From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id SP5nHzhPTl+FeAAA0tVLHw (envelope-from ) for ; Tue, 01 Sep 2020 13:40:08 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id ILhwGzhPTl+GWwAAB5/wlQ (envelope-from ) for ; Tue, 01 Sep 2020 13:40:08 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DCD219404C2 for ; Tue, 1 Sep 2020 13:40:07 +0000 (UTC) Received: from localhost ([::1]:45790 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kD6W6-0000RQ-Re for larch@yhetil.org; Tue, 01 Sep 2020 09:40:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46858) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kD6W2-0000QA-TO for guix-patches@gnu.org; Tue, 01 Sep 2020 09:40:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43859) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kD6W2-0008Ai-IL for guix-patches@gnu.org; Tue, 01 Sep 2020 09:40:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kD6W2-0007nu-Fg for guix-patches@gnu.org; Tue, 01 Sep 2020 09:40:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43106] [PATCH v3 1/2] services: Add secret-service-type. In-Reply-To: <20200829215726.3910-1-janneke@gnu.org> Resent-From: Jan Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Sep 2020 13:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43106 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 43106@debbugs.gnu.org Received: via spool by 43106-submit@debbugs.gnu.org id=B43106.159896755729939 (code B ref 43106); Tue, 01 Sep 2020 13:40:02 +0000 Received: (at 43106) by debbugs.gnu.org; 1 Sep 2020 13:39:17 +0000 Received: from localhost ([127.0.0.1]:55404 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kD6VE-0007mj-Pk for submit@debbugs.gnu.org; Tue, 01 Sep 2020 09:39:17 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36492) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kD6V9-0007mT-Mj for 43106@debbugs.gnu.org; Tue, 01 Sep 2020 09:39:11 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51489) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kD6V4-000800-8b; Tue, 01 Sep 2020 09:39:02 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59888 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kD6V3-0002vH-HS; Tue, 01 Sep 2020 09:39:02 -0400 From: Jan Nieuwenhuizen Organization: AvatarAcademy.nl References: <20200831063913.664-1-janneke@gnu.org> <20200831063913.664-2-janneke@gnu.org> <873641c37p.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Tue, 01 Sep 2020 15:38:51 +0200 Message-ID: <87zh69d3bo.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: yFjqBe29aBYj Ludovic Court=C3=A8s writes: Hello, > "Jan (janneke) Nieuwenhuizen" skribis: > >> This adds a "secret-service" that can be added to a Childhurd VM to rece= ive >> out-of-band secrets (keys) sent from the host. >> >> Co-authored-by: Ludovic Court=C3=A8s >> >> * gnu/services/virtualization.scm (secret-service-activation): New proce= dure. >> (secret-service-type): New variable. >> * gnu/build/secret-service.scm: New file. >> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. > > Very nice! Minor suggestions: Great! >> + (format (current-error-port) "secret-service-send-secrets\n") > > Perhaps write =E2=80=9Csending secrets to ~a:~a...~%=E2=80=9D or similar. Ok. >> + (let ((sock (socket AF_INET SOCK_STREAM 0)) >> + (addr (make-socket-address AF_INET INADDR_LOOPBACK port))) >> + ;; connect to wait for port >> + (let loop ((retry retry)) >> + (if (zero? retry) >> + (error "connecting to childhurd failed") > > s/childhurd/secret server/ Ah, sure. >> + (catch 'system-error >> + (lambda _ >> + (connect sock addr)) >> + (lambda (key . args) >> + (format (current-error-port) "connect failed: ~a ~s\n" ke= y args) > > Perhaps remove print =E2=80=9Cretrying connection=E2=80=9D (or similar), = and re-throw > the exception when RETRY is zero, so that it goes through as is (and > thus you can remove the call to =E2=80=98error=E2=80=99 above.) Ah yes, changed it to (catch 'system-error (cut connect sock addr) (lambda (key . args) (when (zero? retry) (apply throw key args)) (format (current-error-port) "retrying connection~%") (sleep 1) (loop (1- retry))))) >> + ;; copy tree >> + (let* ((files (if secret-root (find-files secret-root) '())) >> + (files-sizes-modes (map file->file+size+mode files)) >> + (secrets `(secrets >> + (version 0) >> + (files ,files-sizes-modes)))) >> + (write secrets sock) >> + (for-each (compose (cute display <> sock) >> + (cute with-input-from-file <> read-string)) > > Instead of loading it all in memory, we can use =E2=80=98dump-port=E2=80= =99 from (guix > build utils) here. Nice, changed to (for-each (compose (cute dump-port <> sock) (cute open-input-file <>)) files)))) > That=E2=80=99s it! Thanks for your suggestions, Janneke --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com