* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
as a SRFI-35 &message and &nar-signature-error.
(narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
sexp.
(&nar-signature-error, &nar-invalid-hash-error): New variables.
(assert-valid-signature): Use them. Expect 'signature' to be a
canonical sexp.
(read-narinfo): Remove authentication and authorization checks.
(%signature-line-rx): New variable.
(assert-valid-narinfo, valid-narinfo?): New procedures.
(guix-substitute-binary): Wrap body in 'with-error-handling'.
[valid?]: New procedure.
<--query>: Show only store items of narinfos that match
'valid-narinfo?'.
<--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
(%keypair): Remove.
(%public-key, %private-key): Load from signing-key.{pub,sec}.
(signature-body): Add #:public-key parameter.
(call-with-narinfo): New procedure.
(with-narinfo): New macro.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Make the first argument to 'assert-valid-signature' a
canonical sexp.
("invalid hash", "valid read-narinfo", "valid write-narinfo"):
Remove.
("query narinfo with invalid hash", "query narinfo signed with
authorized key", "query narinfo signed with unauthorized key",
"substitute, invalid hash", "substitute, unauthorized key"): New
tests.
* guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
(narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
(string->narinfo): Add 'cache-uri' parameter.
(lookup-narinfo)[cache-entry]: Switch to version 1. Add 'cache-uri'
field. Adjust body accordingly.
(remove-expired-cached-narinfos): Switch to version 1 by default.
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
and 'contents' fields.
(narinfo-signature->canonical-sexp): New function.
(narinfo-maker): Add the 'signature' argument and use it.
(assert-valid-signature): New function.
(read-narinfo): Support the Signature field.
(write-narinfo): Use 'narinfo-contents'.
(%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
tests/substitute-binary.scm.
(MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
(guix-substitute-binary): Pass a symbol or #f as the first argument to
'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
test.
* guix/scripts/substitute-binary.scm (fetch): Add #:quiet-404?
parameter. Upon &http-get-error, re-raise C if the QUIET-404? is
true and the code is 404.
(fetch-narinfo): Pass #:quiet-404? #t.
* guix/http-client.scm (&http-get-error): New condition type.
(http-fetch): Raise it instead of using 'error'.
* guix/scripts/substitute-binary.scm (fetch) <http>: Wrap body into
'guard' form; gracefully handle 'http-get-error?' conditions.
* nix-upstream: Update sub-module.
* daemon.am (libutil_a_SOURCES): Add affinity.cc.
(libutil_headers): Add affinity.hh.
(libexec_PROGRAMS, nix_setuid_helper_SOURCES,
nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove.
* doc/guix.texi (Setting Up the Daemon): Remove paragraph about
'nix-setuid-helper'.
* guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when
%CACHE-URL has an HTTP scheme and looking up its host fails.
Always print a newline to stdout when starting.
* guix/scripts/substitute-binary.scm (n-par-map*): New procedure.
(guix-substitute-binary): Use it instead of 'n-par-map'.
Reported by Nikita Karetnikov and Eric Bavier.
* guix/scripts/substitute-binary.scm (with-timeout): Update comment to
mention the fix's commit ID.
(fetch): In the 'with-timeout' handler, close PORT only one Guile
versions < 2.0.9.39. Before that, on Guile >= 2.0.9.39, the HTTP
client would end up trying to read from a closed file descriptor.
* guix/scripts/substitute-binary.scm (%lookup-threads): New variable.
(guix-substitute-binary): Use 'n-par-map' instead of 'par-map' for
batch 'lookup-narinfo' calls.
* guix/scripts/substitute-binary.scm (guix-substitute-binary)["--substitute"]:
Show the Nar size, when available.
* guix/ui.scm (show-what-to-build): Add 'TODO'.
This fixes Guile version comparisons when (version) has a
vendor-specific suffix.
Reported by Andreas Enge <andreas@enge.fr>.
* guix/utils.scm (guile-version>?): New procedure.
* tests/utils.scm ("guile-version>? 1.8", "guile-version>? 10.5"): New
tests.
* guix/scripts/substitute-binary.scm (fetch, progress-report-port): Use
`guile-version>?' instead of `version>?'.
* guix/http-client.scm (when-guile<=2.0.5, http-fetch): Likewise.
* guix/scripts/substitute-binary.scm (fetch): In the `file' case, open
with the `b' flag, so that the coding cookie reading thing doesn't
lead to buffering some of the data (on 2.0.5).
* tests/utils.scm ("filtered-port, file"): Open with `r0b'. Fixes a
test failure with Guile 2.0.5 whereby the first byte of FILE would be
missing from DECOMPRESSED.
* guix/scripts/substitute-binary.scm (%regexp-exec-mutex, string->uri):
Remove.
(regexp-exec): Replace this global binding by a thread-safety wrapper.
(fields->alist): Remove `with-mutex', and directly alias `recutils->alist'.
* guix/records.scm (%recutils-field-rx): New variable.
(recutils->alist): New procedure, formerly known as `fields->alist'.
* guix/scripts/substitute-binary.scm (fields->alist): Use it.
* tests/records.scm ("recutils->alist"): New test.
* guix/web.scm (open-socket-for-uri): New procedure.
(http-fetch): Add `port' keyword parameter; use it.
* guix/scripts/substitute-binary.scm (%random-state): New variable.
(with-timeout): Wait a little before retrying.
(fetch): Use `open-socket-for-uri', and keep a copy of the socket in
variable `port'. Close PORT upon timeout.
* guix/scripts/substitute-binary.scm (decompressed-port): Improve docstring.
(progress-report-port): New procedure.
(guix-substitute-binary)["--substitute"]: Use it to report progress.
* guix/build/download.scm: Export `progress-proc' and `uri-abbreviation'.
Suggested by Andreas Enge <andreas@enge.fr>.
* guix/scripts/substitute-binary.scm (with-networking): New macro.
(guix-substitute-binary): Wrap the body in `with-networking'.
This fixes a bug whereby `read-response' would read more than just the
response, with the extra data going into the port's buffer; the
"bzip2 -dc" process spawned by `filtered-port' would not see the those
buffered data, which are definitely lost, and would bail out with
"bzip2: (stdin) is not a bzip2 file."
* guix/utils.scm (filtered-port): Document that INPUT must be
unbuffered.
* guix/web.scm (http-fetch): Add `buffered?' parameter. Call
`open-socket-for-uri' explicitly, and call `setvbuf' when BUFFERED? is
false. Pass the port to `http-get'. Close it upon 301/302.
* guix/scripts/substitute-binary.scm (fetch): Add `buffered?'
parameter. Pass it to `http-fetch'; honor it for `file' URIs.
(guix-substitute-binary): Call `fetch' with #:buffered? #f for port RAW.
* tests/utils.scm ("filtered-port, file"): Open FILE as unbuffered.
* guix/scripts/substitute-binary.scm (%regexp-exec-mutex): New variable.
(string->uri): New procedure.
(fields->alist): Wrap `regexp-exec' call in `with-mutex'.
* guix/scripts/substitute-binary.scm (filtered-port): Move to utils.scm.
(decompressed-port): Upon "none", return '() as the second value.
(guix-substitute-binary): Expect `decompressed-port' to return a list
of PIDs as its second value.
* guix/utils.scm (filtered-port): New procedure. Add case for when
INPUT is not `file-port?'.
* tests/utils.scm ("filtered-port, file", "filtered-port, non-file"):
New tests.
This should fix `substitute-binary --query' on Guile 2.0.5.
* guix/web.scm: New file.
* Makefile.am (MODULES): Add it.
* po/POTFILES.in: Add it.
* guix/gnu-maintenance.scm (http-fetch): Remove.
(%package-list-url): Turn into a URI.
(official-gnu-packages): Add #:text? #t to `http-fetch' call.
* guix/scripts/substitute-binary.scm (fetch): Remove `http' case, and
use `http-fetch' instead.
* guix/scripts/substitute-binary.scm (lookup-narinfo): Force CACHE when
passing it to `fetch-narinfo'.
(guix-substitute-binary): Delay calls to `open-cache'.
* guix/scripts/substitute-binary.scm (%narinfo-cache-directory,
%narinfo-ttl, %narinfo-negative-ttl): New variables.
(with-atomic-file-output, object->fields, read-narinfo,
write-narinfo, narinfo->string, string->narinfo, lookup-narinfo): New
procedures.
(fetch-narinfo): Adjust to use `read-narinfo'.
(guix-substitute-binary): Ensure the existence of
%NARINFO-CACHE-DIRECTORY. Use `lookup-narinfo' instead of
`fetch-narinfo'.
This allows build outputs to be transparently downloaded from
http://hydra.gnu.org, for example.
* config-daemon.ac: Check for `gzip', `bzip2', and `xz'.
* guix/config.scm.in (%gzip, %bzip2, %xz): New variable.
* guix/scripts/substitute-binary.scm (fetch): Return SIZE as a second value.
(<narinfo>): Change `url' to `uri'.
(make-narinfo): Rename to...
(narinfo-maker): ... this. Handle relative URLs.
(fetch-narinfo): Adjust accordingly.
(filtered-port, decompressed-port): New procedures.
(guix-substitute-binary): Implement the `--substitute' case.
* tests/store.scm ("substitute query"): Use (%store-prefix) instead
of (getenv "NIX_STORE_DIR").
("substitute"): New test.
* guix/scripts/substitute-binary.scm (guix-substitute-binary)["--query"]:
Emit blank lines only after the complete list of store paths has been
returned.
* guix/scripts/substitute-binary.scm: New file.
* Makefile.am (MODULES): Add it.
* nix/scripts/substitute-binary.in: New file.
* config-daemon.ac: Produce nix/scripts/substitute-binary.
* daemon.am (nodist_pkglibexec_SCRIPTS): Add
nix/scripts/substitute-binary.
* guix/store.scm (substitutable-path-info): Use the
`query-substitutable-path-infos' RPC.
* nix/nix-daemon/guix-daemon.cc (main): Honor `NIX_SUBSTITUTERS'.
* pre-inst-env.in: Set `NIX_SUBSTITUTERS'.
* test-env.in: Leave `NIX_SUBSTITUTERS' unchanged. Set
`GUIX_BINARY_SUBSTITUTE_URL, and create
$NIX_STATE_DIR/substituter-data.
Run `guix-daemon' within `./pre-inst-env'.
* tests/store.scm ("substitute query"): New test.
Ludovic Courtès