import: pypi: Emit 'pypi-uri' only when it yields the right URL.

Fixes <http://bugs.gnu.org/23062>.
Reported by Danny Milosavljevic <dannym@scratchpost.org>.

* guix/import/pypi.scm (make-pypi-sexp): Check whether 'pypi-uri'
returns SOURCE-URL and fall back to the full URL otherwise.
* tests/pypi.scm ("pypi->guix-package"): Adjust expected URI
accordingly.

Co-authored-by: Danny Milosavljevic <dannym@scratchpost.org>

substitute: Do not leak file descriptors for TLS connections.

Partially fixes <http://bugs.gnu.org/20145>.

* guix/scripts/substitute.scm (fetch, download-cache-info):
(http-multiple-get, fetch-narinfos, progress-report-port): Use
'close-connection' instead of 'close-port'.

substitute: Cache transient HTTP errors for 10mn.

* guix/scripts/substitute.scm (fetch-narinfos)[handle-narinfo-response]:
Cache transient errors for 10mn.
(%narinfo-transient-error-ttl): New variable.

lint: Do not leak file descriptors for TLS connections.

Partially fixes <http://bugs.gnu.org/20145>.

* guix/scripts/lint.scm (probe-uri): Use 'close-connection' instead of
'close-port'.

download: Add 'close-connection'.

Partially fixes <http://bugs.gnu.org/20145>.

* guix/build/download.scm (add-weak-reference): Remove.
(%tls-ports): New variable.
(register-tls-record-port): New procedure.
(tls-wrap): Use it instead of 'add-weak-reference'.
(close-connection): New procedure.

substitute: Update progress for responses different from 200/404.

* guix/scripts/substitute.scm (fetch-narinfos)[handle-narinfo-response]:
Add missing call to 'update-progress!'.

licenses: Add Apache Software License 1.1.

* guix/licenses.scm (asl1.1): New variables.

Signed-off-by: Leo Famulari <leo@famulari.name>

substitute: Honor client-provided empty URL list.

Before that, 'guix build --substitute-urls=""' would lead to using the
daemon's own URL list instead of the empty list.  The 'or*' hack, which
is to blame, had become unnecessary since commit
fb4bf72be3fbc23bca35ba4b842b7e1517ef0e3a.

Reported by Mark H Weaver <mhw@netris.org>.

* guix/scripts/substitute.scm (or*): Remove.
(%cache-urls): Use 'or' instead of 'or*'.
* tests/store.scm ("substitute query, alternating URLs"): Add test with
empty URL list.
* doc/guix.texi (Common Build Options): Mention the empty string.

substitute: Honor the 'max-age' of 'Cache-Control' headers.

This allows substitute servers to tell 'guix substitute' how long they
can cache narinfo lookups.

* guix/scripts/substitute.scm (cache-narinfo!): Add 'ttl' parameter.
[cache-entry]: Honor it.
(fetch-narinfos)[handle-narinfo-response]: Check the 'Cache-Control'
header of RESPONSE and pass its 'max-age' value to 'cache-narinfo!'.

substitute: Make room for a 'ttl' field in cached entries.

* guix/scripts/substitute.scm (cached-narinfo): Expect 'narinfo' sexp
version 2 with a 'ttl' field.
(cache-narinfo!)[cache-entry]: Produce 'narinfo' sexp version 2 with a
'ttl' field.
(remove-expired-cached-narinfos)[expired?]: Read 'narinfo' sexp version 2.

build: Default to "https://mirror.hydra.gnu.org/" for substitutes.

* config-daemon.ac: Check for (gnutls) and define 'GUIX_SUBSTITUTE_URLS'.
* nix/nix-daemon/guix-daemon.cc (main): Use GUIX_SUBSTITUTE_URLS.
* guix/store.scm (%default-substitute-urls): Use 'https' when (gnutls)
is available.
* doc/guix.texi (Binary Installation): Mention mirrors
(Invoking guix-daemon): Mention mirror.hydra.gnu.org.
(Substitutes): Mention mirrors.
(Invoking guix archive): Show https URLs.

http-client: No 'setvbuf' for non-file ports.

* guix/http-client.scm (http-fetch): Do not call 'setvbuf' on non-file
ports.

grafts: Update the narinfo cache before building a derivation.

* guix/grafts.scm (references-oracle)[references*]: Add call to
'substitution-oracle'.

substitute: Keep the initial connection alive.

The connection used to fetch /nix-cache-info is now reused for the
subsequent narinfo requests.

* guix/scripts/substitute.scm (download-cache-info)[download]: Remove.
[uri, read-cache-info]: New variables.
Rewrite in terms of 'http-fetch' instead of 'fetch'.  Return an open
port in addition to a <cache-info>.
* guix/scripts/substitute.scm (http-multiple-get): Add #:port parameter
and honor it.
(fetch-narinfos)[do-fetch]: Add 'port' parameter.
Adjust to new 'download-cache-info' and 'do-fetch' signatures.

http-client: Add #:keep-alive? parameter.

* guix/http-client.scm (http-fetch): Add #:keep-alive? parameter and
pass it to 'http-get' or 'http-get*'.

substitute: Remove dead code.

This parameter became unused with the switch to HTTP pipelining in
commit d3a652037ef879f9279bc056c43d15ba7afcbb25.

* guix/scripts/substitute.scm (fetch): Remove #:quiet-404? and adjust
accordingly.

store: 'references/substitutes' caches its results.

* guix/store.scm (%reference-cache): New variable.
(references/substitutes): Use it.

size: Disable grafts.

* guix/scripts/size.scm (guix-size): Parametrize '%graft?'.

build: Add Ant build system.

* guix/build-system/ant.scm: New file.
* guix/build/ant-build-system: New file.
* Makefile.am (MODULES): Add new files.
* doc/guix.texi (Build Systems): Document ant-build-system.

cve: Read entire CVE databases for the current year and the past year.

The "Modified" database that we were reading is much smaller, but it
only shows CVEs modified over the past week.

* guix/cve.scm (%now, %current-year, %past-year): New variables.
(yearly-feed-uri): New procedure.
(%cve-feed-uri, %ttl): Remove.
(%current-year-ttl, %past-year-ttl): New variables.
(call-with-cve-port): Add 'uri' and 'ttl' parameters and honor them.
Add 'setvbuf' call.
(current-vulnerabilities)[read-vulnerabilities]: New procedure.
Read from both %LAST-YEAR and %CURRENT-YEAR.