daemon: Install 'authenticate' script under LIBEXECDIR/guix.

That way it is handled in the same way as other helper scripts.

* nix/scripts/guix-authenticate.in: Rename to...
* nix/scripts/authenticate.in: ... this.
* config-daemon.ac: Adjust accordingly.
* nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH.
(nodist_libexec_SCRIPTS): Remove.
(nodist_pkglibexec_SCRIPTS): New variable.
* nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for
"PATH".
* nix/libstore/local-store.cc (runAuthenticationProgram): New function.
(LocalStore::exportPath, LocalStore::importPath): Use it instead of
'runProgram' and OPENSSL_PATH.

config-daemon.ac

@@ -163,8 +163,8 @@ if test "x$guix_build_daemon" = "xyes"; then
     [chmod +x nix/scripts/download])
   AC_CONFIG_FILES([nix/scripts/substitute],
     [chmod +x nix/scripts/substitute])
-  AC_CONFIG_FILES([nix/scripts/guix-authenticate],
-    [chmod +x nix/scripts/guix-authenticate])
+  AC_CONFIG_FILES([nix/scripts/authenticate],
+    [chmod +x nix/scripts/authenticate])
   AC_CONFIG_FILES([nix/scripts/offload],
     [chmod +x nix/scripts/offload])
 fi

nix/libstore/local-store.cc

@@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path)
 }
 
 
+static std::string runAuthenticationProgram(const Strings & args)
+{
+    /* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just
+       'LIBEXECDIR', depending on whether we're uninstalled or not.  */
+    const bool installed = getenv("GUIX_UNINSTALLED") == NULL;
+    const string program = settings.nixLibexecDir
+	+ (installed ? "/guix" : "")
+	+ "/authenticate";
+
+    return runProgram(program, false, args);
+}
+
 void LocalStore::exportPath(const Path & path, bool sign,
     Sink & sink)
 {
@@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign,
         args.push_back(secretKey);
         args.push_back("-in");
         args.push_back(hashFile);
-        string signature = runProgram(OPENSSL_PATH, true, args);
+
+        string signature = runAuthenticationProgram(args);
 
         writeString(signature, hashAndWriteSink);
 
@@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
             args.push_back("-pubin");
             args.push_back("-in");
             args.push_back(sigFile);
-            string hash2 = runProgram(OPENSSL_PATH, true, args);
+            string hash2 = runAuthenticationProgram(args);
 
             /* Note: runProgram() throws an exception if the signature
                is invalid. */

nix/local.mk

@@ -113,7 +113,6 @@ libstore_a_CPPFLAGS =				\
   -DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\"		\
   -DNIX_LIBEXEC_DIR=\"$(libexecdir)\"		\
   -DNIX_BIN_DIR=\"$(bindir)\"			\
-  -DOPENSSL_PATH="\"guix-authenticate\""	\
   -DDEFAULT_CHROOT_DIRS="\"\""
 
 libstore_a_CXXFLAGS = $(AM_CXXFLAGS)		\
@@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS +=			\
 
 endif BUILD_DAEMON_OFFLOAD
 
-
-# XXX: It'd be better to hide it in $(pkglibexecdir).
-nodist_libexec_SCRIPTS =			\
-  %D%/scripts/guix-authenticate
+nodist_pkglibexec_SCRIPTS +=			\
+  %D%/scripts/authenticate
 
 # The '.service' files for systemd.
 systemdservicedir = $(libdir)/systemd/system

nix/nix-daemon/guix-daemon.cc

@@ -466,18 +466,6 @@ main (int argc, char *argv[])
     {
       settings.processEnvironment ();
 
-      /* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
-	 is known as 'OPENSSL_PATH' here.  */
-      std::string search_path;
-      search_path = settings.nixLibexecDir;
-      if (getenv ("PATH") != NULL)
-	{
-	  search_path += ":";
-	  search_path += getenv ("PATH");
-	}
-
-      setenv ("PATH", search_path.c_str (), 1);
-
       /* Use our substituter by default.  */
       settings.substituters.clear ();
       settings.set ("build-use-substitutes", "true");