perform-download: Add backward-compatible case.
This is meant to ease transition for people running an older guix-daemon
invoking a recent 'guix perform-download' with only one argument.
This is a followup to 9b5364a3af
.
* guix/scripts/perform-download.scm (perform-download): Make 'output'
optional. Bind 'output*' from DRV's "out" and honor it.
(guix-perform-download): Add clause with one argument.
master
parent
aaa2581b61
commit
26ab00a0a9
|
@ -41,20 +41,23 @@
|
|||
(module-use! module (resolve-interface '(guix base32)))
|
||||
module))
|
||||
|
||||
(define (perform-download drv output)
|
||||
(define* (perform-download drv #:optional output)
|
||||
"Perform the download described by DRV, a fixed-output derivation, to
|
||||
OUTPUT.
|
||||
|
||||
Note: We don't read the value of 'out' in DRV since the actual output is
|
||||
different from that when we're doing a 'bmCheck' or 'bmRepair' build."
|
||||
Note: Unless OUTPUT is #f, we don't read the value of 'out' in DRV since the
|
||||
actual output is different from that when we're doing a 'bmCheck' or
|
||||
'bmRepair' build."
|
||||
(derivation-let drv ((url "url")
|
||||
(output* "out")
|
||||
(executable "executable")
|
||||
(mirrors "mirrors")
|
||||
(content-addressed-mirrors "content-addressed-mirrors"))
|
||||
(unless url
|
||||
(leave (_ "~a: missing URL~%") (derivation-file-name drv)))
|
||||
|
||||
(let* ((url (call-with-input-string url read))
|
||||
(let* ((output (or output output*))
|
||||
(url (call-with-input-string url read))
|
||||
(drv-output (assoc-ref (derivation-outputs drv) "out"))
|
||||
(algo (derivation-output-hash-algo drv-output))
|
||||
(hash (derivation-output-hash drv-output)))
|
||||
|
@ -94,17 +97,20 @@ the daemon and not explicitly described as an input of the derivation. This
|
|||
allows us to sidestep bootstrapping problems, such downloading the source code
|
||||
of GnuTLS over HTTPS, before we have built GnuTLS. See
|
||||
<http://bugs.gnu.org/22774>."
|
||||
|
||||
;; This program must be invoked by guix-daemon under an unprivileged UID to
|
||||
;; prevent things downloading from 'file:///etc/shadow' or arbitrary code
|
||||
;; execution via the content-addressed mirror procedures. (That means we
|
||||
;; exclude users who did not pass '--build-users-group'.)
|
||||
(with-error-handling
|
||||
(match args
|
||||
(((? derivation-path? drv) (? store-path? output))
|
||||
;; This program must be invoked by guix-daemon under an unprivileged
|
||||
;; UID to prevent things downloading from 'file:///etc/shadow' or
|
||||
;; arbitrary code execution via the content-addressed mirror
|
||||
;; procedures. (That means we exclude users who did not pass
|
||||
;; '--build-users-group'.)
|
||||
(assert-low-privileges)
|
||||
(perform-download (call-with-input-file drv read-derivation)
|
||||
output))
|
||||
(((? derivation-path? drv)) ;backward compatibility
|
||||
(assert-low-privileges)
|
||||
(perform-download (call-with-input-file drv read-derivation)))
|
||||
(("--version")
|
||||
(show-version-and-exit))
|
||||
(x
|
||||
|
|
Reference in New Issue