GNU bug report logs -
#43106
[PATCH] DRAFT services: childhurd: Support for setting secrets.
Previous Next
Full log
Message #26 received at 43106 <at> debbugs.gnu.org (full text, mbox):
Hi!
"Jan (janneke) Nieuwenhuizen" <janneke <at> gnu.org> skribis:
> This adds a "secret-service" that can be added to a Childhurd VM to receive
> out-of-band secrets (keys) sent from the host.
>
> Co-authored-by: Ludovic Courtès <ludo <at> gnu.org>
>
> * gnu/services/virtualization.scm (secret-service-activation): New procedure.
> (secret-service-type): New variable.
> * gnu/build/secret-service.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Very nice! Minor suggestions:
> + (format (current-error-port) "secret-service-send-secrets\n")
Perhaps write “sending secrets to ~a:~a...~%” or similar.
> + (let ((sock (socket AF_INET SOCK_STREAM 0))
> + (addr (make-socket-address AF_INET INADDR_LOOPBACK port)))
> + ;; connect to wait for port
> + (let loop ((retry retry))
> + (if (zero? retry)
> + (error "connecting to childhurd failed")
s/childhurd/secret server/
> + (catch 'system-error
> + (lambda _
> + (connect sock addr))
> + (lambda (key . args)
> + (format (current-error-port) "connect failed: ~a ~s\n" key args)
Perhaps remove print “retrying connection” (or similar), and re-throw
the exception when RETRY is zero, so that it goes through as is (and
thus you can remove the call to ‘error’ above.)
> + ;; copy tree
> + (let* ((files (if secret-root (find-files secret-root) '()))
> + (files-sizes-modes (map file->file+size+mode files))
> + (secrets `(secrets
> + (version 0)
> + (files ,files-sizes-modes))))
> + (write secrets sock)
> + (for-each (compose (cute display <> sock)
> + (cute with-input-from-file <> read-string))
Instead of loading it all in memory, we can use ‘dump-port’ from (guix
build utils) here.
That’s it!
Ludo’.
This bug report was last modified 4 years and 319 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.