utils: Make 'errno' procedure more robust.

Partially fixes <http://bugs.gnu.org/17212>.

* guix/utils.scm (errno): Move definition of 'bv' outside of the
  procedure.  Use 'bytevector-s32-native-ref' or
  'bytevector-s64-native-ref' instead of 'bytevector-sint-ref'.

Work around behavior of old 'scandir' in Guile 2.0.5.

Problem reported by John Darrington <john@darrington.wattle.id.au>.

* guix/nar.scm (write-file): Filter out "." and ".." from the result of
  'scandir'.  Previously we did this by passing a suitable predicate.

hydra: Add 'qemu-image' job.

* build-aux/hydra/demo-os.scm: New file.
* Makefile.am (EXTRA_DIST): Add it.
* build-aux/hydra/gnu-system.scm (qemu-jobs): New procedure.
  (hydra-jobs): Use it.
* guix/scripts/system.scm (read-operating-system): Export.

guix package: Fix indentation of packages to remove.

* guix/scripts/package.scm (show-what-to-remove/install): Add space when
  showing packages to remove.

ui: Improve reporting of 'system-error' exceptions.

* guix/ui.scm (call-with-error-handling): Change 'system-error' handler
  to display the error message as it was raised.

union: Ensure that the output is always a directory.

Fixes the creation of single-package profiles, reported by Ludovic Courtès.

* guix/build/union.scm (union-build): Add new internal procedure
  'union-of-directories' that always creates a directory, containing the code
  previously used only to merge multiple directories.  Call it from the
  multiple-directory case in 'union' and from the top-level 'union-build'.

pki: Introduce 'write-acl', and fix wrong conversion in 'ensure-acl'.

* guix/pki.scm (write-acl): New procedure.
  (ensure-acl): Use it.  Fixes a regression introduced in 39831f1,
  whereby 'ensure-acl' would yield a wrong-type-arg error.
* guix/scripts/archive.scm (authorize-key): Use 'write-acl'.

offload: Prevent the '.drv' and build result from being GC'd.

Before that, there was a small time window during which the GC could
wipe the .drv (before 'guix build' has been called), or the build
result (before 'retrieve-files' has started.)

* guix/scripts/offload.scm (remote-pipe): Add #:quote? parameter and
  honor it.
  (%gc-root-file): New variable.
  (register-gc-root, remove-gc-root): New procedures.
  (offload): Adjust comment.  Run 'guix build' with '-r %GC-ROOT-FILE'.
  (transfer-and-offload): Call 'register-gc-root' before
  sending (derivation-file-name DRV).  Call 'remove-gc-root' after the
  call to 'offload' or 'retrieve-files'.
  (send-files): Call 'remote-pipe' with #:quote? #f.
  (retrieve-files): Likewise.

union: Rewrite to be faster; handle symlink/directory conflicts.

* guix/build/union.scm: Rewrite; only 'file=?' remains unchanged.  Remove
  'tree-union' and 'delete-duplicate-leaves' exports.  Merge inputs in a
  breadth-first fashion.  Follow symlinks for purposes of making decisions
  about the merge.

* tests/union.scm: Remove tests of 'tree-union' and 'delete-duplicate-leaves'.

guix package: 'search-path-environment-variables' traverses module tree once.

* guix/scripts/package.scm (search-path-environment-variables)[manifest-entry->package]:
  Use 'find-best-packages-by-name' instead of 'find-packages-by-name'.
  On a profile with 140 packages, this reduces execution time of this
  procedure from 5.8 seconds to 2.9 seconds (50% improvement.)

guix package: Register non-default profiles as GC roots.

* guix/scripts/package.scm (maybe-register-gc-root): New procedure.
* tests/guix-package.sh (profile): Grep the output of "guix gc
  --list-live" in a couple of places.

pki: Keep ACL in native sexp format to speed up 'authorized-key?'.

* guix/pki.scm (acl-entry-sexp, acl-sexp): Remove.
  (public-keys->acl, current-acl): Return a native sexp.
  (acl->public-keys, authorized-key?): Expect ACL to be a native sexp.
* guix/scripts/archive.scm (authorize-key): Convert ACL to
  canonical-sexp when writing it.

substitute-binary: Avoid consing 'regexp-exec' arguments.

* guix/scripts/substitute-binary.scm (regexp-exec): Change formals
  to (rx str . rest).

substitute-binary: Avoid reloading the ACL repeatedly.

* guix/scripts/substitute-binary.scm (guix-substitute-binary) <--query>:
  Cache the result of (current-acl); pass it to 'valid-narinfo?' calls.
  This saves 12% wall-clock time for "guix build emacs -n".

Use 'signature-case' in (guix nar) and 'substitute-binary'.

* guix/nar.scm (restore-file-set)[assert-valid-signature]: Rewrite in
  terms of 'signature-case'.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
  Call 'leave' instead of 'raise' when SIGNATURE is invalid.
  (&nar-signature-error, &nar-invalid-hash-error): Remove.
  (assert-valid-signature): Add 'narinfo' parameter; remove 'port'.
  Rewrite in terms of 'signature-case' and 'leave'.  Mention NARINFO's
  URI in error messages.  Adjust caller.
  (narinfo-sha256): New procedure.
  (assert-valid-narinfo): Use it.
  (valid-narinfo?): Rewrite using 'narinfo-sha256' and
  'signature-case'.
* tests/substitute-binary.scm (assert-valid-signature,
  test-error-condition): Remove.
  ("corrupt signature data", "unauthorized public key", "invalid
  signature"): Remove.

pki: Add 'signature-case' macro.

* guix/pki.scm (%signature-status): New procedure.
  (signature-case): New macro.
* tests/pki.scm (%secret-key, %alternate-secret-key): New variables.
  ("signature-case valid-signature", "signature-case invalid-signature",
  "signature-case hash-mismatch", "signature-case unauthorized-key",
  "signature-case corrupt-signature"): New tests.

substitute-binary: Notify of valid signatures.

* guix/scripts/substitute-binary.scm (assert-valid-narinfo): Add
  #:verbose? parameter; when true, write "found valid signature".
  (valid-narinfo?): Pass #:verbose? #f.

guix archive: Make sure $sysconfdir/guix exists in '--authorize'.

* guix/scripts/archive.scm (authorize-key): Add 'mkdir-p' call.
  Reported by Alex Sassmannshausen <alex.sassmannshausen@gmail.com>.

offload: Exit with code 100 upon build failures.

* guix/scripts/offload.scm (transfer-and-offload): Exit with code 100
  upon build failure.

substitute-binary: Defer narinfo authentication and authorization checks.

* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
  Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
  as a SRFI-35 &message and &nar-signature-error.
  (narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
  sexp.
  (&nar-signature-error, &nar-invalid-hash-error): New variables.
  (assert-valid-signature): Use them.  Expect 'signature' to be a
  canonical sexp.
  (read-narinfo): Remove authentication and authorization checks.
  (%signature-line-rx): New variable.
  (assert-valid-narinfo, valid-narinfo?): New procedures.
  (guix-substitute-binary): Wrap body in 'with-error-handling'.
  [valid?]: New procedure.
  <--query>: Show only store items of narinfos that match
  'valid-narinfo?'.
  <--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
  (%keypair): Remove.
  (%public-key, %private-key): Load from signing-key.{pub,sec}.
  (signature-body): Add #:public-key parameter.
  (call-with-narinfo): New procedure.
  (with-narinfo): New macro.
  ("corrupt signature data", "unauthorized public key", "invalid
  signature"): Make the first argument to 'assert-valid-signature' a
  canonical sexp.
  ("invalid hash", "valid read-narinfo", "valid write-narinfo"):
  Remove.
  ("query narinfo with invalid hash", "query narinfo signed with
  authorized key", "query narinfo signed with unauthorized key",
  "substitute, invalid hash", "substitute, unauthorized key"): New
  tests.