Merge branch 'master' into python-tests

1 files changed, 24 insertions, 13 deletions

diff --git a/guix/scripts/perform-download.scm b/guix/scripts/perform-download.scm
index 0d2e7089aa..59ade0a8c1 100644
--- a/guix/scripts/perform-download.scm
+++ b/guix/scripts/perform-download.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,7 +19,7 @@
 (define-module (guix scripts perform-download)
   #:use-module (guix ui)
   #:use-module (guix derivations)
-  #:use-module ((guix store) #:select (derivation-path?))
+  #:use-module ((guix store) #:select (derivation-path? store-path?))
   #:use-module (guix build download)
   #:use-module (ice-9 match)
   #:export (guix-perform-download))
@@ -41,17 +41,23 @@
     (module-use! module (resolve-interface '(guix base32)))
     module))
 
-(define (perform-download drv)
-  "Perform the download described by DRV, a fixed-output derivation."
+(define* (perform-download drv #:optional output)
+  "Perform the download described by DRV, a fixed-output derivation, to
+OUTPUT.
+
+Note: Unless OUTPUT is #f, we don't read the value of 'out' in DRV since the
+actual output is different from that when we're doing a 'bmCheck' or
+'bmRepair' build."
   (derivation-let drv ((url "url")
-                       (output "out")
+                       (output* "out")
                        (executable "executable")
                        (mirrors "mirrors")
                        (content-addressed-mirrors "content-addressed-mirrors"))
     (unless url
       (leave (_ "~a: missing URL~%") (derivation-file-name drv)))
 
-    (let* ((url        (call-with-input-string url read))
+    (let* ((output     (or output output*))
+           (url        (call-with-input-string url read))
            (drv-output (assoc-ref (derivation-outputs drv) "out"))
            (algo       (derivation-output-hash-algo drv-output))
            (hash       (derivation-output-hash drv-output)))
@@ -91,20 +97,25 @@ the daemon and not explicitly described as an input of the derivation.  This
 allows us to sidestep bootstrapping problems, such downloading the source code
 of GnuTLS over HTTPS, before we have built GnuTLS.  See
 <http://bugs.gnu.org/22774>."
+
+  ;; This program must be invoked by guix-daemon under an unprivileged UID to
+  ;; prevent things downloading from 'file:///etc/shadow' or arbitrary code
+  ;; execution via the content-addressed mirror procedures.  (That means we
+  ;; exclude users who did not pass '--build-users-group'.)
   (with-error-handling
     (match args
-      (((? derivation-path? drv))
-       ;; This program must be invoked by guix-daemon under an unprivileged
-       ;; UID to prevent things downloading from 'file:///etc/shadow' or
-       ;; arbitrary code execution via the content-addressed mirror
-       ;; procedures.  (That means we exclude users who did not pass
-       ;; '--build-users-group'.)
+      (((? derivation-path? drv) (? store-path? output))
+       (assert-low-privileges)
+       (perform-download (call-with-input-file drv read-derivation)
+                         output))
+      (((? derivation-path? drv))                 ;backward compatibility
        (assert-low-privileges)
        (perform-download (call-with-input-file drv read-derivation)))
       (("--version")
        (show-version-and-exit))
       (x
-       (leave (_ "fixed-output derivation name expected~%"))))))
+       (leave
+        (_ "fixed-output derivation and output file name expected~%"))))))
 
 ;; Local Variables:
 ;; eval: (put 'derivation-let 'scheme-indent-function 2)