pull: Add ‘--no-check-certificate’.

This can be tested with: guix shell libfaketime -- faketime 2019-01-01 \ guix pull -q --no-check-certificate -p /tmp/p * guix/scripts/pull.scm (%options, show-help): Add ‘--no-check-certificate’. (%default-options): Add ‘verify-certificate?’ key. (guix-pull): Honor it. * doc/guix.texi (Invoking guix pull): Document it. Change-Id: Ia9d7af1c64156b112e86027fb637e2e02dae6e3c
2025-01-18 21:46:35 +01:00 · 2024-12-10 23:58:12 +01:00 · 2024-12-10 23:58:12 +01:00 · 7d235a6799
commit 7d235a6799
parent e168d31819
2 changed files with 21 additions and 3 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -4643,6 +4643,14 @@ Make sure you understand its security implications before using
@option{--disable-authentication}.
@end quotation

+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL.  Unless the channel is authenticated, this makes you vulnerable to
+``man-in-the-middle'' attacks.
+
@item --system=@var{system}
@itemx -s @var{system}
 Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2015, 2017-2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013-2015, 2017-2024 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
@ -77,6 +77,7 @@ (define %default-options
    (debug . 0)
    (verbosity . 1)
    (authenticate-channels? . #t)
+    (verify-certificate? . #t)
    (validate-pull . ,ensure-forward-channel-update)))

 (define (show-help)
@ -98,6 +99,9 @@ (define (show-help)
  (display (G_ "
      --disable-authentication
                         disable channel authentication"))
+  (display (G_ "
+      --no-check-certificate
+                         do not validate the certificate of HTTPS servers"))
  (display (G_ "
  -N, --news             display news compared to the previous generation"))
  (display (G_ "
@ -183,6 +187,9 @@ (define %options
         (option '("disable-authentication") #f #f
                 (lambda (opt name arg result)
                   (alist-cons 'authenticate-channels? #f result)))
+         (option '("no-check-certificate") #f #f
+                 (lambda (opt name arg result)
+                   (alist-cons 'verify-certificate? #f result)))
         (option '(#\p "profile") #t #f
                 (lambda (opt name arg result)
                   (alist-cons 'profile (canonicalize-profile arg)
@ -845,7 +852,8 @@ (define (no-arguments arg _)
            (profile      (or (assoc-ref opts 'profile) %current-profile))
            (current-channels (profile-channels profile))
            (validate-pull    (assoc-ref opts 'validate-pull))
-            (authenticate?    (assoc-ref opts 'authenticate-channels?)))
+            (authenticate?    (assoc-ref opts 'authenticate-channels?))
+            (verify-certificate? (assoc-ref opts 'verify-certificate?)))
       (cond
        ((assoc-ref opts 'query)
         (process-query opts profile))
@ -877,7 +885,9 @@ (define (no-arguments arg _)
                                                   #:validate-pull
                                                   validate-pull
                                                   #:authenticate?
-                                                   authenticate?)))
+                                                   authenticate?
+                                                   #:verify-certificate?
+                                                   verify-certificate?)))
                   (format (current-error-port)
                           (N_ "Building from this channel:~%"
                               "Building from these channels:~%"