* guix/utils.scm (call-with-decompressed-port,
call-with-compressed-output-port): New procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"):
Rewrite to use them.
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
"-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
a pipeline.
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
a port instead of a file name.
(read-hash-data): Likewise.
(sign-with-key, validate-signature): New procedures.
(guix-authenticate): Rewrite in terms of these two procedures.
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
(guix-substitute-binary): Pass a symbol or #f as the first argument to
'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
test.
* guix/utils.scm (filtered-port): Make sure the 'execl' child process
always exits, and does (primitive-_exit 1) upon execution failure.
Use 'primitive-_exit' in the 'dump-port' child process.
* tests/utils.scm ("filtered-port, does not exist"): New test.
* guix/pk-crypto.scm (gcrypt-version): New procedure.
* guix/scripts/archive.scm (%key-generation-parameters): New variable.
(%options) <generate-key>: Use it.
* tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.
* guix/scripts/offload.scm (with-error-to-port): New macro.
(remote-pipe): Add #:error-port parameter. Use 'with-error-to-port'
around 'open-pipe*' call.
(build-log-port): New procedure.
(offload): Change #:log-port to default to (build-log-port). Call
'remote-pipe' with #:error-port LOG-PORT.
* guix/scripts/substitute-binary.scm (fetch): Add #:quiet-404?
parameter. Upon &http-get-error, re-raise C if the QUIET-404? is
true and the code is 404.
(fetch-narinfo): Pass #:quiet-404? #t.
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
KEY-TYPE is 'ecc' or 'dsa'.
(key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
parameter. Pass it to 'bytevector->hash-data'. Adjust caller
accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
("key-type"): New test.
("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
("sign + verify, Ed25519"): New test.
Reported by Nikita Karetnikov <nikita@karetnikov.org>
and Pierre-Antoine Rault <par@rigelk.eu>.
* test-env.in: Change 'NIX_LOG_DIR' in accordance with f5768af.
* tests/guix-register.sh: Likewise for 'NIX_LOG_DIR' and 'NIX_DB_DIR'.
* gnu/packages/python.scm (python-2, python)[source]: Change URL to
https. This makes sure GnuTLS is available in the derivation that
downloads the source, which is required since http URLs get redirected
to https anyway. Reported by Manolis Ragkousis <manolis837@gmail.com>.
* gnu/packages/gcc.scm (gcc-4.7): Change /nix/store in comment.
* gnu/system/vm.scm (operating-system-default-contents):
Use (%store-prefix) instead of "/nix/store".
* guix/derivations.scm (derivation-path->output-path,
derivation-path->output-paths): Change to /gnu/store in docstring.
Ludovic Courtès