GNU bug report logs - #43106
[PATCH] DRAFT services: childhurd: Support for setting secrets.

Previous Next

Package: guix-patches;

Reported by: "Jan (janneke) Nieuwenhuizen" <janneke <at> gnu.org>

Date: Sat, 29 Aug 2020 21:58:02 UTC

Severity: normal

Tags: patch

Done: Jan Nieuwenhuizen <janneke <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 43106 <at> debbugs.gnu.org (full text, mbox):

From: "Jan (janneke) Nieuwenhuizen" <janneke <at> gnu.org>
To: Ludovic Courtès <ludo <at> gnu.org>,
	43106 <at> debbugs.gnu.org
Subject: Re: [bug#43106] [PATCH v3 0/2] Secret services for the Childhurd
Date: Mon, 31 Aug 2020 08:39:11 +0200

Jan Nieuwenhuizen writes:

Hello,

As discussed on IRC, version 3 follows.

> Ludovic Courtès writes:
>> "Jan (janneke) Nieuwenhuizen" <janneke <at> gnu.org> skribis:
>>>
>>> +@example
>>> +/etc/childhurd/etc/guix/signing-key.pub
>>> +/etc/childhurd/etc/guix/signing-key.sec
>>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key
>>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key
>>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub
>>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub
>>> +@end example
>>
>> Would it make sense to have a list of source/target pairs instead of a
>> directory:
>>
>>   (("/etc/childhurd/pubkey" . "/etc/guix/signing-key.pub")
>>    …)
>>
>> ?
>
> We could do that...I'm not opposed to it and in fact I thought about
> something like this but then opted for the file system root idea because
> I didn't see the need for adding this extra indirection.  If you think
> it's a good idea, sure.  Postponed that for now, though.

[this still open]

Also, I think 5900 is a bad idea, qemu opens a server there.  We could
use ports 2222 (forwarded to 12222), as SSH only starts later -- but
hmm.  As this is all running as root anyway, I opted for 1004 (MI5).

Greetings,
Janneke

Jan (janneke) Nieuwenhuizen (2):
  services: Add secret-service-type.
  services: childhurd: Support installing secrets from the host.

 doc/guix.texi                      |  21 +++++
 gnu/build/secret-service.scm       | 138 +++++++++++++++++++++++++++++
 gnu/local.mk                       |   1 +
 gnu/services/virtualization.scm    |  92 ++++++++++++++++---
 gnu/system/examples/bare-hurd.tmpl |  20 +++--
 5 files changed, 251 insertions(+), 21 deletions(-)
 create mode 100644 gnu/build/secret-service.scm

-- 
Jan Nieuwenhuizen <janneke <at> gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
This bug report was last modified 4 years and 319 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.