* guix/ui.scm (show-what-to-build): When VERBOSITY is 1, add a newline
before the "would/will be downloaded" line, and wrap that message in
'highlight'.
This makes the test slightly less expensive.
* tests/store.scm ("add-text-to-store vs. delete-paths")
("add-to-store vs. delete-paths"): Delete and merge into...
("add-text-to-store/add-to-store vs. delete-paths"): ... this test.
In practice we're always using the same key pair,
/etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to
avoid redundant I/O and parsing when signing multiple store items in a
row.
* guix/scripts/authenticate.scm (load-key-pair): New procedure.
(sign-with-key): Remove 'key-file' parameter and add 'public-key' and
'secret-key'. Adjust accordingly.
(validate-signature): Add 'acl' parameter and pass it to
'authorized-key?'.
(guix-authenticate)[call-with-reply]: New procedure.
[with-reply]: New macro.
Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an
argument to 'loop' and use it as a cache of key pairs.
Previously, we'd spawn 'guix authenticate' once for each item that has
to be signed (when exporting) or authenticated (when importing). Now,
we spawn it once for all and then follow a request/reply protocol. This
reduces the wall-clock time of:
guix archive --export -r $(guix build coreutils -d)
from 30s to 2s.
* guix/scripts/authenticate.scm (sign-with-key): Return the signature
instead of displaying it. Raise a &formatted-message instead of calling
'leave'.
(validate-signature): Likewise.
(read-command): New procedure.
(define-enumerate-type, reply-code): New macros.
(guix-authenticate)[send-reply]: New procedure.
Change to read commands from current-input-port.
* nix/libstore/local-store.cc (runAuthenticationProgram): Remove.
(authenticationAgent, readInteger, readAuthenticateReply): New
functions.
(signHash, verifySignature): Rewrite in terms of the agent.
* tests/store.scm ("import not signed"): Remove 'pk' call.
("import signed by unauthorized key"): Check the error message of C.
* tests/guix-authenticate.sh: Rewrite using the new protocol.
fixlet
* nix/libstore/build.cc (DerivationGoal::tryBuildHook): Add "offload" to
'args' and pass settings.guixProgram as the first argument to
Agent::Agent.
(pathNullDevice, commonChildInit, Agent, Agent::Agent)
(Agent::~Agent): Move to...
* nix/libutil/util.cc: ... here.
* nix/libutil/util.hh (struct Agent, commonChildInit): New
declarations.
* nix/libstore/local-store.cc (signHash, verifySignature): New
functions.
(LocalStore::exportPath): Use 'signHash' instead of inline code.
(LocalStore::importPath): Use 'verifySignature' instead of inline code.
* nix/libstore/build.cc (HookInstance): Rename to...
(Agent): ... this. Rename 'toHook' and 'fromHook' similarly and update
users. Change constructor to require a command and an argument list.
(DerivationGoal::tryBuildHook): Pass arguments to the 'Agent'
constructor.
* guix/svn-download.scm (download-svn-to-store): Add a subdirectory to
the download path. The subdirectory is used as the target for the 'svn
export' command, avoiding a 'directory exists' error when attempting to
use the parent directory directly.
