From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id SC1oNpXDUF8XTAAA0tVLHw (envelope-from ) for ; Thu, 03 Sep 2020 10:21:09 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id IO9FMpXDUF+tRAAAB5/wlQ (envelope-from ) for ; Thu, 03 Sep 2020 10:21:09 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5ECB7940365 for ; Thu, 3 Sep 2020 10:21:09 +0000 (UTC) Received: from localhost ([::1]:36232 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kDmMe-00087C-9s for larch@yhetil.org; Thu, 03 Sep 2020 06:21:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50542) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kDmMY-000870-Mt for guix-patches@gnu.org; Thu, 03 Sep 2020 06:21:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50269) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kDmMY-0007LT-Ds for guix-patches@gnu.org; Thu, 03 Sep 2020 06:21:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kDmMY-0006qI-A2 for guix-patches@gnu.org; Thu, 03 Sep 2020 06:21:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service. Resent-From: Jan Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 03 Sep 2020 10:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43155 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 43155@debbugs.gnu.org Received: via spool by 43155-submit@debbugs.gnu.org id=B43155.159912841026221 (code B ref 43155); Thu, 03 Sep 2020 10:21:02 +0000 Received: (at 43155) by debbugs.gnu.org; 3 Sep 2020 10:20:10 +0000 Received: from localhost ([127.0.0.1]:33581 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDmLi-0006or-3n for submit@debbugs.gnu.org; Thu, 03 Sep 2020 06:20:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40164) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kDmLf-0006oX-H1 for 43155@debbugs.gnu.org; Thu, 03 Sep 2020 06:20:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34617) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kDmLZ-00075e-Jl; Thu, 03 Sep 2020 06:20:01 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=47582 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kDmLZ-0004dx-3E; Thu, 03 Sep 2020 06:20:01 -0400 From: Jan Nieuwenhuizen Organization: AvatarAcademy.nl References: <87h7sha71o.fsf@gnu.org> <87r1rl6vpr.fsf@gnu.org> <87h7sg67pm.fsf@gnu.org> <877dtc3pss.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Thu, 03 Sep 2020 12:19:49 +0200 In-Reply-To: <877dtc3pss.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Wed, 02 Sep 2020 22:08:03 +0200") Message-ID: <87wo1b6u2i.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: h/dl4aC6XgUW Ludovic Court=C3=A8s writes: Hi, > Jan Nieuwenhuizen skribis: > >> Ludovic Court=C3=A8s writes: >> Yes, we can add something like >> >> (secret-root (format #f "/etc/childhurd/~a" id)) >> >> to the >> >> (service hurd-vm-service-type >> (hurd-vm-configuration >> ... > > Sounds good. > >> (i'm a bit curious, though, why we would want to differentiate between >> childhurds, they can be all identical?) > > Well, dunno if it really matters for our specific use case, but it seems > =E2=80=9Ccleaner=E2=80=9D to me to give each childhurd its identity. OTO= H, these are > VMs and they run on the same physical machine, so=E2=80=A6 Right... >>> (I realize that the current code will silently keep going if we forget >>> to put the secret files in place; IOW, the service config doesn=E2=80= =99t show >>> the files we intended to push as secrets. Oh well, we=E2=80=99ll see t= hat >>> later.) >> >> Yes, I guess that's a feature -- "you" can start it once, then do >> something like >> >> mkdir -p /etc/childhurd/etc >> scp -r childhurd:/etc/guix /etc/childhurd/etc >> scp -r childhurd:/etc/ssh /etc/childhurd/etc > > Right, that can be convenient. OTOH, from the perspective of having > declarative OS configs, it=E2=80=99s not great because this aspect of the= config > are left out. But maybe that=E2=80=99s an issue we can have if/when we > generalize =E2=80=98secret-service-type=E2=80=99. Ah, I see -- it could lead to "silent" failure/differences if /etc/childhurd somehow disappears -- isn't re-created upon new install. It makes sense to at least be less than silent, "fail early" is always good. >>>> (I guess we then also need to add a cuirass jobs for the Hurd?) >>> >>> Yes, or maybe just change =E2=80=98systems=E2=80=99 in the Cuirass spec= s for >>> =E2=80=98guix-master=E2=80=99, but then it=E2=80=99ll try to build ever= ything for GNU/Hurd, >>> which doesn=E2=80=99t sound like a great idea for now. >> >> I agree, not much sense in that yet. >> >>> Perhaps we can simply add a separate jobset pulling from =E2=80=98maste= r=E2=80=99 but >>> building only for i586-gnu and only the =E2=80=9Ccore=E2=80=9D package = set? >> >> Hmm, why can't I find the definition of "core"?. Anyway, It would be a >> great first step to build (everything needef for) "hello", after that we >> want to have/try "guile-3.0" and possibly "guix". > > Sure. The =E2=80=9Ccore=E2=80=9D subset is defined in (gnu ci). As discussed on IRC that could get an update. Would you like to do that, seems like an easy edit but I'm a bit unsure about the choices and consequences there? I think once the offloading works we'll want to try building guix; and it could be nice if as many dependencies that "just happen to build" are actually available. It's waay to early to try to build everything but we may want something in between. Or add "guix" to core-packages, maybe? Just wondering out loud here... Janneke --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com