From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 01 10:47:07 2020 Received: (at submit) by debbugs.gnu.org; 1 Sep 2020 14:47:07 +0000 Received: from localhost ([127.0.0.1]:56733 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kD7Yo-0005NN-FX for submit@debbugs.gnu.org; Tue, 01 Sep 2020 10:47:07 -0400 Received: from lists.gnu.org ([209.51.188.17]:48190) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kD7Ym-0005Lu-Ml for submit@debbugs.gnu.org; Tue, 01 Sep 2020 10:46:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38108) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kD7Ym-0005pT-93 for guix-patches@gnu.org; Tue, 01 Sep 2020 10:46:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52496) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kD7Yl-0000oe-6C; Tue, 01 Sep 2020 10:46:55 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59990 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kD7Yi-0004Gl-SB; Tue, 01 Sep 2020 10:46:54 -0400 From: Jan Nieuwenhuizen To: guix-patches@gnu.org Subject: [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service. Organization: AvatarAcademy.nl X-Url: http://AvatarAcademy.nl Date: Tue, 01 Sep 2020 16:46:43 +0200 Message-ID: <87h7sha71o.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Hi! With bug https://bugs.gnu.org/43106 just closed we now have a nice way to inject secrets into the Childhurds. Using the attached patch, which needs a fresh pull and reconfigure on berlin (at least the nodes 101,102 that run Childhurds), we can create a tree of childhurd secrets like so --8<---------------cut here---------------start------------->8--- /etc/childhurd/etc/guix/signing-key.pub /etc/childhurd/etc/guix/signing-key.sec /etc/childhurd/etc/ssh/ssh_host_ed25519_key /etc/childhurd/etc/ssh/ssh_host_ecdsa_key /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub --8<---------------cut here---------------end--------------->8--- ...and then we should be able to start offloading builds for the Hurd. (I guess we then also need to add a cuirass jobs for the Hurd?) Janneke --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-hydra-build-machines-Update-childhurd-net-options-fo.patch Content-Transfer-Encoding: quoted-printable >From 6d1c388ed82c260af27b556c0677e780ee410b05 Mon Sep 17 00:00:00 2001 From: "Jan (janneke) Nieuwenhuizen" Date: Tue, 1 Sep 2020 16:31:42 +0200 Subject: [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service. Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=3DUTF-8 * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os) [childhurd-net-options]: Include secret-service local QEMU forwarding. Use variables from (gnu services virtualization). --- hydra/modules/sysadmin/build-machines.scm | 31 ++++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/hydra/modules/sysadmin/build-machines.scm b/hydra/modules/sysa= dmin/build-machines.scm index b4afcbe..0385b6a 100644 --- a/hydra/modules/sysadmin/build-machines.scm +++ b/hydra/modules/sysadmin/build-machines.scm @@ -120,15 +120,28 @@ EMULATED-ARCHITECTURES, unless it's empty." =20 (define (childhurd-net-options . config) "Expose SSH and VNC ports on 0.0.0.0; for first Childhurd VM those -are 10022 and 15900." - (let ((id 0)) - (define (qemu-vm-port base) - (number->string (+ base (* 1000 id)))) - `("--device" "rtl8139,netdev=3Dnet0" - "--netdev" ,(string-append - "user,id=3Dnet0" - ",hostfwd=3Dtcp:0.0.0.0:" (qemu-vm-port 10022) "-:222= 2" - ",hostfwd=3Dtcp:0.0.0.0:" (qemu-vm-port 15900) "-:590= 0")))) +are 10022 and 15900. Keep secret-service port local." + `("--device" "rtl8139,netdev=3Dnet0" + "--netdev" ,(string-append + "user,id=3Dnet0" + ",hostfwd=3Dtcp:127.0.0.1:" + (number->string (hurd-vm-port + config + (@@ (gnu services virtualization) + %hurd-vm-secrets-port))) + "-:1004" + ",hostfwd=3Dtcp:0.0.0.0:" + (number->string (hurd-vm-port + config + (@@ (gnu services virtualization) + %hurd-vm-ssh-port))) + "-:2222" + ",hostfwd=3Dtcp:0.0.0.0:" + (number->string (hurd-vm-port + config + (@@ (gnu services virtualization) + %hurd-vm-vnc-port))) + "-:5900"))) =20 (define sysadmins (list (sysadmin (name "ludo") --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 01 17:19:58 2020 Received: (at 43155) by debbugs.gnu.org; 1 Sep 2020 21:19:58 +0000 Received: from localhost ([127.0.0.1]:57523 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDDh8-0005oI-Cz for submit@debbugs.gnu.org; Tue, 01 Sep 2020 17:19:58 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44538) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDDh3-0005o1-SY for 43155@debbugs.gnu.org; Tue, 01 Sep 2020 17:19:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59331) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kDDgx-0002I0-TV; Tue, 01 Sep 2020 17:19:47 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=51732 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kDDgx-0005C8-Ck; Tue, 01 Sep 2020 17:19:47 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Jan Nieuwenhuizen Subject: Re: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service. References: <87h7sha71o.fsf@gnu.org> Date: Tue, 01 Sep 2020 23:19:44 +0200 In-Reply-To: <87h7sha71o.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 01 Sep 2020 16:46:43 +0200") Message-ID: <87r1rl6vpr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43155 Cc: 43155@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Jan Nieuwenhuizen skribis: > With bug https://bugs.gnu.org/43106 just closed we now have a nice way > to inject secrets into the Childhurds. > > Using the attached patch, which needs a fresh pull and reconfigure on > berlin (at least the nodes 101,102 that run Childhurds), we can create a > tree of childhurd secrets like so > > /etc/childhurd/etc/guix/signing-key.pub > /etc/childhurd/etc/guix/signing-key.sec > /etc/childhurd/etc/ssh/ssh_host_ed25519_key > /etc/childhurd/etc/ssh/ssh_host_ecdsa_key > /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub > /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub > > ...and then we should be able to start offloading builds for the Hurd. Yup! Probably we=E2=80=99ll create /etc/childhurd/HOST for each VM, so we = also need to adjust accordingly, right? (I realize that the current code will silently keep going if we forget to put the secret files in place; IOW, the service config doesn=E2=80=99t s= how the files we intended to push as secrets. Oh well, we=E2=80=99ll see that later.) > (I guess we then also need to add a cuirass jobs for the Hurd?) Yes, or maybe just change =E2=80=98systems=E2=80=99 in the Cuirass specs for =E2=80=98guix-master=E2=80=99, but then it=E2=80=99ll try to build everythi= ng for GNU/Hurd, which doesn=E2=80=99t sound like a great idea for now. Perhaps we can simp= ly add a separate jobset pulling from =E2=80=98master=E2=80=99 but building on= ly for i586-gnu and only the =E2=80=9Ccore=E2=80=9D package set? >>>From 6d1c388ed82c260af27b556c0677e780ee410b05 Mon Sep 17 00:00:00 2001 > From: "Jan (janneke) Nieuwenhuizen" > Date: Tue, 1 Sep 2020 16:31:42 +0200 > Subject: [PATCH] hydra//build-machines: Update childhurd-net-options for > secret-service. > Content-Transfer-Encoding: 8bit > Content-Type: text/plain; charset=3DUTF-8 > > * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os) > [childhurd-net-options]: Include secret-service local QEMU forwarding. > Use variables from (gnu services virtualization). LGTM, thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 02 01:58:42 2020 Received: (at 43155) by debbugs.gnu.org; 2 Sep 2020 05:58:42 +0000 Received: from localhost ([127.0.0.1]:57963 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDLn0-00006F-VV for submit@debbugs.gnu.org; Wed, 02 Sep 2020 01:58:42 -0400 Received: from eggs.gnu.org ([209.51.188.92]:54474) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDLmy-000062-QD for 43155@debbugs.gnu.org; Wed, 02 Sep 2020 01:58:33 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:39939) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kDLms-0001y8-6W; Wed, 02 Sep 2020 01:58:26 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=44514 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kDLmq-0006Wr-5O; Wed, 02 Sep 2020 01:58:25 -0400 From: Jan Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service. Organization: AvatarAcademy.nl References: <87h7sha71o.fsf@gnu.org> <87r1rl6vpr.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Wed, 02 Sep 2020 07:58:13 +0200 In-Reply-To: <87r1rl6vpr.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Tue, 01 Sep 2020 23:19:44 +0200") Message-ID: <87h7sg67pm.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43155 Cc: 43155@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: Hi! > Jan Nieuwenhuizen skribis: > >> With bug https://bugs.gnu.org/43106 just closed we now have a nice way >> to inject secrets into the Childhurds. >> >> Using the attached patch, which needs a fresh pull and reconfigure on >> berlin (at least the nodes 101,102 that run Childhurds), we can create a >> tree of childhurd secrets like so >> >> /etc/childhurd/etc/guix/signing-key.pub >> /etc/childhurd/etc/guix/signing-key.sec >> /etc/childhurd/etc/ssh/ssh_host_ed25519_key >> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key >> /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub >> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub >> >> ...and then we should be able to start offloading builds for the Hurd. > > Yup! Probably we=E2=80=99ll create /etc/childhurd/HOST for each VM, so w= e also > need to adjust accordingly, right? Yes, we can add something like (secret-root (format #f "/etc/childhurd/~a" id)) to the (service hurd-vm-service-type (hurd-vm-configuration ... (i'm a bit curious, though, why we would want to differentiate between childhurds, they can be all identical?) > (I realize that the current code will silently keep going if we forget > to put the secret files in place; IOW, the service config doesn=E2=80=99t= show > the files we intended to push as secrets. Oh well, we=E2=80=99ll see that > later.) Yes, I guess that's a feature -- "you" can start it once, then do something like mkdir -p /etc/childhurd/etc scp -r childhurd:/etc/guix /etc/childhurd/etc scp -r childhurd:/etc/ssh /etc/childhurd/etc >> (I guess we then also need to add a cuirass jobs for the Hurd?) > > Yes, or maybe just change =E2=80=98systems=E2=80=99 in the Cuirass specs = for > =E2=80=98guix-master=E2=80=99, but then it=E2=80=99ll try to build everyt= hing for GNU/Hurd, > which doesn=E2=80=99t sound like a great idea for now. I agree, not much sense in that yet. > Perhaps we can simply add a separate jobset pulling from =E2=80=98master= =E2=80=99 but > building only for i586-gnu and only the =E2=80=9Ccore=E2=80=9D package se= t? Hmm, why can't I find the definition of "core"?. Anyway, It would be a great first step to build (everything needef for) "hello", after that we want to have/try "guile-3.0" and possibly "guix". >>>>From 6d1c388ed82c260af27b556c0677e780ee410b05 Mon Sep 17 00:00:00 2001 >> From: "Jan (janneke) Nieuwenhuizen" >> Date: Tue, 1 Sep 2020 16:31:42 +0200 >> Subject: [PATCH] hydra//build-machines: Update childhurd-net-options for >> secret-service. >> Content-Transfer-Encoding: 8bit >> Content-Type: text/plain; charset=3DUTF-8 >> >> * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os) >> [childhurd-net-options]: Include secret-service local QEMU forwarding. >> Use variables from (gnu services virtualization). > > LGTM, thanks! Great, pushed to guix-maintenance as 04c0fc1ea110b82d6180bbc1b2f895e55e746c= d8 Janneke ...after first pushing this -- Ooopss typo fix --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-hydra-build-machines-Oops-typo-in-childhurd-net-opti.patch Content-Transfer-Encoding: quoted-printable >From 35dd1de08f1b812a22184e925b089ffc471c52de Mon Sep 17 00:00:00 2001 From: "Jan (janneke) Nieuwenhuizen" Date: Wed, 2 Sep 2020 07:52:13 +0200 Subject: [PATCH 1/2] hydra/build-machines: Oops, typo in childhurd-net-options. Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=3DUTF-8 * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os) [childhurd-net-options]: Remove stray dot from parameter list. --- hydra/modules/sysadmin/build-machines.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra/modules/sysadmin/build-machines.scm b/hydra/modules/sysa= dmin/build-machines.scm index b4afcbe..0a3e113 100644 --- a/hydra/modules/sysadmin/build-machines.scm +++ b/hydra/modules/sysadmin/build-machines.scm @@ -118,7 +118,7 @@ EMULATED-ARCHITECTURES, unless it's empty." (mcron-configuration (jobs (list gc-job)))) (operating-system-user-services %hurd-vm-operating-system)))= )) =20 - (define (childhurd-net-options . config) + (define (childhurd-net-options config) "Expose SSH and VNC ports on 0.0.0.0; for first Childhurd VM those are 10022 and 15900." (let ((id 0)) --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 02 16:08:16 2020 Received: (at 43155) by debbugs.gnu.org; 2 Sep 2020 20:08:16 +0000 Received: from localhost ([127.0.0.1]:60748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDZ3H-0008Mo-RK for submit@debbugs.gnu.org; Wed, 02 Sep 2020 16:08:16 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDZ3F-0008Ma-J3 for 43155@debbugs.gnu.org; Wed, 02 Sep 2020 16:08:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51625) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kDZ39-0006iB-0j; Wed, 02 Sep 2020 16:08:07 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57066 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kDZ38-0006aL-IT; Wed, 02 Sep 2020 16:08:06 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Jan Nieuwenhuizen Subject: Re: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service. References: <87h7sha71o.fsf@gnu.org> <87r1rl6vpr.fsf@gnu.org> <87h7sg67pm.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 Fructidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 02 Sep 2020 22:08:03 +0200 In-Reply-To: <87h7sg67pm.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Wed, 02 Sep 2020 07:58:13 +0200") Message-ID: <877dtc3pss.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43155 Cc: 43155@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Jan Nieuwenhuizen skribis: > Ludovic Court=C3=A8s writes: > > Hi! > >> Jan Nieuwenhuizen skribis: >> >>> With bug https://bugs.gnu.org/43106 just closed we now have a nice way >>> to inject secrets into the Childhurds. >>> >>> Using the attached patch, which needs a fresh pull and reconfigure on >>> berlin (at least the nodes 101,102 that run Childhurds), we can create a >>> tree of childhurd secrets like so >>> >>> /etc/childhurd/etc/guix/signing-key.pub >>> /etc/childhurd/etc/guix/signing-key.sec >>> /etc/childhurd/etc/ssh/ssh_host_ed25519_key >>> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key >>> /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub >>> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub >>> >>> ...and then we should be able to start offloading builds for the Hurd. >> >> Yup! Probably we=E2=80=99ll create /etc/childhurd/HOST for each VM, so = we also >> need to adjust accordingly, right? > > Yes, we can add something like > > (secret-root (format #f "/etc/childhurd/~a" id)) > > to the > > (service hurd-vm-service-type > (hurd-vm-configuration > ... Sounds good. > (i'm a bit curious, though, why we would want to differentiate between > childhurds, they can be all identical?) Well, dunno if it really matters for our specific use case, but it seems =E2=80=9Ccleaner=E2=80=9D to me to give each childhurd its identity. OTOH,= these are VMs and they run on the same physical machine, so=E2=80=A6 >> (I realize that the current code will silently keep going if we forget >> to put the secret files in place; IOW, the service config doesn=E2=80=99= t show >> the files we intended to push as secrets. Oh well, we=E2=80=99ll see th= at >> later.) > > Yes, I guess that's a feature -- "you" can start it once, then do > something like > > mkdir -p /etc/childhurd/etc > scp -r childhurd:/etc/guix /etc/childhurd/etc > scp -r childhurd:/etc/ssh /etc/childhurd/etc Right, that can be convenient. OTOH, from the perspective of having declarative OS configs, it=E2=80=99s not great because this aspect of the c= onfig are left out. But maybe that=E2=80=99s an issue we can have if/when we generalize =E2=80=98secret-service-type=E2=80=99. >>> (I guess we then also need to add a cuirass jobs for the Hurd?) >> >> Yes, or maybe just change =E2=80=98systems=E2=80=99 in the Cuirass specs= for >> =E2=80=98guix-master=E2=80=99, but then it=E2=80=99ll try to build every= thing for GNU/Hurd, >> which doesn=E2=80=99t sound like a great idea for now. > > I agree, not much sense in that yet. > >> Perhaps we can simply add a separate jobset pulling from =E2=80=98master= =E2=80=99 but >> building only for i586-gnu and only the =E2=80=9Ccore=E2=80=9D package s= et? > > Hmm, why can't I find the definition of "core"?. Anyway, It would be a > great first step to build (everything needef for) "hello", after that we > want to have/try "guile-3.0" and possibly "guix". Sure. The =E2=80=9Ccore=E2=80=9D subset is defined in (gnu ci). >>>>>From 6d1c388ed82c260af27b556c0677e780ee410b05 Mon Sep 17 00:00:00 2001 >>> From: "Jan (janneke) Nieuwenhuizen" >>> Date: Tue, 1 Sep 2020 16:31:42 +0200 >>> Subject: [PATCH] hydra//build-machines: Update childhurd-net-options for >>> secret-service. >>> Content-Transfer-Encoding: 8bit >>> Content-Type: text/plain; charset=3DUTF-8 >>> >>> * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-o= s) >>> [childhurd-net-options]: Include secret-service local QEMU forwarding. >>> Use variables from (gnu services virtualization). >> >> LGTM, thanks! > > Great, pushed to guix-maintenance as 04c0fc1ea110b82d6180bbc1b2f895e55e74= 6cd8 Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 03 06:20:10 2020 Received: (at 43155) by debbugs.gnu.org; 3 Sep 2020 10:20:10 +0000 Received: from localhost ([127.0.0.1]:33581 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDmLi-0006or-3n for submit@debbugs.gnu.org; Thu, 03 Sep 2020 06:20:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40164) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDmLf-0006oX-H1 for 43155@debbugs.gnu.org; Thu, 03 Sep 2020 06:20:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34617) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kDmLZ-00075e-Jl; Thu, 03 Sep 2020 06:20:01 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=47582 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kDmLZ-0004dx-3E; Thu, 03 Sep 2020 06:20:01 -0400 From: Jan Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service. Organization: AvatarAcademy.nl References: <87h7sha71o.fsf@gnu.org> <87r1rl6vpr.fsf@gnu.org> <87h7sg67pm.fsf@gnu.org> <877dtc3pss.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Thu, 03 Sep 2020 12:19:49 +0200 In-Reply-To: <877dtc3pss.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Wed, 02 Sep 2020 22:08:03 +0200") Message-ID: <87wo1b6u2i.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43155 Cc: 43155@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hi, > Jan Nieuwenhuizen skribis: > >> Ludovic Court=C3=A8s writes: >> Yes, we can add something like >> >> (secret-root (format #f "/etc/childhurd/~a" id)) >> >> to the >> >> (service hurd-vm-service-type >> (hurd-vm-configuration >> ... > > Sounds good. > >> (i'm a bit curious, though, why we would want to differentiate between >> childhurds, they can be all identical?) > > Well, dunno if it really matters for our specific use case, but it seems > =E2=80=9Ccleaner=E2=80=9D to me to give each childhurd its identity. OTO= H, these are > VMs and they run on the same physical machine, so=E2=80=A6 Right... >>> (I realize that the current code will silently keep going if we forget >>> to put the secret files in place; IOW, the service config doesn=E2=80= =99t show >>> the files we intended to push as secrets. Oh well, we=E2=80=99ll see t= hat >>> later.) >> >> Yes, I guess that's a feature -- "you" can start it once, then do >> something like >> >> mkdir -p /etc/childhurd/etc >> scp -r childhurd:/etc/guix /etc/childhurd/etc >> scp -r childhurd:/etc/ssh /etc/childhurd/etc > > Right, that can be convenient. OTOH, from the perspective of having > declarative OS configs, it=E2=80=99s not great because this aspect of the= config > are left out. But maybe that=E2=80=99s an issue we can have if/when we > generalize =E2=80=98secret-service-type=E2=80=99. Ah, I see -- it could lead to "silent" failure/differences if /etc/childhurd somehow disappears -- isn't re-created upon new install. It makes sense to at least be less than silent, "fail early" is always good. >>>> (I guess we then also need to add a cuirass jobs for the Hurd?) >>> >>> Yes, or maybe just change =E2=80=98systems=E2=80=99 in the Cuirass spec= s for >>> =E2=80=98guix-master=E2=80=99, but then it=E2=80=99ll try to build ever= ything for GNU/Hurd, >>> which doesn=E2=80=99t sound like a great idea for now. >> >> I agree, not much sense in that yet. >> >>> Perhaps we can simply add a separate jobset pulling from =E2=80=98maste= r=E2=80=99 but >>> building only for i586-gnu and only the =E2=80=9Ccore=E2=80=9D package = set? >> >> Hmm, why can't I find the definition of "core"?. Anyway, It would be a >> great first step to build (everything needef for) "hello", after that we >> want to have/try "guile-3.0" and possibly "guix". > > Sure. The =E2=80=9Ccore=E2=80=9D subset is defined in (gnu ci). As discussed on IRC that could get an update. Would you like to do that, seems like an easy edit but I'm a bit unsure about the choices and consequences there? I think once the offloading works we'll want to try building guix; and it could be nice if as many dependencies that "just happen to build" are actually available. It's waay to early to try to build everything but we may want something in between. Or add "guix" to core-packages, maybe? Just wondering out loud here... Janneke --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com