From unknown Sun Aug 17 22:03:20 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#66156 <66156@debbugs.gnu.org> To: bug#66156 <66156@debbugs.gnu.org> Subject: Status: [PATCH 00/12] Introducing Smart Hurdloading Reply-To: bug#66156 <66156@debbugs.gnu.org> Date: Mon, 18 Aug 2025 05:03:20 +0000 retitle 66156 [PATCH 00/12] Introducing Smart Hurdloading reassign 66156 guix-patches submitter 66156 Ludovic Court=C3=A8s severity 66156 normal tag 66156 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:53:06 2023 Received: (at submit) by debbugs.gnu.org; 22 Sep 2023 12:53:06 +0000 Received: from localhost ([127.0.0.1]:35546 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfec-0005bJ-6i for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:53:06 -0400 Received: from lists.gnu.org ([2001:470:142::17]:58300) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfea-0005ah-JI for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:53:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfeI-0008Vk-Va for guix-patches@gnu.org; Fri, 22 Sep 2023 08:52:47 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfeE-0007UY-AQ; Fri, 22 Sep 2023 08:52:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=lq8K8dMi+KVea48r7S7IdT1m3buQEnjwhZ0EqyNcQVo=; b=hBotmSNAEchxMV zKdUtoo3OcLfWJkMCAOPlZUjp8u4LN3rAfewEpNNHarOytYu97Oz2b0akhLF/UrIufvdBPJDQ5DVH pm4fU8bZnt9ptd+vFKWRYb4EmtPBWS7EbJDpY6tTVrpef14qnvlkyMQmZ5dA6/bKEcGbnTPayyqgn xfvID5yypkOkJb2sY+I7H1dtuUyFSUcdacdCb3TcssXQetBJcSUPSwHAlXxVfofQ2SBHh5MCh/9up p3cDW61B/XqhMyGzmdSgROCfdHGJ4eAuASMFK/m5JZMzW7kPIE5tK2960olvLH2so6CaaZZsZwOn6 EqGZ6GDm1ZGSFS6IHMNw==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 00/12] Introducing Smart Hurdloading Date: Fri, 22 Sep 2023 14:52:27 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Josselin Poiret , Janneke Nieuwenhuizen X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This patch series, my friends, sets up Smart Hurdloading™, sometimes referred to as “Hurd auto-offloading”. (Yeah I worked hard on branding…) Concretely, if you add (service hurd-vm-service-type), you can now run: guix build libreoffice -s i586-gnu on your machine, and the childhurd will take care of keeping one CPU core busy for a while. There’s no configuration involved beyond this one (service hurd-vm-service-type) line: no need to exchange SSH keys, substitute keys, write /etc/guix/machines.scm, and all that. It’s all taken care off automatically. One key element here is support for declarative and extensible offloading configuration—meaning that /etc/guix/machines.scm is now optionally generated straight from your ‘operating-system’ config. The rest is about generating keys, authorizing them, etc. The series is a bit of a potpourri: I fixed Hurd issues here and there (currently offloading to a childhurd doesn’t work on ‘master’, because of the locale issue, for instance), improved documentation, etc. I also took a couple of long detours not shown here that might lead to further improvements in the future. My goal is to extend this mechanism beyond the Hurd, to have a generic mechanism to spin up Guix System VMs we can easily offload to. Thoughts? Ludo’. Ludovic Courtès (12): system: vm: Remove unused variable. secret-service: Increase default handshake timeout. services: hurd-vm: Use the default SSH port number. gnu: glibc-utf8-locales: Reintroduce input labels. services: guix: Use the right locale package on GNU/Hurd. services: guix: Support declarative offloading setup. services: childhurd: Authorize the childhurd’s key on the host. services: hurd-vm: ‘image’ field has to be an record. tests: hurd-vm: Remove custom disk image configuration. services: hurd-vm: Disable password-based authentication for root. doc: Give an example showing how to add an account in the childhurd. services: hurd-vm: Implement zero-configuration offloading. doc/guix.texi | 167 ++++++++++++++++++++++++++------ gnu/build/secret-service.scm | 2 +- gnu/packages/base.scm | 4 +- gnu/services/base.scm | 58 ++++++++++- gnu/services/virtualization.scm | 153 ++++++++++++++++++++++++++--- gnu/system/vm.scm | 41 ++------ gnu/tests/virtualization.scm | 68 ++++++++++--- 7 files changed, 394 insertions(+), 99 deletions(-) base-commit: 3d8d67ef6928f5d81118c97f03372cd341eab8b0 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:54:49 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:49 +0000 Received: from localhost ([127.0.0.1]:35552 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgG-0005eG-Rw for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41038) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgF-0005dw-Sk for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:48 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjffz-0007hz-WB; Fri, 22 Sep 2023 08:54:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=ZGlerw3K7OKiAcIhhspU1FeTNN6FdhrrNcr8HkJE9Fs=; b=HpVJRnTWGvttyIdsfWQs 0WXnFIWkj/fMubKKofh5JroNQGuAsdGfot9X5z0G+YbLYaV+uG7+iSNzkJoOLMDdQNYjw9itO76dH 3CpdESoVtUVXCoDpWLciFUYUDyJ9s2D0RGz4jgHcMF262BU4rujss1gy1hFMUVgnZohhv77JgmHu1 8yAYs60flbGtfTv+vByLGwMGzeMfAPP78sUbl6oAI75ye53oj+Tscqq4keOqWkjyzEmWGI8pVJb94 HGHrCNxs+IFyqL0ZAnIJPpmeOtAHYnyBMe3FnizdZd9Qu5pbBQnM9iJoZMUJRa/brXDRZW7sRvPSp Eoca42KyDLblcQ==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 01/12] system: vm: Remove unused variable. Date: Fri, 22 Sep 2023 14:54:02 +0200 Message-ID: <02183e2b969d684ab500453bc9bc05834fa366dd.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This is a followup to 05a9d1f378e2e13e8f759be926ea368358afc27c, which removed its sole user. * gnu/system/vm.scm (%linux-vm-file-systems): Remove. (mapping->file-system): Add comment about “cache=loose”. --- gnu/system/vm.scm | 41 ++++++----------------------------------- 1 file changed, 6 insertions(+), 35 deletions(-) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index b7bccd72a4..70f7b00116 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -87,41 +87,6 @@ (define-module (gnu system vm) ;; conservative default. (define %default-msize-value (* 100 (expt 2 20))) ;100 MiB -(define %linux-vm-file-systems - ;; File systems mounted for 'derivation-in-linux-vm'. These are shared with - ;; the host over 9p. - ;; - ;; The 9p documentation says that cache=loose is "intended for exclusive, - ;; read-only mounts", without additional details. It's much faster than the - ;; default cache=none, especially when copying and registering store items. - ;; Thus, use cache=loose, except for /xchg where we want to ensure - ;; consistency. - (list (file-system - (mount-point (%store-prefix)) - (device "store") - (type "9p") - (needed-for-boot? #t) - (flags '(read-only)) - (options (format #f "trans=virtio,cache=loose,msize=~a" - %default-msize-value)) - (check? #f)) - (file-system - (mount-point "/xchg") - (device "xchg") - (type "9p") - (needed-for-boot? #t) - (options (format #f "trans=virtio,msize=~a" %default-msize-value)) - (check? #f)) - (file-system - (mount-point "/tmp") - (device "tmp") - (type "9p") - (needed-for-boot? #t) - (options (format #f "trans=virtio,cache=loose,msize=~a" - %default-msize-value)) - (check? #f)))) - - ;;; ;;; VMs that share file systems with the host. ;;; @@ -145,6 +110,12 @@ (define (mapping->file-system mapping) (device (file-system->mount-tag source)) (type "9p") (flags (if writable? '() '(read-only))) + + ;; The 9p documentation says that cache=loose is "intended for + ;; exclusive, read-only mounts", without additional details. It's + ;; faster than the default cache=none, especially when copying and + ;; registering store items. Thus, use cache=loose, except for writable + ;; mounts, to ensure consistency. (options (string-append "trans=virtio" (if writable? "" ",cache=loose") ",msize=" (number->string %default-msize-value))) -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:54:54 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:55 +0000 Received: from localhost ([127.0.0.1]:35566 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgM-0005ez-7z for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41048) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgH-0005e0-2s for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg0-0007jW-SL; Fri, 22 Sep 2023 08:54:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=S6ksjGEKu1rbAm5F6Zxr5JjZ9jJP6P4UjdhfQfGluls=; b=JEmPLcS9VZzeV/lWIFi7 abwTLu2K6KfnvUsLTLdWqEW1xZRjvkNgLL6hc1kyyD3Uo15x5atCfd87C2MrxjgNNvboMQCiD1rCp /7TytHm+L/SHp2itOv6nEHbWd71vzUlzmgCbZ3d0EV0s5qoauiIQ3VUxizAjzq0OzVBD+2tqsz6qJ djF1PHbr6WPoo0ppYpIsnzWWBl9y4e8S0Rw+5WB6QxIiAAKiqZ1OvfuUkiJciPDEKTobR5KFgKxBO /H8DNeAvA+MXbfsxX/vTDe795HhkFibNor8vQ5Nrh8LbYj/Mrl8T3GRAEI4JzH9DYotip9MLDP2yP ZI0k+L4os7IffQ==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 02/12] secret-service: Increase default handshake timeout. Date: Fri, 22 Sep 2023 14:54:03 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/build/secret-service.scm (secret-service-send-secrets): Increase #:handshake-timeout. --- gnu/build/secret-service.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm index c53145c8e7..e13fd4eef3 100644 --- a/gnu/build/secret-service.scm +++ b/gnu/build/secret-service.scm @@ -95,7 +95,7 @@ (define (wait-for-readable-fd port timeout) (define* (secret-service-send-secrets port secret-root #:key (retry 60) - (handshake-timeout 120)) + (handshake-timeout 180)) "Copy all files under SECRET-ROOT using TCP to secret-service listening at local PORT. If connect fails, sleep 1s and retry RETRY times; once connected, wait for at most HANDSHAKE-TIMEOUT seconds for handshake to complete. Return -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:54:55 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:55 +0000 Received: from localhost ([127.0.0.1]:35568 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgM-0005f2-PT for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41056) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgH-0005e1-Jr for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg1-0007ke-No; Fri, 22 Sep 2023 08:54:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=LfFClDoczWd/Q+4rQHflhRVyiL0ipmoliSVo47uOphM=; b=rivVGOroYRe7BkfAaMEC OvSYG25xS0s01+PfhTEVTfDtf2bJjjMMBEl01iG4SGCUzfzYuohkcMoD/nX8FN/mOorZyE2l4kity 8B3hq7suQqlB6azGoJQPIfL88rWezOijh1vjZ86G/m3T0+boJQqLJhgtCFveW/qFdeLwgwpUA7TTf KGnNTc9uMhdCsKJy8jM33qw13WIOjoiuLmyv99pxazRz+wGRYNP+1Bqqh1kLaCmg2MuhmvFVAV/B5 gzFqDgZ4TrtxkAwXwfvM/stftp4zvdnOcsa9vT0OouOpmvSiUY3Tjv9nbC484c74Xjo8to/tCs7Vr 4SvWiKf9jR7Ydg==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 03/12] services: hurd-vm: Use the default SSH port number. Date: Fri, 22 Sep 2023 14:54:04 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove ‘port-number’ from ‘openssh-configuration’. (hurd-vm-net-options): Change 2222 to 22 in port forwarding. --- gnu/services/virtualization.scm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index e1a206e0eb..fd153dd051 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1078,7 +1078,6 @@ (define %hurd-vm-operating-system (openssh-configuration (openssh openssh-sans-x) (use-pam? #f) - (port-number 2222) (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) @@ -1146,7 +1145,7 @@ (define (hurd-vm-net-options config) "-:1004" ",hostfwd=tcp:127.0.0.1:" (number->string (hurd-vm-port config %hurd-vm-ssh-port)) - "-:2222" + "-:22" ",hostfwd=tcp:127.0.0.1:" (number->string (hurd-vm-port config %hurd-vm-vnc-port)) "-:5900"))) -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:54:56 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:56 +0000 Received: from localhost ([127.0.0.1]:35572 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005fG-A6 for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41072) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgJ-0005e4-Dz for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg3-0007lC-HN; Fri, 22 Sep 2023 08:54:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=haTthdaC5trc6FJhl0PHylvd5grmMAlkAhwlWfP3Z98=; b=KfWLKO2Hy9T7aqxeQihx yZSVIGrmGpJKWEO4f04/NIKAico6iaMEmk5nytQd+ShHAEKa/jkdDoJSs7VVR7NFMRQr4XHRvRX8M ymtQF9Hj0x6cZSRXlYIftXPLkzaPzTGoV4fEkwtvZJuUfi/ebVJHyR46/PbXNRPfgktpHe28iBqTt WMXkgceB2qwbjKOH36eEhtqFllX4RmPaDD0OQQHn+ombJssd11cMsleCoSpNRnBK2n5pIYebp5eRb +HivZ59slwPoqVfwRDqo3XS/8hiQCuYD3BjlmE80FlK/GMV1KSybpU15u1h5ycSIBDVBHycdRJ/ci 6+PHkZtF2WVy9w==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 04/12] gnu: glibc-utf8-locales: Reintroduce input labels. Date: Fri, 22 Sep 2023 14:54:05 +0200 Message-ID: <7f005d58b07c4e577e4eb45f80831f6f4480498c.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Since 2f73ea3487b3bf6eb055c08aae7c53713d61a4d7, ‘make-glibc-utf8-locales’ couldn’t be passed a package with a name other than “glibc” (in particular “glibc-hurd”) since the builder expects the name “glibc” in ‘%build-inputs’. * gnu/packages/base.scm (make-glibc-utf8-locales): Reintroduce labels in ‘native-inputs’. --- gnu/packages/base.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 0b6cb2ddc5..c0813f7de0 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -1382,7 +1382,9 @@ (define*-public (make-glibc-utf8-locales glibc #:key locale ".UTF-8"))) ',locales) #t)))) - (native-inputs (list glibc gzip)) + (native-inputs + `(("glibc" ,glibc) + ("gzip" ,gzip))) (synopsis (if default-locales? (P_ "Small sample of UTF-8 locales") (P_ "Customized sample of UTF-8 locales"))) -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:54:57 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:57 +0000 Received: from localhost ([127.0.0.1]:35574 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005fO-Kn for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41080) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgK-0005e6-Cl for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg4-0007lk-Fy; Fri, 22 Sep 2023 08:54:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=Y8E+4zulALqHL3vEakC0nXvIb5r/vVsKAsv9l64DTvQ=; b=rk3sBHK1QqFgusxG9jMn vr/M4z0AnXcMUV+RmezpmTq4yncDF4eGJrIOrrksx1ZtSnMTj8deDfJAtw1ra/r9nopKTg4YO0fL3 6xma3JCoL9Nv4xqu0D7P59vZqAMEuy0PxjxBlAC2crwNjPQyza8llcvPsUbF1Z/7Q0QG7KNVDmEy3 PGJa2++U6ebodacCjUrVzsUoC2YrAXPkV5g94CIivnhre4nl42GniOGWTjnd/TbWlFORc9LiOjDqi jFwxRsQSbdub1Ortx2rMh8b9mhXAPx8tMMM1U6sYebpXkabX2oLys65aLWD579/9F/r7nOKzML14Z Fp5TkHXbGJefcg==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 05/12] services: guix: Use the right locale package on GNU/Hurd. Date: Fri, 22 Sep 2023 14:54:06 +0200 Message-ID: <7646a159c95b899d0d0008d63e1eb98b6b07a218.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Fixes a bug introduced in 0dd293b4d9095137c9952e16ca951f887b7e7018 whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the “wrong” locale data (2.35 instead of 2.37). Consequently, it would fail to setlocale(3) and calls to ‘std::stoi’ (when reading the output of ‘guix authenticate’) would throw, leading to this error message of guix-daemon: unexpected build daemon error: stoi This would manifest when sending store items to a childhurd: $ guix copy --to=localhost:10022 sed guix copy: sending 1 store item (1 MiB) to 'localhost'... guix copy: error: unknown error while sending files over SSH The “unknown error” is the ‘stoi’ exception. This commit fixes that, but for the ‘guix-daemon’ service only. * gnu/services/base.scm (guix-shepherd-service)[locales]: New variable. Use it instead of ‘glibc-utf8-locales’. --- gnu/services/base.scm | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index b3f2d2e8b8..10e0d4cf9d 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -62,8 +62,9 @@ (define-module (gnu services base) util-linux xfsprogs)) #:use-module (gnu packages bash) #:use-module ((gnu packages base) - #:select (coreutils glibc glibc-utf8-locales tar - canonical-package)) + #:select (coreutils glibc glibc/hurd + glibc-utf8-locales make-glibc-utf8-locales + tar canonical-package)) #:use-module ((gnu packages compression) #:select (gzip)) #:use-module (gnu packages fonts) #:autoload (gnu packages guile-xyz) (guile-netlink) @@ -87,6 +88,7 @@ (define-module (gnu services base) #:use-module ((guix self) #:select (make-config.scm)) #:use-module (guix diagnostics) #:use-module (guix i18n) + #:autoload (guix utils) (target-hurd?) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) @@ -1831,6 +1833,12 @@ (define shepherd-discover-action (define (guix-shepherd-service config) "Return a for the Guix daemon service with CONFIG." + (define locales + (let-system (system target) + (if (target-hurd? (or target system)) + (make-glibc-utf8-locales glibc/hurd) + glibc-utf8-locales))) + (match-record config (guix build-group build-accounts authorize-key? authorized-keys use-substitutes? substitute-urls max-silent-time timeout @@ -1912,8 +1920,7 @@ (define (guix-shepherd-service config) ;; 'nss-certs'. See ;; . (string-append "GUIX_LOCPATH=" - #$glibc-utf8-locales - "/lib/locale") + #$locales "/lib/locale") "LC_ALL=en_US.utf8" ;; Make 'tar' and 'gzip' available so ;; that 'guix perform-download' can use -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:55:11 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:11 +0000 Received: from localhost ([127.0.0.1]:35589 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgc-0005h0-Ig for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41096) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgL-0005e7-9K for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:53 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg5-0007mD-CX; Fri, 22 Sep 2023 08:54:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=IUpl87JnzSpapiHtxjjagb3VgMXMf/2W4r89ek4yA/k=; b=aJaobxCTTJwJS07gfDsB VR5wZc9PSNk+2LmyGwGEwBG3sTRZQi7AT2JxjNhgrDKtVEmZzjPShk/vYdWZuN26DumfIZibBCjNO tGEkCiVlLlfl+KKo70AXNkKGYsFpcD7nPiXUHwQVYgVotjz18tw3rD1niGnMps5ypBBQd4V+Y4Js+ KBl5VW4z/fgmoNg4lK1f/fj7/aDVkBAHSTtZVN7THBBSXDpSveJf6s39rrRaHCWEOAyjN+iLWHFqa vjNRaaM2Qz+/nvfBwQSUBQai35hMauEEqsuME9z7lGkMKGGBq6e1QXfZeSNJkSeKCQJfJ+iUu3a+z MCj/ef8SXCz1KQ==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 06/12] services: guix: Support declarative offloading setup. Date: Fri, 22 Sep 2023 14:54:07 +0200 Message-ID: <733d12daff33a35bceaf6d36346a5a3ddd8faa0d.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/services/base.scm (guix-machines-files-installation): New procedure. ()[build-machines]: New field. (guix-activation): Call ‘ guix-machines-files-installation’. ()[build-machines]: New field. (guix-extension-merge): Handle it. (guix-service-type)[extend]: Likewise. * doc/guix.texi (Daemon Offload Setup): Add note linking to ‘guix-configuration’. (Base Services): Document ‘build-machines’ field of and of . (Virtualization Services): Add ‘hurd-vm’ anchor. --- doc/guix.texi | 42 +++++++++++++++++++++++++++++++++++++++++- gnu/services/base.scm | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 50c4984d71..ca48d6c404 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1484,6 +1484,14 @@ Daemon Offload Setup @end table @end deftp +@quotation Note +On Guix System, instead of managing @file{/etc/guix/machines.scm} +independently, you can choose to specify build machines directly in the +@code{operating-system} declaration, in the @code{build-machines} field +of @code{guix-configuration}. @xref{guix-configuration-build-machines, +@code{build-machines} field of @code{guix-configuration}}. +@end quotation + The @command{guix} command must be in the search path on the build machines. You can check whether this is the case by running: @@ -19259,6 +19267,28 @@ Base Services Whether to discover substitute servers on the local network using mDNS and DNS-SD. +@anchor{guix-configuration-build-machines} +@item @code{build-machines} (default: @code{#f}) +This field must be either @code{#f} or a list of gexps evaluating to a +@code{build-machine} record (@pxref{Daemon Offload Setup}). + +When it is @code{#f}, the @file{/etc/guix/machines.scm} file is left +untouched. Otherwise, the list of of gexps is written to +@file{/etc/guix/machines.scm}; if a previously-existing file is found, +it is backed up as @file{/etc/guix/machines.scm.bak}. This allows you +to declare build machines for offloading directly in the operating +system declaration, like so: + +@lisp +(guix-configuration + (build-machines + (list #~(build-machine (name "foo.example.org") @dots{}) + #~(build-machine (name "bar.example.org") @dots{})))) +@end lisp + +Additional build machines may be added @i{via} the @code{guix-extension} +mechanism (see below). + @item @code{extra-options} (default: @code{'()}) List of extra command-line options for @command{guix-daemon}. @@ -19296,7 +19326,6 @@ Base Services @end deftp @deftp {Data Type} guix-extension - This data type represents the parameters of the Guix build daemon that are extendable. This is the type of the object that must be used within a guix service extension. @@ -19309,6 +19338,16 @@ Base Services @item @code{substitute-urls} (default: @code{'()}) A list of strings where each element is a substitute URL. +@item @code{build-machines} (default: @code{'()}) +A list of gexps that evaluate to @code{build-machine} records +(@pxref{Daemon Offload Setup}). + +Using this field, a service may add new build machines to receive builds +offloaded by the daemon. This is useful for a service such as +@code{hurd-vm-service-type}, which can make a GNU/Hurd virtual machine +directly usable for offloading (@pxref{hurd-vm, +@code{hurd-vm-service-type}}). + @item @code{chroot-directories} (default: @code{'()}) A list of file-like objects or strings pointing to additional directories the build daemon can use. @end table @@ -35650,6 +35689,7 @@ Virtualization Services @end deftp +@anchor{hurd-vm} @subsubheading The Hurd in a Virtual Machine @cindex @code{hurd} diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 10e0d4cf9d..98d59fd36d 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1743,6 +1743,31 @@ (define %default-authorized-guix-keys (list (file-append guix "/share/guix/berlin.guix.gnu.org.pub") (file-append guix "/share/guix/bordeaux.guix.gnu.org.pub"))) +(define (guix-machines-files-installation machines) + "Return a gexp to install MACHINES, a list of gexps, as +/etc/guix/machines.scm, which is used for offloading." + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (define machines-file + "/etc/guix/machines.scm") + + ;; If MACHINES-FILE already exists, move it out of the way. + ;; Create a backup if it's a regular file: it's likely that the + ;; user manually updated it. + (if (file-exists? machines-file) + (if (and (symbolic-link? machines-file) + (store-file-name? (readlink machines-file))) + (delete-file machines-file) + (rename-file machines-file + (string-append machines-file ".bak"))) + (mkdir-p (dirname machines-file))) + + ;; Installed the declared machines file. + (symlink #+(scheme-file "machines.scm" machines) + machines-file)))) + (define-record-type* guix-configuration make-guix-configuration guix-configuration? @@ -1780,6 +1805,8 @@ (define-record-type* (default #f)) (tmpdir guix-tmpdir ;string | #f (default #f)) + (build-machines guix-build-machines ;list of gexps | #f + (default #f)) (environment guix-configuration-environment ;list of strings (default '()))) @@ -1965,8 +1992,15 @@ (define (guix-activation config) (system* #$(file-append guix "/bin/guix") "archive" "--generate-key")) + ;; Optionally install /etc/guix/acl... #$(if authorize-key? (substitute-key-authorization authorized-keys guix) + #~#f) + + ;; ... and /etc/guix/machines.scm. + #$(if (guix-build-machines config) + (guix-machines-files-installation + #~(list #$@(guix-build-machines config))) #~#f)))) (define-record-type* @@ -1976,6 +2010,8 @@ (define-record-type* (default '())) (substitute-urls guix-extension-substitute-urls ;list of strings (default '())) + (build-machines guix-extension-build-machines ;list of gexps + (default '())) (chroot-directories guix-extension-chroot-directories ;list of file-like/strings (default '()))) @@ -1985,6 +2021,8 @@ (define (guix-extension-merge a b) (guix-extension-authorized-keys b))) (substitute-urls (append (guix-extension-substitute-urls a) (guix-extension-substitute-urls b))) + (build-machines (append (guix-extension-build-machines a) + (guix-extension-build-machines b))) (chroot-directories (append (guix-extension-chroot-directories a) (guix-extension-chroot-directories b))))) @@ -2008,6 +2046,11 @@ (define guix-service-type (guix-configuration-authorized-keys config))) (substitute-urls (append (guix-extension-substitute-urls extension) (guix-configuration-substitute-urls config))) + (build-machines + (and (or (guix-build-machines config) + (pair? (guix-extension-build-machines extension))) + (append (or (guix-build-machines config) '()) + (guix-extension-build-machines extension)))) (chroot-directories (append (guix-extension-chroot-directories extension) (guix-configuration-chroot-directories config)))))) -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:55:12 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:12 +0000 Received: from localhost ([127.0.0.1]:35591 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgd-0005h3-L4 for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41108) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgM-0005eI-5A for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:54 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg6-0007nH-8U; Fri, 22 Sep 2023 08:54:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=F8/ITNybdKENRcRhPNVo7d37tSrUe4l7QUIGWPatBPc=; b=Sq+6AsE2Lj+i33o1BBfm m0l5bSfMIeDGm5U0veBnWCoNljRyxFDvK18vGExQqd2Ii44Ui1C/uXlvKyuq3Pn2sIjSrivJmLiWd jOZIdj8K46Ro3RHtF4Aj6hoxI2tadvDrbO2wARkP2nd/aJIJB9YmAVriO+RhRvDDVCZ/lNSFJtJyF sTzm+uaKCWW8mIyvvEPbe5aNaeFM21XM0HFSxXJTGEJ9pruWYYF90RBitr/WWHLxAxFPIFEMTEB/J h9qD1z7UxcPrtaofgyXdskpRvxABg8Jn3CaVAF4DM1qnDEnW9ldDm3dAX3hM6lmkgNPLPFgvf43Yt +99g+tux90P8rg==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 07/12] =?UTF-8?q?services:=20childhurd:=20Authorize=20the?= =?UTF-8?q?=20childhurd=E2=80=99s=20key=20on=20the=20host.?= Date: Fri, 22 Sep 2023 14:54:08 +0200 Message-ID: <0f2ebabd36558e2f660e4f1037a3c0a7f77f53d5.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This partly automates setting up a childhurd for offloading purposes. * gnu/services/virtualization.scm (authorize-guest-substitutes-on-host): New procedure. (hurd-vm-activation): Use it. --- gnu/services/virtualization.scm | 51 ++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index fd153dd051..ca000f5d28 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -28,6 +28,7 @@ (define-module (gnu services virtualization) #:use-module (gnu image) #:use-module (gnu packages admin) #:use-module (gnu packages gdb) + #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu packages package-management) #:use-module (gnu packages ssh) #:use-module (gnu packages virtualization) @@ -50,6 +51,7 @@ (define-module (gnu services virtualization) #:use-module (guix records) #:use-module (guix store) #:use-module (guix utils) + #:autoload (guix self) (make-config.scm) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -1271,6 +1273,50 @@ (define (initialize-hurd-vm-substitutes) (program-file "initialize-hurd-vm-substitutes" run)) +(define (authorize-guest-substitutes-on-host) + "Return a program that authorizes the guest's archive signing key (passed as +an argument) on the host." + (define not-config? + (match-lambda + ('(guix config) #f) + (('guix _ ...) #t) + (('gnu _ ...) #t) + (_ #f))) + + (define run + (with-extensions (list guile-gcrypt) + (with-imported-modules `(((guix config) => ,(make-config.scm)) + ,@(source-module-closure + '((guix pki) + (guix build utils)) + #:select? not-config?)) + #~(begin + (use-modules (ice-9 match) + (ice-9 textual-ports) + (gcrypt pk-crypto) + (guix pki) + (guix build utils)) + + (match (command-line) + ((_ guest-config-directory) + (let ((guest-key (string-append guest-config-directory + "/signing-key.pub"))) + (if (file-exists? guest-key) + ;; Add guest key to the host's ACL. + (let* ((key (string->canonical-sexp + (call-with-input-file guest-key + get-string-all))) + (acl (public-keys->acl + (cons key (acl->public-keys (current-acl)))))) + (with-atomic-file-replacement %acl-file + (lambda (_ port) + (write-acl acl port)))) + (format (current-error-port) + "warning: guest key missing from '~a'~%" + guest-key))))))))) + + (program-file "authorize-guest-substitutes-on-host" run)) + (define (hurd-vm-activation config) "Return a gexp to activate the Hurd VM according to CONFIG." (with-imported-modules '((guix build utils)) @@ -1294,7 +1340,10 @@ (define (hurd-vm-activation config) (unless (file-exists? guix-directory) (invoke #$(initialize-hurd-vm-substitutes) - guix-directory))))) + guix-directory)) + + ;; Authorize the archive signing key from GUIX-DIRECTORY in the host. + (invoke #$(authorize-guest-substitutes-on-host) guix-directory)))) (define hurd-vm-service-type (service-type -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:55:13 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:13 +0000 Received: from localhost ([127.0.0.1]:35593 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfge-0005hC-EH for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50938) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005ej-UI for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg8-0007oC-Vp; Fri, 22 Sep 2023 08:54:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=OcHqeEYET742kbyA1nLhJB1CYXuKwjrA2DAtXQyIPAs=; b=E3Y0GPepdhAPV5LLeAdr nomQFxgIAydN+VXhEyFT75pLqvIAMcCCo/u8154o6lnVIetAqCosrpag2Nnyi3oAJPrqL3DgXG9d/ GDDDXf1EfV6VU7bEBIOZF5x+ko7N2c0oqVr6YdF/8z9ESLVpZCgsZsFY0B7Nj40UchtDM3p4GMkxL HLs0KRoCrWzE8hYoJcD8oizEPb+pL43TENBqBOksyfUpqaMBckWkmGdmIwBAYHkEKLAzU+DbY2Dzk as7DikVb0EjakpmRGLHRIflv3ngTmpMNi1PEdh+YCh0FLNh9AsVirczeqG6sVBRvbkmbz1KyT6yXt 2jf74csk2n/obw==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 10/12] services: hurd-vm: Disable password-based authentication for root. Date: Fri, 22 Sep 2023 14:54:11 +0200 Message-ID: <6e196f23d37629348018a5e63b9701998c7453e5.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) With offloading to a childhurd is enabled, allowing password-less root login in the childhurd to anyone amounts to providing write access to the host’s store to anyone. Thus, disable password-based root logins in the childhurd. * gnu/services/virtualization.scm (%hurd-vm-operating-system): Change ‘permit-root-login’ to 'prohibit-password. * gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’ field for ‘hurd-vm-configuration’. * doc/guix.texi (Virtualization Services): Remove mention of password-less root login. --- doc/guix.texi | 5 ----- gnu/services/virtualization.scm | 2 +- gnu/tests/virtualization.scm | 15 ++++++++++++++- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 472e2e0958..95f29a2d19 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35718,11 +35718,6 @@ Virtualization Services The default configuration (see @code{hurd-vm-configuration} below) spawns a secure shell (SSH) server in your GNU/Hurd system, which QEMU (the virtual machine emulator) redirects to port 10222 on the host. -Thus, you can connect over SSH to the childhurd with: - -@example -ssh root@@localhost -p 10022 -@end example The childhurd is volatile and stateless: it starts with a fresh root file system every time you restart it. By default though, all the files diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 258b503461..930c2ce702 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1080,7 +1080,7 @@ (define %hurd-vm-operating-system (openssh-configuration (openssh openssh-sans-x) (use-pam? #f) - (permit-root-login #t) + (permit-root-login 'prohibit-password) (allow-empty-passwords? #t) (password-authentication? #t))) diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 9e7928703e..599e58edf0 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -31,6 +31,7 @@ (define-module (gnu tests virtualization) #:use-module (gnu services) #:use-module (gnu services dbus) #:use-module (gnu services networking) + #:use-module (gnu services ssh) #:use-module (gnu services virtualization) #:use-module (gnu packages ssh) #:use-module (gnu packages virtualization) @@ -228,7 +229,19 @@ (define %test-qemu-guest-agent (define %childhurd-os (simple-operating-system (service dhcp-client-service-type) - (service hurd-vm-service-type))) + (service hurd-vm-service-type + (hurd-vm-configuration + ;; Allow root login with an empty password to simplify the test + ;; below. + (os (operating-system + (inherit %hurd-vm-operating-system) + (services + (modify-services (operating-system-user-services + %hurd-vm-operating-system) + (openssh-service-type + config => (openssh-configuration + (inherit config) + (permit-root-login #t))))))))))) (define (run-childhurd-test) (define os -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:55:28 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:28 +0000 Received: from localhost ([127.0.0.1]:35595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgf-0005hM-BK for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50932) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005ei-UI for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg8-0007oA-30; Fri, 22 Sep 2023 08:54:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=zVxSiWmiS2cjF7P9JxuvGUvSz261vLrhyVQvNxIQH74=; b=BhclJqNVPcIFSuLwaqJ/ KBhzokKielDRZNsZlSqNSqlUhclqfccZzbVJjtmcBwi6yWRRTIorgy+mt+rNwg34lIoRwfDzwIgXm 37bY7yCcYfHscwPCWWuJC8Abzc4QB0vl+ogLf/QiH8HT9hV18UlSfHoJMi8j1h4eMzgc6UNy0k/Bw aSVrdjyyDB6VgguHRR1ZQRZ9k5mZPCc/yNpxtKkoNyt4ms6MRqJS9XCFYPqW/oNIjYn3u+66EFRTX BNRZ2Q36CbRz9KIi3eV4McBXv6LzYhZ/valnFbafEAVkNgdG3X/pR6NNzFpLmlG7SNNNYLDD/9MWc F6xAGPcuOPqPdQ==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 09/12] tests: hurd-vm: Remove custom disk image configuration. Date: Fri, 22 Sep 2023 14:54:10 +0200 Message-ID: <9dfb8d083002c9f6a6252a13a422420dc9c8ab73.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This was added in 18e76f89055f25f015fadb7c999b410f38a88cc6. Presumably, the problem was that using compressed QCOW2 images makes the childhurd slower, so it’s eventually marked as failing to start. By enabling KVM inside the Guix System VM, we allow the childhurd to run on KVM, which compensates the slowdown due to the use of a compressed image. * gnu/tests/virtualization.scm (hurd-vm-disk-image-raw): Remove. (%childhurd-os): Use default config for ‘hurd-vm-service-type’. (run-childhurd-test)[test]: Pass “-cpu host” to the run-vm script. --- gnu/tests/virtualization.scm | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 41253968e9..9e7928703e 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -225,23 +225,10 @@ (define %test-qemu-guest-agent ;;; GNU/Hurd virtual machines, aka. childhurds. ;;; -;; Copy of `hurd-vm-disk-image', using plain disk-image for test -(define (hurd-vm-disk-image-raw config) - (let ((os ((@@ (gnu services virtualization) secret-service-operating-system) - (hurd-vm-configuration-os config))) - (disk-size (hurd-vm-configuration-disk-size config))) - (image - (inherit hurd-disk-image) - (format 'disk-image) - (size disk-size) - (operating-system os)))) - (define %childhurd-os (simple-operating-system (service dhcp-client-service-type) - (service hurd-vm-service-type - (hurd-vm-configuration - (image (hurd-vm-disk-image-raw this-record)))))) + (service hurd-vm-service-type))) (define (run-childhurd-test) (define os @@ -292,7 +279,10 @@ (define (run-childhurd-test) (ice-9 match)) (define marionette - (make-marionette (list #$vm))) + ;; Emulate the host CPU so that KVM is available inside as well + ;; ("nested KVM"), provided + ;; /sys/module/kvm_intel/parameters/nested (or similar) allows it. + (make-marionette (list #$vm "-cpu" "host"))) (test-runner-current (system-test-runner #$output)) (test-begin "childhurd") -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:55:29 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:29 +0000 Received: from localhost ([127.0.0.1]:35597 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgu-0005ho-IU for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50940) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgP-0005el-Rh for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg9-0007oT-Tj; Fri, 22 Sep 2023 08:54:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=pUjrXJUX9eKGtGm587eZct8sK4fKXFTJ2Xtdr9fLHro=; b=RkZADcjAvy/8WGhG2FXe EwR9lUuCLcH3RYFJOW8MMZw7NNcmbqwYrmyQ4riSCaQtZhubpGXM5f6HHP1Myf2IaSnz/cxsYrrze 3LWpoyDUlFPSXMugrmtcpURTsN3wJJTZMyOlljFoLQSFCaXNQeqFvAgyJ+g3D2DIHlWcxHpvwfU8r rW2EVu9xJ5LygRyMGxozkkcZDxBM5qUzXNPQmTiw84fWwuFFiUy3y9OLbqVodriIO2MA9DGV6Pgpz 3aQQGo0dAuUtfkurdX3JyorVtRDzqYup3CFmqe3yCgON3/V8X3Y+VH5mWjrNBm6Wm+zF2VjLecJGf 194M3ZN5hBueNg==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 11/12] doc: Give an example showing how to add an account in the childhurd. Date: Fri, 22 Sep 2023 14:54:12 +0200 Message-ID: <1968705cf32f300e0874c69284c8222386d9dbc4.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * doc/guix.texi (Virtualization Services): Give an example showing how to add an account. --- doc/guix.texi | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 95f29a2d19..53b0ebd1db 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35727,6 +35727,57 @@ Virtualization Services substitute keys, and so on---see the explanation of @code{secret-root} below. +You will probably find it useful to create an account for you in the +GNU/Hurd virtual machine and to authorize logins with your SSH key. To +do that, you can define the GNU/Hurd system in the usual way +(@pxref{Using the Configuration System}), and then pass that operating +system as the @code{os} field of @code{hurd-vm-configuration}, as in +this example: + +@lisp +(define childhurd-os + ;; Definition of my GNU/Hurd system, derived from the default one. + (operating-system + (inherit %hurd-vm-operating-system) + + ;; Add a user account. + (users (cons (user-account + (name "charlie") + (comment "This is me!") + (group "users") + (supplementary-groups '("wheel"))) ;for 'sudo' + %base-user-accounts)) + + (services + ;; Modify the SSH configuration to allow login as "root" + ;; and as "charlie" using public key authentication. + (modify-services (operating-system-user-services + %hurd-vm-operating-system) + (openssh-service-type + config => (openssh-configuration + (inherit config) + (authorized-keys + `(("root" + ,(local-file + "/home/charlie/.ssh/id_rsa.pub")) + ("charlie" + ,(local-file + "/home/charlie/.ssh/id_rsa.pub")))))))))) + +(operating-system + ;; @dots{} + (services + ;; Add the 'hurd-vm' service, configured to use the + ;; operating system configuration above. + (append (list (service hurd-vm-service-type + (hurd-vm-configuration + (os %childhurd-os)))) + %base-services))) +@end lisp + +That's it! The remainder of this section provides the reference of the +service configuration. + @defvar hurd-vm-service-type This is the type of the Hurd in a Virtual Machine service. Its value must be a @code{hurd-vm-configuration} object, which specifies the -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:55:30 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:30 +0000 Received: from localhost ([127.0.0.1]:35599 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgv-0005hw-BG for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41118) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgN-0005ea-3S for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg7-0007nW-65; Fri, 22 Sep 2023 08:54:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=tyLy0lQfDi/ivo0oyExa9j0PWTGiBCNaTJYJKER3804=; b=q/iw6oOuAUDlMmKrZoO4 sGE2gV+Pm8lmgZTEM0kIT4PsaCAOCPFB24+2zaFk0zBxou1hKkEMJmYvrLJk9d/eDc1X3wARboYNQ sSJc1RysM23KvPL13AsrP5LLZchXl6JO8Y7Qmra5VF40FNHyNEHZHyVMW0/YuEKjtJP32wkPqifxS WQItxJshE8QQtsSR+Pz1hdisD6sPmLT50Gbx0tyjq91KJEsKXhBbfo7aeGaEko1Xgcyzsp1+DcpaI S51mLvM6S0/n2ZISH6ZaAMwQBmVDrmgoGdprS6yHA0CkQWyuGDPIXBy7iMnPor1hx/dh03kvknyTg mqzebjM+4uWz8g==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 08/12] =?UTF-8?q?services:=20hurd-vm:=20=E2=80=98image?= =?UTF-8?q?=E2=80=99=20field=20has=20to=20be=20an=20=20record.?= Date: Fri, 22 Sep 2023 14:54:09 +0200 Message-ID: <5140f6c61c7b377f97b6ff5d85ae31931c9f9b24.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/services/virtualization.scm ()[image]: Document as being an record. (hurd-vm-disk-image): Remove call to ‘system-image’. (hurd-vm-shepherd-service): Add call to ‘system-image’. * gnu/tests/virtualization.scm (hurd-vm-disk-image-raw): Remove call to ‘system-image’. * doc/guix.texi (Virtualization Services): Adjust accordingly. --- doc/guix.texi | 4 ++-- gnu/services/virtualization.scm | 9 ++++----- gnu/tests/virtualization.scm | 11 +++++------ 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index ca48d6c404..472e2e0958 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35766,8 +35766,8 @@ Virtualization Services The QEMU package to use. @item @code{image} (default: @var{hurd-vm-disk-image}) -The procedure used to build the disk-image built from this -configuration. +The image object representing the disk image of this virtual machine +(@pxref{System Images}). @item @code{disk-size} (default: @code{'guess}) The size of the disk image. diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index ca000f5d28..258b503461 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1101,7 +1101,7 @@ (define-record-type* (default %hurd-vm-operating-system)) (qemu hurd-vm-configuration-qemu ;file-like (default qemu-minimal)) - (image hurd-vm-configuration-image ;string + (image hurd-vm-configuration-image ; (thunked) (default (hurd-vm-disk-image this-record))) (disk-size hurd-vm-configuration-disk-size ;number or 'guess @@ -1126,9 +1126,8 @@ (define (hurd-vm-disk-image config) (disk-size (hurd-vm-configuration-disk-size config)) (type (lookup-image-type-by-name 'hurd-qcow2)) (os->image (image-type-constructor type))) - (system-image - (image (inherit (os->image os)) - (size disk-size))))) + (image (inherit (os->image os)) + (size disk-size)))) (define (hurd-vm-port config base) "Return the forwarded vm port for this childhurd config." @@ -1170,7 +1169,7 @@ (define (hurd-vm-shepherd-service config) "-m" (number->string #$memory-size) #$@net-options #$@options - "--hda" #+image + "--hda" #+(system-image image) ;; Cause the service to be respawned if the guest ;; reboots (it can reboot for instance if it did not diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 73c8099b79..41253968e9 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -230,12 +230,11 @@ (define (hurd-vm-disk-image-raw config) (let ((os ((@@ (gnu services virtualization) secret-service-operating-system) (hurd-vm-configuration-os config))) (disk-size (hurd-vm-configuration-disk-size config))) - (system-image - (image - (inherit hurd-disk-image) - (format 'disk-image) - (size disk-size) - (operating-system os))))) + (image + (inherit hurd-disk-image) + (format 'disk-image) + (size disk-size) + (operating-system os)))) (define %childhurd-os (simple-operating-system -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 08:55:30 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:31 +0000 Received: from localhost ([127.0.0.1]:35601 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgw-0005i3-0m for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50948) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgQ-0005er-Nt for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfgA-0007ol-RG; Fri, 22 Sep 2023 08:54:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=maO3OuiPFv95+j8j3MSQsCmAerMER+/gdIg9As0d1Eo=; b=N/ICV8ilWfWMosQViGqy RKvvronwNqqfVyz5ojNDUpdaIKhfFraoeR2TDQk1LW5WcPuEQzbWYJ4E0ZI+oipHJbMsPJVqvOen9 01sgwWRZxOHvEGrrq62jZ+cq38Dfrs4fT7Z+as+Ml2vFvxCwJ/Y3Qdf0NNxUFCpN56K9cb/kiRwBF OlnVnzP5Zn8qla7KrRqrqhimuETOPyt/cPw1+CoJQ7eCETbv5ms4tzXKTPLgniLxYhuOd6LjS+i/k b5xff3pkZ/Q3itvM622GkCFFIORQUyBH5AZJ3AmfGnBJOUnNdlzjg4N8xaMZ4uC3oJzzLvBK6T1UC FuOw5w/2K8xKSQ==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 66156@debbugs.gnu.org Subject: [PATCH 12/12] services: hurd-vm: Implement zero-configuration offloading. Date: Fri, 22 Sep 2023 14:54:13 +0200 Message-ID: <9cbf81703f0f37606a30a19ce1fa30eb1a533feb.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This allows for zero-configuration offloading to a childhurd. * gnu/services/virtualization.scm (operating-system-with-offloading-account): New procedure. ()[offloading?]: New field. (hurd-vm-disk-image): Define ‘transform’ and use it. (hurd-vm-activation): Generate SSH key for user ‘offloading’ and add authorize it via /etc/childhurd/etc/ssh/authorized_keys.d. (hurd-vm-configuration-offloading-ssh-key) (hurd-vm-guix-extension): New procedures. (hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension. * gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New procedure. [os]: Add (gnu build install) and its closure to #:import-modules. [test]: Add “copy-on-write store” and “offloading” tests. * doc/guix.texi (Virtualization Services): Document it. --- doc/guix.texi | 71 +++++++++++++++---------- gnu/services/virtualization.scm | 92 +++++++++++++++++++++++++++++++-- gnu/tests/virtualization.scm | 38 +++++++++++++- 3 files changed, 169 insertions(+), 32 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 53b0ebd1db..35da58e59f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35718,6 +35718,15 @@ Virtualization Services The default configuration (see @code{hurd-vm-configuration} below) spawns a secure shell (SSH) server in your GNU/Hurd system, which QEMU (the virtual machine emulator) redirects to port 10222 on the host. +By default, the service enables @dfn{offloading} such that the host +@code{guix-daemon} automatically offloads GNU/Hurd builds to the +childhurd (@pxref{Daemon Offload Setup}). This is what happens when +running a command like the following one, where @code{i586-gnu} is the +system type of 32-bit GNU/Hurd: + +@example +guix build emacs-minimal -s i586-gnu +@end example The childhurd is volatile and stateless: it starts with a fresh root file system every time you restart it. By default though, all the files @@ -35851,6 +35860,41 @@ Virtualization Services @var{vnc-port}: @code{(+ 15900 (* 1000 @var{ID}))} @end example +@cindex childhurd, offloading +@cindex Hurd, offloading +@item @code{offloading?} (default: @code{#t}) +Whether to automatically set up offloading of builds to the childhurd. + +When enabled, this lets you run GNU/Hurd builds on the host and have +them transparently offloaded to the VM, for instance when running a +command like this: + +@example +guix build coreutils -s i586-gnu +@end example + +This option automatically sets up offloading like so: + +@enumerate +@item +Authorizing the childhurd's key on the host so that the host accepts +build results coming from the childhurd, which can be done like so +(@pxref{Invoking guix archive, @command{guix archive --authorize}}, for +more on that). + +@item +Creating a user account called @code{offloading} dedicated to offloading +in the childhurd. + +@item +Creating an SSH key pair on the host and making it an authorized key of +the @code{offloading} account in the childhurd. + +@item +Adding the childhurd to @file{/etc/guix/machines.scm} (@pxref{Daemon +Offload Setup}). +@end enumerate + @item @code{secret-root} (default: @file{/etc/childhurd}) The root directory with out-of-band secrets to be installed into the childhurd once it runs. Childhurds are volatile which means that on @@ -35868,38 +35912,13 @@ Virtualization Services /etc/childhurd/etc/guix/acl /etc/childhurd/etc/guix/signing-key.pub /etc/childhurd/etc/guix/signing-key.sec +/etc/childhurd/etc/ssh/authorized_keys.d/offloading /etc/childhurd/etc/ssh/ssh_host_ed25519_key /etc/childhurd/etc/ssh/ssh_host_ecdsa_key /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub @end example -These files are automatically sent to the guest Hurd VM when it boots, -including permissions. - -@cindex childhurd, offloading -@cindex Hurd, offloading -Having these files in place means that only a couple of things are -missing to allow the host to offload @code{i586-gnu} builds to the -childhurd: - -@enumerate -@item -Authorizing the childhurd's key on the host so that the host accepts -build results coming from the childhurd, which can be done like so: - -@example -guix archive --authorize < \ - /etc/childhurd/etc/guix/signing-key.pub -@end example - -@item -Adding the childhurd to @file{/etc/guix/machines.scm} (@pxref{Daemon -Offload Setup}). -@end enumerate - -We're working towards making that happen automatically---get in touch -with us at @email{guix-devel@@gnu.org} to discuss it! @end table @end deftp diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 930c2ce702..076eca7ea2 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -27,6 +27,7 @@ (define-module (gnu services virtualization) #:use-module (gnu bootloader grub) #:use-module (gnu image) #:use-module (gnu packages admin) + #:use-module (gnu packages bash) #:use-module (gnu packages gdb) #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu packages package-management) @@ -52,6 +53,7 @@ (define-module (gnu services virtualization) #:use-module (guix store) #:use-module (guix utils) #:autoload (guix self) (make-config.scm) + #:autoload (guix platform) (platform-system) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -1063,6 +1065,26 @@ (define (secret-service-operating-system os) ;;; The Hurd in VM service: a Childhurd. ;;; +(define (operating-system-with-offloading-account os) + (define accounts + (list (user-group + (name "offloading") + (system? #t)) + (user-account + (name "offloading") + (group "offloading") + (system? #t) + (comment "Offloading privilege separation user") + (home-directory "/var/run/offloading") + (shell (file-append bash-minimal "/bin/sh"))))) + + (operating-system + (inherit os) + (services (cons (simple-service 'offloading-account + account-service-type + accounts) + (operating-system-user-services os))))) + (define %hurd-vm-operating-system (operating-system (inherit %hurd-default-operating-system) @@ -1115,14 +1137,21 @@ (define-record-type* (net-options hurd-vm-configuration-net-options ;list of string (thunked) (default (hurd-vm-net-options this-record))) + (offloading? hurd-vm-configuration-offloading? ;Boolean + (default #t)) (secret-root hurd-vm-configuration-secret-root ;string (default "/etc/childhurd"))) (define (hurd-vm-disk-image config) "Return a disk-image for the Hurd according to CONFIG. The secret-service is added to the OS specified in CONFIG." - (let* ((os (secret-service-operating-system - (hurd-vm-configuration-os config))) + (define transform + (compose secret-service-operating-system + (if (hurd-vm-configuration-offloading? config) + operating-system-with-offloading-account + identity))) + + (let* ((os (transform (hurd-vm-configuration-os config))) (disk-size (hurd-vm-configuration-disk-size config)) (type (lookup-image-type-by-name 'hurd-qcow2)) (os->image (image-type-constructor type))) @@ -1331,18 +1360,71 @@ (define (hurd-vm-activation config) (define guix-directory (string-append secret-directory "/etc/guix")) + (define offloading-ssh-key + #$(hurd-vm-configuration-offloading-ssh-key config)) + (unless (file-exists? ssh-directory) ;; Generate SSH host keys under SSH-DIRECTORY. (mkdir-p ssh-directory) (invoke #$(file-append openssh "/bin/ssh-keygen") "-A" "-f" secret-directory)) + (unless (or (not #$(hurd-vm-configuration-offloading? config)) + (file-exists? offloading-ssh-key)) + ;; Generate a user SSH key pair for the host to use when offloading + ;; to the guest. + (mkdir-p (dirname offloading-ssh-key)) + (invoke #$(file-append openssh "/bin/ssh-keygen") + "-t" "ed25519" "-N" "" + "-f" offloading-ssh-key) + + ;; Authorize it in the guest for user 'offloading'. + (let ((authorizations + (string-append ssh-directory + "/authorized_keys.d/offloading"))) + (mkdir-p (dirname authorizations)) + (copy-file (string-append offloading-ssh-key ".pub") + authorizations) + (chmod (dirname authorizations) #o555))) + (unless (file-exists? guix-directory) (invoke #$(initialize-hurd-vm-substitutes) guix-directory)) - ;; Authorize the archive signing key from GUIX-DIRECTORY in the host. - (invoke #$(authorize-guest-substitutes-on-host) guix-directory)))) + (when #$(hurd-vm-configuration-offloading? config) + ;; Authorize the archive signing key from GUIX-DIRECTORY in the host. + (invoke #$(authorize-guest-substitutes-on-host) guix-directory))))) + +(define (hurd-vm-configuration-offloading-ssh-key config) + "Return the name of the file containing the SSH key of user 'offloading'." + (string-append "/etc/guix/offload/ssh/childhurd" + (or (and=> (hurd-vm-configuration-id config) + number->string) + ""))) + +(define (hurd-vm-guix-extension config) + "When offloading is enabled, add this childhurd to the list of offlading +machines in /etc/guix/machines.scm." + (if (hurd-vm-configuration-offloading? config) + (let* ((image (hurd-vm-configuration-image config)) + (platform (image-platform image)) + (system (platform-system platform)) + (vm-ssh-key (string-append + (hurd-vm-configuration-secret-root config) + "/etc/ssh/ssh_host_ed25519_key.pub")) + (host-ssh-key (hurd-vm-configuration-offloading-ssh-key config))) + (guix-extension + (build-machines + (list #~(build-machine + (name "localhost") + (port #$(hurd-vm-port config %hurd-vm-ssh-port)) + (systems '(#$system)) + (host-key (call-with-input-file #$vm-ssh-key + (@ (ice-9 textual-ports) + get-string-all))) + (user "offloading") + (private-key #$host-ssh-key)))))) + (guix-extension))) (define hurd-vm-service-type (service-type @@ -1351,6 +1433,8 @@ (define hurd-vm-service-type hurd-vm-shepherd-service) (service-extension account-service-type (const %hurd-vm-accounts)) + (service-extension guix-service-type + hurd-vm-guix-extension) (service-extension activation-service-type hurd-vm-activation))) (default-value (hurd-vm-configuration)) diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 599e58edf0..b79164737b 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -38,6 +38,7 @@ (define-module (gnu tests virtualization) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix store) + #:use-module (guix modules) #:export (%test-libvirt %test-qemu-guest-agent %test-childhurd)) @@ -244,11 +245,19 @@ (define %childhurd-os (permit-root-login #t))))))))))) (define (run-childhurd-test) + (define (import-module? module) + ;; This module is optional and depends on Guile-Gcrypt, do skip it. + (and (guix-module-name? module) + (not (equal? module '(guix store deduplication))))) + (define os (marionette-operating-system %childhurd-os - #:imported-modules '((gnu services herd) - (guix combinators)))) + #:imported-modules (source-module-closure + '((gnu services herd) + (guix combinators) + (gnu build install)) + #:select? import-module?))) (define vm (virtual-machine @@ -373,6 +382,31 @@ (define (run-childhurd-test) (pk 'drv (string-trim-right drv))) drv))) + (test-assert "copy-on-write store" + ;; Set up a writable store. The root partition is already an + ;; overlayfs, which is not suitable as the bottom part of this + ;; additional overlayfs; thus, create a tmpfs for the backing + ;; store. + ;; TODO: Remove this when creates a writable + ;; store. + (marionette-eval + '(begin + (use-modules (gnu build install) + (guix build syscalls)) + + (mkdir "/run/writable-store") + (mount "none" "/run/writable-store" "tmpfs") + (mount-cow-store "/run/writable-store" "/backing-store") + (system* "df" "-hT")) + marionette)) + + (test-equal "offloading" + 0 + (marionette-eval + '(and (file-exists? "/etc/guix/machines.scm") + (system* "guix" "offload" "test")) + marionette)) + (test-end)))) (gexp->derivation "childhurd-test" test)) -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 10:07:51 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 14:07:51 +0000 Received: from localhost ([127.0.0.1]:37028 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjgox-00025s-5E for submit@debbugs.gnu.org; Fri, 22 Sep 2023 10:07:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37846) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjgos-00025T-2k for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 10:07:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjgoZ-000804-CF; Fri, 22 Sep 2023 10:07:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=CWY3aIAOoKTkCEKPfe8N8ug+RJIqQPhHFkY5wyXgcfE=; b=NgTfG1lHG9Izn2cIYyfZ Hn4V6zWay6kRmtHtZzFyQIAGMKpMMrYC1Yj2kRFqG8kx1hl21EcxZoEnBbS2t8bgawnOpmts8yNqD ROs17Pvcq9ZnQvrD2kjORD8UhGRoxT/A9wX2aqZOXxC/JNQTXmCcB4fZi8N0fBpZ6dEMYuVK9I3zM b5OfTwyu0sy2g2NVPdvaafvqpOX3bTezN+jq4BqsflqPvinkNhHIso26caXUZK7tL/5NTa3Iol0NR EXuos3pN8awwrFwP9D7SvKGaNz4kei66oUQ5MVlynPn+bpnqqr9ur6c3oxrZBXN9vFiB0/Va5zQpg PL4B/LT8dKtfOA==; From: Janneke Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [PATCH 00/12] Introducing Smart Hurdloading Organization: AvatarAcademy.nl References: X-Url: http://AvatarAcademy.nl Date: Fri, 22 Sep 2023 16:07:13 +0200 In-Reply-To: ("Ludovic =?utf-8?Q?Court?= =?utf-8?Q?=C3=A8s=22's?= message of "Fri, 22 Sep 2023 14:52:27 +0200") Message-ID: <87v8c2gv3i.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: Josselin Poiret , 66156@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hi Ludo, > This patch series, my friends, sets up Smart Hurdloading=E2=84=A2, someti= mes > referred to as =E2=80=9CHurd auto-offloading=E2=80=9D. (Yeah I worked ha= rd on branding=E2=80=A6) > > Concretely, if you add (service hurd-vm-service-type), you can now run: > > guix build libreoffice -s i586-gnu Beautiful! I'm wondering how this works wrt disk size; the default is still 'guess? In my childhurds I have (hurd-vm-configuration .. (disk-size (* 16 1024 (expt 2 20))) ;16GiB which is pretty cheap now that we have qcow2. I'm not sure how expensive it is to set memory-size if you don't use it? > The series is a bit of a potpourri: I fixed Hurd issues here and there > (currently offloading to a childhurd doesn=E2=80=99t work on =E2=80=98mas= ter=E2=80=99, because > of the locale issue, for instance), improved documentation, etc. I also > took a couple of long detours not shown here that might lead to further > improvements in the future. That's great, very nice. And quite understandable afaic, the hurd-team branch has also been quite a mixed set of work. > My goal is to extend this mechanism beyond the Hurd, to have a generic > mechanism to spin up Guix System VMs we can easily offload to. > > Thoughts? I'm wondering if there is a way to/if we need a way to set the default priority of the childhurd. I'm usually offloading to another machine's childhurd and will probably want to prioritize that when I'm at home. (Making a copy of /etc/guix/machines.scm and editing that as required would probably mork for me.) I've added this patch set to the hurd-team branch and am testing it now. The only thing I found without testing: > Subject: [bug#66156] [PATCH 06/12] services: guix: Support declarative of= floading setup. > To: 66156@debbugs.gnu.org > Cc: Ludovic Court=C3=A8s > Date: Fri, 22 Sep 2023 14:54:07 +0200 (44 minutes, 21 seconds ago) > Resent-From: Ludovic Court=C3=A8s >=20 > * gnu/services/base.scm (guix-machines-files-installation): New > procedure. > ()[build-machines]: New field. > (guix-activation): Call =E2=80=98 guix-machines-files-installation=E2=80= =99. ^ Remove space. Thanks for this amazing piece of work and bug-fixing! Greetings, Janneke --=20 Janneke Nieuwenhuizen | GNU LilyPond https://LilyPond.org Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade= my.com From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 22 11:25:13 2023 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 15:25:13 +0000 Received: from localhost ([127.0.0.1]:37113 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qji1p-0004Ax-Fw for submit@debbugs.gnu.org; Fri, 22 Sep 2023 11:25:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33834) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qji1m-0004Af-Jd for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 11:25:11 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qji1W-0007Qj-K0; Fri, 22 Sep 2023 11:24:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=rgTeA0qc/GKQRY/5eC45p187UD957nKfF5YkAOIT8CY=; b=QD+xnG/50v9QV5tyWdj7 t+PkPLUK3qsARkQb6KIi6xDcsuVCyLwb1JmZWUgbHSkE6gfdn8JhcAwjpEK6tzrCvyegpudoNBoLy EICa+4ccqZetm/FdgDpUu82wbHbGTIZsQvO31lDMCUagBHX53Cf35bYBwzsmxt5s9dS+UR/0lSGFb 2B8fub2ep8aKIYAjDCcVUK6py5XZrLZgA+bwv7XH4RWs6fDhpozd+0Vor6mLT//r6p1QG/YuatjEx tDYbiPTehog0FmyNrPssJDNYMSIl9PHFtKKAvmvl+7R/vGRGrhSj96wo8pdtcYJqvGtY6/Q6hKGrX kdyFmFii/2vpYg==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Janneke Nieuwenhuizen Subject: Re: bug#66156: [PATCH 00/12] Introducing Smart Hurdloading References: <87v8c2gv3i.fsf@gnu.org> Date: Fri, 22 Sep 2023 17:24:51 +0200 In-Reply-To: <87v8c2gv3i.fsf@gnu.org> (Janneke Nieuwenhuizen's message of "Fri, 22 Sep 2023 16:07:13 +0200") Message-ID: <87sf769qnw.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: Josselin Poiret , 66156@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! Janneke Nieuwenhuizen skribis: > Beautiful! I'm wondering how this works wrt disk size; the default is > still 'guess? In my childhurds I have > > (hurd-vm-configuration > .. > (disk-size (* 16 1024 (expt 2 20))) ;16GiB > > which is pretty cheap now that we have qcow2. I'm not sure how > expensive it is to set memory-size if you don't use it? I guess setting =E2=80=98disk-size=E2=80=99 should still work (and as you w= rite: with QCOW2, it doesn=E2=80=99t cost much to ask for extra space, until you actua= lly use it); nothing has changed here. > I'm wondering if there is a way to/if we need a way to set the default > priority of the childhurd. I'm usually offloading to another machine's > childhurd and will probably want to prioritize that when I'm at home. Good question. Perhaps you could declare that other machine with a higher =E2=80=98speed=E2=80=99 value? Thanks for your feedback! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 23 09:45:11 2023 Received: (at 66156) by debbugs.gnu.org; 23 Sep 2023 13:45:11 +0000 Received: from localhost ([127.0.0.1]:38006 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qk2wZ-0006QM-8Y for submit@debbugs.gnu.org; Sat, 23 Sep 2023 09:45:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42480) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qk2wU-0006PQ-0b for 66156@debbugs.gnu.org; Sat, 23 Sep 2023 09:45:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qk2wC-0003TF-PA; Sat, 23 Sep 2023 09:44:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=XidxpeuXw1Gh0dBHgzFsbWPObuXo9JpBEPD7I7y7nuI=; b=TiXHAmGlctL9lPdMqPq+ SnrIKzmD50wIe4UIUsxyw7ncJOuBfNbSueHoeblUvY+1LhBSynkZNwXugLXdRWncB434hzQ5+XiiN ujpiB9TACUkLkF61C0H9sZIj8gpV24IK4EExo9OAR95qIlrtfWwS/o6UTEyB53e6JxaagogdosfCy NgE2pmeyZJ9vdKpRQyiAT1M1rTEDMwr/Cpao+6PSsfEgIRNJuxIN74tbuoh9GjHX5G6IzGLruagz4 MzZnfDTlu+3tqJOYHCIyLm4zwwIo/UIgJ7AKbYUOfoE9U36PyMnnuK42skMX1wsiRomNVIwQ8zZ1p 6d9M+KYlXGoN7A==; From: Janneke Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#66156: [PATCH 00/12] Introducing Smart Hurdloading Organization: AvatarAcademy.nl References: <87v8c2gv3i.fsf@gnu.org> <87sf769qnw.fsf_-_@gnu.org> X-Url: http://AvatarAcademy.nl Date: Sat, 23 Sep 2023 15:44:41 +0200 In-Reply-To: <87sf769qnw.fsf_-_@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s?= =?utf-8?Q?=22's?= message of "Fri, 22 Sep 2023 17:24:51 +0200") Message-ID: <8734z5f1h2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: Josselin Poiret , 66156@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hello! Okay, after overcoming completely unreleated troubles I finally managed to reconfigure a laptop to hurd-team to test it. It works great! > Janneke Nieuwenhuizen skribis: > >> Beautiful! I'm wondering how this works wrt disk size; the default is >> still 'guess? In my childhurds I have >> >> (hurd-vm-configuration >> .. >> (disk-size (* 16 1024 (expt 2 20))) ;16GiB >> >> which is pretty cheap now that we have qcow2. I'm not sure how >> expensive it is to set memory-size if you don't use it? > > I guess setting =E2=80=98disk-size=E2=80=99 should still work (and as you= write: with > QCOW2, it doesn=E2=80=99t cost much to ask for extra space, until you act= ually > use it); nothing has changed here. Yes, works beautifully. >> I'm wondering if there is a way to/if we need a way to set the default >> priority of the childhurd. I'm usually offloading to another machine's >> childhurd and will probably want to prioritize that when I'm at home. > > Good question. Perhaps you could declare that other machine with a > higher =E2=80=98speed=E2=80=99 value? That also works nicely. I found that by default, only root can offload. Is that intentional, how would that work? I changed permissions on `/etc/guix/offload/ssh/childhurd' like so --8<---------------cut here---------------start------------->8--- $ l /etc/guix/offload/ssh total 8 -rw-r--r-- 1 root root 93 Sep 23 14:47 childhurd.pub -rw-r----- 1 root wheel 399 Sep 23 14:47 childhurd --8<---------------cut here---------------end--------------->8--- to "fix" that. WDYT? Found another two commit message nitpicks > Subject: Re: [bug#66156] [PATCH 12/12] services: hurd-vm: Implement zero-= configuration offloading. [..] > > This allows for zero-configuration offloading to a childhurd. > > * gnu/services/virtualization.scm (operating-system-with-offloading-accou= nt): > New procedure. > ()[offloading?]: New field. > (hurd-vm-disk-image): Define =E2=80=98transform=E2=80=99 and use it. > (hurd-vm-activation): Generate SSH key for user =E2=80=98offloading=E2=80= =99 and add > authorize it via /etc/childhurd/etc/ssh/authorized_keys.d. Remove "add". > (hurd-vm-configuration-offloading-ssh-key) > (hurd-vm-guix-extension): New procedures. Rather use=20 (hurd-vm-configuration-offloading-ssh-key, hurd-vm-guix-extension): New procedures. ? Greetings, Janneke --=20 Janneke Nieuwenhuizen | GNU LilyPond https://LilyPond.org Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade= my.com From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 27 13:36:42 2023 Received: (at 66156) by debbugs.gnu.org; 27 Sep 2023 17:36:42 +0000 Received: from localhost ([127.0.0.1]:52445 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlYSn-0006Jo-LE for submit@debbugs.gnu.org; Wed, 27 Sep 2023 13:36:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37966) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlYSX-0006JM-CZ for 66156@debbugs.gnu.org; Wed, 27 Sep 2023 13:36:40 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlYSC-0002nw-2Z; Wed, 27 Sep 2023 13:36:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=NZJ03gqp4quDw3q+4yACqxH9l2hftGkAGDySYZsuPAU=; b=mMY7zDFjXzHW2X8S201G J6ixbxOkk4XkCvXAQRNwKpxsQG9SqPX0GIxUkTK5mDqHtyqW1jvR8NBfa/SzSCLu/w1WE8xbLgRDL taVybjwjtSwR1WhCnXyYvK+/RhDzvBjrq1pgqSukCeqS4of7sJFAZway2jPm37eupntEqzkLlQ/cV ex0E3rdJJm7LGZb3s8TSRBrR//umAbWtu6zoQRqXJfvVgGqzYHJ30L0O8Ksa9A4FbKtPpjDSEf6lA J5xJqrPfECBKt5xTl7N67lnt2sxBPdavbafwqIQVDeqafy/xgDt0WmYS6mhp4/t5jC+pyWRSE7H+7 kfxuoVk3+FXM2Q==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Janneke Nieuwenhuizen Subject: Re: bug#66156: [PATCH 00/12] Introducing Smart Hurdloading References: <87v8c2gv3i.fsf@gnu.org> <87sf769qnw.fsf_-_@gnu.org> <8734z5f1h2.fsf@gnu.org> Date: Wed, 27 Sep 2023 19:35:59 +0200 In-Reply-To: <8734z5f1h2.fsf@gnu.org> (Janneke Nieuwenhuizen's message of "Sat, 23 Sep 2023 15:44:41 +0200") Message-ID: <87r0mj1pts.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 66156 Cc: Josselin Poiret , 66156@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Janneke Nieuwenhuizen skribis: > Okay, after overcoming completely unreleated troubles I finally managed > to reconfigure a laptop to hurd-team to test it. It works great! Yay, thanks for testing! > I found that by default, only root can offload. Is that intentional, > how would that work? It=E2=80=99s is intentional: =E2=80=98guix offload=E2=80=99 is only ever in= voked by guix-daemon=C2=B9, as root. =C2=B9 Except for =E2=80=98guix offload test=E2=80=99, which is meant to be= spawned by users, as root too. > I changed permissions on `/etc/guix/offload/ssh/childhurd' like so > > $ l /etc/guix/offload/ssh > total 8 > -rw-r--r-- 1 root root 93 Sep 23 14:47 childhurd.pub > -rw-r----- 1 root wheel 399 Sep 23 14:47 childhurd > > to "fix" that. WDYT? What would be the use case? > Found another two commit message nitpicks Noted! I=E2=80=99d like to see if there are other opinions in particular about /etc/guix/machines.scm generation, then I guess we can merge? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 27 13:53:09 2023 Received: (at 66156) by debbugs.gnu.org; 27 Sep 2023 17:53:09 +0000 Received: from localhost ([127.0.0.1]:52499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlYii-00010A-Tq for submit@debbugs.gnu.org; Wed, 27 Sep 2023 13:53:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35590) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlYig-0000ze-Fh for 66156@debbugs.gnu.org; Wed, 27 Sep 2023 13:53:07 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlYiL-0001kX-P3; Wed, 27 Sep 2023 13:52:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=moqfrVGodPeEmOA8VoSuIHxGLsNgpTXZISlDjnkG3BY=; b=Qd8HgVoLlq1/HZAJQwLJ OHvmIZYIEi19Ey4KQSkoJMu1+0fA3YAlHTvnkmy71GbI/0PXc4NIyOQNjMIdLg7e1VqAZvcsk94Qv /kED4IFAJ+0sivlL2wuO/MWm8DFcwlkmW2GnalCHjtFwNSZ+B2ZKMyjRgg8+3TKVNc9uOZ+iJFQQw JZ9QKGGWe7MfV4o2cy36V2EKiy05EqD9FGGbsOYJE6cvHcyxr37RiRmccNyAd+gwGL+iEMilU7ZsR JLnqT9Nok9pHJAcFMOUAF58heBbfmHZy5W/QFPQiz94mi31cs6BmV8OFX2pxyKah8Ps0IfxGPtoOE woOhQm6Y8cX8OA==; From: Janneke Nieuwenhuizen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#66156: [PATCH 00/12] Introducing Smart Hurdloading Organization: AvatarAcademy.nl References: <87v8c2gv3i.fsf@gnu.org> <87sf769qnw.fsf_-_@gnu.org> <8734z5f1h2.fsf@gnu.org> <87r0mj1pts.fsf_-_@gnu.org> X-Url: http://AvatarAcademy.nl Date: Wed, 27 Sep 2023 19:52:23 +0200 In-Reply-To: <87r0mj1pts.fsf_-_@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s?= =?utf-8?Q?=22's?= message of "Wed, 27 Sep 2023 19:35:59 +0200") Message-ID: <87wmwb7bc8.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: Josselin Poiret , 66156@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hi! > Janneke Nieuwenhuizen skribis: > >> Okay, after overcoming completely unreleated troubles I finally managed >> to reconfigure a laptop to hurd-team to test it. It works great! > > Yay, thanks for testing! Happy to :) >> I found that by default, only root can offload. Is that intentional, >> how would that work? > > It=E2=80=99s is intentional: =E2=80=98guix offload=E2=80=99 is only ever = invoked by > guix-daemon=C2=B9, as root. ...ah. I missed... > =C2=B9 Except for =E2=80=98guix offload test=E2=80=99, which is meant to = be spawned by users, > as root too. ...this bit. >> I changed permissions on `/etc/guix/offload/ssh/childhurd' like so >> >> $ l /etc/guix/offload/ssh >> total 8 >> -rw-r--r-- 1 root root 93 Sep 23 14:47 childhurd.pub >> -rw-r----- 1 root wheel 399 Sep 23 14:47 childhurd >> >> to "fix" that. WDYT? > > What would be the use case? Well, running `guix offload test' as "janneke" :) I didn't "dare" (should I say "proceed"?) to test a real offload before seeing "guix offload test" work. That's how I usually go about offloading. Reading the manual, especially if you know it, I guess that it does say so in a subtle way --8<---------------cut here---------------start------------->8--- To test whether your setup is operational, run this command on the master node: # guix offload test --8<---------------cut here---------------end--------------->8--- And sure enough, offloading does work when I revert permessions on the private key, so yeah... >> Found another two commit message nitpicks > > Noted! > > I=E2=80=99d like to see if there are other opinions in particular about > /etc/guix/machines.scm generation, then I guess we can merge? Sure! Greetings, Janneke --=20 Janneke Nieuwenhuizen | GNU LilyPond https://LilyPond.org Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade= my.com From debbugs-submit-bounces@debbugs.gnu.org Sun Oct 01 17:06:47 2023 Received: (at 66156) by debbugs.gnu.org; 1 Oct 2023 21:06:47 +0000 Received: from localhost ([127.0.0.1]:35497 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qn3eI-0008Hy-RC for submit@debbugs.gnu.org; Sun, 01 Oct 2023 17:06:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40620) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qn3eH-0008Hk-Dw for 66156@debbugs.gnu.org; Sun, 01 Oct 2023 17:06:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qn3du-0004H9-QE; Sun, 01 Oct 2023 17:06:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=ZnUtQ/lC5UiIvTxThGR+lD+zXvFPc4SjcOy5GGL2LW4=; b=WdeXiUq4rA6+z5KYeEA8 YjUy5zGQFyLkzJvaJFMD0mevFQaNXwgLZt+/B5C+A0PaUFo2bOn4l19Y7VR+OmDrQIM62S1+ctxs7 P9yCYGHEQOuYns9Cjy4i3dmfUfviRtEXqyH6hdRNG14qdG8XAK33XcHyoZFRaaqmSOZ3pveplk7ye qLiwwqNqw1auKF2Uk6dSUFeABnPCIzdxMXTHUibZwwCllIAu5RwgI75KlmKPslOaFR5p1cG2TxfKZ FQuZk/qDIvU0CDh+cMwvdlCQC7BhbCGajBUQfPrPZzBxHry2ENy17b+RDgezRvrJT2eCR6YoOdtnI YcOKjWC1/d/5fQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Janneke Nieuwenhuizen Subject: Re: bug#66156: [PATCH 00/12] Introducing Smart Hurdloading References: <87v8c2gv3i.fsf@gnu.org> Date: Sun, 01 Oct 2023 23:06:19 +0200 In-Reply-To: <87v8c2gv3i.fsf@gnu.org> (Janneke Nieuwenhuizen's message of "Fri, 22 Sep 2023 16:07:13 +0200") Message-ID: <878r8mrr1w.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66156 Cc: Josselin Poiret , Florian Pelz , 66156@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, I pushed these as b9fae146d6cc4a6968a8eb18beef29aa1414a31e. I forgot to amend the commit logs as you had suggested; apologies! I also forgot to submit a news entry with the initial patch set, but then thought it=E2=80=99d be nice to have, so I pushed the following as b9fae146d6cc4a6968a8eb18beef29aa1414a31e (with French translation): (entry (commit "953c65ffdd43c02c934518fb7a1c68542584b223") (title (en "Declarative offloading on Guix System and childhurds")) (body (en "When configuring Guix System, it is now possible to declare builds machines to offload to directly from the @code{operating-system} declaration by specifying the @code{build-machines} field of @code{guix-configuration}. When you do this, @command{guix system} gener= ates a @file{/etc/guix/machines.scm} file by concatenating the @code{(build-ma= chine @dots{})} expressions you specified. This mechanism is used by @code{hurd-vm-service-type}, also known as ``childhurd'', to create virtual machines running the GNU/Hurd operating system one can offload to, without additional configuration steps. Run @command{info \"(guix) Daemon Offload Setup\"} for more info on offloading; run @command{info \"(guix) Virtualization Services\"} for inf= o on @code{hurd-vm-service-type}."))) Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Oct 01 17:06:58 2023 Received: (at control) by debbugs.gnu.org; 1 Oct 2023 21:06:59 +0000 Received: from localhost ([127.0.0.1]:35504 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qn3eU-0008Id-JC for submit@debbugs.gnu.org; Sun, 01 Oct 2023 17:06:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34588) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qn3eT-0008IE-8P for control@debbugs.gnu.org; Sun, 01 Oct 2023 17:06:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qn3e7-0004Mr-Q4 for control@debbugs.gnu.org; Sun, 01 Oct 2023 17:06:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=qXd3mcg1G5k6DKrDSS5ilDC50qv4f5AphI6CKzMOmMA=; b=CudcTzlfahnz9J qRLDZs0vBdpXaOkJp/F0LlQrv+/1j+4l8AdE3355NsdWNgA0Dr9VUMPh4UpgekeebU37Zwo8Bd/hP efWCGN2gLqBq3jjdR22CLsG3ocBvm+iDNbMFhtGpIFhSaslDE9IjZrgnZ4r2rcp0sahTHw9SB5KH2 aHeC5rdiIfwsc5PpN3H3b8Jd6Fjj9RQeHoESYrj85cFxm5oNSpH286WjhpiWVJ69hZX56n34hriaN qQuYZpBlvTR9+7Bl9b2H5TsYgMGYW+Kg/6zrwOkAUKn60nDnQWb/HKTRztN5FVF/x/E2ELuhUyU8b EuRfM5X3tjRkqn4DhWYg==; Date: Sun, 01 Oct 2023 23:06:32 +0200 Message-Id: <877co6rr1j.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #66156 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) close 66156 quit From unknown Sun Aug 17 22:03:20 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 30 Oct 2023 11:24:09 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator