git-download: Don't verify X.509 certificate of SWH.

Fixes <https://bugs.gnu.org/42286>.

Regression introduced with the switch to Guile 3.0 in commit
b6bee63bed4f013064c0d902e7c8b83ed7514ade.

* guix/git-download.scm (git-fetch): Parameterize %VERIFY-SWH-CERTIFICATE.
This commit is contained in:
Ludovic Courtès 2020-07-09 17:24:13 +02:00
parent 722ad41c44
commit a7696b9733
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5

@ -140,9 +140,11 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f."
(download-nar #$output) (download-nar #$output)
;; As a last resort, attempt to download from Software Heritage. ;; As a last resort, attempt to download from Software Heritage.
;; Disable X.509 certificate verification to avoid depending
;; on nss-certs--we're authenticating the checkout anyway.
;; XXX: Currently recursive checkouts are not supported. ;; XXX: Currently recursive checkouts are not supported.
(and (not recursive?) (and (not recursive?)
(begin (parameterize ((%verify-swh-certificate? #f))
(format (current-error-port) (format (current-error-port)
"Trying to download from Software Heritage...~%") "Trying to download from Software Heritage...~%")
(swh-download (getenv "git url") (getenv "git commit") (swh-download (getenv "git url") (getenv "git commit")