Re: Problem with pkgconfig source https redirect

[Ludovic Courtès]

"Thompson, David" <dthomps...@worcester.edu> skribis:

> The bigger problem to be aware of is this:  No package in the gnutls
> dependency graph may have its source code downloaded over HTTPS.  Even
> if we hack around this for pkg-config, I'm sure it will bite us again
> when another upstream starts enforcing HTTPS.
>
> So, what can we do here?

Nix recently added a ‘fetchurl’ primitive to the Nix language, in part
to address this problem.

The equivalent for us is to simply perform the download on the “host
side” rather than on the “build side”, thus entirely side-stepping the
issue.  Moving code from one side to the other is obviously easy for us.

One way to do that is by adding a new origin method, along the lines of
this incomplete patch:


diff --git a/gnu/packages/pkg-config.scm b/gnu/packages/pkg-config.scm
index 5923395..299c7c8 100644
--- a/gnu/packages/pkg-config.scm
+++ b/gnu/packages/pkg-config.scm
@@ -32,7 +32,7 @@
    (name "pkg-config")
    (version "0.29")
    (source (origin
-            (method url-fetch)
+            (method host-url-fetch)
             (uri (string-append
                   "http://pkgconfig.freedesktop.org/releases/pkg-config-";
                   version ".tar.gz"))
diff --git a/guix/download.scm b/guix/download.scm
index 204cfc0..32b5e4d 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <l...@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <l...@gnu.org>
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andr...@enge.fr>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -31,6 +31,7 @@
   #:use-module (srfi srfi-26)
   #:export (%mirrors
             url-fetch
+            host-url-fetch
             download-to-store))
 
 ;;; Commentary:
@@ -294,6 +295,12 @@ in the store."
                             ;; <https://bugs.gnu.org/18747>.)
                             #:local-build? #t)))))
 
+(define* (host-url-fetch url hash-algo hash
+                         #:optional name)
+  ;; FIXME: Check HASH, and cache downloaded stuff in ~/.cache/guix, similar
+  ;; to what 'http-fetch/cached' does.  See 'downloadFileCached' in Nix.
+  (download-to-store* url name))
+
 (define* (download-to-store store url #:optional (name (basename url))
                             #:key (log (current-error-port)) recursive?)
   "Download from URL to STORE, either under NAME or URL's basename if
@@ -314,4 +321,7 @@ the same-named parameter of 'add-to-store'."
            (and result
                 (add-to-store store name recursive? "sha256" temp)))))))
 
+(define download-to-store*
+  (store-lift download-to-store))
+
 ;;; download.scm ends here

Some care is needed to get performance right and to make sure we never
needlessly re-download stuff, but it’s definitely doable.

Ludo’.