maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disable TLS verification for builtin fetchurl

Browse source 
This makes it consistent with the Nixpkgs fetchurl and makes it work
in chroots. We don't need verification because the hash of the result
is checked anyway.
This commit is contained in:
Eelco Dolstra 2015-10-21 14:59:01 +02:00
parent 357d31b339
commit 5db358d4d7
4 changed files with 32 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/builtins.cc
View file

@ -8,7 +8,13 @@ void builtinFetchurl(const BasicDerivation & drv)
auto url = drv.env.find("url");
if (url == drv.env.end()) throw Error("attribute url missing");
printMsg(lvlInfo, format("downloading %1%...") % url->second);
auto data = downloadFile(url->second); // FIXME: show progress
/* No need to do TLS verification, because we check the hash of
the result anyway. */
DownloadOptions options;
options.verifyTLS = false;
auto data = downloadFile(url->second, options); // FIXME: show progress
auto out = drv.env.find("out");
if (out == drv.env.end()) throw Error("attribute url missing");