* guix/store.scm (set-build-options): Rename #:binary-caches to
#:substitute-urls. Actually pass it in 'pairs' under the
"substitute-urls" key.
* guix/scripts/substitute-binary.scm (%cache-url): Add comment for
"untrusted-substitute-urls".
This fixes a regression introduced in commit 536c3ee.
* guix/profiles.scm (ca-certificate-bundle): When MANIFEST is empty,
make a trivial derivation.
* guix/scripts/package.scm (guix-package)[process-actions]: Pass
#:ca-certificate-bundle? to 'profile-generation'.
* tests/packages.scm ("--search-paths with pattern"): Likewise.
* tests/profiles.scm ("profile-derivation"): Likewise.
Before that, any profile generation built when '-p' is used would
effectively become a permanent GC root because the symlink in
/var/guix/gcroots/auto would point directly to /gnu/store/...-profile.
* guix/scripts/package.scm (maybe-register-gc-root): Rename to...
(register-gc-root): ... this. Remove conditional, and replace call to
'canonicalize-path' with (string-append (getcwd) "/" ...).
(guix-package): Call 'register-gc-root' only if PROFILE is different
from %CURRENT-PROFILE.
* tests/guix-package.sh: Add test case.
Before that, if two users on the same machine ran 'guix pull', the
second one would have the "Guix already up to date" message and their
~/.config/guix/latest link would be left unchanged---effectively
preventing them from updating.
* guix/scripts/pull.scm (build-and-install): Install the 'latest'
symlink regardless of whether TO-DO? is true or false.
Suggested by Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>.
* guix/scripts/offload.scm (register-gc-root)[script]: Replace
'false-if-exception' with a finer-grain 'system-error handler.
Provide the name of MACHINE in 'leave' error message.
Suggested by Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>.
* guix/scripts/offload.scm (remote-pipe): Remove unneeded 'catch'.
(machine-load): Check the exit value upon (close-pipe pipe). Call
'warning' when it is non-zero.
* guix/scripts/environment.scm (for-each-search-path): Iterate over all
derivation output paths.
(packages->transitive-inputs): Process inputs that specify an output, too.
* guix/scripts/lint.scm (%options) <--checkers>: Remove 'arg-handler'
parameter, and return a single value.
(guix-lint)[parse-options]: Remove 'arg-handler' parameter from
handlers. Remove second seed to 'args-fold*'.
* tests/guix-lint.sh: Add test.
Before that it would check all the URIs of each package.
* guix/scripts/lint.scm (validate-uri): Really return #f on failure and
#t otherwise.
(check-source): Replace 'for-each' with 'any'.
* guix/ui.scm (report-error): Export.
* guix/scripts/system.scm (read-operating-system): Report syntax errors
using standard GNU format. Report other errors using 'display-error'.
Reported by Andreas Enge <andreas@enge.fr>.
* guix/scripts/package.scm (with-null-error-port): New macro.
(search-path-environment-variables): Wrap 'search-path-as-list' call
in 'with-null-error-port'.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Change "~a" to "~s" in error message.
(%signature-line-rx): Remove.
(narinfo-sha256): Use 'string-contains' instead of 'regexp-exec', and
'string-take' instead of 'match:substring'.
* guix/scripts/package.scm (search-path-environment-variables): Add
local 'files' variable.
* tests/packages.scm ("--search-paths with pattern"): New test.
* guix/scripts/lint.scm (run-checkers): Check
whether (current-error-port) is a tty, and print the package being
checked and the checker currently running when it is.
This will handle the new 'file-type' and 'file-pattern' fields correctly.
* guix/scripts/package.scm (search-path-environment-variables)[search-path-definition]:
Rewrite in terms of 'search-path-as-list'.
This would not work when /boot is a separate partition, as reported by
Nikita Karetnikov <nikita@karetnikov.org> in <http://bugs.gnu.org/19220>.
This fixes a regression introduced in 39d1f82.
* gnu/build/install.scm (install-grub): Copy GRUB.CFG instead of
symlinking it, as was the case before 39d1f82.
* gnu/build/vm.scm (register-grub.cfg-root): Add 'grub.cfg' parameter.
Make it a permanent GC root instead of an indirect GC root.
(initialize-hard-disk): Adjust accordingly.
* guix/scripts/system.scm (install-grub*): Replace use of
'add-indirect-root' by the addition of a permanent GC root in
%GC-ROOTS-DIRECTORY.
Fixes <http://bugs.gnu.org/19279>.
Fixes a regression introduced in cc7fa59.
Reported by Tomas Cech <tcech@suse.cz>.
* guix/scripts/system.scm (install): Fix order of arguments to 'lift'
and 'lift2'.
Appending to "raw" args broke optional parameters in 'guix package -I'
and 'guix package -A', and possibly other places. Therefore, switch to
parsing each set of options on its own and append resulting alists
together afterwards.
* guix/scripts/archive.scm (parse-options-from): Rename from
(parse-options) and add explicit argument. New form of (parse-options)
using its old algorithm via -from function.
* guix/scripts/build.scm: Ditto.
* guix/scripts/environment.scm: Ditto.
* guix/scripts/package.scm: Ditto.
* guix/scripts/system.scm: Ditto.
* tests/guix-package.sh: Add test.
* doc/guix.texi (Invoking guix build): Make it clear that the options
are parsed independently.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Fixes <http://bugs.gnu.org/19160>.
* guix/scripts/system.scm (install-grub*): Make /boot/grub/grub.cfg an
indirect GC root.
* gnu/build/install.scm (install-grub): Make TARGET a symlink.
* gnu/build/vm.scm (register-grub.cfg-root): New procedure.
(initialize-hard-disk): Use it.
* guix/scripts/substitute-binary.scm (fetch): Change "unresponsive" to
"somewhat slow". I'm being told that the former is often
misunderstood as "broken".
Fixes <http://bugs.gnu.org/18534>.
* guix/scripts/pull.scm (with-environment-variable, with-PATH): New
macros.
(temporary-directory, first-directory, interned-then-deleted): New
procedures.
(unpack): Rewrite to do the unpacking in the current process rather
than as a separate derivation.
(%self-build-file): New variable.
(build-from-source): New procedure.
(build-and-install): Use it.
* guix/build/pull.scm (build-guix): Rename 'tarball' argument to
'source'. Remove #:tar and #:gzip parameters, as well as 'tar'
invocation. Remove 'scandir' invocation. Wrap body in
'with-directory-excursion'.
* build-aux/build-self.scm: New file.
* Makefile.am (EXTRA_DIST): Add it.
* gnu/system/vm.scm (system-qemu-image/shared-store): Add
#:disk-image-size and #:full-boot? parameters and honor them. Pass
'#:copy-inputs? full-boot?', and change #:inputs argument.
* guix/scripts/system.scm (system-derivation-for-action): Pass
#:disk-image-size to 'system-qemu-image/shared-store'.
* doc/guix.texi (Invoking guix system): Mention use of '--image-size' in
conjunction with '--full-boot'.
* guix/scripts/lint.scm (starts-with-abbreviation?): New procedure.
(check-synopsis-style)[check-start-with-package-name]: Use it.
* tests/lint.scm ("synopsis: start with abbreviation"): New test.
* guix/scripts/lint.scm (package-name-regexp): New procedure.
(check-synopsis-style)[check-start-with-package-name]: Use it instead
of 'string-prefix-ci?'.
* tests/lint.scm ("synopsis: start with package name prefix"): New test.
Thanks to Mark H. Weaver <mhw@netris.org> for insightful discussions
and suggestions.
* guix/packages.scm (<package>)[graft]: New field.
(patch-and-repack): Invoke 'package-derivation' with #:graft? #f.
(package-source-derivation): Likewise. Do not use (%guile-for-build)
in call to 'patch-and-repack', and we could end up using a grafted
Guile.
(expand-input): Likewise, also for 'package-cross-derivation' call.
(package->bag): Add #:graft? parameter. Honor it. Use 'strip-append'
instead of 'package-full-name'.
(input-graft, input-cross-graft, bag-grafts, package-grafts): New
procedures.
(package-derivation, package-cross-derivation): Add #:graft? parameter
and honor it.
* gnu/packages/bootstrap.scm (package-with-bootstrap-guile): Add
recursive call on 'graft'.
* guix/build-system/gnu.scm (package-with-explicit-inputs,
package-with-extra-configure-variable, static-package): Likewise.
(gnu-build): Use the ungrafted Guile to avoid full rebuilds.
(gnu-cross-build): Likewise.
* guix/build-system/cmake.scm (cmake-build): Likewise.
* guix/build-system/glib-or-gtk.scm (glib-or-gtk-build): Likewise.
* guix/build-system/perl.scm (perl-build): Likewise.
* guix/build-system/python.scm (python-build): Likewise.
* guix/build-system/ruby.scm (ruby-build): Likewise.
* guix/build-system/trivial.scm (guile-for-build): Likewise.
* tests/packages.scm ("package-derivation, direct graft",
"package-cross-derivation, direct graft", "package-grafts,
indirect grafts", "package-grafts, indirect grafts, cross",
"package-grafts, indirect grafts, propagated inputs",
"package-derivation, indirect grafts"): New tests.
("bag->derivation", "bag->derivation, cross-compilation"): Wrap in
'parameterize'.
* doc/guix.texi (Security Updates): New node.
(Invoking guix build): Document --no-graft.
* guix/scripts/environment.scm (show-help): Align --pure and
--search-paths with other long options; add 'newline' call before
'show-bug-report-information' call.
* guix/scripts/lint.scm (check-description-style): Exception for
upper-case rule if the description starts with the package name.
* tests/lint.scm: Test it.
* guix/scripts/lint.scm (start-with-capital-letter?): Rename too...
(properly-starts-sentence?): Rewrite with regex and add digits.
(check-description-style, check-synopsis-style): Use it.
* tests/lint.scm: Add tests.
* guix/scripts/lint.scm (start-with-capital-letter?): Handle empty
strings.
(check-description-style): New check for end-of-sentence space.
* tests/lint.scm: Test it.
* guix/scripts/package.scm (switch-to-generation): New procedure.
(switch-to-previous-generation): Use it.
(guix-package): Adjust for '--switch-generation' option.
* tests/guix-package.sh: Test it.
* doc/guix.texi (Invoking guix package): Document it.
* guix/scripts/substitute-binary.scm (%cache-url): Ignore the
'GUIX_BINARY_SUBSTITUTE_URL' environment variable.
* test-env.in: Invoke 'guix-daemon' with '--substitute-urls'.
* tests/substitute-binary.scm: Set '%cache-url' to the value of
'GUIX_BINARY_SUBSTITUTE_URL'.
* guix/scripts/lint.scm (check-start-article): use "string-ci=?" instead of
"string=?".
* tests/lint.scm ("synopsis: starts with 'a'",
"synopsis: starts with 'an'"): New tests.
* guix/scripts/lint.scm (check-description-style,
check-synopsis-start-upper-case): New methods.
* tests/lint.scm ("description: does not start with an upper-case letter",
"synopsis: does not start with an upper-case letter"): New tests.
Reported by Alex Sassmannshausen <alex.sassmannshausen@gmail.com>.
* guix/scripts/pull.scm (unpack): Add Guile-JSON to %load-path and
%load-compiled-path.
* guix/snix.scm: Delete.
* guix/import/snix.scm: New file.
* guix/import/pypi.scm: New file.
* guix/import/utils.scm: New file.
* guix/scripts/import/nix.scm: New file.
* guix/scripts/import/pypi.scm: New file.
* tests/pypi.scm: New file.
* tests/snix.scm: Import (guix import snix) module.
* guix/scripts/import.scm (%default-options, %options): Delete.
(%standard-import-options, importers): New variables.
(show-help): List importers.
(guix-import): Factor out Nix-specific logic. Delegate to correct importer
based upon first argument.
* configure.ac (HAVE_GUILE_JSON): New conditional.
* Makefile.am (MODULES): Add new files and remove 'guix/snix.scm'.
(SCM_TESTS): Add 'tests/pypi.scm' if guile-json is installed.
* guix/scripts/offload.scm (machine-less-loaded?, machine-faster?):
Remove.
(machine-power-factor): New procedure.
(machine-less-loaded-or-faster?): Use it.
* guix/scripts/pull.scm (unpack): Remove 'store' parameter. Rewrite
using 'gexp->derivation'.
(what-to-build, indirect-root-added, build-and-install): New
procedures.
(guix-pull): Use it.
* gnu/build/activation.scm (activate-current-system): Honor
$GUIX_NEW_SYSTEM by default.
* guix/scripts/system.scm (switch-to-system): Set $GUIX_NEW_SYSTEM
before loading SCRIPT.
* guix/build/pull.scm (report-build-progress): New procedure.
(p-for-each): Add #:progress parameter.
[loop]: Keep track of the number of completed processes. Tail-call
PROGRESS at each loop iteration.
(build-guix): Add #:debug-port parameter. Use it for verbose
messages. Change 'tar' flags to 'xf'. Around 'compile-file' call,
bind CURRENT-WARNING-PORT to DEBUG-PORT.
* guix/scripts/pull.scm (unpack): Add #:verbose? parameter.
[builder]: Pass #:debug-port to 'build-guix'.
(guix-pull): Leave CURRENT-BUILD-OUTPUT-PORT unchanged. Pass
#:verbose? to 'unpack'.
This allows editors to parse warnings correctly.
* guix/scripts/lint.scm (emit-warning): Use 'format' instead of
'warning', to avoid the "guix lint: " prefix in messages.
* tests/lint.scm (call-with-warnings): Indent.
Before that, 'guix package --search-paths' would not work if, say,
'foo-0.2' is installed but the distro provides 'foo-0.3'.
* guix/scripts/package.scm (search-path-environment-variables)[manifest-entry->package]:
Handle the case where 'find-best-packages-by-name' returns '().
Fixes <http://bugs.gnu.org/18115>.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/scripts/offload.scm (register-gc-root)[script]: Wrap 'symlink'
call in "catch 'system-error", and ignore EEXIST errors.
Fixes <http://bugs.gnu.org/18070>.
Reported by Andreas Enge <andreas@enge.fr>.
* guix/scripts/offload.scm (remote-pipe): Augment docstring.
(machine-load): Return +inf.0 instead of 1 if MACHINE does not respond
or responds badly.
Fixes <http://bugs.gnu.org/18305>.
Reported by Brandon Invergo <brandon@gnu.org>.
* guix/profiles.scm (manifest-inputs, info-dir-file): New procedures.
(profile-derivation): Use them. Add #:info-dir? parameter and honor
it.
* guix/scripts/package.scm (guix-package): Call 'profile-derivation'
with #:info-dir? #f when the 'bootstrap? option is set.
* tests/profiles.scm ("profile-derivation"): Pass #:info-dir? #f.
Suggested by Alex Kost <alezost@gmail.com>.
* guix/scripts/package.scm (options->installable)[package->manifest-entry]:
Move to (guix profiles).
[package->manifest-entry*]: New procedure.
Use it.
* guix/profiles.scm (package->manifest-entry): New procedure.
* tests/profiles.scm (guile-for-build): New variable.
Call '%guile-for-build'.
("profile-derivation"): New test.
* guix/profiles.scm (<manifest-entry>)[path]: Rename to...
[item]: ... this. Update users.
(manifest->sexp): Rename to...
(manifest->gexp): ... this. Return a gexp.
(lower-input): Remove.
(profile-derivation): Remove 'store' parameter, and turn into a
monadic procedure.
[inputs]: New variable.
[builder]: Turn into a gexp.
Replace call to 'build-expression->derivation' with call to
'gexp->derivation'.
* guix/scripts/package.scm (link-to-empty-profile): Adjust call to
'profile-derivation', and wrap it in 'run-with-store'.
(show-what-to-remove/install): Rename 'path' to 'item'. Check whether
ITEM is a package, and return its output path if it is.
(input->name+path): Remove.
(options->installable): Set 'item' to P.
(guix-package): Adjust call to 'profile-derivation'.
* tests/profiles.scm (guile-2.0.9): Change 'path' to 'item'.
* guix/profiles.scm (manifest=?): Remove.
* guix/scripts/package.scm (readlink*): New procedure.
(guix-package)[process-actions]: Use 'readlink*' and compare the
profile to be built, PROF, with PROFILE to determine whether there's
nothing to be done.
Partly fixes <http://bugs.gnu.org/18082>.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/scripts/system.scm (save-environment-excursion): New macro.
(switch-to-system): Wrap 'primitive-load' call in it.
Partly fixes <http://bugs.gnu.org/18082>.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/scripts/system.scm (perform-action) <reconfigure>: Pass the
output file name of GRUB.CFG to 'install-grub'.
Fixes <http://bugs.gnu.org/18049>.
Reported by Marek Benc <merkur32@gmail.com>.
* guix/scripts/system.scm (copy-closure): Pass #:state-directory to
'register-path'.
* guix/scripts/system.scm (references*, topologically-sorted*,
show-what-to-build*): New procedures.
(copy-closure): Turn into a monadic procedure.
(install): Likewise, and adjust parameter list.
(switch-to-system): Likewise.
(system-derivation-for-action, grub.cfg, maybe-build, perform-action):
New procedures.
(guix-system): Use them.
Fixes <http://bugs.gnu.org/17946>.
Notoriously, cron jobs may set LOGNAME only and not USER. See
e.g. crontab(5) under Debian 7 (wheezy).
* guix/scripts/package.scm (%profile-directory)
(guix-package): Also try LOGNAME if USER is unset.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <http://bugs.gnu.org/17939>.
Reported by Taylan Ulrich Bayirli/Kammer <taylanbayirli@gmail.com>.
* guix/scripts/package.scm (canonicalize-profile): New procedure.
(%options): Use it for --profile.
* tests/guix-package.sh: Add test.
* guix/scripts/system.scm (read-operating-system) <catch handler>: Add
case for 'syntax-error'. Correct message for default case.
* guix/scripts/offload.scm (build-machines) <catch handler>: Add case
for 'syntax-error'.
* tests/guix-system.sh: New file.
* Makefile.am (SH_TESTS): Add it.
* guix/ui.scm (%guix-user-module): New variable.
(read/eval): Pass it as the second argument to 'eval'.
* guix/scripts/build.scm (options/resolve-packages): Add case for
'gexp?'.
* tests/guix-build.sh: Add tests.
* doc/guix.texi (Invoking guix build): Document '-e gexp'.
guxi build: Allow gexps to be passed to '-e'.
* guix/ui.scm (%guix-user-module): New variable.
(read/eval): Pass it as the second argument to 'eval'.
* guix/scripts/build.scm (options/resolve-packages): Add case for
'gexp?'.
* tests/guix-build.sh: Add tests.
* doc/guix.texi (Invoking guix build): Document '-e gexp'.
This makes 'guix package' et al. slightly less verbose, by not emitting
"@ substituter-started" lines and similar.
* guix/scripts/build.scm (set-build-options-from-command-line): Pass
#:print-build-trace.
(%default-options): Add 'print-build-trace?'.
* guix/pk-crypto.scm (string->canonical-sexp, sign, generate-key): Pass
the procedure name as the first argument to 'throw'.
(gcrypt-error-printer): New procedure.
<top level>: Add call to 'set-exception-printer!'.
* guix/nar.scm (restore-one-item): Add 'proc' parameter to 'catch'
handler for 'gcry-error.
* guix/scripts/archive.scm (%options, generate-key-pair, authorize-key):
Likewise.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Likewise.
Fixes <http://bugs.gnu.org/17312>.
* guix/scripts/authenticate.scm (guix-authenticate): Add calls to
'set-port-encoding!' and 'set-port-conversion-strategy!'. Wrap body
in 'with-fluids' form that sets '%default-port-encoding' and
'%default-port-conversion-strategy'.
* tests/guix-authenticate.sh: Add test.
* tests/pk-crypto.scm ("hash corrupt due to restrictive locale
encoding"): Add reference to bug.
Fixes situations where the remote 'guix build' is invoked before the
.drv has been completely copied, as reported at
<https://lists.gnu.org/archive/html/guix-devel/2014-04/msg00174.html>.
In some cases 'send-files' would return before the other end is done
importing the files, and so the subsequent 'guix build' invocation would
just miss the .drv file it refers to.
* guix/utils.scm (call-with-decompressed-port): Don't close PORT.
(call-with-compressed-output-port): Likewise.
* tests/utils.scm ("compressed-output-port + decompressed-port"): Adjust
accordingly.
* guix/scripts/offload.scm (send-files): Add explicit (close-pipe pipe)
call.
(retrieve-files): Likewise.
* guix/scripts/offload.scm (remove-gc-root): Rename to...
(remove-gc-roots): ... this.
[builder]: Use 'scandir' and remove all the files starting with
%GC-ROOT-FILE.
(transfer-and-offload): Adjust to renaming; remove
'false-if-exception' wraps.
* build-aux/hydra/demo-os.scm: New file.
* Makefile.am (EXTRA_DIST): Add it.
* build-aux/hydra/gnu-system.scm (qemu-jobs): New procedure.
(hydra-jobs): Use it.
* guix/scripts/system.scm (read-operating-system): Export.
* guix/pki.scm (write-acl): New procedure.
(ensure-acl): Use it. Fixes a regression introduced in 39831f1,
whereby 'ensure-acl' would yield a wrong-type-arg error.
* guix/scripts/archive.scm (authorize-key): Use 'write-acl'.
Before that, there was a small time window during which the GC could
wipe the .drv (before 'guix build' has been called), or the build
result (before 'retrieve-files' has started.)
* guix/scripts/offload.scm (remote-pipe): Add #:quote? parameter and
honor it.
(%gc-root-file): New variable.
(register-gc-root, remove-gc-root): New procedures.
(offload): Adjust comment. Run 'guix build' with '-r %GC-ROOT-FILE'.
(transfer-and-offload): Call 'register-gc-root' before
sending (derivation-file-name DRV). Call 'remove-gc-root' after the
call to 'offload' or 'retrieve-files'.
(send-files): Call 'remote-pipe' with #:quote? #f.
(retrieve-files): Likewise.
* guix/scripts/package.scm (search-path-environment-variables)[manifest-entry->package]:
Use 'find-best-packages-by-name' instead of 'find-packages-by-name'.
On a profile with 140 packages, this reduces execution time of this
procedure from 5.8 seconds to 2.9 seconds (50% improvement.)
* guix/scripts/package.scm (maybe-register-gc-root): New procedure.
* tests/guix-package.sh (profile): Grep the output of "guix gc
--list-live" in a couple of places.
* guix/pki.scm (acl-entry-sexp, acl-sexp): Remove.
(public-keys->acl, current-acl): Return a native sexp.
(acl->public-keys, authorized-key?): Expect ACL to be a native sexp.
* guix/scripts/archive.scm (authorize-key): Convert ACL to
canonical-sexp when writing it.
* guix/scripts/substitute-binary.scm (guix-substitute-binary) <--query>:
Cache the result of (current-acl); pass it to 'valid-narinfo?' calls.
This saves 12% wall-clock time for "guix build emacs -n".
* guix/nar.scm (restore-file-set)[assert-valid-signature]: Rewrite in
terms of 'signature-case'.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Call 'leave' instead of 'raise' when SIGNATURE is invalid.
(&nar-signature-error, &nar-invalid-hash-error): Remove.
(assert-valid-signature): Add 'narinfo' parameter; remove 'port'.
Rewrite in terms of 'signature-case' and 'leave'. Mention NARINFO's
URI in error messages. Adjust caller.
(narinfo-sha256): New procedure.
(assert-valid-narinfo): Use it.
(valid-narinfo?): Rewrite using 'narinfo-sha256' and
'signature-case'.
* tests/substitute-binary.scm (assert-valid-signature,
test-error-condition): Remove.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Remove.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
as a SRFI-35 &message and &nar-signature-error.
(narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
sexp.
(&nar-signature-error, &nar-invalid-hash-error): New variables.
(assert-valid-signature): Use them. Expect 'signature' to be a
canonical sexp.
(read-narinfo): Remove authentication and authorization checks.
(%signature-line-rx): New variable.
(assert-valid-narinfo, valid-narinfo?): New procedures.
(guix-substitute-binary): Wrap body in 'with-error-handling'.
[valid?]: New procedure.
<--query>: Show only store items of narinfos that match
'valid-narinfo?'.
<--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
(%keypair): Remove.
(%public-key, %private-key): Load from signing-key.{pub,sec}.
(signature-body): Add #:public-key parameter.
(call-with-narinfo): New procedure.
(with-narinfo): New macro.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Make the first argument to 'assert-valid-signature' a
canonical sexp.
("invalid hash", "valid read-narinfo", "valid write-narinfo"):
Remove.
("query narinfo with invalid hash", "query narinfo signed with
authorized key", "query narinfo signed with unauthorized key",
"substitute, invalid hash", "substitute, unauthorized key"): New
tests.
* guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
(narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
(string->narinfo): Add 'cache-uri' parameter.
(lookup-narinfo)[cache-entry]: Switch to version 1. Add 'cache-uri'
field. Adjust body accordingly.
(remove-expired-cached-narinfos): Switch to version 1 by default.
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
and 'contents' fields.
(narinfo-signature->canonical-sexp): New function.
(narinfo-maker): Add the 'signature' argument and use it.
(assert-valid-signature): New function.
(read-narinfo): Support the Signature field.
(write-narinfo): Use 'narinfo-contents'.
(%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
tests/substitute-binary.scm.
(MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
* guix/scripts/offload.scm (transfer-and-offload): Use 'upload' lock
instead of 'bandwidth' around 'send-files' calls, and 'download' lock
around 'retrieve-files' call.
* guix/scripts/offload.scm (remote-pipe): Remove '-z' lsh command line
argument. This makes transfers almost an order of magnitude slower.
OpenSSH's ssh(1) man page notes: "Compression is desirable on modem lines
and other slow connections, but will only slow down things on fast
networks." See also
<http://www.spikelab.org/blog/transfer-largedata-scp-tarssh-tarnc-compared.html>.
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
"-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
a pipeline.
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
a port instead of a file name.
(read-hash-data): Likewise.
(sign-with-key, validate-signature): New procedures.
(guix-authenticate): Rewrite in terms of these two procedures.
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
(guix-substitute-binary): Pass a symbol or #f as the first argument to
'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
test.
* guix/pk-crypto.scm (gcrypt-version): New procedure.
* guix/scripts/archive.scm (%key-generation-parameters): New variable.
(%options) <generate-key>: Use it.
* tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.
* guix/scripts/offload.scm (with-error-to-port): New macro.
(remote-pipe): Add #:error-port parameter. Use 'with-error-to-port'
around 'open-pipe*' call.
(build-log-port): New procedure.
(offload): Change #:log-port to default to (build-log-port). Call
'remote-pipe' with #:error-port LOG-PORT.
* guix/scripts/substitute-binary.scm (fetch): Add #:quiet-404?
parameter. Upon &http-get-error, re-raise C if the QUIET-404? is
true and the code is 404.
(fetch-narinfo): Pass #:quiet-404? #t.
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
KEY-TYPE is 'ecc' or 'dsa'.
(key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
parameter. Pass it to 'bytevector->hash-data'. Adjust caller
accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
("key-type"): New test.
("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
("sign + verify, Ed25519"): New test.
* guix/scripts/offload.scm (offload): Remove default value for
'build-timeout'. Pass '--timeout' to the remote 'guix build'
process.
(transfer-and-offload, process-request): Remove default value for
'build-timeout'.
* guix/scripts/offload.scm (transfer-and-offload): New procedure, with
core formerly in 'process-request'.
(choose-build-machine): Remove 'requirements' parameter.
(process-request): Reply 'decline' when none of MACHINES matches the
requirements, and 'postpone' when MACHINES are busy.
* guix/scripts/offload.scm (machine-choice-lock-file,
machine-slot-file, acquire-build-slot, release-build-slot): New
procedures.
(choose-build-machine): Operate with (machine-choice-lock-file)
taken. Acquire a build slot for each of MACHINES. Release those not
used.
* guix/scripts/offload.scm (lock-machine, unlock-machine): Remove.
(lock-file, unlock-file): New procedures.
(with-file-lock): New macro.
(with-machine-lock): Rewrite in terms of 'with-file-lock'.
* guix/scripts/offload.scm (machine-lock-file, lock-machine,
unlock-machine): New procedures.
(with-machine-lock): New macro.
(process-request): Wrap 'send-files' and 'retrieve-files' calls in
'with-machine-lock'.
* guix/http-client.scm (&http-get-error): New condition type.
(http-fetch): Raise it instead of using 'error'.
* guix/scripts/substitute-binary.scm (fetch) <http>: Wrap body into
'guard' form; gracefully handle 'http-get-error?' conditions.
