pull: Add ‘--no-check-certificate’.

This can be tested with: guix shell libfaketime -- faketime 2019-01-01 \ guix pull -q --no-check-certificate -p /tmp/p * guix/scripts/pull.scm (%options, show-help): Add ‘--no-check-certificate’. (%default-options): Add ‘verify-certificate?’ key. (guix-pull): Honor it. * doc/guix.texi (Invoking guix pull): Document it. Change-Id: Ia9d7af1c64156b112e86027fb637e2e02dae6e3c
author: Ludovic Courtès <ludo@gnu.org> 2024-12-10 23:58:12 +0100
committer: Ludovic Courtès <ludo@gnu.org> 2024-12-25 23:51:10 +0100
commit: 7d235a67998433d40a8f813f6990f5406a980ba7 (patch)
tree: 8b302fc139d6a8297e1be3b3640b29b556485e15 /doc
parent: e168d318195a330bd08e230407470fc03dad13ad (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 31deb5b003..da4d2f5ebc 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4643,6 +4643,14 @@ Make sure you understand its security implications before using
 @option{--disable-authentication}.
 @end quotation
 
+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL.  Unless the channel is authenticated, this makes you vulnerable to
+``man-in-the-middle'' attacks.
+
 @item --system=@var{system}
 @itemx -s @var{system}
 Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of
author	Ludovic Courtès <ludo@gnu.org>	2024-12-10 23:58:12 +0100
committer	Ludovic Courtès <ludo@gnu.org>	2024-12-25 23:51:10 +0100
commit	7d235a67998433d40a8f813f6990f5406a980ba7 (patch)
tree	8b302fc139d6a8297e1be3b3640b29b556485e15 /doc
parent	e168d318195a330bd08e230407470fc03dad13ad (diff)