tests: Simplify 'substitute-binary' tests; reduce use of global variables.
* tests/substitute-binary.scm (signature-body): Change 'str' parameter
to 'bv', and expect it to be a bytevector.
(%signature-body, %wrong-signature, %acl): Remove.
(signature): Rename to...
(signature-field): ... this. Add 'bv-or-str' parameter. Change 'str'
parameter to #:version. Add #:public-key parameter. Call
'signature-body' directly. Change domain part of the signature to
'example.gnu.org'.
("not a number", "wrong version number", "valid
narinfo-signature->canonical-sexp"): Use 'signature-field' instead of
'signature' or %SIGNATURE.
(test-error-condition): Add 'message-rx' parameter and honor it.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Adjust accordingly.
(narinfo, %signed-narinfo): Remove.
("query narinfo with invalid hash"): Use '%narinfo' and
'signature-field' instead of 'narinfo' and '%signature'.
("query narinfo signed with authorized key", "query narinfo signed
with unauthorized key", "substitute, invalid hash", "substitute,
unauthorized key"): Likewise.
tests: Make sure the daemon reports substitute hash mismatches.
* tests/store.scm ("substitute, corrupt output hash"): New test.
substitute-binary: Defer narinfo authentication and authorization checks.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
as a SRFI-35 &message and &nar-signature-error.
(narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
sexp.
(&nar-signature-error, &nar-invalid-hash-error): New variables.
(assert-valid-signature): Use them. Expect 'signature' to be a
canonical sexp.
(read-narinfo): Remove authentication and authorization checks.
(%signature-line-rx): New variable.
(assert-valid-narinfo, valid-narinfo?): New procedures.
(guix-substitute-binary): Wrap body in 'with-error-handling'.
[valid?]: New procedure.
<--query>: Show only store items of narinfos that match
'valid-narinfo?'.
<--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
(%keypair): Remove.
(%public-key, %private-key): Load from signing-key.{pub,sec}.
(signature-body): Add #:public-key parameter.
(call-with-narinfo): New procedure.
(with-narinfo): New macro.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Make the first argument to 'assert-valid-signature' a
canonical sexp.
("invalid hash", "valid read-narinfo", "valid write-narinfo"):
Remove.
("query narinfo with invalid hash", "query narinfo signed with
authorized key", "query narinfo signed with unauthorized key",
"substitute, invalid hash", "substitute, unauthorized key"): New
tests.
substitute-binary: Store the cache's URI in the local cached narinfo.
* guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
(narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
(string->narinfo): Add 'cache-uri' parameter.
(lookup-narinfo)[cache-entry]: Switch to version 1. Add 'cache-uri'
field. Adjust body accordingly.
(remove-expired-cached-narinfos): Switch to version 1 by default.
substitute-binary: Support the Signature field of a narinfo file.
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
and 'contents' fields.
(narinfo-signature->canonical-sexp): New function.
(narinfo-maker): Add the 'signature' argument and use it.
(assert-valid-signature): New function.
(read-narinfo): Support the Signature field.
(write-narinfo): Use 'narinfo-contents'.
(%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
tests/substitute-binary.scm.
(MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
nar: Clarify that 'assert-valid-signature' accepts a string.
* guix/nar.scm (assert-valid-signature): Improve the wording.
gnu: ed: Upgrade to 1.10.
* gnu/packages/ed.scm (ed): Upgrade to 1.10. Use '.tar.lz' file, and
add 'native-inputs' field.
gnu: ocrad: Upgrade to 0.23.
* gnu/packages/ocrad.scm (ocrad): Upgrade to 0.23.
tests: Make sure 'guix archive --import' succeeds.
* tests/guix-archive.sh: Check the exit value of 'guix archive
--import'.
daemon: Add tests for substitutes and --no-substitutes.
* tests/guix-daemon.sh: Add substituter tests.
daemon: Clear $NIX_SUBSTITUTERS when passed '--no-substitutes'.
* nix/nix-daemon/guix-daemon.cc (main): When --no-substitutes is used,
clear NIX_SUBSTITUTERS. Before that, and after
89faa5c75cb3a419c6d02c51f56955275b7ae351, '--no-substitutes' would
lead to attempts to use 'download-using-manifests.pl', which in
practice would gracelessly fail.
daemon: Change some options via 'settings.set'.
* nix/nix-daemon/guix-daemon.cc (parse_opt): Use 'settings.set' instead
of direct field access for 'buildCores', 'maxBuildJobs', and
'useSubstitutes'.
(main): Call 'settings.update' after 'argp_parse'.
gnu: tcl: Install man pages in share/man.
* gnu/packages/tcl.scm (tcl): Add --mandir configure flag.
Add (guix svn-download).
* guix/svn-download.scm, guix/build/svn.scm: New files.
* Makefile.am (MODULES): Add them.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
gnu: gnu-pw-mgr: Fix download location.
* gnu/packages/gnu-pw-mgr.scm (gnu-pw-mgr): Fix download location.
gnu: Add mc
* gnu/packages/mc.scm: New file
* gnu/packages/patches/mc-fix-ncurses-build.patch: New patch
* gnu-system.am (GNU_SYSTEM_MODULES): Add mc.scm.
(dist_patch_DATA): Add patch
gnu: libssh2: Fix use with libssh2.pc
* gnu/packages/ssh.scm (libssh2): Pass --with-libgcrypt configure flag and
propagate inputs.
Merge branch 'core-updates'
offload: Remove erroneous 'close-pipe' call.
* guix/scripts/offload.scm (send-files): Remove 'close-pipe' call from
'guard' handler ('pipe' here referred to Guile's 'pipe' procedure.)
offload: Wait for the processes involved in 'guix archive --missing'.
* guix/scripts/offload.scm (send-files): Keep the second return value of
'filtered-port'. Call 'waitpid' on it.