin
- (warning (G_ "authentication and authorization of substitutes \
-disabled!~%"))
- #t)))
+ (make-parameter
+ (and=> (getenv "GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES")
+ (cut string-ci=? <> "yes"))
+ (lambda (value)
+ (when value
+ (warn-about-missing-authentication))
+ value)))
(define %narinfo-ttl
;; Number of seconds during which cached narinfo lookups are considered
@@ -370,7 +378,7 @@ No authentication and authorization checks are performed
here!"
(define* (valid-narinfo? narinfo #:optional (acl (current-acl))
#:key verbose?)
"Return #t if NARINFO's signature is not valid."
- (or %allow-unauthenticated-substitutes?
+ (or (%allow-unauthenticated-substitutes?)
(let ((hash (narinfo-sha256 narinfo))
(signature (narinfo-signature narinfo))
(uri (uri->string (first (narinfo-uris narinfo)))))
diff --git a/tests/substitute.scm b/tests/substitute.scm
index ff2be66..a4246af 100644
--- a/tests/substitute.scm
+++ b/tests/substitute.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Nikita Karetnikov <address@hidden>
-;;; Copyright © 2014, 2015, 2017, 2018 Ludovic Courtès <address@hidden>
+;;; Copyright © 2014, 2015, 2017, 2018, 2019 Ludovic Courtès <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -169,9 +169,7 @@ a file for NARINFO."
(cute write-file
(string-append narinfo-directory "/example.out") <>))
- (set! (@@ (guix scripts substitute)
- %allow-unauthenticated-substitutes?)
- #f))
+ (%allow-unauthenticated-substitutes? #f))
thunk
(lambda ()
(when (file-exists? cache-directory)