From 7d235a67998433d40a8f813f6990f5406a980ba7 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 10 Dec 2024 23:58:12 +0100 Subject: pull: Add ‘--no-check-certificate’. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This can be tested with: guix shell libfaketime -- faketime 2019-01-01 \ guix pull -q --no-check-certificate -p /tmp/p * guix/scripts/pull.scm (%options, show-help): Add ‘--no-check-certificate’. (%default-options): Add ‘verify-certificate?’ key. (guix-pull): Honor it. * doc/guix.texi (Invoking guix pull): Document it. Change-Id: Ia9d7af1c64156b112e86027fb637e2e02dae6e3c --- doc/guix.texi | 8 ++++++++ guix/scripts/pull.scm | 16 +++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 31deb5b0030..da4d2f5ebcf 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4643,6 +4643,14 @@ Make sure you understand its security implications before using @option{--disable-authentication}. @end quotation +@item --no-check-certificate +Do not validate the X.509 certificates of HTTPS servers. + +When using this option, you have @emph{absolutely no guarantee} that you +are communicating with the authentic server responsible for the given +URL. Unless the channel is authenticated, this makes you vulnerable to +``man-in-the-middle'' attacks. + @item --system=@var{system} @itemx -s @var{system} Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index 58d3cd7e83c..76aed0b5cca 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013-2015, 2017-2023 Ludovic Courtès +;;; Copyright © 2013-2015, 2017-2024 Ludovic Courtès ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2020, 2021 Tobias Geerinckx-Rice ;;; @@ -77,6 +77,7 @@ (debug . 0) (verbosity . 1) (authenticate-channels? . #t) + (verify-certificate? . #t) (validate-pull . ,ensure-forward-channel-update))) (define (show-help) @@ -98,6 +99,9 @@ Download and deploy the latest version of Guix.\n")) (display (G_ " --disable-authentication disable channel authentication")) + (display (G_ " + --no-check-certificate + do not validate the certificate of HTTPS servers")) (display (G_ " -N, --news display news compared to the previous generation")) (display (G_ " @@ -183,6 +187,9 @@ Download and deploy the latest version of Guix.\n")) (option '("disable-authentication") #f #f (lambda (opt name arg result) (alist-cons 'authenticate-channels? #f result))) + (option '("no-check-certificate") #f #f + (lambda (opt name arg result) + (alist-cons 'verify-certificate? #f result))) (option '(#\p "profile") #t #f (lambda (opt name arg result) (alist-cons 'profile (canonicalize-profile arg) @@ -845,7 +852,8 @@ Use '~/.config/guix/channels.scm' instead.")) (profile (or (assoc-ref opts 'profile) %current-profile)) (current-channels (profile-channels profile)) (validate-pull (assoc-ref opts 'validate-pull)) - (authenticate? (assoc-ref opts 'authenticate-channels?))) + (authenticate? (assoc-ref opts 'authenticate-channels?)) + (verify-certificate? (assoc-ref opts 'verify-certificate?))) (cond ((assoc-ref opts 'query) (process-query opts profile)) @@ -877,7 +885,9 @@ Use '~/.config/guix/channels.scm' instead.")) #:validate-pull validate-pull #:authenticate? - authenticate?))) + authenticate? + #:verify-certificate? + verify-certificate?))) (format (current-error-port) (N_ "Building from this channel:~%" "Building from these channels:~%" -- cgit v1.2.3