[bug#43106] [PATCH v3 1/2] services: Add secret-service-type.

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

From: Jan Nieuwenhuizen <janneke@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 43106@debbugs.gnu.org
Subject: [bug#43106] [PATCH v3 1/2] services: Add secret-service-type.
Date: Tue, 01 Sep 2020 15:38:51 +0200	[thread overview]
Message-ID: <87zh69d3bo.fsf@gnu.org> (raw)
In-Reply-To: <20200829215726.3910-1-janneke@gnu.org>

Ludovic Courtès writes:

Hello,

> "Jan (janneke) Nieuwenhuizen" <janneke@gnu.org> skribis:
>
>> This adds a "secret-service" that can be added to a Childhurd VM to receive
>> out-of-band secrets (keys) sent from the host.
>>
>> Co-authored-by: Ludovic Courtès <ludo@gnu.org>
>>
>> * gnu/services/virtualization.scm (secret-service-activation): New procedure.
>> (secret-service-type): New variable.
>> * gnu/build/secret-service.scm: New file.
>> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
>
> Very nice!  Minor suggestions:

Great!

>> +  (format (current-error-port) "secret-service-send-secrets\n")
>
> Perhaps write “sending secrets to ~a:~a...~%” or similar.

Ok.

>> +  (let ((sock (socket AF_INET SOCK_STREAM 0))
>> +        (addr (make-socket-address AF_INET INADDR_LOOPBACK port)))
>> +    ;; connect to wait for port
>> +    (let loop ((retry retry))
>> +      (if (zero? retry)
>> +          (error "connecting to childhurd failed")
>
> s/childhurd/secret server/

Ah, sure.

>> +          (catch 'system-error
>> +            (lambda _
>> +              (connect sock addr))
>> +            (lambda (key . args)
>> +              (format (current-error-port) "connect failed: ~a ~s\n" key args)
>
> Perhaps remove print “retrying connection” (or similar), and re-throw
> the exception when RETRY is zero, so that it goes through as is (and
> thus you can remove the call to ‘error’ above.)

Ah yes, changed it to

      (catch 'system-error
        (cut connect sock addr)
        (lambda (key . args)
          (when (zero? retry)
            (apply throw key args))
          (format (current-error-port) "retrying connection~%")
          (sleep 1)
          (loop (1- retry)))))

>> +    ;; copy tree
>> +    (let* ((files (if secret-root (find-files secret-root) '()))
>> +           (files-sizes-modes (map file->file+size+mode files))
>> +           (secrets `(secrets
>> +                      (version 0)
>> +                      (files ,files-sizes-modes))))
>> +      (write secrets sock)
>> +      (for-each (compose (cute display <> sock)
>> +                         (cute with-input-from-file <> read-string))
>
> Instead of loading it all in memory, we can use ‘dump-port’ from (guix
> build utils) here.

Nice, changed to

      (for-each (compose (cute dump-port <> sock)
                         (cute open-input-file <>))
                files))))

> That’s it!

Thanks for your suggestions,
Janneke

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

next prev parent reply	other threads:[~2020-09-01 13:40 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-29 21:57 [bug#43106] [PATCH] DRAFT services: childhurd: Support for setting secrets Jan (janneke) Nieuwenhuizen
2020-08-30 13:44 ` Ludovic Courtès
2020-08-30 20:41   ` Jan Nieuwenhuizen
2020-08-31  6:39 ` [bug#43106] [PATCH v3 0/2] Secret services for the Childhurd Jan (janneke) Nieuwenhuizen
2020-08-31  6:39   ` [bug#43106] [PATCH v3 1/2] services: Add secret-service-type Jan (janneke) Nieuwenhuizen
2020-09-01  8:26     ` Ludovic Courtès
2020-08-31  6:39   ` [bug#43106] [PATCH v3 2/2] services: childhurd: Support installing secrets from the host Jan (janneke) Nieuwenhuizen
2020-08-31 15:23     ` Jan Nieuwenhuizen
2020-09-01  8:37     ` Ludovic Courtès
2020-09-01  8:50   ` [bug#43106] [PATCH v3 0/2] Secret services for the Childhurd Ludovic Courtès
2020-09-01 11:16     ` Jan Nieuwenhuizen
2020-09-01 20:45       ` Ludovic Courtès
2020-09-01 13:38 ` Jan Nieuwenhuizen [this message]
2020-09-01 13:40 ` [bug#43106] [PATCH v3 2/2] services: childhurd: Support installing secrets from the host Jan Nieuwenhuizen
2020-09-01 14:16   ` bug#43106: " Jan Nieuwenhuizen
2020-09-01 20:54   ` [bug#43106] " Ludovic Courtès
2020-09-02  5:28     ` Jan Nieuwenhuizen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87zh69d3bo.fsf@gnu.org \
    --to=janneke@gnu.org \
    --cc=43106@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).