From: "Ludovic Courtès" <ludo@gnu.org>
To: Jan Nieuwenhuizen <janneke@gnu.org>
Cc: 43155@debbugs.gnu.org
Subject: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service.
Date: Tue, 01 Sep 2020 23:19:44 +0200 [thread overview]
Message-ID: <87r1rl6vpr.fsf@gnu.org> (raw)
In-Reply-To: <87h7sha71o.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 01 Sep 2020 16:46:43 +0200")
Hi!
Jan Nieuwenhuizen <janneke@gnu.org> skribis:
> With bug https://bugs.gnu.org/43106 just closed we now have a nice way
> to inject secrets into the Childhurds.
>
> Using the attached patch, which needs a fresh pull and reconfigure on
> berlin (at least the nodes 101,102 that run Childhurds), we can create a
> tree of childhurd secrets like so
>
> /etc/childhurd/etc/guix/signing-key.pub
> /etc/childhurd/etc/guix/signing-key.sec
> /etc/childhurd/etc/ssh/ssh_host_ed25519_key
> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key
> /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub
> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub
>
> ...and then we should be able to start offloading builds for the Hurd.
Yup! Probably we’ll create /etc/childhurd/HOST for each VM, so we also
need to adjust <hurd-vm-configuration> accordingly, right?
(I realize that the current code will silently keep going if we forget
to put the secret files in place; IOW, the service config doesn’t show
the files we intended to push as secrets. Oh well, we’ll see that
later.)
> (I guess we then also need to add a cuirass jobs for the Hurd?)
Yes, or maybe just change ‘systems’ in the Cuirass specs for
‘guix-master’, but then it’ll try to build everything for GNU/Hurd,
which doesn’t sound like a great idea for now. Perhaps we can simply
add a separate jobset pulling from ‘master’ but building only for
i586-gnu and only the “core” package set?
>>From 6d1c388ed82c260af27b556c0677e780ee410b05 Mon Sep 17 00:00:00 2001
> From: "Jan (janneke) Nieuwenhuizen" <janneke@gnu.org>
> Date: Tue, 1 Sep 2020 16:31:42 +0200
> Subject: [PATCH] hydra//build-machines: Update childhurd-net-options for
> secret-service.
> Content-Transfer-Encoding: 8bit
> Content-Type: text/plain; charset=UTF-8
>
> * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os)
> [childhurd-net-options]: Include secret-service local QEMU forwarding.
> Use variables from (gnu services virtualization).
LGTM, thanks!
Ludo’.
next prev parent reply other threads:[~2020-09-01 21:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-01 14:46 [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service Jan Nieuwenhuizen
2020-09-01 21:19 ` Ludovic Courtès [this message]
2020-09-02 5:58 ` Jan Nieuwenhuizen
2020-09-02 20:08 ` Ludovic Courtès
2020-09-03 10:19 ` Jan Nieuwenhuizen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1rl6vpr.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=43155@debbugs.gnu.org \
--cc=janneke@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).