offload: Call 'machine-load' only once per machine.

This fixes a longstanding issue where 'choose-build-machine' would make
on average O(N log(N)) calls to 'machine-load', plus an extra call for
the selected machine, instead of N calls.

* guix/scripts/offload.scm (machine-load): Add comment.
(machine-power-factor, machine-less-loaded-or-faster?): Remove.
(choose-build-machine)[machines+slots]: Rename to...
[machines+slots+loads]: ... this.
[undecorate]: Adjust accordingly.
[machine-less-loaded-or-faster?]: New procedure.
Remove extra 'machine-load' call in body.

offload: Drop 'remote-pipe'.

* guix/scripts/offload.scm (remote-pipe): Remove.
(machine-load): Use 'open-remote-pipe*' instead of 'remote-pipe'.

offload: Rewrite to make direct RPCs to the remote daemon.

* guix/scripts/offload.scm (<build-machine>)[daemon-socket]: New field.
(connect-to-remote-daemon): New procedure.
(%gc-root-file, register-gc-root, remove-gc-roots, offload): Remove.
(transfer-and-offload): Rewrite using 'connect-to-remote-daemon' and
RPCs over SSH.
(store-import-channel, store-export-channel): New procedures.
(send-files, retrieve-files): Rewrite using these.

offload: Remove 'with-nar-error-handling' macro.

* guix/scripts/offload.scm (with-nar-error-handling): Remove.
(guix-offload): Use 'with-error-handling' instead.

offload: Reuse SSH session during 'transfer-and-offload'.

* guix/scripts/offload.scm (remote-pipe): Replace 'machine' parameter
with 'session'.  Remove 'open-ssh-session' call.
(register-gc-root): Replace 'machine' with 'session'.  Use '
session-get' instead of 'build-machine-name'.
(remove-gc-roots, offload, send-files, retrieve-files): Likewise.
(transfer-and-offload): Add 'open-ssh-session' call.  Handle 'offload'
errors here.
(machine-load): Add call to 'open-ssh-session'.

offload: Use Guile-SSH instead of GNU lsh.

* guix/scripts/offload.scm (<build-machine>)[ssh-options]: Remove.
[host-key, host-key-type]: New fields.
(%lsh-command, %lshg-command, user-lsh-private-key): Remove.
(user-openssh-private-key, private-key-from-file*): New procedures.
(host-key->type+key, open-ssh-session): New procedures.
(remote-pipe): Remove 'mode' parameter.  Rewrite in terms of
'open-ssh-session' etc.  Update users.
(send-files)[missing-files]: Rewrite using the bidirectional channel
port.
Remove call to 'call-with-compressed-output-port'.
(retrieve-files): Remove call to 'call-with-decompressed-port'.
(machine-load): Remove exit status logic.
* doc/guix.texi (Requirements): Mention Guile-SSH.
(Daemon Offload Setup): Document 'host-key' and 'private-key'.  Show the
default value on each @item line.
* m4/guix.m4 (GUIX_CHECK_GUILE_SSH): New macro.
* config-daemon.ac: Use 'GUIX_CHECK_GUILE_SSH'.  Set
'HAVE_DAEMON_OFFLOAD_HOOK' as a function of that.

lint: Add 'mirror-url' checker.

* guix/scripts/lint.scm (origin-uris): New procedure.
(check-source): Use it.
(check-mirror-url): New procedure.
(%checkers): Add 'mirror-url' checker.
* tests/lint.scm ("mirror-url")
("mirror-url: one suggestion"): New tests.
* doc/guix.texi (Invoking guix lint): Document it.

store: Add 'references*'.

* guix/store.scm (references*): New procedure.
* guix/profiles.scm (manifest-lookup-package)[references*]: Remove.
* guix/scripts/system.scm (references*): Remove.
* tests/gexp.scm ("gexp->file", "gexp->file + file-append")
("gexp->derivation", "gexp->derivation, cross-compilation")
("gexp->derivation, ungexp + ungexp-native")
("scheme-file", "text-file*", "mixed-text-file"): Remove 'references*'
instead of (store-lift references).

daemon: Add "builtin:download" derivation builder.

This ensures that 1) the derivation doesn't change when Guix changes;
2) the derivation closure doesn't contain Guix and its dependencies; 3)
we don't have to rely on ugly chroot hacks.

Adapted from Nix commit 0a2bee307b20411f5b0dda0c662b1f9bb9e0e131.

* nix/libstore/build.cc (DerivationGoal::runChild): Add special case for
'isBuiltin(drv)'.  Disable chroot when 'isBuiltin(drv)'.
* nix/libstore/builtins.cc, nix/libstore/builtins.hh,
nix/scripts/download.in, guix/scripts/perform-download.scm: New files.
* guix/ui.scm (show-guix-help)[internal?]: Add 'perform-download'.
* nix/local.mk (libstore_a_SOURCES): Add builtins.cc.
(libstore_headers): Add builtins.hh.
(nodist_pkglibexec_SCRIPTS): Add 'scripts/download'.
* config-daemon.ac: Emit 'scripts/download'.
* Makefile.am (MODULES): Add 'guix/scripts/perform-download.scm'.
* tests/derivations.scm ("unknown built-in builder")
("'download' built-in builder")
("'download' built-in builder, invalid hash")
("'download' built-in builder, not found")
("'download' built-in builder, not fixed-output"): New tests.

Co-authored-by: Eelco Dolstra <eelco.dolstra@logicblox.com>

guix download: Add '-o' option.

* guix/scripts/download.scm (download-to-file, download-to-store*): New
procedures.
(%default-options): Add 'download-proc'.
(show-help): Adjust description and document '-o'.
(%options): Add '-o'.
(guix-download): Remove 'store' variable.  Add 'fetch' and define 'path'
to as its result.
* tests/guix-download.sh: Add test.

substitute: Disable HTTPS certificate verification.

Fixes a regression introduced in
9e4e431e049fae3f1121c3be22cf13b174404ba8 as a consequence of
bc3c41ce36349ed4ec758c70b48a7059e363043a.
Reported by Marius Bakke <mbakke@fastmail.com>.

* guix/scripts/substitute.scm (fetch): Pass #:verify-certificate? #f to
'open-connection-for-uri' and 'http-fetch'.
(download-cache-info): Likewise.
(http-multiple-get): Add #:verify-certificate? and honor it.
(fetch-narinfos): Pass #:verify-certificate? #f.

container: Pass a list of <file-system> objects as things to mount.

* gnu/build/linux-container.scm (mount-file-systems): 'mounts' is now a
list of <file-system> objects instead of a list of lists ("specs").
Add call to 'file-system->spec' as the argument to 'mount-file-system'.
(run-container, call-with-container): Adjust docstring accordingly.
* gnu/system/file-systems.scm (spec->file-system): New procedure.
* gnu/system/linux-container.scm (container-script)[script]: Call
'spec->file-system' inside gexp.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to 'file-system->spec'.
* tests/containers.scm ("call-with-container, mnt namespace")
("call-with-container, mnt namespace, wrong bind mount"): Pass a list of
<file-system> objects.

lint: 'cve' checker catches 'tls-certificate-error'.

Reported by Frederick Muriithi <fredmanglis@gmail.com>.

* guix/scripts/lint.scm (tls-certificate-error-string): New procedure.
(validate-uri): Use it.
(current-vulnerabilities*): Catch 'tls-certificate-error' and print a
warning.

system: Use grub from bootloader configuration.

* gnu/system/grub.scm (gnu): Export grub-configuration-grub.
* guix/scripts/system.scm (perform-action): Use it.
(define-module): Don't import (gnu packages grub).

Co-authored-by: Danny Milosavljevic <dannym@scratchpost.org>

guix download: Add '--no-check-certificate' option.

* guix/download.scm (download-to-store): Add #:verify-certificate?
parameter and honor it.
* guix/scripts/download.scm (%default-options): Add
'verify-certificate?' key.
(show-help, %options): Add '--no-check-certificate'.
(guix-download): Pass #:verify-certificate to 'download-to-store'.
* doc/guix.texi (Invoking guix download): Document it.

download: Verify TLS certificates unless asked not to.

Fixes <http://bugs.gnu.org/24466>.
Reported by Leo Famulari <leo@famulari.name>.

* guix/build/download.scm (%x509-certificate-directory): New variable.
(make-credendials-with-ca-trust-files, peer-certificate)
(assert-valid-server-certificate, print-tls-certificate-error): New
procedures.  Add 'print-tls-certificate-error' as an exception printer
for 'tls-certificate-error'.
(tls-wrap): Add #:verify-certificate? parameter and honor it.
(open-connection-for-uri): Likewise.
(http-fetch): Likewise.
(url-fetch): Likewise.
* guix/download.scm (url-fetch)[builder]: Pass #:verify-certificate? #f.
* guix/scripts/lint.scm (probe-uri): Add case for 'tls-certificate-error'.
(validate-uri): Likewise.
* doc/guix.texi (Invoking guix download): Mention 'SSL_CERT_DIR'.

Merge branch 'master' into core-updates

system: Add 'guix system' actions: switch-generation and roll-back.

* guix/scripts/system.scm (roll-back-system, switch-to-system-generation): new
actions.
(reinstall-grub): New procedure, used by switch-to-system-generation.
(show-help, process-command, guix-system): Honor the new actions.
* doc/guix.texi (Invoking guix system) <switch-generation, roll-back>: Add the
new actions.
<reconfigure>: In the footnote, mention that the new actions also only work on
GuixSD.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

system: Optionally limit the entries returned by profile-grub-entries.

* guix/scripts/system.scm (profile-grub-entries): Add an optional parameter
which allows the caller to limit the number of returned grub entries.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

system: Rename previous-grub-entries to profile-grub-entries.

* guix/scripts/system.scm (previous-grub-entries, profile-grub-entries):
Rename previous-grub-entries to profile-grub-entries to indicate that it is
stateful and returns the entries for all profile generations, not just the
previous ones.  Update all callers.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>