Verification is slow. Also, we really shouldn't advise users to nuke
their store.

More spring cleaning.

install-nix-from-closure improvments

Manifests have been superseded by binary caches for years. This also
gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.

Use the same logic as NixOS' profile and environment setup. Closes #414

Just wasted a couple hours chasing shadows because the nix store got
corrupted and there was no indication of that anywhere.

Since an install is one-time only, might as well verify.  Optimization
showed that the copied files aren't read-only; fixed that as well.

Also, use /bin/sh since there's a good chance that this script will be
run on systems without /bin/bash

This feature was implemented for Hydra, but Hydra no longer uses it.

Necessary for multi-threaded commands like "nix verify-paths".

This specifies the number of distinct signatures required to consider
each path "trusted".

Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables
verifying whether a path is trusted (since a path can also be trusted
if it has no signatures, but was built locally).

Locally-built paths are now signed automatically using the secret keys
specified by the ‘secret-key-files’ option.

The 304 Not Modified was not handled correctly, so the empty result
from the conditional request would overwrite the previous tarball.

E.g.

  $ nix sign-paths -k ./secret -r $(type -p geeqie)

signs geeqie and all its dependencies using the key in ./secret.

This imports signatures from one store into another. E.g.

  $ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/
  imported 595 signatures

https://hydra.nixos.org/build/33908385

These are content-addressed paths or outputs of locally performed
builds. They are trusted even if they don't have signatures, so "nix
verify-paths" won't complain about them.

In particular, this eliminates a bunch of boilerplate code.

Typical usage is to check local paths using the signatures from a
binary cache:

  $ nix verify-paths -r /run/current-system -s https://cache.nixos.org
  path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted
  ...
  checked 844 paths, 119 untrusted

The flag remembering whether an Interrupted exception was thrown is
now thread-local. Thus, all threads will (eventually) throw
Interrupted. Previously, one thread would throw Interrupted, and then
the other threads wouldn't see that they were supposed to quit.

Like "nix-store --verify --check-contents", but with the same
advantages as "nix verify-paths".

Unlike "nix-store --verify-path", this command verifies signatures in
addition to store path contents, is multi-threaded (especially useful
when verifying binary caches), and has a progress indicator.

Example use:

$ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird)
...
[17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’

Otherwise writing to std::cerr is not thread-safe (in particular,
lines will be randomly duplicated).

Kill the temporary darwin-specific channel

The issues have been resolved upstream in the main nixpkgs channel now

Otherwise we hit the 104 character limit.

http://hydra.nixos.org/build/33562028

Doing a chdir() is a bad idea in multi-threaded programs, leading to
failures such as

  error: cannot connect to daemon at ‘/nix/var/nix/daemon-socket/socket’: No such file or directory

Since Linux doesn't have a connectat() syscall like FreeBSD, there is
no way we can support this in a race-free way.

Closes https://github.com/NixOS/hydra/pull/286.