offload: Compress files being sent/retrieved.

* guix/scripts/offload.scm (send-files): Add "xz -dc |" to the remote
  pipe command.  Pass PIPE through 'call-with-compressed-output-port'.
  Remove 'close-pipe' call.
  (retrieve-files): Add "| xz -c" to the remote pipe command.  Pass PIPE
  through 'call-with-decompressed-port'.  Remove 'close-pipe' call.

authenticate: Support reading the hash or key from stdin.

* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
  for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
  "-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
  a pipeline.

authenticate: Move actual work to separate procedures.

* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
  a port instead of a file name.
  (read-hash-data): Likewise.
  (sign-with-key, validate-signature): New procedures.
  (guix-authenticate): Rewrite in terms of these two procedures.

utils: Add 'decompressed-port' and 'compressed-port'.

* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
  (guix-substitute-binary): Pass a symbol or #f as the first argument to
  'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
  test.

pk-crypto: Don't use Ed25519 when libgcrypt is older than 1.6.0.

* guix/pk-crypto.scm (gcrypt-version): New procedure.
* guix/scripts/archive.scm (%key-generation-parameters): New variable.
  (%options) <generate-key>: Use it.
* tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.

offload: Send build logs to file descriptor 4.

* guix/scripts/offload.scm (with-error-to-port): New macro.
  (remote-pipe): Add #:error-port parameter.  Use 'with-error-to-port'
  around 'open-pipe*' call.
  (build-log-port): New procedure.
  (offload): Change #:log-port to default to (build-log-port).  Call
  'remote-pipe' with #:error-port LOG-PORT.

substitute-binary: Quietly handle 404s when fetching narinfos.

* guix/scripts/substitute-binary.scm (fetch): Add #:quiet-404?
  parameter.  Upon &http-get-error, re-raise C if the QUIET-404? is
  true and the code is 404.
  (fetch-narinfo): Pass #:quiet-404? #t.

pk-crypto: Use RFC6979 when signing with an ECC or DSA key.

* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
  Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
  KEY-TYPE is 'ecc' or 'dsa'.
  (key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
  parameter.  Pass it to 'bytevector->hash-data'.  Adjust caller
  accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
  ("key-type"): New test.
  ("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
  ("sign + verify, Ed25519"): New test.

guix archive: Generate curve Ed25519 keys by default.

* guix/scripts/archive.scm (%options) <generate-key>: Default to curve
  Ed25519.  Suggested by Christian Grothoff <grothoff@in.tum.de>.

guix archive: Improve '--generate-key' error reporting.

* guix/scripts/archive.scm (%options) <generate-key>: Report the error
  source and string when 'string->canonical-sexp' fails.

offload: Fix 'choose-build-machine' for several machines.

* guix/scripts/offload.scm (choose-build-machine)[undecorate]: Turn into
  a two-argument procedure.

offload: Convert the port number to a string when invoking lsh.

* guix/scripts/offload.scm (remote-pipe, send-files): Pass the result of
  'build-machine-port' to 'number->string'.

offload: Allow build machines to specify a port number.

* guix/scripts/offload.scm (<build-machine>): Add 'port' field.
  (remote-pipe, send-files): Use lsh's '-p' option when invoking it.

guix build: Support '--with-source' along with '-e'.

* guix/scripts/build.scm (derivation-from-expression): Remove.
  (options->derivations): Handle pairs of the form
  "('argument . (? derivation?))".
  (options/resolve-packages): Add 'store' parameter; update caller.  Add
  'system' variable.  Add case for 'expression pairs.
* guix/scripts/archive.scm (derivation-from-expression): New procedure.

guix build: Add '--with-source'.

* guix/scripts/build.scm (package-with-source): New procedure.
  (show-help): Add '--with-source'.
  (%options): Likewise.
  (options->derivations): Call 'options/with-source' and
  'options/resolve-packages'.
  (options/resolve-packages, options/with-source): New procedures.
* doc/guix.texi (Invoking guix build): Document '--with-source'.

offload: Honor absolute build timeouts.

* guix/scripts/offload.scm (offload): Remove default value for
  'build-timeout'.  Pass '--timeout' to the remote 'guix build'
  process.
  (transfer-and-offload, process-request): Remove default value for
  'build-timeout'.

guix build: Add '--timeout' to the common build options.

* guix/scripts/build.scm (show-build-options-help): Document
  '--timeout'.
  (set-build-options-from-command-line): Pass #:timeout to
  'set-build-options'.
  (%standard-build-options): Add '--timeout'.
* doc/guix.texi (Invoking guix build): Document it.

offload: Move macro definitions before use.

* guix/scripts/offload.scm (lock-file, unlock-file, with-file-lock,
  with-machine-lock, machine-slot-file, acquire-build-slot,
  release-build-slot): Move definitions above their first use.

offload: Distinguish between 'decline' and 'postpone'.

* guix/scripts/offload.scm (transfer-and-offload): New procedure, with
  core formerly in 'process-request'.
  (choose-build-machine): Remove 'requirements' parameter.
  (process-request): Reply 'decline' when none of MACHINES matches the
  requirements, and 'postpone' when MACHINES are busy.

offload: Prevent locked files from being GC'd.

* guix/scripts/offload.scm (%slots): New variable.
  (choose-build-machine): Add SLOT to '%slots'.