| blob | 8a0b19c01218ebd8c0b8496709bdd515f9d790b9 |
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
4 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
5 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
6 ;;; Copyright © 2016 David Craven <david@craven.ch>
7 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
8 ;;;
9 ;;; This file is part of GNU Guix.
10 ;;;
11 ;;; GNU Guix is free software; you can redistribute it and/or modify it
12 ;;; under the terms of the GNU General Public License as published by
13 ;;; the Free Software Foundation; either version 3 of the License, or (at
14 ;;; your option) any later version.
15 ;;;
16 ;;; GNU Guix is distributed in the hope that it will be useful, but
17 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
18 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ;;; GNU General Public License for more details.
20 ;;;
21 ;;; You should have received a copy of the GNU General Public License
22 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
24 (define-module (guix download)
25 #:use-module (ice-9 match)
26 #:use-module (guix derivations)
27 #:use-module (guix packages)
28 #:use-module (guix store)
29 #:use-module ((guix build download) #:prefix build:)
30 #:use-module (guix monads)
31 #:use-module (guix gexp)
32 #:use-module (guix utils)
33 #:use-module (web uri)
34 #:use-module (srfi srfi-1)
35 #:use-module (srfi srfi-26)
36 #:export (%mirrors
37 url-fetch
38 url-fetch/tarbomb
39 url-fetch/zipbomb
40 download-to-store))
42 ;;; Commentary:
43 ;;;
44 ;;; Produce fixed-output derivations with data fetched over HTTP or FTP.
45 ;;;
46 ;;; Code:
48 (define %mirrors
49 ;; Mirror lists used when `mirror://' URLs are passed.
50 (let* ((gnu-mirrors
51 '(;; This one redirects to a (supposedly) nearby and (supposedly)
52 ;; up-to-date mirror.
53 "https://ftpmirror.gnu.org/gnu/"
55 "ftp://ftp.cs.tu-berlin.de/pub/gnu/"
56 "ftp://ftp.funet.fi/pub/mirrors/ftp.gnu.org/gnu/"
58 ;; This one is the master repository, and thus it's always
59 ;; up-to-date.
60 "http://ftp.gnu.org/pub/gnu/")))
61 `((gnu ,@gnu-mirrors)
62 (gcc
63 "ftp://ftp.nluug.nl/mirror/languages/gcc/"
64 "ftp://ftp.fu-berlin.de/unix/languages/gcc/"
65 "ftp://ftp.irisa.fr/pub/mirrors/gcc.gnu.org/gcc/"
66 "ftp://gcc.gnu.org/pub/gcc/"
67 ,@(map (cut string-append <> "/gcc") gnu-mirrors))
68 (gnupg
69 "http://gd.tuwien.ac.at/privacy/gnupg/"
70 "http://artfiles.org/gnupg.org"
71 "http://www.crysys.hu/"
72 "https://gnupg.org/ftp/gcrypt/"
73 "ftp://mirrors.dotsrc.org/gcrypt/"
74 "ftp://mirror.cict.fr/gnupg/"
75 "ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/"
76 "ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/"
77 "ftp://ftp.hi.is/pub/mirrors/gnupg/"
78 "ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/"
79 "ftp://ftp.bit.nl/mirror/gnupg/"
80 "ftp://ftp.surfnet.nl/pub/security/gnupg/"
81 "ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/"
82 "ftp://ftp.sunet.se/pub/security/gnupg/"
83 "ftp://mirror.switch.ch/mirror/gnupg/"
84 "ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/"
85 "ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/"
86 "ftp://ftp.ring.gr.jp/pub/net/gnupg/"
87 "ftp://ftp.gnupg.org/gcrypt/")
88 (gnome
89 "http://ftp.belnet.be/ftp.gnome.org/"
90 "http://ftp.linux.org.uk/mirrors/ftp.gnome.org/"
91 "http://ftp.gnome.org/pub/GNOME/"
92 "https://download.gnome.org/"
93 "http://mirror.yandex.ru/mirrors/ftp.gnome.org/")
94 (hackage
95 "http://hackage.haskell.org/")
96 (savannah
97 "http://download.savannah.gnu.org/releases/"
98 "http://ftp.cc.uoc.gr/mirrors/nongnu.org/"
99 "http://ftp.twaren.net/Unix/NonGNU/"
100 "http://mirror.csclub.uwaterloo.ca/nongnu/"
101 "http://nongnu.askapache.com/"
102 "http://savannah.c3sl.ufpr.br/"
103 "http://download.savannah.gnu.org/releases-noredirect/"
104 "http://download-mirror.savannah.gnu.org/releases/"
105 "ftp://ftp.twaren.net/Unix/NonGNU/"
106 "ftp://mirror.csclub.uwaterloo.ca/nongnu/"
107 "ftp://mirror.publicns.net/pub/nongnu/"
108 "ftp://savannah.c3sl.ufpr.br/")
109 (sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/
110 "http://downloads.sourceforge.net/project/"
111 "http://ufpr.dl.sourceforge.net/project/"
112 "http://heanet.dl.sourceforge.net/project/"
113 "http://freefr.dl.sourceforge.net/project/"
114 "http://internode.dl.sourceforge.net/project/"
115 "http://jaist.dl.sourceforge.net/project/"
116 "http://kent.dl.sourceforge.net/project/"
117 "http://liquidtelecom.dl.sourceforge.net/project/"
118 ;; "http://nbtelecom.dl.sourceforge.net/project/" ;never returns 404s
119 "http://nchc.dl.sourceforge.net/project/"
120 "http://ncu.dl.sourceforge.net/project/"
121 "http://netcologne.dl.sourceforge.net/project/"
122 "http://netix.dl.sourceforge.net/project/"
123 "http://pilotfiber.dl.sourceforge.net/project/"
124 "http://superb-sea2.dl.sourceforge.net/project/"
125 "http://tenet.dl.sourceforge.net/project/"
126 "http://vorboss.dl.sourceforge.net/project/"
127 "http://netassist.dl.sourceforge.net/project/")
128 (netfilter.org ; https://www.netfilter.org/mirrors.html
129 "http://ftp.netfilter.org/pub/"
130 "ftp://ftp.es.netfilter.org/mirrors/netfilter/"
131 "ftp://ftp.hu.netfilter.org/"
132 "ftp://www.lt.netfilter.org/pub/")
133 (kernel.org
134 "http://ramses.wh2.tu-dresden.de/pub/mirrors/kernel.org/"
135 "http://linux-kernel.uio.no/pub/"
136 "http://kernel.osuosl.org/pub/"
137 "http://ftp.be.debian.org/pub/"
138 "http://mirror.linux.org.au/"
139 "ftp://ftp.funet.fi/pub/mirrors/ftp.kernel.org/pub/")
140 (apache ; from http://www.apache.org/mirrors/dist.html
141 "http://www.eu.apache.org/dist/"
142 "http://www.us.apache.org/dist/"
143 "http://apache.belnet.be/"
144 "http://mirrors.ircam.fr/pub/apache/"
145 "http://apache-mirror.rbc.ru/pub/apache/"
146 "ftp://gd.tuwien.ac.at/pub/infosys/servers/http/apache/dist/"
148 ;; As a last resort, try the archive.
149 "http://archive.apache.org/dist/")
150 (xorg ; from http://www.x.org/wiki/Releases/Download
151 "http://www.x.org/releases/" ; main mirrors
152 "http://mirror.csclub.uwaterloo.ca/x.org/" ; North America
153 "http://xorg.mirrors.pair.com/"
154 "http://mirror.us.leaseweb.net/xorg/"
155 "ftp://mirror.csclub.uwaterloo.ca/x.org/"
156 "ftp://xorg.mirrors.pair.com/"
157 "ftp://artfiles.org/x.org/" ; Europe
158 "ftp://ftp.chg.ru/pub/X11/x.org/"
159 "ftp://ftp.fu-berlin.de/unix/X11/FTP.X.ORG/"
160 "ftp://ftp.gwdg.de/pub/x11/x.org/"
161 "ftp://ftp.mirrorservice.org/sites/ftp.x.org/"
162 "ftp://ftp.ntua.gr/pub/X11/"
163 "ftp://ftp.piotrkosoft.net/pub/mirrors/ftp.x.org/"
164 "ftp://ftp.portal-to-web.de/pub/mirrors/x.org/"
165 "ftp://ftp.solnet.ch/mirror/x.org/"
166 "ftp://gd.tuwien.ac.at/X11/"
167 "ftp://mi.mirror.garr.it/mirrors/x.org/"
168 "ftp://mirror.cict.fr/x.org/"
169 "ftp://mirror.switch.ch/mirror/X11/"
170 "ftp://mirrors.ircam.fr/pub/x.org/"
171 "ftp://x.mirrors.skynet.be/pub/ftp.x.org/"
172 "http://x.cs.pu.edu.tw/" ; East Asia
173 "ftp://ftp.cs.cuhk.edu.hk/pub/X11"
174 "ftp://ftp.u-aizu.ac.jp/pub/x11/x.org/"
175 "ftp://ftp.yz.yamagata-u.ac.jp/pub/X11/x.org/"
176 "ftp://ftp.kaist.ac.kr/x.org/"
177 "ftp://mirrors.go-part.com/xorg/"
178 "ftp://ftp.is.co.za/pub/x.org") ; South Africa
179 (cpan
180 "http://www.cpan.org/"
181 "http://cpan.metacpan.org/"
182 ;; A selection of HTTP mirrors from http://www.cpan.org/SITES.html.
183 ;; Europe.
184 "http://ftp.belnet.be/mirror/ftp.cpan.org/"
185 "http://mirrors.nic.cz/CPAN/"
186 "http://mirror.ibcp.fr/pub/CPAN/"
187 "http://ftp.ntua.gr/pub/lang/perl/"
188 "http://kvin.lv/pub/CPAN/"
189 "http://mirror.as43289.net/pub/CPAN/"
190 "http://cpan.cs.uu.nl/"
191 "http://cpan.uib.no/"
192 "http://cpan-mirror.rbc.ru/pub/CPAN/"
193 "http://mirror.sbb.rs/CPAN/"
194 "http://cpan.lnx.sk/"
195 "http://ftp.rediris.es/mirror/CPAN/"
196 "http://mirror.ox.ac.uk/sites/www.cpan.org/"
197 ;; Africa.
198 "http://mirror.liquidtelecom.com/CPAN/"
199 "http://cpan.mirror.ac.za/"
200 "http://mirror.is.co.za/pub/cpan/"
201 "http://cpan.saix.net/"
202 "http://mirror.ucu.ac.ug/cpan/"
203 ;; North America.
204 "http://mirrors.gossamer-threads.com/CPAN/"
205 "http://mirror.csclub.uwaterloo.ca/CPAN/"
206 "http://mirrors.ucr.ac.cr/CPAN/"
207 "http://www.msg.com.mx/CPAN/"
208 "http://mirrors.namecheap.com/CPAN/"
209 "http://mirror.uic.edu/CPAN/"
210 "http://mirror.datapipe.net/CPAN/"
211 "http://mirror.cc.columbia.edu/pub/software/cpan/"
212 "http://mirror.uta.edu/CPAN/"
213 ;; South America.
214 "http://cpan.mmgdesigns.com.ar/"
215 "http://mirror.nbtelecom.com.br/CPAN/"
216 "http://linorg.usp.br/CPAN/"
217 "http://cpan.dcc.uchile.cl/"
218 "http://mirror.cedia.org.ec/CPAN/"
219 ;; Oceania.
220 "http://cpan.mirror.serversaustralia.com.au/"
221 "http://mirror.waia.asn.au/pub/cpan/"
222 "http://mirror.as24220.net/pub/cpan/"
223 "http://cpan.lagoon.nc/pub/CPAN/"
224 "http://cpan.inspire.net.nz/"
225 ;; Asia.
226 "http://mirror.dhakacom.com/CPAN/"
227 "http://mirrors.ustc.edu.cn/CPAN/"
228 "http://ftp.cuhk.edu.hk/pub/packages/perl/CPAN/"
229 "http://kambing.ui.ac.id/cpan/"
230 "http://cpan.hostiran.ir/"
231 "http://ftp.nara.wide.ad.jp/pub/CPAN/"
232 "http://mirror.neolabs.kz/CPAN/"
233 "http://cpan.nctu.edu.tw/"
234 "http://cpan.ulak.net.tr/"
235 "http://mirrors.vinahost.vn/CPAN/")
236 (cran
237 ;; Arbitrary mirrors from http://cran.r-project.org/mirrors.html
238 ;; This one automatically redirects to servers worldwide
239 "http://cran.r-project.org/"
240 "http://cran.rstudio.com/"
241 "http://cran.univ-lyon1.fr/"
242 "http://cran.ism.ac.jp/"
243 "http://cran.stat.auckland.ac.nz/"
244 "http://cran.mirror.ac.za/"
245 "http://cran.csie.ntu.edu.tw/")
246 (imagemagick
247 ;; from http://www.imagemagick.org/script/download.php
248 ;; (without mirrors that are unavailable or not up to date)
249 ;; mirrors keeping old versions at the top level
250 "https://sunsite.icm.edu.pl/packages/ImageMagick/"
251 ;; mirrors moving old versions to "legacy"
252 "http://mirrors-usa.go-parts.com/mirrors/ImageMagick/"
253 "http://mirror.checkdomain.de/imagemagick/"
254 "http://ftp.surfnet.nl/pub/ImageMagick/"
255 "http://mirror.searchdaimon.com/ImageMagick"
256 "http://mirror.is.co.za/pub/imagemagick/"
257 "http://www.imagemagick.org/download/"
258 "ftp://mirror.aarnet.edu.au/pub/imagemagick/"
259 "ftp://ftp.kddlabs.co.jp/graphics/ImageMagick/"
260 "ftp://ftp.u-aizu.ac.jp/pub/graphics/image/ImageMagick/imagemagick.org/"
261 "ftp://ftp.nluug.nl/pub/ImageMagick/"
262 "ftp://ftp.tpnet.pl/pub/graphics/ImageMagick/"
263 "ftp://ftp.fifi.org/pub/ImageMagick/"
264 ;; one legacy location as a last resort
265 "http://www.imagemagick.org/download/legacy/")
266 (debian
267 "http://ftp.de.debian.org/debian/"
268 "http://ftp.fr.debian.org/debian/"
269 "http://ftp.debian.org/debian/"
270 "http://archive.debian.org/debian/")
271 (kde
272 "http://download.kde.org"
273 "http://download.kde.org/Attic" ; for when it gets archived.
274 ;; Mirrors from http://files.kde.org/extra/mirrors.html
275 ;; Europe
276 "http://mirror.easyname.at/kde"
277 "http://mirror.karneval.cz/pub/kde"
278 "http://ftp.fi.muni.cz/pub/kde/"
279 "http://mirror.oss.maxcdn.com/kde/"
280 "http://ftp5.gwdg.de/pub/linux/kde/"
281 "http://ftp-stud.fht-esslingen.de/Mirrors/ftp.kde.org/pub/kde/"
282 "http://mirror.klaus-uwe.me/kde/ftp/"
283 "http://kde.beta.mirror.ga/"
284 "http://kde.alpha.mirror.ga/"
285 "http://mirror.netcologne.de/kde"
286 "http://vesta.informatik.rwth-aachen.de/ftp/pub/mirror/kde/"
287 "http://ftp.rz.uni-wuerzburg.de/pub/unix/kde/"
288 "http://mirrors.dotsrc.org/kde/"
289 "http://ftp.funet.fi/pub/mirrors/ftp.kde.org/pub/kde/"
290 "http://kde-mirror.freenux.org/"
291 "http://mirrors.ircam.fr/pub/KDE/"
292 "http://www-ftp.lip6.fr/pub/X11/kde/"
293 "http://fr2.rpmfind.net/linux/KDE/"
294 "http://kde.mirror.anlx.net/"
295 "http://www.mirrorservice.org/sites/ftp.kde.org/pub/kde/"
296 "http://ftp.heanet.ie/mirrors/ftp.kde.org/"
297 "http://ftp.nluug.nl/pub/windowing/kde/"
298 "http://ftp.surfnet.nl/windowing/kde/"
299 "http://ftp.icm.edu.pl/pub/unix/kde/"
300 "http://ftp.pbone.net/pub/kde/"
301 "http://piotrkosoft.net/pub/mirrors/ftp.kde.org/"
302 "http://mirrors.fe.up.pt/pub/kde/"
303 "http://ftp.iasi.roedu.net/pub/mirrors/ftp.kde.org/"
304 "http://ftp.acc.umu.se/mirror/kde.org/ftp/"
305 "http://kde.ip-connect.vn.ua/"
306 ;; North America
307 "http://mirror.its.dal.ca/kde/"
308 "http://mirror.csclub.uwaterloo.ca/kde/"
309 "http://mirror.cc.columbia.edu/pub/software/kde/"
310 "http://mirrors-usa.go-parts.com/kde"
311 "http://kde.mirrors.hoobly.com/"
312 "http://ftp.ussg.iu.edu/kde/"
313 "http://mirrors.mit.edu/kde/"
314 "http://kde.mirrors.tds.net/pub/kde/"
315 ;; Oceania
316 "http://ftp.kddlabs.co.jp/pub/X11/kde/"
317 "http://kde.mirror.uber.com.au/")
318 (openbsd
319 "https://ftp.openbsd.org/pub/OpenBSD/"
320 ;; Anycast CDN redirecting to your friendly local mirror.
321 "https://mirrors.evowise.com/pub/OpenBSD/"
322 ;; Other HTTPS mirrors from https://www.openbsd.org/ftp.html
323 "https://mirror.aarnet.edu.au/pub/OpenBSD/"
324 "https://ftp2.eu.openbsd.org/pub/OpenBSD/"
325 "https://openbsd.c3sl.ufpr.br/pub/OpenBSD/"
326 "https://openbsd.ipacct.com/pub/OpenBSD/"
327 "https://ftp.OpenBSD.org/pub/OpenBSD/"
328 "https://openbsd.cs.toronto.edu/pub/OpenBSD/"
329 "https://openbsd.delfic.org/pub/OpenBSD/"
330 "https://openbsd.mirror.netelligent.ca/pub/OpenBSD/"
331 "https://mirrors.ucr.ac.cr/pub/OpenBSD/"
332 "https://mirrors.dotsrc.org/pub/OpenBSD/"
333 "https://mirror.one.com/pub/OpenBSD/"
334 "https://ftp.fr.openbsd.org/pub/OpenBSD/"
335 "https://ftp2.fr.openbsd.org/pub/OpenBSD/"
336 "https://mirrors.ircam.fr/pub/OpenBSD/"
337 "https://ftp.spline.de/pub/OpenBSD/"
338 "https://mirror.hs-esslingen.de/pub/OpenBSD/"
339 "https://ftp.halifax.rwth-aachen.de/openbsd/"
340 "https://ftp.hostserver.de/pub/OpenBSD/"
341 "https://ftp.fau.de/pub/OpenBSD/"
342 "https://ftp.cc.uoc.gr/pub/OpenBSD/"
343 "https://openbsd.hk/pub/OpenBSD/"
344 "https://ftp.heanet.ie/pub/OpenBSD/"
345 "https://openbsd.mirror.garr.it/pub/OpenBSD/"
346 "https://mirror.litnet.lt/pub/OpenBSD/"
347 "https://mirror.meerval.net/pub/OpenBSD/"
348 "https://ftp.nluug.nl/pub/OpenBSD/"
349 "https://ftp.bit.nl/pub/OpenBSD/"
350 "https://mirrors.dalenys.com/pub/OpenBSD/"
351 "https://ftp.icm.edu.pl/pub/OpenBSD/"
352 "https://ftp.rnl.tecnico.ulisboa.pt/pub/OpenBSD/"
353 "https://mirrors.pidginhost.com/pub/OpenBSD/"
354 "https://mirror.yandex.ru/pub/OpenBSD/"
355 "https://ftp.eu.openbsd.org/pub/OpenBSD/"
356 "https://ftp.yzu.edu.tw/pub/OpenBSD/"
357 "https://www.mirrorservice.org/pub/OpenBSD/"
358 "https://anorien.csc.warwick.ac.uk/pub/OpenBSD/"
359 "https://mirror.bytemark.co.uk/pub/OpenBSD/"
360 "https://mirrors.sonic.net/pub/OpenBSD/"
361 "https://ftp3.usa.openbsd.org/pub/OpenBSD/"
362 "https://mirrors.syringanetworks.net/pub/OpenBSD/"
363 "https://openbsd.mirror.constant.com/pub/OpenBSD/"
364 "https://ftp4.usa.openbsd.org/pub/OpenBSD/"
365 "https://ftp5.usa.openbsd.org/pub/OpenBSD/"
366 "https://mirror.esc7.net/pub/OpenBSD/"))))
368 (define %mirror-file
369 ;; Copy of the list of mirrors to a file. This allows us to keep a single
370 ;; copy in the store, and computing it here avoids repeated calls to
371 ;; 'object->string'.
372 (plain-file "mirrors" (object->string %mirrors)))
374 (define %content-addressed-mirrors
375 ;; List of content-addressed mirrors. Each mirror is represented as a
376 ;; procedure that takes a file name, an algorithm (symbol) and a hash
377 ;; (bytevector), and returns a URL or #f.
378 ;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>.
379 ;; TODO: Add more.
380 '(list (lambda (file algo hash)
381 ;; Files served by 'guix publish' are accessible under a single
382 ;; hash algorithm.
383 (string-append "http://mirror.hydra.gnu.org/file/"
384 file "/" (symbol->string algo) "/"
385 (bytevector->nix-base32-string hash)))
386 (lambda (file algo hash)
387 ;; 'tarballs.nixos.org' supports several algorithms.
388 (string-append "http://tarballs.nixos.org/"
389 (symbol->string algo) "/"
390 (bytevector->nix-base32-string hash)))))
392 (define %content-addressed-mirror-file
393 ;; Content-addressed mirrors stored in a file.
394 (plain-file "content-addressed-mirrors"
395 (object->string %content-addressed-mirrors)))
397 (define (gnutls-package)
398 "Return the default GnuTLS package."
399 (let ((module (resolve-interface '(gnu packages tls))))
400 (module-ref module 'gnutls)))
402 (define built-in-builders*
403 (let ((cache (make-weak-key-hash-table)))
404 (lambda ()
405 "Return, as a monadic value, the list of built-in builders supported by
406 the daemon."
407 (lambda (store)
408 ;; Memoize the result to avoid repeated RPCs.
409 (values (or (hashq-ref cache store)
410 (let ((result (built-in-builders store)))
411 (hashq-set! cache store result)
412 result))
413 store)))))
415 (define* (built-in-download file-name url
416 #:key system hash-algo hash
417 mirrors content-addressed-mirrors
418 (guile 'unused))
419 "Download FILE-NAME from URL using the built-in 'download' builder.
421 This is an \"out-of-band\" download in that the returned derivation does not
422 explicitly depend on Guile, GnuTLS, etc. Instead, the daemon performs the
423 download by itself using its own dependencies."
424 (mlet %store-monad ((mirrors (lower-object mirrors))
425 (content-addressed-mirrors
426 (lower-object content-addressed-mirrors)))
427 (raw-derivation file-name "builtin:download" '()
428 #:system system
429 #:hash-algo hash-algo
430 #:hash hash
431 #:inputs `((,mirrors)
432 (,content-addressed-mirrors))
434 ;; Honor the user's proxy and locale settings.
435 #:leaked-env-vars '("http_proxy" "https_proxy"
436 "LC_ALL" "LC_MESSAGES" "LANG"
437 "COLUMNS")
439 #:env-vars `(("url" . ,(object->string url))
440 ("mirrors" . ,mirrors)
441 ("content-addressed-mirrors"
442 . ,content-addressed-mirrors))
444 ;; Do not offload this derivation because we cannot be
445 ;; sure that the remote daemon supports the 'download'
446 ;; built-in. We may remove this limitation when support
447 ;; for that built-in is widespread.
448 #:local-build? #t)))
450 (define* (in-band-download file-name url
451 #:key system hash-algo hash
452 mirrors content-addressed-mirrors
453 guile)
454 "Download FILE-NAME from URL using a normal, \"in-band\" fixed-output
455 derivation.
457 This is now deprecated since it has the drawback of causing bootstrapping
458 issues: we may need to build GnuTLS just to be able to download the source of
459 GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>."
460 (define need-gnutls?
461 ;; True if any of the URLs need TLS support.
462 (let ((https? (cut string-prefix? "https://" <>)))
463 (match url
464 ((? string?)
465 (https? url))
466 ((url ...)
467 (any https? url)))))
469 (define builder
470 (with-imported-modules '((guix build download)
471 (guix build utils)
472 (guix ftp-client)
473 (guix base32)
474 (guix base64))
475 #~(begin
476 #+(if need-gnutls?
478 ;; Add GnuTLS to the inputs and to the load path.
479 #~(eval-when (load expand eval)
480 (set! %load-path
481 (cons (string-append #+(gnutls-package)
482 "/share/guile/site/"
483 (effective-version))
484 %load-path)))
485 #~#t)
487 (use-modules (guix build download)
488 (guix base32))
490 (let ((value-from-environment (lambda (variable)
491 (call-with-input-string
492 (getenv variable)
493 read))))
494 (url-fetch (value-from-environment "guix download url")
495 #$output
496 #:mirrors (call-with-input-file #$mirrors read)
498 ;; Content-addressed mirrors.
499 #:hashes
500 (value-from-environment "guix download hashes")
501 #:content-addressed-mirrors
502 (primitive-load #$content-addressed-mirrors)
504 ;; No need to validate certificates since we know the
505 ;; hash of the expected result.
506 #:verify-certificate? #f)))))
508 (mlet %store-monad ((guile (package->derivation guile system)))
509 (gexp->derivation file-name builder
510 #:guile-for-build guile
511 #:system system
512 #:hash-algo hash-algo
513 #:hash hash
515 ;; Use environment variables and a fixed script
516 ;; name so there's only one script in store for
517 ;; all the downloads.
518 #:script-name "download"
519 #:env-vars
520 `(("guix download url" . ,(object->string url))
521 ("guix download hashes"
522 . ,(object->string `((,hash-algo . ,hash)))))
524 ;; Honor the user's proxy settings.
525 #:leaked-env-vars '("http_proxy" "https_proxy")
527 ;; In general, offloading downloads is not a good
528 ;; idea. Daemons before 0.8.3 would also
529 ;; interpret this as "do not substitute" (see
530 ;; <https://bugs.gnu.org/18747>.)
531 #:local-build? #t)))
533 (define* (url-fetch url hash-algo hash
534 #:optional name
535 #:key (system (%current-system))
536 (guile (default-guile)))
537 "Return a fixed-output derivation that fetches URL (a string, or a list of
538 strings denoting alternate URLs), which is expected to have hash HASH of type
539 HASH-ALGO (a symbol). By default, the file name is the base name of URL;
540 optionally, NAME can specify a different file name.
542 When one of the URL starts with mirror://, then its host part is
543 interpreted as the name of a mirror scheme, taken from %MIRROR-FILE.
545 Alternately, when URL starts with file://, return the corresponding file name
546 in the store."
547 (define file-name
548 (match url
549 ((head _ ...)
550 (basename head))
551 (_
552 (basename url))))
554 (let ((uri (and (string? url) (string->uri url))))
555 (if (or (and (string? url) (not uri))
556 (and uri (memq (uri-scheme uri) '(#f file))))
557 (interned-file (if uri (uri-path uri) url)
558 (or name file-name))
559 (mlet* %store-monad ((builtins (built-in-builders*))
560 (download -> (if (member "download" builtins)
561 built-in-download
562 in-band-download)))
563 (download (or name file-name) url
564 #:guile guile
565 #:system system
566 #:hash-algo hash-algo
567 #:hash hash
568 #:mirrors %mirror-file
569 #:content-addressed-mirrors
570 %content-addressed-mirror-file)))))
572 (define* (url-fetch/tarbomb url hash-algo hash
573 #:optional name
574 #:key (system (%current-system))
575 (guile (default-guile)))
576 "Similar to 'url-fetch' but unpack the file from URL in a directory of its
577 own. This helper makes it easier to deal with \"tar bombs\"."
578 (define file-name
579 (match url
580 ((head _ ...)
581 (basename head))
582 (_
583 (basename url))))
584 (define gzip
585 (module-ref (resolve-interface '(gnu packages compression)) 'gzip))
586 (define tar
587 (module-ref (resolve-interface '(gnu packages base)) 'tar))
589 (mlet %store-monad ((drv (url-fetch url hash-algo hash
590 (string-append "tarbomb-"
591 (or name file-name))
592 #:system system
593 #:guile guile)))
594 ;; Take the tar bomb, and simply unpack it as a directory.
595 (gexp->derivation (or name file-name)
596 #~(begin
597 (mkdir #$output)
598 (setenv "PATH" (string-append #$gzip "/bin"))
599 (chdir #$output)
600 (zero? (system* (string-append #$tar "/bin/tar")
601 "xf" #$drv)))
602 #:local-build? #t)))
604 (define* (url-fetch/zipbomb url hash-algo hash
605 #:optional name
606 #:key (system (%current-system))
607 (guile (default-guile)))
608 "Similar to 'url-fetch' but unpack the zip file at URL in a directory of its
609 own. This helper makes it easier to deal with \"zip bombs\"."
610 (define file-name
611 (match url
612 ((head _ ...)
613 (basename head))
614 (_
615 (basename url))))
616 (define unzip
617 (module-ref (resolve-interface '(gnu packages compression)) 'unzip))
619 (mlet %store-monad ((drv (url-fetch url hash-algo hash
620 (string-append "zipbomb-"
621 (or name file-name))
622 #:system system
623 #:guile guile)))
624 ;; Take the zip bomb, and simply unpack it as a directory.
625 (gexp->derivation (or name file-name)
626 #~(begin
627 (mkdir #$output)
628 (chdir #$output)
629 (zero? (system* (string-append #$unzip "/bin/unzip")
630 #$drv)))
631 #:local-build? #t)))
633 (define* (download-to-store store url #:optional (name (basename url))
634 #:key (log (current-error-port)) recursive?
635 (verify-certificate? #t))
636 "Download from URL to STORE, either under NAME or URL's basename if
637 omitted. Write progress reports to LOG. RECURSIVE? has the same effect as
638 the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines
639 whether or not to validate HTTPS server certificates."
640 (define uri
641 (string->uri url))
643 (if (or (not uri) (memq (uri-scheme uri) '(file #f)))
644 (add-to-store store name recursive? "sha256"
645 (if uri (uri-path uri) url))
646 (call-with-temporary-output-file
647 (lambda (temp port)
648 (let ((result
649 (parameterize ((current-output-port log))
650 (build:url-fetch url temp
651 #:mirrors %mirrors
652 #:verify-certificate?
653 verify-certificate?))))
654 (close port)
655 (and result
656 (add-to-store store name recursive? "sha256" temp)))))))
658 ;;; download.scm ends here