GNU bug report logs - #43106
[PATCH] DRAFT services: childhurd: Support for setting secrets.

Previous Next

Full log

Message #52 received at 43106 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Jan Nieuwenhuizen <janneke <at> gnu.org>
Cc: 43106 <at> debbugs.gnu.org
Subject: Re: [PATCH v3 2/2] services: childhurd: Support installing secrets
 from the host.
Date: Tue, 01 Sep 2020 22:54:21 +0200

Hi!

Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:

> Ludovic Courtès writes:

[...]

>> Perhaps ‘hurd-vm-service-type’ should unconditionally extend (via
>> ‘service-extension’) ‘secret-service-type’, just to ensure that Hurd VMs
>> always include the secret service.
>
> Eh, hurd-vm-service lives in the host, the secret-services lives in the
> client; am I missing something?  ;-)

Ah no, it’s me.  :-)

> We could add a check for secret-service, possibly here
>
>     (define (hurd-vm-disk-image config)
>       "Return a disk-image for the Hurd according to CONFIG."
>       (let ((os (hurd-vm-configuration-os config))
>             (disk-size (hurd-vm-configuration-disk-size config)))
>         (system-image
>          (image
>           (inherit hurd-disk-image)
>           (size disk-size)
>           (operating-system os)))))
>
> and/or insert if it it's missing...seems a bit over the top to me?

Yes, exactly.  We could pass ‘os’ through
‘secret-service-operating-system’, where:

  (define (secret-service-operating-system os)
    (operating-system
      (inherit os)
      (services (cons (service secret-service-type)
                      (operating-system-user-services os)))))

(A similar pattern is found in ‘virtualized-operating-system’ and
‘containerized-operating-system’.)

Thanks for these patches!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.