It can now authenticate 14K+ commits in 23s instead of 4mn20.
* build-aux/git-authenticate.scm (%authorized-signing-keys): Turn
fingerprints into bytevectors.
(with-temporary-files): Remove.
(commit-signing-key): Add 'keyring' parameter. Use
'string->openpgp-packet' and 'verify-openpgp-signature' instead of (guix
gnupg) procedures.
(authenticate-commit): Add 'keyring' parameter. Pass it to
'commit-signing-key'. Adjust to SIGNING-KEY being an <openpgp-public-key>.
(authenticate-commits): Remove 'parameterize'. Load keyring with
'get-openpgp-keyring'.
(git-authenticate): When printing stats, adjust to SIGNER being an
<openpgp-public-key>.
I (nckx) have revoked all RSA subkeys, in favour of my older and
freshly-refreshed ECDSA ones. This was merely a precaution: to my
knowledge all my RSA private keys have been carefully destroyed and
were never compromised. This commit keeps ‘make authenticate’ happy.
* guix/gnupg.scm (revkeysig-rx): New variable for revoked keys.
(gnupg-verify): Parse it.
(gnupg-status-good-signature?): Accept it as ‘good’ for our purposes.
* build-aux/git-authenticate.scm (%committers): Clarify nckx's subkeys.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Works around <https://bugs.gnu.org/40522>.
* build-aux/compile-all.scm (parallel-job-count*): New procedure.
<top level>: Use it instead of 'parallel-job-count'.
This avoids repeated "will be downloaded" messages for
'compute-guix-derivation' and its dependencies.
* build-aux/build-self.scm (build): Don't call 'show-what-to-build*'
when 'with-build-handler' is defined.
_IOLBF & co. were deprecated in Guile 2.2 and removed in 3.0.
* build-aux/hydra/gnu-system.scm: Pass 'line instead of _IOLBF to 'setvbuf'.
* build-aux/hydra/guix-modular.scm: Likewise.
The manifest can be passed to 'guix build -m', 'guix weather -m', and so
on. It can also be passed to an installed 'guix' (without
./pre-inst-env), with the exception so far of installation tests.
* build-aux/run-system-tests.scm: Remove. Move interesting bits move
to...
* etc/system-tests.scm: ... here. New file.
* Makefile.am (EXTRA_DIST): Remove 'build-aux/run-system-tests.scm' and
add 'etc/system-tests.scm'.
(check-system): Rewrite to run 'guix build -m etc/system-tests.scm'.
* build-aux/run-system-tests.scm (source-commit): New procedure.
(tests-for-current-guix): Add 'commit' parameter and pass it to
'channel-source->package'.
(run-system-tests): Call 'source-commit' and pass the result to
'tests-for-current-guix'.
* gnu/ci.scm (channel-build-system)[build, lower]: Honor #:source.
(channel-source->package): New procedure.
(system-test-jobs): Remove 'instance' and call to
'checkout->channel-instance'. Use 'channel-source->package'.
* build-aux/run-system-tests.scm (tests-for-channel-instance): Rename to...
(tests-for-current-guix): ... this. Change 'instance' to 'source'.
(run-system-tests): Use 'local-file' instead of 'interned-file' for
SOURCE.
This is a followup to commit 7dc0f1d5a8,
signed with sub-key "3D2C DA58 819C 08C2 A649 D43D 5C3B 064C 724A 5726".
* build-aux/git-authenticate.scm (%committers): Provide fingerprint of
subkey for thomasd.
A list of already-authenticated commits is kept in
~/.cache/guix/authentication. This speeds up subsequent "make
authenticate" invocations.
* build-aux/git-authenticate.scm (authenticated-commit-cache-file)
(previously-authenticated-commits, cache-authenticated-commit): New
procedures.
(git-authenticate): Define 'authenticated-commits' and pass it as a
third argument to 'commit-difference'. Add call to
'cache-authenticated-commit'. Don't display signing stats when STATS is
null.
Fixes <https://bugs.gnu.org/36378>.
Reported by Reza Alizadeh Majd <r.majd@pantherx.org>.
* build-aux/hydra/gnu-system.scm (find-current-checkout): New procedure.
(hydra-jobs): Use FIND-CURRENT-CHECKOUT to define CHECKOUT. Pass it to the
inferior Guix as an extra argument whose key is 'superior-guix-checkout'.
* gnu/ci.scm (find-current-checkout): New procedure.
(hydra-jobs): Use FIND-CURRENT-CHECKOUT to define CHECKOUT. This will return
'#f' if the current Guix is an inferior. In that case, use the
'superior-guix-checkout' argument provided by the superior Guix.
This is a followup to 7e6d8d366a.
It means that "make check-system" can run tests from (gnu tests install)
much faster because it does not need to build a full 'guix' package.
* gnu/ci.scm (channel-instance->package): Export.
* build-aux/run-system-tests.scm (tests-for-channel-instance): New
procedure, with code formerly in 'run-system-tests'.
(run-system-tests): Call 'interned-file' for SOURCE, and add call to
'tests-for-channel-instance'.
This is a followup to 2e3e5d2198.
* build-aux/test-env.in: Remove mentions of 'NIX_ROOT_FINDER'.
* nix/libstore/gc.cc (LocalStore::collectGarbage): Adjust comment
accordingly.
Fixes <https://bugs.gnu.org/35539>.
Reported by Florian Pelz <pelzflorian@pelzflorian.de>.
* build-aux/check-available-binaries.scm (packages-for-system): New procedure.
<top level>: Use it.
This is a followup to 48d498c2c3, which
introduced a typo (missing '->' in 'mlet'.)
Fixes <https://bugs.gnu.org/35623>.
Reported by Karrick McDermott <kmcdermott@linkedin.com>.
* build-aux/build-self.scm (build): Add 'getenv' and 'setenv' calls for
HOME.
This reverts commit fa9e6e8b67.
By using the new bindings, we would prevent users of Guix prior to
de9fbe9cdc, such as version 0.16.0, to
upgrade to current master. Thus, we will keep using the old names for a
while.
This variable is unused since commit
45779fa676.
* guix/self.scm (%dependency-variables): Remove.
* build-aux/build-self.scm (%dependency-variables): Remove.
This makes it easier to run the uninstalled daemon.
* nix/local.mk (libstore_a_CPPFLAGS): Append "/guix" to
NIX_LIBEXEC_DIR.
* build-aux/pre-inst-env.in (NIX_LIBEXEC_DIR): Adjust comment.
* nix/libstore/builtins.cc (builtinDownload): Remove SUBDIR and its
use.
* nix/libstore/local-store.cc (runAuthenticationProgram): Ditto.
* nix/libstore/gc.cc (addAdditionalRoots): Remove "/guix" prefix.
* nix/nix-daemon/guix-daemon.cc (main): Ditto.