From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 0/8] Assorted childhurd improvements
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:30:02 +0000
Resent-Message-ID: <handler.43650.B.160122058810131@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.160122058810131
          (code B ref -1); Sun, 27 Sep 2020 15:30:02 +0000
Received: (at submit) by debbugs.gnu.org; 27 Sep 2020 15:29:48 +0000
Received: from localhost ([127.0.0.1]:50191 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYcW-0002dK-Bg
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:29:48 -0400
Received: from lists.gnu.org ([209.51.188.17]:44002)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYcU-0002dD-Kb
 for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:29:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:54074)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1kMYcU-0002LF-0T
 for guix-patches@gnu.org; Sun, 27 Sep 2020 11:29:46 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52440)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYcS-0003Qi-7t; Sun, 27 Sep 2020 11:29:44 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38888 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYcQ-0004OA-GZ; Sun, 27 Sep 2020 11:29:44 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:29:32 +0200
Message-Id: <20200927152932.8924-1-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Guix!

Here are assorted improvements to childhurds!

There’s one thing missing to allow ‘hurd-vm-service-type’ to
automatically enable offloading to the local childhurd:
declarative ACL and declarative machines.scm.

Feedback welcome!  :-)

Ludo’.

PS: It’s GNU’s 37th birthday! \o/

Ludovic Courtès (8):
  services: hurd-vm: Run QEMU as an unprivileged user.
  services: childhurd: Tweak description.
  secret-service: Clarify the origin of messages.
  services: hurd-vm: Check whether /dev/kvm exists at run time.
  services: guix: Generate key pair if needed during activation.
  services: hurd-vm: Initialize the guest's SSH/Guix keys at activation
    time.
  services: hurd-vm: Pass "-no-reboot" when spawning the Hurd VM.
  secret-service: Add a timeout when waiting for a client.

 doc/guix.texi                   |  44 +++++++++--
 gnu/build/secret-service.scm    |  48 +++++++-----
 gnu/services/base.scm           |  13 +++-
 gnu/services/virtualization.scm | 131 +++++++++++++++++++++++++++-----
 4 files changed, 187 insertions(+), 49 deletions(-)

-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 1/8] services: hurd-vm: Run QEMU as an unprivileged user.
References: <20200927152932.8924-1-ludo@gnu.org>
In-Reply-To: <20200927152932.8924-1-ludo@gnu.org>
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:33:02 +0000
Resent-Message-ID: <handler.43650.B43650.160122076010516@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122076010516
          (code B ref 43650); Sun, 27 Sep 2020 15:33:02 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:32:40 +0000
Received: from localhost ([127.0.0.1]:50196 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfH-0002jY-Rw
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:40 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47576)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYfG-0002jI-AL
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:38 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52524)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfB-0003sF-1W; Sun, 27 Sep 2020 11:32:33 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYf7-00016f-Rm; Sun, 27 Sep 2020 11:32:30 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:14 +0200
Message-Id: <20200927153221.9154-1-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Until qemu was running as "root", which is unnecessary.

* gnu/services/virtualization.scm (%hurd-vm-accounts): New variable.
(hurd-vm-service-type)[extensions]: Add ACCOUNT-SERVICE-TYPE extension.
---
 gnu/services/virtualization.scm | 43 +++++++++++++++++++++++----------
 1 file changed, 30 insertions(+), 13 deletions(-)

diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 20e104f48c..55a19d7af9 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -959,28 +959,45 @@ is added to the OS specified in CONFIG."
        (with-imported-modules
            (source-module-closure '((gnu build secret-service)
                                     (guix build utils)))
-         #~(let ((spawn (make-forkexec-constructor #$vm-command)))
-             (lambda _
-               (let ((pid (spawn))
-                     (port #$(hurd-vm-port config %hurd-vm-secrets-port))
-                     (root #$(hurd-vm-configuration-secret-root config)))
-                 (catch #t
-                   (lambda _
-                     (secret-service-send-secrets port root))
-                   (lambda (key . args)
-                     (kill (- pid) SIGTERM)
-                     (apply throw key args)))
-                 pid)))))
+         #~(lambda ()
+             (let ((pid  (fork+exec-command #$vm-command
+                                            #:user "childhurd"
+                                            #:group "childhurd"
+                                            #:environment-variables
+                                            ;; QEMU tries to write to /var/tmp
+                                            ;; by default.
+                                            '("TMPDIR=/tmp")))
+                   (port #$(hurd-vm-port config %hurd-vm-secrets-port))
+                   (root #$(hurd-vm-configuration-secret-root config)))
+               (catch #t
+                 (lambda _
+                   (secret-service-send-secrets port root)
+                   pid)
+                 (lambda (key . args)
+                   (kill (- pid) SIGTERM)
+                   (apply throw key args)))))))
       (modules `((gnu build secret-service)
                  (guix build utils)
                  ,@%default-modules))
       (stop  #~(make-kill-destructor))))))
 
+(define %hurd-vm-accounts
+  (list (user-group (name "childhurd") (system? #t))
+        (user-account
+         (name "childhurd")
+         (group "childhurd")
+         (comment "Privilege separation user for the childhurd")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin"))
+         (system? #t))))
+
 (define hurd-vm-service-type
   (service-type
    (name 'hurd-vm)
    (extensions (list (service-extension shepherd-root-service-type
-                                        hurd-vm-shepherd-service)))
+                                        hurd-vm-shepherd-service)
+                     (service-extension account-service-type
+                                        (const %hurd-vm-accounts))))
    (default-value (hurd-vm-configuration))
    (description
     "Provide a Virtual Machine running the GNU/Hurd.")))
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 2/8] services: childhurd: Tweak description.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:33:03 +0000
Resent-Message-ID: <handler.43650.B43650.160122076310531@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122076310531
          (code B ref 43650); Sun, 27 Sep 2020 15:33:03 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:32:43 +0000
Received: from localhost ([127.0.0.1]:50199 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfL-0002jn-3j
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:43 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47584)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYfI-0002jM-5r
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:40 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52525)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfC-0003sX-Tc; Sun, 27 Sep 2020 11:32:34 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfB-00016f-AV; Sun, 27 Sep 2020 11:32:34 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:15 +0200
Message-Id: <20200927153221.9154-2-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/services/virtualization.scm (hurd-vm-service-type)[description]:
Mention "childhurd".
---
 gnu/services/virtualization.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 55a19d7af9..d184eea746 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -1000,4 +1000,5 @@ is added to the OS specified in CONFIG."
                                         (const %hurd-vm-accounts))))
    (default-value (hurd-vm-configuration))
    (description
-    "Provide a Virtual Machine running the GNU/Hurd.")))
+    "Provide a virtual machine (VM) running GNU/Hurd, also known as a
+@dfn{childhurd}.")))
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 3/8] secret-service: Clarify the origin of messages.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:33:03 +0000
Resent-Message-ID: <handler.43650.B43650.160122076810550@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122076810550
          (code B ref 43650); Sun, 27 Sep 2020 15:33:03 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:32:48 +0000
Received: from localhost ([127.0.0.1]:50202 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfQ-0002k6-C8
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:48 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47590)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYfL-0002jR-EG
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:43 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52529)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfG-0003sg-5i; Sun, 27 Sep 2020 11:32:38 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfD-00016f-7r; Sun, 27 Sep 2020 11:32:35 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:16 +0200
Message-Id: <20200927153221.9154-3-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/build/secret-service.scm (secret-service-send-secrets)
(secret-service-receive-secrets): Prefix messages by "secret service".
---
 gnu/build/secret-service.scm | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm
index 781651e90d..aafb1684b5 100644
--- a/gnu/build/secret-service.scm
+++ b/gnu/build/secret-service.scm
@@ -54,11 +54,14 @@ local PORT.  If connect fails, sleep 1s and retry RETRY times."
         (lambda (key . args)
           (when (zero? retry)
             (apply throw key args))
-          (format (current-error-port) "retrying connection~%")
+          (format (current-error-port)
+                  "secret service: retrying connection [~a attempts left]~%"
+                  (- retry 1))
           (sleep 1)
           (loop (1- retry)))))
 
-    (format (current-error-port) "connected!  sending files in ~s %~"
+    (format (current-error-port)
+            "secret service: connected; sending files in ~s~%"
             secret-root)
     (let* ((files (if secret-root (find-files secret-root) '()))
            (files-sizes-modes (map file->file+size+mode files))
@@ -82,11 +85,12 @@ Write them to the file system."
       (bind sock AF_INET INADDR_ANY port)
       (listen sock 1)
       (format (current-error-port)
-              "waiting for secrets on port ~a...~%"
+              "secret service: waiting for secrets on port ~a...~%"
               port)
       (match (accept sock)
         ((client . address)
-         (format (current-error-port) "client connection from ~a~%"
+         (format (current-error-port)
+                 "secret service: client connection from ~a~%"
                  (inet-ntop (sockaddr:fam address)
                             (sockaddr:addr address)))
          (close-port sock)
@@ -116,7 +120,8 @@ Write them to the file system."
                  ('files ((files sizes modes) ...)))
        (for-each (lambda (file size mode)
                    (format (current-error-port)
-                           "installing file '~a' (~a bytes)...~%"
+                           "secret service: \
+installing file '~a' (~a bytes)...~%"
                            file size)
                    (mkdir-p (dirname file))
                    (call-with-output-file file
@@ -126,7 +131,7 @@ Write them to the file system."
                  files sizes modes))
       (_
        (format (current-error-port)
-               "invalid secrets received~%")
+               "secret service: invalid secrets received~%")
        #f)))
 
   (let* ((port (wait-for-client port))
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 4/8] services: hurd-vm: Check whether /dev/kvm exists at run time.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:33:04 +0000
Resent-Message-ID: <handler.43650.B43650.160122077810577@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122077810577
          (code B ref 43650); Sun, 27 Sep 2020 15:33:04 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:32:58 +0000
Received: from localhost ([127.0.0.1]:50205 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfZ-0002kW-MG
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:57 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47620)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYfT-0002k3-Cc
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:32:56 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52533)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfO-0003t8-4N; Sun, 27 Sep 2020 11:32:46 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfG-00016f-Ia; Sun, 27 Sep 2020 11:32:40 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:17 +0200
Message-Id: <20200927153221.9154-4-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

This change allows a childhurd to run within Guix System in a VM.

* gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]:
Stage the 'file-exists?' call.
---
 gnu/services/virtualization.scm | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index d184eea746..b84203ad18 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -937,13 +937,14 @@ is added to the OS specified in CONFIG."
         (provisions  '(hurd-vm childhurd)))
 
     (define vm-command
-      #~(list
-         (string-append #$qemu "/bin/qemu-system-i386")
-         #$@(if (file-exists? "/dev/kvm") '("--enable-kvm") '())
-         "-m" (number->string #$memory-size)
-         #$@net-options
-         #$@options
-         "--hda" #+image))
+      #~(append (list #$(file-append qemu "/bin/qemu-system-i386")
+                      "-m" (number->string #$memory-size)
+                      #$@net-options
+                      #$@options
+                      "--hda" #+image)
+                (if (file-exists? "/dev/kvm")
+                    '("--enable-kvm")
+                    '())))
 
     (list
      (shepherd-service
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 5/8] services: guix: Generate key pair if needed during activation.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:33:04 +0000
Resent-Message-ID: <handler.43650.B43650.160122078110594@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122078110594
          (code B ref 43650); Sun, 27 Sep 2020 15:33:04 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:33:01 +0000
Received: from localhost ([127.0.0.1]:50208 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfc-0002ko-Vb
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:01 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47660)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYfc-0002kN-6T
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:00 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52536)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfW-0003td-U3; Sun, 27 Sep 2020 11:32:54 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfO-00016f-Dr; Sun, 27 Sep 2020 11:32:53 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:18 +0200
Message-Id: <20200927153221.9154-5-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/services/base.scm (guix-activation): Invoke "guix archive
--generate-key".
* doc/guix.texi (Invoking guix archive)
(Invoking guix deploy): Mention that 'guix-service-type' takes care of
generating the key pair.
---
 doc/guix.texi         | 11 +++++++----
 gnu/services/base.scm | 13 +++++++++----
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 82241b010a..885f7fcf97 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5048,9 +5048,11 @@ the store.
 @item --generate-key[=@var{parameters}]
 @cindex signing, archives
 Generate a new key pair for the daemon.  This is a prerequisite before
-archives can be exported with @option{--export}.  Note that this
-operation usually takes time, because it needs to gather enough entropy
-to generate the key pair.
+archives can be exported with @option{--export}.  This
+operation is usually instantaneous but it can take time if the system's
+entropy pool needs to be refilled.  On Guix System,
+@code{guix-service-type} takes care of generating this key pair the
+first boot.
 
 The generated key pair is typically stored under @file{/etc/guix}, in
 @file{signing-key.pub} (public key) and @file{signing-key.sec} (private
@@ -29531,7 +29533,8 @@ a Virtual Private Server (VPS) provider.  In such a case, a different
 
 Do note that you first need to generate a key pair on the coordinator machine
 to allow the daemon to export signed archives of files from the store
-(@pxref{Invoking guix archive}).
+(@pxref{Invoking guix archive}), though this step is automatic on Guix
+System:
 
 @example
 # guix archive --generate-key
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index bef4eef241..04bc991356 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1653,10 +1653,15 @@ proxy of 'guix-daemon'...~%")
      ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs,
      ;; chown leads to an entire copy of the tree, which is a bad idea.
 
-     ;; Optionally authorize substitute server keys.
-     (if authorize-key?
-         (substitute-key-authorization keys guix)
-         #~#f))))
+     ;; Generate a key pair and optionally authorize substitute server keys.
+     #~(begin
+         (unless (file-exists? "/etc/guix/signing-key.pub")
+           (system* #$(file-append guix "/bin/guix") "archive"
+                    "--generate-key"))
+
+         #$(if authorize-key?
+               (substitute-key-authorization keys guix)
+               #~#f)))))
 
 (define* (references-file item #:optional (name "references"))
   "Return a file that contains the list of references of ITEM."
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 6/8] services: hurd-vm: Initialize the guest's SSH/Guix keys at activation time.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:34:01 +0000
Resent-Message-ID: <handler.43650.B43650.160122078610674@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122078610674
          (code B ref 43650); Sun, 27 Sep 2020 15:34:01 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:33:06 +0000
Received: from localhost ([127.0.0.1]:50218 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfi-0002m5-9X
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:06 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47670)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYfe-0002kV-3P
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:02 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52538)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfY-0003tu-RN; Sun, 27 Sep 2020 11:32:56 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfX-00016f-7r; Sun, 27 Sep 2020 11:32:56 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:19 +0200
Message-Id: <20200927153221.9154-6-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/services/virtualization.scm (initialize-hurd-vm-substitutes)
(hurd-vm-activation): New procedures.
(hurd-vm-service-type)[extensions]: Add ACTIVATION-SERVICE-TYPE
extension.
* doc/guix.texi (Transparent Emulation with QEMU): Mention GNU/Hurd.
(The Hurd in a Virtual Machine): Explain which files are automatically
installed and mention offloading.
---
 doc/guix.texi                   | 33 ++++++++++++++--
 gnu/services/virtualization.scm | 67 ++++++++++++++++++++++++++++++++-
 2 files changed, 96 insertions(+), 4 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 885f7fcf97..851afe843d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -25342,6 +25342,8 @@ emulation of program binaries built for different architectures---e.g.,
 it allows you to transparently execute an ARMv7 program on an x86_64
 machine.  It achieves this by combining the @uref{https://www.qemu.org,
 QEMU} emulator and the @code{binfmt_misc} feature of the kernel Linux.
+This feature only allows you to emulate GNU/Linux on a different
+architecture, but see below for GNU/Hurd support.
 
 @defvr {Scheme Variable} qemu-binfmt-service-type
 This is the type of the QEMU/binfmt service for transparent emulation.
@@ -25544,10 +25546,11 @@ If the @file{/etc/childhurd} directory does not exist, the
 @code{secret-service} running in the Childhurd will be sent an empty
 list of secrets.
 
-Typical use to populate @file{"/etc/childhurd"} with a tree of
-non-volatile secrets, like so
+By default, the service automatically populates @file{/etc/childhurd}
+with the following non-volatile secrets, unless they already exist:
 
 @example
+/etc/childhurd/etc/guix/acl
 /etc/childhurd/etc/guix/signing-key.pub
 /etc/childhurd/etc/guix/signing-key.sec
 /etc/childhurd/etc/ssh/ssh_host_ed25519_key
@@ -25556,8 +25559,32 @@ non-volatile secrets, like so
 /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub
 @end example
 
-to be sent to the Childhurd, including permissions.
+These files are automatically sent to the guest Hurd VM when it boots,
+including permissions.
 
+@cindex childhurd, offloading
+@cindex Hurd, offloading
+Having these files in place means that only a couple of things are
+missing to allow the host to offload @code{i586-gnu} builds to the
+childhurd:
+
+@enumerate
+@item
+Authorizing the childhurd's key on the host so that the host accepts
+build results coming from the childhurd, which can be done like so:
+
+@example
+guix archive --authorize < \
+  /etc/childhurd/etc/guix/signing-key.pub
+@end example
+
+@item
+Adding the childhurd to @file{/etc/guix/machines.scm} (@pxref{Daemon
+Offload Setup}).
+@end enumerate
+
+We're working towards making that happen automatically---get in touch
+with us at @email{guix-devel@@gnu.org} to discuss it!
 @end table
 @end deftp
 
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index b84203ad18..c639fa3741 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -23,6 +23,7 @@
   #:use-module (gnu bootloader grub)
   #:use-module (gnu image)
   #:use-module (gnu packages admin)
+  #:use-module (gnu packages package-management)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages virtualization)
   #:use-module (gnu services base)
@@ -992,13 +993,77 @@ is added to the OS specified in CONFIG."
          (shell (file-append shadow "/sbin/nologin"))
          (system? #t))))
 
+(define (initialize-hurd-vm-substitutes)
+  "Initialize the Hurd VM's key pair and ACL and store it on the host."
+  (define run
+    (with-imported-modules '((guix build utils))
+      #~(begin
+          (use-modules (guix build utils)
+                       (ice-9 match))
+
+          (define host-key
+            "/etc/guix/signing-key.pub")
+
+          (define host-acl
+            "/etc/guix/acl")
+
+          (match (command-line)
+            ((_ guest-config-directory)
+             (setenv "GUIX_CONFIGURATION_DIRECTORY"
+                     guest-config-directory)
+             (invoke #+(file-append guix "/bin/guix") "archive"
+                     "--generate-key")
+
+             (when (file-exists? host-acl)
+               ;; Copy the host ACL.
+               (copy-file host-acl
+                          (string-append guest-config-directory
+                                         "/acl")))
+
+             (when (file-exists? host-key)
+               ;; Add the host key to the childhurd's ACL.
+               (let ((key (open-fdes host-key O_RDONLY)))
+                 (close-fdes 0)
+                 (dup2 key 0)
+                 (execl #+(file-append guix "/bin/guix")
+                        "guix" "archive" "--authorize"))))))))
+
+  (program-file "initialize-hurd-vm-substitutes" run))
+
+(define (hurd-vm-activation config)
+  "Return a gexp to activate the Hurd VM according to CONFIG."
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (define secret-directory
+          #$(hurd-vm-configuration-secret-root config))
+
+        (define ssh-directory
+          (string-append secret-directory "/etc/ssh"))
+
+        (define guix-directory
+          (string-append secret-directory "/etc/guix"))
+
+        (unless (file-exists? ssh-directory)
+          ;; Generate SSH host keys under SSH-DIRECTORY.
+          (mkdir-p ssh-directory)
+          (invoke #$(file-append openssh "/bin/ssh-keygen")
+                  "-A" "-f" secret-directory))
+
+        (unless (file-exists? guix-directory)
+          (invoke #$(initialize-hurd-vm-substitutes)
+                  guix-directory)))))
+
 (define hurd-vm-service-type
   (service-type
    (name 'hurd-vm)
    (extensions (list (service-extension shepherd-root-service-type
                                         hurd-vm-shepherd-service)
                      (service-extension account-service-type
-                                        (const %hurd-vm-accounts))))
+                                        (const %hurd-vm-accounts))
+                     (service-extension activation-service-type
+                                        hurd-vm-activation)))
    (default-value (hurd-vm-configuration))
    (description
     "Provide a virtual machine (VM) running GNU/Hurd, also known as a
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 7/8] services: hurd-vm: Pass "-no-reboot" when spawning the Hurd VM.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:34:02 +0000
Resent-Message-ID: <handler.43650.B43650.160122078710682@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122078710682
          (code B ref 43650); Sun, 27 Sep 2020 15:34:02 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:33:07 +0000
Received: from localhost ([127.0.0.1]:50220 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfi-0002m7-M9
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:06 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47676)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYff-0002kf-7Y
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:03 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52547)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfZ-0003u0-VY; Sun, 27 Sep 2020 11:32:57 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfZ-00016f-8H; Sun, 27 Sep 2020 11:32:57 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:20 +0200
Message-Id: <20200927153221.9154-7-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]:
Add "--no-reboot".
---
 gnu/services/virtualization.scm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index c639fa3741..a50cf8b733 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -942,7 +942,12 @@ is added to the OS specified in CONFIG."
                       "-m" (number->string #$memory-size)
                       #$@net-options
                       #$@options
-                      "--hda" #+image)
+                      "--hda" #+image
+
+                      ;; Cause the service to be respawned if the guest
+                      ;; reboots (it can reboot for instance if it did not
+                      ;; receive valid secrets, or if it crashed.)
+                      "--no-reboot")
                 (if (file-exists? "/dev/kvm")
                     '("--enable-kvm")
                     '())))
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 8/8] secret-service: Add a timeout when waiting for a client.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 27 Sep 2020 15:34:02 +0000
Resent-Message-ID: <handler.43650.B43650.160122078710688@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 43650@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160122078710688
          (code B ref 43650); Sun, 27 Sep 2020 15:34:02 +0000
Received: (at 43650) by debbugs.gnu.org; 27 Sep 2020 15:33:07 +0000
Received: from localhost ([127.0.0.1]:50222 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYfj-0002mF-1E
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:07 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47680)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYfg-0002kh-An
 for 43650@debbugs.gnu.org; Sun, 27 Sep 2020 11:33:04 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52548)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfb-0003u6-2n; Sun, 27 Sep 2020 11:32:59 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38894 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYfa-00016f-C5; Sun, 27 Sep 2020 11:32:58 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Sun, 27 Sep 2020 17:32:21 +0200
Message-Id: <20200927153221.9154-8-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/build/secret-service.scm (secret-service-receive-secrets)
[wait-for-client]: Call 'select' with a 60s timeout before 'accept'.
Return #f upon timeout.
[read-secrets]: Return FILES on success.
Adjust caller of 'wait-for-client' to handle #f.
---
 gnu/build/secret-service.scm | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm
index aafb1684b5..40c24abf09 100644
--- a/gnu/build/secret-service.scm
+++ b/gnu/build/secret-service.scm
@@ -75,7 +75,8 @@ local PORT.  If connect fails, sleep 1s and retry RETRY times."
 
 (define (secret-service-receive-secrets port)
   "Listen to local PORT and wait for a secret service client to send secrets.
-Write them to the file system."
+Write them to the file system.  Return the list of files installed on success,
+and #f otherwise."
 
   (define (wait-for-client port)
     ;; Wait for a TCP connection on PORT.  Note: We cannot use the
@@ -87,14 +88,20 @@ Write them to the file system."
       (format (current-error-port)
               "secret service: waiting for secrets on port ~a...~%"
               port)
-      (match (accept sock)
-        ((client . address)
+      (match (select (list sock) '() '() 60)
+        (((_) () ())
+         (match (accept sock)
+           ((client . address)
+            (format (current-error-port)
+                    "secret service: client connection from ~a~%"
+                    (inet-ntop (sockaddr:fam address)
+                               (sockaddr:addr address)))
+            (close-port sock)
+            client)))
+        ((() () ())
          (format (current-error-port)
-                 "secret service: client connection from ~a~%"
-                 (inet-ntop (sockaddr:fam address)
-                            (sockaddr:addr address)))
-         (close-port sock)
-         client))))
+                 "secret service: did not receive any secrets; time out~%")
+         #f))))
 
   ;; TODO: Remove when (@ (guix build utils) dump-port) has a 'size'
   ;; parameter.
@@ -128,15 +135,17 @@ installing file '~a' (~a bytes)...~%"
                      (lambda (output)
                        (dump port output size)
                        (chmod file mode))))
-                 files sizes modes))
+                 files sizes modes)
+       files)
       (_
        (format (current-error-port)
                "secret service: invalid secrets received~%")
        #f)))
 
-  (let* ((port (wait-for-client port))
-         (result (read-secrets port)))
-    (close-port port)
+  (let* ((port   (wait-for-client port))
+         (result (and=> port read-secrets)))
+    (when port
+      (close-port port))
     result))
 
 ;;; secret-service.scm ends here
-- 
2.28.0





From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 1/8] services: hurd-vm: Run QEMU as an unprivileged user.
Resent-From: Jan Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 28 Sep 2020 16:58:02 +0000
Resent-Message-ID: <handler.43650.B43650.160131223710601@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160131223710601
          (code B ref 43650); Mon, 28 Sep 2020 16:58:02 +0000
Received: (at 43650) by debbugs.gnu.org; 28 Sep 2020 16:57:17 +0000
Received: from localhost ([127.0.0.1]:53856 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMwSj-0002kv-9c
	for submit@debbugs.gnu.org; Mon, 28 Sep 2020 12:57:17 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34782)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1kMwSc-0002kR-A1
 for 43650@debbugs.gnu.org; Mon, 28 Sep 2020 12:57:11 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47491)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <janneke@gnu.org>)
 id 1kMwSW-0003aF-7J; Mon, 28 Sep 2020 12:57:04 -0400
Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59570
 helo=dundal.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <janneke@gnu.org>)
 id 1kMwSV-000116-L2; Mon, 28 Sep 2020 12:57:04 -0400
From: Jan Nieuwenhuizen <janneke@gnu.org>
Organization: AvatarAcademy.nl
References: <20200927153221.9154-1-ludo@gnu.org>
X-Url: http://AvatarAcademy.nl
Date: Mon, 28 Sep 2020 18:57:00 +0200
In-Reply-To: <20200927153221.9154-1-ludo@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message
 of "Sun, 27 Sep 2020 17:32:14 +0200")
Message-ID: <87lfgt4z6r.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Ludovic Court=C3=A8s writes:

Hello!

> Until qemu was running as "root", which is unnecessary.

Well...I can't get this to work; my childhurd does not run.  Did you
test it?  Any special tricks needed, adding "childhurd" to "kvm" maybe?

I do like the idea...

Greetings,
Janneke

--=20
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 4/8] services: hurd-vm: Check whether /dev/kvm exists at run time.
Resent-From: Jan Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 28 Sep 2020 17:03:02 +0000
Resent-Message-ID: <handler.43650.B43650.160131253211148@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160131253211148
          (code B ref 43650); Mon, 28 Sep 2020 17:03:02 +0000
Received: (at 43650) by debbugs.gnu.org; 28 Sep 2020 17:02:12 +0000
Received: from localhost ([127.0.0.1]:53866 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMwXU-0002tk-Ej
	for submit@debbugs.gnu.org; Mon, 28 Sep 2020 13:02:12 -0400
Received: from eggs.gnu.org ([209.51.188.92]:35846)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1kMwXS-0002tW-Fc
 for 43650@debbugs.gnu.org; Mon, 28 Sep 2020 13:02:10 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47609)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <janneke@gnu.org>)
 id 1kMwXM-0004L3-Fb; Mon, 28 Sep 2020 13:02:04 -0400
Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59572
 helo=dundal.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <janneke@gnu.org>)
 id 1kMwXL-0002lY-Mj; Mon, 28 Sep 2020 13:02:04 -0400
From: Jan Nieuwenhuizen <janneke@gnu.org>
Organization: AvatarAcademy.nl
References: <20200927153221.9154-1-ludo@gnu.org>
 <20200927153221.9154-4-ludo@gnu.org>
X-Url: http://AvatarAcademy.nl
Date: Mon, 28 Sep 2020 19:02:02 +0200
In-Reply-To: <20200927153221.9154-4-ludo@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message
 of "Sun, 27 Sep 2020 17:32:17 +0200")
Message-ID: <87h7rh4yyd.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s writes:

Hi!

> This change allows a childhurd to run within Guix System in a VM.

Ah, this

> * gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]:
> Stage the 'file-exists?' call.
> ---
>  gnu/services/virtualization.scm | 15 ++++++++-------
>  1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualizatio=
n.scm
> index d184eea746..b84203ad18 100644
[..]
> -      #~(list
> -         (string-append #$qemu "/bin/qemu-system-i386")
> -         #$@(if (file-exists? "/dev/kvm") '("--enable-kvm") '())

ungexp'ed IF is certainly a bug!

> +      #~(append (list #$(file-append qemu "/bin/qemu-system-i386")
> +                      "-m" (number->string #$memory-size)
> +                      #$@net-options
> +                      #$@options
> +                      "--hda" #+image)
> +                (if (file-exists? "/dev/kvm")
> +                    '("--enable-kvm")
> +                    '())))

Looks good!  However...I tried adding a childhurd to a VM (see
attached), but it keeps looping...

--8<---------------cut here---------------start------------->8---
VNC server running on 127.0.0.1:5900
secret service: connected; sending files in "/etc/childhurd"
qemusystem-i386: Slirp: Failed to send packet, ret: -1
sending secrets to 11004
secret service: retrying connection [59 attempts left]
--8<---------------cut here---------------end--------------->8---

Greetings,
Janneke


--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=bare+childhurd.tmpl
Content-Transfer-Encoding: base64

OzsgVGhpcyBpcyBhbiBvcGVyYXRpbmcgc3lzdGVtIGNvbmZpZ3VyYXRpb24gdGVtcGxhdGUKOzsg
Zm9yIGEgImJhcmUgYm9uZXMiIHNldHVwLCB3aXRoIG5vIFgxMSBkaXNwbGF5IHNlcnZlci4KCih1
c2UtbW9kdWxlcyAoZ251KSkKKHVzZS1zZXJ2aWNlLW1vZHVsZXMgbmV0d29ya2luZyBzc2ggdmly
dHVhbGl6YXRpb24pCih1c2UtcGFja2FnZS1tb2R1bGVzIHNjcmVlbiBzc2gpCgoob3BlcmF0aW5n
LXN5c3RlbQogIChob3N0LW5hbWUgImtvbXB1dGlsbyIpCiAgKHRpbWV6b25lICJFdXJvcGUvQmVy
bGluIikKICAobG9jYWxlICJlbl9VUy51dGY4IikKCiAgOzsgQm9vdCBpbiAibGVnYWN5IiBCSU9T
IG1vZGUsIGFzc3VtaW5nIC9kZXYvc2RYIGlzIHRoZQogIDs7IHRhcmdldCBoYXJkIGRpc2ssIGFu
ZCAibXktcm9vdCIgaXMgdGhlIGxhYmVsIG9mIHRoZSB0YXJnZXQKICA7OyByb290IGZpbGUgc3lz
dGVtLgogIChib290bG9hZGVyIChib290bG9hZGVyLWNvbmZpZ3VyYXRpb24KICAgICAgICAgICAg
ICAgIChib290bG9hZGVyIGdydWItYm9vdGxvYWRlcikKICAgICAgICAgICAgICAgICh0YXJnZXQg
Ii9kZXYvc2RYIikpKQogIChmaWxlLXN5c3RlbXMgKGNvbnMgKGZpbGUtc3lzdGVtCiAgICAgICAg
ICAgICAgICAgICAgICAgIChkZXZpY2UgKGZpbGUtc3lzdGVtLWxhYmVsICJteS1yb290IikpCiAg
ICAgICAgICAgICAgICAgICAgICAgIChtb3VudC1wb2ludCAiLyIpCiAgICAgICAgICAgICAgICAg
ICAgICAgICh0eXBlICJleHQ0IikpCiAgICAgICAgICAgICAgICAgICAgICAlYmFzZS1maWxlLXN5
c3RlbXMpKQoKICA7OyBUaGlzIGlzIHdoZXJlIHVzZXIgYWNjb3VudHMgYXJlIHNwZWNpZmllZC4g
IFRoZSAicm9vdCIKICA7OyBhY2NvdW50IGlzIGltcGxpY2l0LCBhbmQgaXMgaW5pdGlhbGx5IGNy
ZWF0ZWQgd2l0aCB0aGUKICA7OyBlbXB0eSBwYXNzd29yZC4KICAodXNlcnMgKGNvbnMgKHVzZXIt
YWNjb3VudAogICAgICAgICAgICAgICAgKG5hbWUgImFsaWNlIikKICAgICAgICAgICAgICAgIChj
b21tZW50ICJCb2IncyBzaXN0ZXIiKQogICAgICAgICAgICAgICAgKGdyb3VwICJ1c2VycyIpCgog
ICAgICAgICAgICAgICAgOzsgQWRkaW5nIHRoZSBhY2NvdW50IHRvIHRoZSAid2hlZWwiIGdyb3Vw
CiAgICAgICAgICAgICAgICA7OyBtYWtlcyBpdCBhIHN1ZG9lci4gIEFkZGluZyBpdCB0byAiYXVk
aW8iCiAgICAgICAgICAgICAgICA7OyBhbmQgInZpZGVvIiBhbGxvd3MgdGhlIHVzZXIgdG8gcGxh
eSBzb3VuZAogICAgICAgICAgICAgICAgOzsgYW5kIGFjY2VzcyB0aGUgd2ViY2FtLgogICAgICAg
ICAgICAgICAgKHN1cHBsZW1lbnRhcnktZ3JvdXBzICcoIndoZWVsIgogICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgImF1ZGlvIiAidmlkZW8iKSkpCiAgICAgICAgICAgICAg
ICViYXNlLXVzZXItYWNjb3VudHMpKQoKICA7OyBHbG9iYWxseS1pbnN0YWxsZWQgcGFja2FnZXMu
CiAgKHBhY2thZ2VzIChjb25zIHNjcmVlbiAlYmFzZS1wYWNrYWdlcykpCgogIDs7IEFkZCBzZXJ2
aWNlcyB0byB0aGUgYmFzZWxpbmU6IGEgREhDUCBjbGllbnQgYW5kCiAgOzsgYW4gU1NIIHNlcnZl
ci4KICAoc2VydmljZXMgKGFwcGVuZCAobGlzdCAoc2VydmljZSBkaGNwLWNsaWVudC1zZXJ2aWNl
LXR5cGUpCiAgICAgICAgICAgICAgICAgICAgICAgICAgKHNlcnZpY2Ugb3BlbnNzaC1zZXJ2aWNl
LXR5cGUKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAob3BlbnNzaC1jb25maWd1
cmF0aW9uCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChvcGVuc3NoIG9wZW5z
c2gtc2Fucy14KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAocG9ydC1udW1i
ZXIgMjIyMikKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgOzsKICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgKHBlcm1pdC1yb290LWxvZ2luICN0KQogICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoYWxsb3ctZW1wdHktcGFzc3dvcmRzPyAjdCkK
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHBhc3N3b3JkLWF1dGhlbnRpY2F0
aW9uPyAjdCkpKQogICAgICAgICAgICAgICAgICAgICAgICAgIChzZXJ2aWNlIGh1cmQtdm0tc2Vy
dmljZS10eXBlCgkJICAgICAgICAgICAgICAgICAgIChodXJkLXZtLWNvbmZpZ3VyYXRpb24KICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKG1lbW9yeS1zaXplICgqIDEgMTAyNCkp
CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChvcHRpb25zICcoIi0tY3B1IiAi
YmFzZSIgIi0tc25hcHNob3QiKSkpKSkKICAgICAgICAgICAgICAgICAgICAlYmFzZS1zZXJ2aWNl
cykpKQo=
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


--=20
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com

--=-=-=--




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 0/8] Assorted childhurd improvements
In-Reply-To: <20200927152932.8924-1-ludo@gnu.org>
Resent-From: Jan Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 28 Sep 2020 17:11:02 +0000
Resent-Message-ID: <handler.43650.B43650.160131301411899@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160131301411899
          (code B ref 43650); Mon, 28 Sep 2020 17:11:02 +0000
Received: (at 43650) by debbugs.gnu.org; 28 Sep 2020 17:10:14 +0000
Received: from localhost ([127.0.0.1]:53886 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMwfG-00035q-65
	for submit@debbugs.gnu.org; Mon, 28 Sep 2020 13:10:14 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37736)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1kMwfD-00035d-St
 for 43650@debbugs.gnu.org; Mon, 28 Sep 2020 13:10:12 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47801)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <janneke@gnu.org>)
 id 1kMwf6-0005JY-W7; Mon, 28 Sep 2020 13:10:05 -0400
Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59574
 helo=dundal.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <janneke@gnu.org>)
 id 1kMwf6-0005WG-1U; Mon, 28 Sep 2020 13:10:04 -0400
From: Jan Nieuwenhuizen <janneke@gnu.org>
References: <20200927152932.8924-1-ludo@gnu.org>
Date: Mon, 28 Sep 2020 19:10:01 +0200
Message-ID: <87ft714yl2.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Ludovic Court=C3=A8s writes:

Hello!

> Here are assorted improvements to childhurds!

Oh, lovely!

> There=E2=80=99s one thing missing to allow =E2=80=98hurd-vm-service-type=
=E2=80=99 to
> automatically enable offloading to the local childhurd:
> declarative ACL and declarative machines.scm.
>
> Feedback welcome!  :-)

Took me much longer than I hoped to...:It's broke, for me ;)
(Well, privilege separatation breaks it, for me).

I especially hoped that childhurd in a Guix System VM would work, but in
the end reverted to reconfiguring and rebooting until I found the
problem.

(In the end, I'm pretty sure that rebooting is not necessary,
reconfiguring should be enough.)

The the rest of the patch set LreallyGTM, thanks!

> PS: It=E2=80=99s GNU=E2=80=99s 37th birthday! \o/

\o/ ...well, GNU needs to wait for their birthday present :-(

Greetings,
Janneke

--=20
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 0/8] Assorted childhurd improvements
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 28 Sep 2020 20:48:01 +0000
Resent-Message-ID: <handler.43650.B43650.160132605716201@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Jan Nieuwenhuizen <janneke@gnu.org>
Cc: 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160132605716201
          (code B ref 43650); Mon, 28 Sep 2020 20:48:01 +0000
Received: (at 43650) by debbugs.gnu.org; 28 Sep 2020 20:47:37 +0000
Received: from localhost ([127.0.0.1]:54165 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kN03d-0004DF-Il
	for submit@debbugs.gnu.org; Mon, 28 Sep 2020 16:47:37 -0400
Received: from eggs.gnu.org ([209.51.188.92]:38456)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kN03c-0004D2-Oj
 for 43650@debbugs.gnu.org; Mon, 28 Sep 2020 16:47:37 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52445)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kN03X-0004FG-Ev; Mon, 28 Sep 2020 16:47:31 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43866 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1kN03X-000554-3D; Mon, 28 Sep 2020 16:47:31 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20200927152932.8924-1-ludo@gnu.org> <87ft714yl2.fsf@gnu.org>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 7 =?UTF-8?Q?Vend=C3=A9miaire?= an 229 de la
 =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 28 Sep 2020 22:47:29 +0200
In-Reply-To: <87ft714yl2.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Mon, 28
 Sep 2020 19:10:01 +0200")
Message-ID: <87k0wdk4ri.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

Jan Nieuwenhuizen <janneke@gnu.org> skribis:

> Took me much longer than I hoped to...:It's broke, for me ;)
> (Well, privilege separatation breaks it, for me).
>
> I especially hoped that childhurd in a Guix System VM would work, but in
> the end reverted to reconfiguring and rebooting until I found the
> problem.

Oh, what exactly is broken for you?

I was able to =E2=80=9Cguix system vm=E2=80=9D my laptop=E2=80=99s config, =
which includes an
instance of =E2=80=98hurd-vm-service-type=E2=80=99, and to connect with SSH=
 or vncviewer
to the childhurd (running as non-root).

Does that fail for you?

Thanks for taking a look!

Ludo=E2=80=99.




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 1/8] services: hurd-vm: Run QEMU as an unprivileged user.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 28 Sep 2020 22:20:01 +0000
Resent-Message-ID: <handler.43650.B43650.160133158424592@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Jan Nieuwenhuizen <janneke@gnu.org>
Cc: 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160133158424592
          (code B ref 43650); Mon, 28 Sep 2020 22:20:01 +0000
Received: (at 43650) by debbugs.gnu.org; 28 Sep 2020 22:19:44 +0000
Received: from localhost ([127.0.0.1]:54253 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kN1Um-0006Oa-Cn
	for submit@debbugs.gnu.org; Mon, 28 Sep 2020 18:19:44 -0400
Received: from eggs.gnu.org ([209.51.188.92]:55588)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kN1Uk-0006OO-Mp
 for 43650@debbugs.gnu.org; Mon, 28 Sep 2020 18:19:43 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:53583)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kN1Uf-0007sP-Eo; Mon, 28 Sep 2020 18:19:37 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=45904 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1kN1Uf-0005F6-2s; Mon, 28 Sep 2020 18:19:37 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org> <87lfgt4z6r.fsf@gnu.org>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 8 =?UTF-8?Q?Vend=C3=A9miaire?= an 229 de la
 =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 29 Sep 2020 00:19:34 +0200
In-Reply-To: <87lfgt4z6r.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Mon, 28
 Sep 2020 18:57:00 +0200")
Message-ID: <87eemlk0i1.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Jan Nieuwenhuizen <janneke@gnu.org> skribis:

>> Until qemu was running as "root", which is unnecessary.
>
> Well...I can't get this to work; my childhurd does not run.  Did you
> test it?  Any special tricks needed, adding "childhurd" to "kvm" maybe?

I did test it, but it seems there=E2=80=99s =E2=80=9Csomething=E2=80=9D tha=
t sometimes leads to
a startup failure and subsequent respawn of the Shepherd service (it can
be seen in the output of =E2=80=9Cherd status childhurd=E2=80=9D).  Typical=
ly if I =E2=80=9Cherd
restart childhurd=E2=80=9D it then proceeds and works.

To be continued=E2=80=A6

Thanks for testing!

Ludo=E2=80=99.




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 1/8] services: hurd-vm: Run QEMU as an unprivileged user.
Resent-From: Efraim Flashner <efraim@flashner.co.il>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 29 Sep 2020 07:08:02 +0000
Resent-Message-ID: <handler.43650.B43650.16013632259024@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Jan Nieuwenhuizen <janneke@gnu.org>
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.16013632259024
          (code B ref 43650); Tue, 29 Sep 2020 07:08:02 +0000
Received: (at 43650) by debbugs.gnu.org; 29 Sep 2020 07:07:05 +0000
Received: from localhost ([127.0.0.1]:54809 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kN9j6-0002LU-SM
	for submit@debbugs.gnu.org; Tue, 29 Sep 2020 03:07:05 -0400
Received: from flashner.co.il ([178.62.234.194]:43322)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <efraim@flashner.co.il>) id 1kN9j4-0002Kx-G6
 for 43650@debbugs.gnu.org; Tue, 29 Sep 2020 03:07:03 -0400
Received: from localhost (unknown [31.210.181.177])
 by flashner.co.il (Postfix) with ESMTPSA id A52434022E;
 Tue, 29 Sep 2020 07:06:56 +0000 (UTC)
Date: Tue, 29 Sep 2020 10:06:24 +0300
From: Efraim Flashner <efraim@flashner.co.il>
Message-ID: <20200929070624.GM1386@E5400>
References: <20200927153221.9154-1-ludo@gnu.org>
 <87lfgt4z6r.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="pP0ycGQONqsnqIMP"
Content-Disposition: inline
In-Reply-To: <87lfgt4z6r.fsf@gnu.org>
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--pP0ycGQONqsnqIMP
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 28, 2020 at 06:57:00PM +0200, Jan Nieuwenhuizen wrote:
> Ludovic Court=C3=A8s writes:
>=20
> Hello!
>=20
> > Until qemu was running as "root", which is unnecessary.
>=20
> Well...I can't get this to work; my childhurd does not run.  Did you
> test it?  Any special tricks needed, adding "childhurd" to "kvm" maybe?
>=20
> I do like the idea...
>=20
> Greetings,
> Janneke
>=20

Shot in the dark, do the permissions/ownership on /var/empty matter?
childhurd is far from the only user claiming /var/empty as home.

--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--pP0ycGQONqsnqIMP
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl9y3PAACgkQQarn3Mo9
g1E0LxAAoi1qX60Hvx0cY8lnyKjKFjjNDT5RTX/q0bRdoy0+aJRvE0D/PdGZ9LFi
oySPSFVwm+m6jRVKRWY6rCEPDwtvNQPWy49j6rQzklJJDUVWWZxG4qSpU/lIhSXe
Cq1FpgvGo60S5/jZ6BZDI9hErteyvAKP59q5HPFzuPh+gu/MO3iLmzO1+jcrhsxK
7iT09m4YAZX72zE4hYYirX1hQY+890jPk4LR1Bc4rqzJ6ncmrF7xm7Tl8VAgTmt+
4Bc6VHnKmRZHN16yuVXnFAAwo8jJyVwTGrQCmiC0A1I8I5EnFiY7ILKT6O8x7rYq
yxoDV1LWFavSEbDwlk/5MwIn/3TCff+DlUV6IKMPzb2QMal5t6StLOCh3wtc95h9
W28gtcABok2XzOW3uAIaG1hN53SihPxZpqQQ5OJnmXMHdjSOkqW4h9YxzMgtrIQr
etZjj3Mf5zZO2Qd7l8jlpRKz9AMKQX0kT88pmPfnwnoPyu0sfmkg5Hhkv9tAAY7m
lJFTwwF4Xq4ZWYRE2HNAZHqZCrrKwdZBls3QOhoqkjSLIpAZh9Pu+oXouLkafMyK
mZuxCbFjyFbEe4LXzMD6w4QmTZrQWCDPaGrSTnqq83NeUtufZt4t9ak6t55OsZQ+
f+Ufn9K5CFSmZ2Gq4IZIMLjRd/HlHNywFhJrkZjCM9VzY9yTPr8=
=kyQx
-----END PGP SIGNATURE-----

--pP0ycGQONqsnqIMP--




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 4/8] services: hurd-vm: Check whether /dev/kvm exists at run time.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 29 Sep 2020 10:11:01 +0000
Resent-Message-ID: <handler.43650.B43650.16013742601946@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Jan Nieuwenhuizen <janneke@gnu.org>
Cc: 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.16013742601946
          (code B ref 43650); Tue, 29 Sep 2020 10:11:01 +0000
Received: (at 43650) by debbugs.gnu.org; 29 Sep 2020 10:11:00 +0000
Received: from localhost ([127.0.0.1]:54984 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kNCb6-0000VJ-2c
	for submit@debbugs.gnu.org; Tue, 29 Sep 2020 06:11:00 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37314)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kNCb4-0000V7-Mo
 for 43650@debbugs.gnu.org; Tue, 29 Sep 2020 06:10:59 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34987)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kNCaz-0003IS-G6; Tue, 29 Sep 2020 06:10:53 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=57740 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1kNCay-0000F6-VF; Tue, 29 Sep 2020 06:10:53 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org>
 <20200927153221.9154-4-ludo@gnu.org> <87h7rh4yyd.fsf@gnu.org>
Date: Tue, 29 Sep 2020 12:10:50 +0200
In-Reply-To: <87h7rh4yyd.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Mon, 28
 Sep 2020 19:02:02 +0200")
Message-ID: <87r1qk7v11.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

I=E2=80=99ve pushed =E2=80=98wip-childhurd=E2=80=99 with a few additional c=
ommits.

The flaky startup issue appears to be fixed by:

  88946005d7 * services: secret-service: Add initial client/server handshak=
e.

Before that, what would happen is that:

  1. The host would connect(2) to QEMU as soon as QEMU is running;
     connect(2) would succeed immediately and so the host would send its
     secrets right away, disconnect, and move on.

     However, at that point, the guest is still booting and its secret
     service server is not even accept(2)ing yet.  Looks like QEMU=E2=80=99s
     SLIRP would more or less buffer the packets the host sent, =E2=80=9Cmo=
re or
     less=E2=80=9D being the important point.

  2. The guest would eventually accept(2), which would succeed.  Then it
     would sometimes receive stuff, sometimes not, depending on what
     happened with the SLIRP buffering I suppose.

The fix is to have the server in the guest send a =E2=80=9Chello=E2=80=9D m=
essage.  The
client in the host waits for that message before sending its secrets.

Consequently, it can take ~20s for the =E2=80=98start=E2=80=99 method of th=
e childhurd
to succeed.  Eventually, when shepherd runs on Fibers or similar, it
won=E2=80=99t be a problem, but for now it means that PID=C2=A01 remains st=
uck in
select(2) for this many seconds.

Ludo=E2=80=99.




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 1/8] services: hurd-vm: Run QEMU as an unprivileged user.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 29 Sep 2020 10:24:02 +0000
Resent-Message-ID: <handler.43650.B43650.16013750123103@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Efraim Flashner <efraim@flashner.co.il>
Cc: 43650@debbugs.gnu.org, Jan Nieuwenhuizen <janneke@gnu.org>
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.16013750123103
          (code B ref 43650); Tue, 29 Sep 2020 10:24:02 +0000
Received: (at 43650) by debbugs.gnu.org; 29 Sep 2020 10:23:32 +0000
Received: from localhost ([127.0.0.1]:54990 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kNCnE-0000nz-9V
	for submit@debbugs.gnu.org; Tue, 29 Sep 2020 06:23:32 -0400
Received: from eggs.gnu.org ([209.51.188.92]:40422)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kNCnB-0000nl-J4
 for 43650@debbugs.gnu.org; Tue, 29 Sep 2020 06:23:30 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:35105)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kNCn4-00056T-4V; Tue, 29 Sep 2020 06:23:22 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=57770 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1kNCn3-0001Df-BK; Tue, 29 Sep 2020 06:23:21 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20200927153221.9154-1-ludo@gnu.org> <87lfgt4z6r.fsf@gnu.org>
 <20200929070624.GM1386@E5400>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 8 =?UTF-8?Q?Vend=C3=A9miaire?= an 229 de la
 =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 29 Sep 2020 12:23:19 +0200
In-Reply-To: <20200929070624.GM1386@E5400> (Efraim Flashner's message of "Tue, 
 29 Sep 2020 10:06:24 +0300")
Message-ID: <87eemk7ug8.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Efraim Flashner <efraim@flashner.co.il> skribis:

> Shot in the dark, do the permissions/ownership on /var/empty matter?
> childhurd is far from the only user claiming /var/empty as home.

I don=E2=80=99t think so.  There=E2=80=99s code somewhere that ensures that=
 /var/empty
is root-owned and read-only.

Ludo=E2=80=99.




From unknown Mon Jun 23 13:12:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#43650] [PATCH 4/8] services: hurd-vm: Check whether /dev/kvm exists at run time.
Resent-From: Jan Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 29 Sep 2020 14:23:01 +0000
Resent-Message-ID: <handler.43650.B43650.160138933511926@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 43650
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 43650@debbugs.gnu.org
Received: via spool by 43650-submit@debbugs.gnu.org id=B43650.160138933511926
          (code B ref 43650); Tue, 29 Sep 2020 14:23:01 +0000
Received: (at 43650) by debbugs.gnu.org; 29 Sep 2020 14:22:15 +0000
Received: from localhost ([127.0.0.1]:56791 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kNGWE-00036I-W4
	for submit@debbugs.gnu.org; Tue, 29 Sep 2020 10:22:15 -0400
Received: from eggs.gnu.org ([209.51.188.92]:45464)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1kNGWC-000363-QD
 for 43650@debbugs.gnu.org; Tue, 29 Sep 2020 10:22:14 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:38133)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <janneke@gnu.org>)
 id 1kNGW7-0007ct-4U; Tue, 29 Sep 2020 10:22:07 -0400
Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=47914
 helo=dundal.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <janneke@gnu.org>)
 id 1kNGW6-0004er-5R; Tue, 29 Sep 2020 10:22:06 -0400
From: Jan Nieuwenhuizen <janneke@gnu.org>
Organization: AvatarAcademy.nl
References: <20200927153221.9154-1-ludo@gnu.org>
 <20200927153221.9154-4-ludo@gnu.org> <87h7rh4yyd.fsf@gnu.org>
 <87r1qk7v11.fsf@gnu.org>
X-Url: http://AvatarAcademy.nl
Date: Tue, 29 Sep 2020 16:22:02 +0200
In-Reply-To: <87r1qk7v11.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Tue, 29 Sep 2020 12:10:50 +0200")
Message-ID: <87v9fw1x4l.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s writes:

Hello,

> I=E2=80=99ve pushed =E2=80=98wip-childhurd=E2=80=99 with a few additional=
 commits.

Great, this works/fixes it for me!  Using the attached
bare+childhurd.tmpl, I can build and start a Guix VM with a childhurd:

--8<---------------cut here---------------start------------->8---
$ $(./pre-inst-env guix system vm gnu/system/examples/bare+childhurd.tmpl) \
  -m 1G --nographic --net nic \
  --net user,hostfwd=3Dtcp:127.0.0.1:12022-:2222,hostfwd=3Dtcp:127.0.0.1:13=
022-:10022
--8<---------------cut here---------------end--------------->8---

and then, after half a minute or so:

--8<---------------cut here---------------start------------->8---
$ ssh -p 13022 localhost
=EE=BC=80=EE=BC=81=EE=BC=82=EE=BC=83=EE=BC=84=EE=BC=85
=EE=BC=86=EE=BC=87=EE=BC=88=EE=BC=89=EE=BC=8A=EE=BC=8B
=EE=BC=8C=EE=BC=8D=EE=BC=8E=EE=BC=8F=EE=BC=90=EE=BC=91  This is the GNU Hur=
d.  Welcome.

root@childhurd ~#
--8<---------------cut here---------------end--------------->8---

> The flaky startup issue appears to be fixed by:
>
>   88946005d7 * services: secret-service: Add initial client/server handsh=
ake.
>
> Before that, what would happen is that:
>
>   1. The host would connect(2) to QEMU as soon as QEMU is running;
>      connect(2) would succeed immediately and so the host would send its
>      secrets right away, disconnect, and move on.
>
>      However, at that point, the guest is still booting and its secret
>      service server is not even accept(2)ing yet.  Looks like QEMU=E2=80=
=99s
>      SLIRP would more or less buffer the packets the host sent, =E2=80=9C=
more or
>      less=E2=80=9D being the important point.
>
>   2. The guest would eventually accept(2), which would succeed.  Then it
>      would sometimes receive stuff, sometimes not, depending on what
>      happened with the SLIRP buffering I suppose.

Ah, thanks for the explanation...that makes sense.

> Consequently, it can take ~20s for the =E2=80=98start=E2=80=99 method of =
the childhurd
> to succeed.  Eventually, when shepherd runs on Fibers or similar, it
> won=E2=80=99t be a problem, but for now it means that PID=C2=A01 remains =
stuck in
> select(2) for this many seconds.

Yeah...Anyway LGTM!

Greetings,
Janneke


--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=bare+childhurd.tmpl
Content-Transfer-Encoding: base64

OzsgVGhpcyBpcyBhbiBvcGVyYXRpbmcgc3lzdGVtIGNvbmZpZ3VyYXRpb24gdGVtcGxhdGUKOzsg
Zm9yIGEgImJhcmUgYm9uZXMiIHNldHVwLCB3aXRoIG5vIFgxMSBkaXNwbGF5IHNlcnZlci4KCih1
c2UtbW9kdWxlcyAoZ251KSAoZ3VpeCByZWNvcmRzKSkKKHVzZS1zZXJ2aWNlLW1vZHVsZXMgbmV0
d29ya2luZyBzc2ggdmlydHVhbGl6YXRpb24pCih1c2UtcGFja2FnZS1tb2R1bGVzIHNjcmVlbiBz
c2gpCgo7OyBGb3J3YXJkIFNTSCBhbmQgVk5DIHRvIHB1YmxpYyBpbnRlcmZhY2UsIHRvIGFsbG93
IFFFTVVzIGhvc3Rmd2QKKGRlZmluZSAoY2hpbGRodXJkLW5ldC1vcHRpb25zIGNvbmZpZykKICBg
KCItLWRldmljZSIgInJ0bDgxMzksbmV0ZGV2PW5ldDAiCiAgICAiLS1uZXRkZXYiICwoc3RyaW5n
LWFwcGVuZAogICAgICAgICAgICAgICAgICJ1c2VyLGlkPW5ldDAiCiAgICAgICAgICAgICAgICAg
Iixob3N0ZndkPXRjcDoxMjcuMC4wLjE6IgogICAgICAgICAgICAgICAgIChudW1iZXItPnN0cmlu
ZyAoaHVyZC12bS1wb3J0IGNvbmZpZwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgIChAQCAoZ251IHNlcnZpY2VzIHZpcnR1YWxpemF0aW9uKSAlaHVyZC12bS1z
ZWNyZXRzLXBvcnQpKSkKICAgICAgICAgICAgICAgICAiLToxMDA0IgogICAgICAgICAgICAgICAg
ICIsaG9zdGZ3ZD10Y3A6MC4wLjAuMDoiCiAgICAgICAgICAgICAgICAgKG51bWJlci0+c3RyaW5n
IChodXJkLXZtLXBvcnQgY29uZmlnCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgKEBAIChnbnUgc2VydmljZXMgdmlydHVhbGl6YXRpb24pICVodXJkLXZtLXNz
aC1wb3J0KSkpCiAgICAgICAgICAgICAgICAgIi06MjIyMiIKICAgICAgICAgICAgICAgICAiLGhv
c3Rmd2Q9dGNwOjAuMC4wLjA6IgogICAgICAgICAgICAgICAgIChudW1iZXItPnN0cmluZyAoaHVy
ZC12bS1wb3J0IGNvbmZpZwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIChAQCAoZ251IHNlcnZpY2VzIHZpcnR1YWxpemF0aW9uKSAlaHVyZC12bS12bmMtcG9y
dCkpKQogICAgICAgICAgICAgICAgICItOjU5MDAiKSkpCgoob3BlcmF0aW5nLXN5c3RlbQogICho
b3N0LW5hbWUgImtvbXB1dGlsbyIpCiAgKHRpbWV6b25lICJFdXJvcGUvQmVybGluIikKICAobG9j
YWxlICJlbl9VUy51dGY4IikKCiAgOzsgQWxsb3cgcnVubmluZyBRRU1VIHdpdGggLS1ub2dyYXBo
aWMKICAoa2VybmVsLWFyZ3VtZW50cyAnKCJjb25zb2xlPXR0eTAiCiAgICAgICAgICAgICAgICAg
ICAgICAiY29uc29sZT10dHlTMCwxMTUyMDAiKSkKCiAgOzsgQm9vdCBpbiAibGVnYWN5IiBCSU9T
IG1vZGUsIGFzc3VtaW5nIC9kZXYvc2RYIGlzIHRoZQogIDs7IHRhcmdldCBoYXJkIGRpc2ssIGFu
ZCAibXktcm9vdCIgaXMgdGhlIGxhYmVsIG9mIHRoZSB0YXJnZXQKICA7OyByb290IGZpbGUgc3lz
dGVtLgogIChib290bG9hZGVyIChib290bG9hZGVyLWNvbmZpZ3VyYXRpb24KICAgICAgICAgICAg
ICAgIChib290bG9hZGVyIGdydWItYm9vdGxvYWRlcikKICAgICAgICAgICAgICAgICh0YXJnZXQg
Ii9kZXYvc2RYIikpKQogIChmaWxlLXN5c3RlbXMgKGNvbnMgKGZpbGUtc3lzdGVtCiAgICAgICAg
ICAgICAgICAgICAgICAgIChkZXZpY2UgKGZpbGUtc3lzdGVtLWxhYmVsICJteS1yb290IikpCiAg
ICAgICAgICAgICAgICAgICAgICAgIChtb3VudC1wb2ludCAiLyIpCiAgICAgICAgICAgICAgICAg
ICAgICAgICh0eXBlICJleHQ0IikpCiAgICAgICAgICAgICAgICAgICAgICAlYmFzZS1maWxlLXN5
c3RlbXMpKQoKICA7OyBUaGlzIGlzIHdoZXJlIHVzZXIgYWNjb3VudHMgYXJlIHNwZWNpZmllZC4g
IFRoZSAicm9vdCIKICA7OyBhY2NvdW50IGlzIGltcGxpY2l0LCBhbmQgaXMgaW5pdGlhbGx5IGNy
ZWF0ZWQgd2l0aCB0aGUKICA7OyBlbXB0eSBwYXNzd29yZC4KICAodXNlcnMgKGNvbnMqICh1c2Vy
LWFjY291bnQKICAgICAgICAgICAgICAgIChuYW1lICJhbGljZSIpCiAgICAgICAgICAgICAgICAo
Y29tbWVudCAiQm9iJ3Mgc2lzdGVyIikKICAgICAgICAgICAgICAgIChncm91cCAidXNlcnMiKQoK
ICAgICAgICAgICAgICAgIDs7IEFkZGluZyB0aGUgYWNjb3VudCB0byB0aGUgIndoZWVsIiBncm91
cAogICAgICAgICAgICAgICAgOzsgbWFrZXMgaXQgYSBzdWRvZXIuICBBZGRpbmcgaXQgdG8gImF1
ZGlvIgogICAgICAgICAgICAgICAgOzsgYW5kICJ2aWRlbyIgYWxsb3dzIHRoZSB1c2VyIHRvIHBs
YXkgc291bmQKICAgICAgICAgICAgICAgIDs7IGFuZCBhY2Nlc3MgdGhlIHdlYmNhbS4KICAgICAg
ICAgICAgICAgIChzdXBwbGVtZW50YXJ5LWdyb3VwcyAnKCJ3aGVlbCIKICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICJhdWRpbyIgInZpZGVvIikpKQogICAgICAgICAgICAg
ICAKICAgICAgICAgICAgICAgJWJhc2UtdXNlci1hY2NvdW50cykpCgogIDs7IEdsb2JhbGx5LWlu
c3RhbGxlZCBwYWNrYWdlcy4KICAocGFja2FnZXMgKGNvbnMgc2NyZWVuICViYXNlLXBhY2thZ2Vz
KSkKCiAgOzsgQWRkIHNlcnZpY2VzIHRvIHRoZSBiYXNlbGluZTogYSBESENQIGNsaWVudCBhbmQK
ICA7OyBhbiBTU0ggc2VydmVyLgogIChzZXJ2aWNlcyAoYXBwZW5kIChsaXN0IChzZXJ2aWNlIGRo
Y3AtY2xpZW50LXNlcnZpY2UtdHlwZSkKICAgICAgICAgICAgICAgICAgICAgICAgICAoc2Vydmlj
ZSBvcGVuc3NoLXNlcnZpY2UtdHlwZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IChvcGVuc3NoLWNvbmZpZ3VyYXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgKG9wZW5zc2ggb3BlbnNzaC1zYW5zLXgpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIChwb3J0LW51bWJlciAyMjIyKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAocGVybWl0LXJvb3QtbG9naW4gI3QpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIChhbGxvdy1lbXB0eS1wYXNzd29yZHM/ICN0KQogICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAocGFzc3dvcmQtYXV0aGVudGljYXRpb24/ICN0KSkpCiAgICAgICAgICAg
ICAgICAgICAgICAgICAgKHNlcnZpY2UgaHVyZC12bS1zZXJ2aWNlLXR5cGUKCQkgICAgICAgICAg
ICAgICAgICAgKGh1cmQtdm0tY29uZmlndXJhdGlvbgogICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAobmV0LW9wdGlvbnMgKGNoaWxkaHVyZC1uZXQtb3B0aW9ucyB0aGlzLXJlY29y
ZCkpKSkpCiAgICAgICAgICAgICAgICAgICAgJWJhc2Utc2VydmljZXMpKSkK
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


--=20
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com

--=-=-=--




From unknown Mon Jun 23 13:12:13 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: bug#43650: closed (Re: [bug#43650] [PATCH 4/8] services: hurd-vm:
 Check whether /dev/kvm exists at run time.)
Message-ID: <handler.43650.D43650.160141043429208.notifdone@debbugs.gnu.org>
References: <87ft705ojt.fsf@gnu.org> <20200927152932.8924-1-ludo@gnu.org>
X-Gnu-PR-Message: they-closed 43650
X-Gnu-PR-Package: guix-patches
X-Gnu-PR-Keywords: patch
Reply-To: 43650@debbugs.gnu.org
Date: Tue, 29 Sep 2020 20:14:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1601410442-29233-1"

This is a multi-part message in MIME format...

------------=_1601410442-29233-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#43650: [PATCH 0/8] Assorted childhurd improvements

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 43650@debbugs.gnu.org.

--=20
43650: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D43650
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1601410442-29233-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 43650-done) by debbugs.gnu.org; 29 Sep 2020 20:13:54 +0000
Received: from localhost ([127.0.0.1]:57273 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kNM0X-0007b2-QN
	for submit@debbugs.gnu.org; Tue, 29 Sep 2020 16:13:53 -0400
Received: from eggs.gnu.org ([209.51.188.92]:51566)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kNM0V-0007ap-7N
 for 43650-done@debbugs.gnu.org; Tue, 29 Sep 2020 16:13:52 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:46601)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kNM0Q-0002mp-07; Tue, 29 Sep 2020 16:13:46 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=57194 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1kNM0O-0008LP-7w; Tue, 29 Sep 2020 16:13:45 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Jan Nieuwenhuizen <janneke@gnu.org>
Subject: Re: [bug#43650] [PATCH 4/8] services: hurd-vm: Check whether
 /dev/kvm exists at run time.
References: <20200927153221.9154-1-ludo@gnu.org>
 <20200927153221.9154-4-ludo@gnu.org> <87h7rh4yyd.fsf@gnu.org>
 <87r1qk7v11.fsf@gnu.org> <87v9fw1x4l.fsf@gnu.org>
Date: Tue, 29 Sep 2020 22:13:42 +0200
In-Reply-To: <87v9fw1x4l.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 29
 Sep 2020 16:22:02 +0200")
Message-ID: <87ft705ojt.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 43650-done
Cc: 43650-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

Jan Nieuwenhuizen <janneke@gnu.org> skribis:

>> I=E2=80=99ve pushed =E2=80=98wip-childhurd=E2=80=99 with a few additiona=
l commits.
>
> Great, this works/fixes it for me!  Using the attached
> bare+childhurd.tmpl, I can build and start a Guix VM with a childhurd:
>
> $ $(./pre-inst-env guix system vm gnu/system/examples/bare+childhurd.tmpl=
) \
>   -m 1G --nographic --net nic \
>   --net user,hostfwd=3Dtcp:127.0.0.1:12022-:2222,hostfwd=3Dtcp:127.0.0.1:=
13022-:10022
>
>
> and then, after half a minute or so:
>
> $ ssh -p 13022 localhost
> =EE=BC=80=EE=BC=81=EE=BC=82=EE=BC=83=EE=BC=84=EE=BC=85
> =EE=BC=86=EE=BC=87=EE=BC=88=EE=BC=89=EE=BC=8A=EE=BC=8B
> =EE=BC=8C=EE=BC=8D=EE=BC=8E=EE=BC=8F=EE=BC=90=EE=BC=91  This is the GNU H=
urd.  Welcome.
>
> root@childhurd ~#

Thanks for testing again.  I=E2=80=99ve pushed this to =E2=80=98master=E2=
=80=99 as commit
c11c19bd4d0dc4ec56b949647057dbf00567f2ae, along with a new system test
that ensures the childhurd=E2=80=99s SSH server is up and running in the en=
d:

  https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3Dc11c19bd4d0dc4ec5=
6b949647057dbf00567f2ae

You can run it with:

  make check-system TESTS=3Dchildhurd

Thank you!

Ludo=E2=80=99.


------------=_1601410442-29233-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 27 Sep 2020 15:29:48 +0000
Received: from localhost ([127.0.0.1]:50191 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kMYcW-0002dK-Bg
	for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:29:48 -0400
Received: from lists.gnu.org ([209.51.188.17]:44002)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kMYcU-0002dD-Kb
 for submit@debbugs.gnu.org; Sun, 27 Sep 2020 11:29:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:54074)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1kMYcU-0002LF-0T
 for guix-patches@gnu.org; Sun, 27 Sep 2020 11:29:46 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52440)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1kMYcS-0003Qi-7t; Sun, 27 Sep 2020 11:29:44 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38888 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1kMYcQ-0004OA-GZ; Sun, 27 Sep 2020 11:29:44 -0400
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
To: guix-patches@gnu.org
Subject: [PATCH 0/8] Assorted childhurd improvements
Date: Sun, 27 Sep 2020 17:29:32 +0200
Message-Id: <20200927152932.8924-1-ludo@gnu.org>
X-Mailer: git-send-email 2.28.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>, janneke@gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Guix!

Here are assorted improvements to childhurds!

There’s one thing missing to allow ‘hurd-vm-service-type’ to
automatically enable offloading to the local childhurd:
declarative ACL and declarative machines.scm.

Feedback welcome!  :-)

Ludo’.

PS: It’s GNU’s 37th birthday! \o/

Ludovic Courtès (8):
  services: hurd-vm: Run QEMU as an unprivileged user.
  services: childhurd: Tweak description.
  secret-service: Clarify the origin of messages.
  services: hurd-vm: Check whether /dev/kvm exists at run time.
  services: guix: Generate key pair if needed during activation.
  services: hurd-vm: Initialize the guest's SSH/Guix keys at activation
    time.
  services: hurd-vm: Pass "-no-reboot" when spawning the Hurd VM.
  secret-service: Add a timeout when waiting for a client.

 doc/guix.texi                   |  44 +++++++++--
 gnu/build/secret-service.scm    |  48 +++++++-----
 gnu/services/base.scm           |  13 +++-
 gnu/services/virtualization.scm | 131 +++++++++++++++++++++++++++-----
 4 files changed, 187 insertions(+), 49 deletions(-)

-- 
2.28.0




------------=_1601410442-29233-1--