guix: Skip attesting to dist-archive

We already attest to the relevant dist-archive in inputs.SHA256SUMS,
which is recorded at build-time.

We use a SKIPATTEST.TAG file to indicate output directories which do not
require attestation (much like the CACHEDIR.TAG specification).
Generally, it's better to have build scripts declare properties of
directories instead of introducing name-based special cases in attest
scripts since build scripts have a more detailed context of what is
going on.

contrib/guix/guix-attest

@@ -146,6 +146,10 @@ echo ""
 # MAIN LOGIC: Loop through each output for VERSION and attest to output in
 #             GUIX_SIGS_REPO as SIGNER, if attestation does not exist
 for outdir in "${OUTDIRS[@]}"; do
+    if [ -e "${outdir}/SKIPATTEST.TAG" ]; then
+        echo "${outname}: SKIPPING: Output directory marked with SKIPATTEST.TAG file"
+        continue
+    fi
     outname="$(out_name "$outdir")"
     outsigdir="$(out_sig_dir "$outdir")"
     if [ -e "$outsigdir" ]; then

contrib/guix/libexec/build.sh

@@ -228,6 +228,7 @@ GIT_ARCHIVE="${DIST_ARCHIVE_BASE}/${DISTNAME}.tar.gz"
 # Create the source tarball if not already there
 if [ ! -e "$GIT_ARCHIVE" ]; then
     mkdir -p "$(dirname "$GIT_ARCHIVE")"
+    touch "${DIST_ARCHIVE_BASE}"/SKIPATTEST.TAG
     git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD
 fi