* guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
(narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
(string->narinfo): Add 'cache-uri' parameter.
(lookup-narinfo)[cache-entry]: Switch to version 1. Add 'cache-uri'
field. Adjust body accordingly.
(remove-expired-cached-narinfos): Switch to version 1 by default.
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
and 'contents' fields.
(narinfo-signature->canonical-sexp): New function.
(narinfo-maker): Add the 'signature' argument and use it.
(assert-valid-signature): New function.
(read-narinfo): Support the Signature field.
(write-narinfo): Use 'narinfo-contents'.
(%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
tests/substitute-binary.scm.
(MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
* nix/nix-daemon/guix-daemon.cc (main): When --no-substitutes is used,
clear NIX_SUBSTITUTERS. Before that, and after
89faa5c75c, '--no-substitutes' would
lead to attempts to use 'download-using-manifests.pl', which in
practice would gracelessly fail.
* nix/nix-daemon/guix-daemon.cc (parse_opt): Use 'settings.set' instead
of direct field access for 'buildCores', 'maxBuildJobs', and
'useSubstitutes'.
(main): Call 'settings.update' after 'argp_parse'.
* guix/scripts/offload.scm (transfer-and-offload): Use 'upload' lock
instead of 'bandwidth' around 'send-files' calls, and 'download' lock
around 'retrieve-files' call.
* guix/scripts/offload.scm (remote-pipe): Remove '-z' lsh command line
argument. This makes transfers almost an order of magnitude slower.
OpenSSH's ssh(1) man page notes: "Compression is desirable on modem lines
and other slow connections, but will only slow down things on fast
networks." See also
<http://www.spikelab.org/blog/transfer-largedata-scp-tarssh-tarnc-compared.html>.
* build-aux/hydra/gnu-system.scm (hydra-jobs)[systems]: Define locally,
independently of ARGUMENTS. This matches the new Hydra convention,
where using a 'system' input is deprecated.
* guix/build/download.scm (http-fetch)[post-2.0.7?]: Use
'string->number' and numeric comparison. This fixes version
comparison with "2.0.10" and subsequent 2.0 releases.
* gnu/packages/patches/python-fix-dbm.patch: remove file. It is not needed
anymore, and is probably a left-over of a failed merge.
* gnu-system.am: remove gnu/packages/patches/python-fix-dbm.patch
* gnu/packages/autotools.scm (autoconf-2.68): New variable.
(autoconf-wrapper): Turn into a procedure. Turn comment into a
docstring.
(automake): Adjust accordingly.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* guix/utils.scm (call-with-decompressed-port,
call-with-compressed-output-port): New procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"):
Rewrite to use them.
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
"-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
a pipeline.
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
a port instead of a file name.
(read-hash-data): Likewise.
(sign-with-key, validate-signature): New procedures.
(guix-authenticate): Rewrite in terms of these two procedures.
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
(guix-substitute-binary): Pass a symbol or #f as the first argument to
'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
test.
* guix/utils.scm (filtered-port): Make sure the 'execl' child process
always exits, and does (primitive-_exit 1) upon execution failure.
Use 'primitive-_exit' in the 'dump-port' child process.
* tests/utils.scm ("filtered-port, does not exist"): New test.
Ludovic Courtès