From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id UAAKI06bTF83ZwAA0tVLHw (envelope-from ) for ; Mon, 31 Aug 2020 06:40:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id sJnxHk6bTF95RwAA1q6Kng (envelope-from ) for ; Mon, 31 Aug 2020 06:40:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5BF7E94060B for ; Mon, 31 Aug 2020 06:40:14 +0000 (UTC) Received: from localhost ([::1]:41160 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCdUD-0001JE-92 for larch@yhetil.org; Mon, 31 Aug 2020 02:40:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45912) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kCdU3-0001Iq-1y for guix-patches@gnu.org; Mon, 31 Aug 2020 02:40:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39821) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kCdU2-000127-Ic for guix-patches@gnu.org; Mon, 31 Aug 2020 02:40:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kCdU2-0000Q0-Eb for guix-patches@gnu.org; Mon, 31 Aug 2020 02:40:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43106] [PATCH v3 0/2] Secret services for the Childhurd References: <20200829215726.3910-1-janneke@gnu.org> In-Reply-To: <20200829215726.3910-1-janneke@gnu.org> Resent-From: "Jan (janneke) Nieuwenhuizen" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 31 Aug 2020 06:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43106 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 43106@debbugs.gnu.org Received: via spool by 43106-submit@debbugs.gnu.org id=B43106.15988559801558 (code B ref 43106); Mon, 31 Aug 2020 06:40:02 +0000 Received: (at 43106) by debbugs.gnu.org; 31 Aug 2020 06:39:40 +0000 Received: from localhost ([127.0.0.1]:51363 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdTY-0000Ol-2n for submit@debbugs.gnu.org; Mon, 31 Aug 2020 02:39:40 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35758) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdTT-0000OJ-8x for 43106@debbugs.gnu.org; Mon, 31 Aug 2020 02:39:30 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51264) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCdTN-00011M-56; Mon, 31 Aug 2020 02:39:21 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=35160 helo=dundal.fritz.box) by fencepost.gnu.org with esmtpa (Exim 4.82) (envelope-from ) id 1kCdTL-0002CR-HN; Mon, 31 Aug 2020 02:39:20 -0400 From: "Jan (janneke) Nieuwenhuizen" Date: Mon, 31 Aug 2020 08:39:11 +0200 Message-Id: <20200831063913.664-1-janneke@gnu.org> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 X-Spam-Score: 6.99 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam: Yes X-TUID: jAaaXyvkv2Wu Jan Nieuwenhuizen writes: Hello, As discussed on IRC, version 3 follows. > Ludovic Courtès writes: >> "Jan (janneke) Nieuwenhuizen" skribis: >>> >>> +@example >>> +/etc/childhurd/etc/guix/signing-key.pub >>> +/etc/childhurd/etc/guix/signing-key.sec >>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key >>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key >>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub >>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub >>> +@end example >> >> Would it make sense to have a list of source/target pairs instead of a >> directory: >> >> (("/etc/childhurd/pubkey" . "/etc/guix/signing-key.pub") >> …) >> >> ? > > We could do that...I'm not opposed to it and in fact I thought about > something like this but then opted for the file system root idea because > I didn't see the need for adding this extra indirection. If you think > it's a good idea, sure. Postponed that for now, though. [this still open] Also, I think 5900 is a bad idea, qemu opens a server there. We could use ports 2222 (forwarded to 12222), as SSH only starts later -- but hmm. As this is all running as root anyway, I opted for 1004 (MI5). Greetings, Janneke Jan (janneke) Nieuwenhuizen (2): services: Add secret-service-type. services: childhurd: Support installing secrets from the host. doc/guix.texi | 21 +++++ gnu/build/secret-service.scm | 138 +++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/virtualization.scm | 92 ++++++++++++++++--- gnu/system/examples/bare-hurd.tmpl | 20 +++-- 5 files changed, 251 insertions(+), 21 deletions(-) create mode 100644 gnu/build/secret-service.scm -- Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com