Next: Invoking guix hash, Previous: Invoking guix edit, Up: Utilities [Contents][Index]
guix downloadWhen writing a package definition, developers typically need to download
a source tarball, compute its SHA256 hash, and write that
hash in the package definition (see Defining Packages). The
guix download tool helps with this task: it downloads a file
from the given URI, adds it to the store, and prints both its file name
in the store and its SHA256 hash.
The fact that the downloaded file is added to the store saves bandwidth:
when the developer eventually tries to build the newly defined package
with guix build, the source tarball will not have to be
downloaded again because it is already in the store. It is also a
convenient way to temporarily stash files, which may be deleted
eventually (see Invoking guix gc).
The guix download command supports the same URIs as used in
package definitions. In particular, it supports mirror:// URIs.
https URIs (HTTP over TLS) are supported provided the
Guile bindings for GnuTLS are available in the user’s environment; when
they are not available, an error is raised. See how to install the GnuTLS bindings for Guile in GnuTLS-Guile, for more information.
guix download verifies HTTPS server certificates by loading
the certificates of X.509 authorities from the directory pointed to by
the SSL_CERT_DIR environment variable (see X.509 Certificates), unless --no-check-certificate is used.
Alternatively, guix download can also retrieve a Git
repository, possibly a specific commit, tag, or branch.
The following options are available:
--hash=algorithm-H algorithmCompute a hash using the specified algorithm. See Invoking guix hash, for more information.
--format=fmt-f fmtWrite the hash in the format specified by fmt. For more
information on the valid values for fmt, see Invoking guix hash.
--no-check-certificateDo not validate the X.509 certificates of HTTPS servers.
When using this option, you have absolutely no guarantee that you are communicating with the authentic server responsible for the given URL, which makes you vulnerable to “man-in-the-middle” attacks.
--output=file-o fileSave the downloaded file to file instead of adding it to the store.
--git-gCheckout the Git repository at the latest commit on the default branch.
--commit=commit-or-tagCheckout the Git repository at commit-or-tag.
commit-or-tag can be either a tag or a commit defined in the Git repository.
--branch=branchCheckout the Git repository at branch.
The repository will be checked out at the latest commit of branch, which must be a valid branch of the Git repository.
--recursive-rRecursively clone the Git repository.
Next: Invoking guix hash, Previous: Invoking guix edit, Up: Utilities [Contents][Index]