From: "Ludovic Courtès" <ludo@gnu.org>
To: 68677@debbugs.gnu.org
Cc: "Ludovic Courtès" <ludo@gnu.org>
Subject: [bug#68677] [PATCH 1/6] services: secret-service: Make the endpoint configurable.
Date: Tue, 23 Jan 2024 17:48:16 +0100 [thread overview]
Message-ID: <4eb616e06f6ecc291e3f144728c6010d051acdfb.1706027375.git.ludo@gnu.org> (raw)
In-Reply-To: <cover.1706027375.git.ludo@gnu.org>
Until now, the secret service had a hard-coded TCP endpoint on port
1004. This change lets users specify arbitrary socket addresses.
* gnu/build/secret-service.scm (socket-address->string): New procedure,
taken from Shepherd.
(secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust
accordingly.
(secret-service-receive-secrets): Likewise.
* gnu/services/virtualization.scm (secret-service-shepherd-services):
Likewise.
(secret-service-operating-system): Add optional ‘address’ parameter and
honor it. Adjust ‘start’ method accordingly.
Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
---
gnu/build/secret-service.scm | 62 +++++++++++++++++++++------------
gnu/services/virtualization.scm | 40 ++++++++++++---------
2 files changed, 63 insertions(+), 39 deletions(-)
diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm
index e13fd4eef3..0226c64032 100644
--- a/gnu/build/secret-service.scm
+++ b/gnu/build/secret-service.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2020-2022 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020-2023 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
@@ -93,13 +93,28 @@ (define (wait-for-readable-fd port timeout)
('readable #t)
('timeout #f)))))))
-(define* (secret-service-send-secrets port secret-root
+(define (socket-address->string address)
+ "Return a human-readable representation of ADDRESS, an object as returned by
+'make-socket-address'."
+ (let ((family (sockaddr:fam address)))
+ (cond ((= AF_INET family)
+ (string-append (inet-ntop AF_INET (sockaddr:addr address))
+ ":" (number->string (sockaddr:port address))))
+ ((= AF_INET6 family)
+ (string-append "[" (inet-ntop AF_INET6 (sockaddr:addr address)) "]"
+ ":" (number->string (sockaddr:port address))))
+ ((= AF_UNIX family)
+ (sockaddr:path address))
+ (else
+ (object->string address)))))
+
+(define* (secret-service-send-secrets address secret-root
#:key (retry 60)
(handshake-timeout 180))
- "Copy all files under SECRET-ROOT using TCP to secret-service listening at
-local PORT. If connect fails, sleep 1s and retry RETRY times; once connected,
-wait for at most HANDSHAKE-TIMEOUT seconds for handshake to complete. Return
-#f on failure."
+ "Copy all files under SECRET-ROOT by connecting to secret-service listening
+at ADDRESS, an address as returned by 'make-socket-address'. If connection
+fails, sleep 1s and retry RETRY times; once connected, wait for at most
+HANDSHAKE-TIMEOUT seconds for handshake to complete. Return #f on failure."
(define (file->file+size+mode file-name)
(let ((stat (stat file-name))
(target (substring file-name (string-length secret-root))))
@@ -118,9 +133,9 @@ (define* (secret-service-send-secrets port secret-root
(dump-port input sock))))
files)))
- (log "sending secrets to ~a~%" port)
+ (log "sending secrets to ~a~%" (socket-address->string address))
+
(let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0))
- (addr (make-socket-address AF_INET INADDR_LOOPBACK port))
(sleep (if (resolve-module '(fibers) #f)
(module-ref (resolve-interface '(fibers)) 'sleep)
sleep)))
@@ -129,7 +144,7 @@ (define* (secret-service-send-secrets port secret-root
;; forward port inside the guest.
(let loop ((retry retry))
(catch 'system-error
- (cute connect sock addr)
+ (cute connect sock address)
(lambda (key . args)
(when (zero? retry)
(apply throw key args))
@@ -147,7 +162,8 @@ (define* (secret-service-send-secrets port secret-root
(('secret-service-server ('version version ...))
(log "sending files from ~s...~%" secret-root)
(send-files sock)
- (log "done sending files to port ~a~%" port)
+ (log "done sending files to ~a~%"
+ (socket-address->string address))
(close-port sock)
secret-root)
(x
@@ -155,7 +171,8 @@ (define* (secret-service-send-secrets port secret-root
(close-port sock)
#f))
(begin ;timeout
- (log "timeout while sending files to ~a~%" port)
+ (log "timeout while sending files to ~a~%"
+ (socket-address->string address))
(close-port sock)
#f))))
@@ -168,19 +185,20 @@ (define (delete-file* file)
(unless (= ENOENT (system-error-errno args))
(apply throw args)))))
-(define (secret-service-receive-secrets port)
- "Listen to local PORT and wait for a secret service client to send secrets.
-Write them to the file system. Return the list of files installed on success,
-and #f otherwise."
+(define (secret-service-receive-secrets address)
+ "Listen to ADDRESS, an address returned by 'make-socket-address', and wait
+for a secret service client to send secrets. Write them to the file system.
+Return the list of files installed on success, and #f otherwise."
- (define (wait-for-client port)
- ;; Wait for a TCP connection on PORT. Note: We cannot use the
- ;; virtio-serial ports, which would be safer, because they are
- ;; (presumably) unsupported on GNU/Hurd.
+ (define (wait-for-client address)
+ ;; Wait for a connection on ADDRESS. Note: virtio-serial ports are safer
+ ;; than TCP connections but they are (presumably) unsupported on GNU/Hurd.
(let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0)))
- (bind sock AF_INET INADDR_ANY port)
+ (bind sock address)
(listen sock 1)
- (log "waiting for secrets on port ~a...~%" port)
+ (log "waiting for secrets on ~a...~%"
+ (socket-address->string address))
+
(match (select (list sock) '() '() 60)
(((_) () ())
(match (accept sock)
@@ -244,7 +262,7 @@ (define (secret-service-receive-secrets port)
(log "invalid secrets received~%")
#f)))
- (let* ((port (wait-for-client port))
+ (let* ((port (wait-for-client address))
(result (and=> port read-secrets)))
(when port
(close-port port))
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index f0f0ab3bf1..5b8566f600 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -996,7 +996,7 @@ (define qemu-guest-agent-service-type
;;; Secrets for guest VMs.
;;;
-(define (secret-service-shepherd-services port)
+(define (secret-service-shepherd-services address)
"Return a Shepherd service that fetches sensitive material at local PORT,
over TCP. Reboot upon failure."
;; This is a Shepherd service, rather than an activation snippet, to make
@@ -1018,7 +1018,7 @@ (define (secret-service-shepherd-services port)
"receiving secrets from the host...~%")
(force-output (current-error-port))
- (let ((sent (secret-service-receive-secrets #$port)))
+ (let ((sent (secret-service-receive-secrets #$address)))
(unless sent
(sleep 3)
(reboot))))))
@@ -1039,9 +1039,13 @@ (define secret-service-type
boot time. This service is meant to be used by virtual machines (VMs) that
can only be accessed by their host.")))
-(define (secret-service-operating-system os)
+(define* (secret-service-operating-system os
+ #:optional
+ (address
+ #~(make-socket-address
+ AF_INET INADDR_ANY 1004)))
"Return an operating system based on OS that includes the secret-service,
-that will be listening to receive secret keys on port 1004, TCP."
+that will be listening to receive secret keys on ADDRESS."
(operating-system
(inherit os)
(services
@@ -1049,7 +1053,7 @@ (define (secret-service-operating-system os)
;; activation: that requires entropy and thus takes time during boot, and
;; those keys are going to be overwritten by secrets received from the
;; host anyway.
- (cons (service secret-service-type 1004)
+ (cons (service secret-service-type address)
(modify-services (operating-system-user-services os)
(openssh-service-type
config => (openssh-configuration
@@ -1243,24 +1247,26 @@ (define (hurd-vm-shepherd-service config)
(source-module-closure '((gnu build secret-service)
(guix build utils)))
#~(lambda ()
- (let ((pid (fork+exec-command #$vm-command
- #:user "childhurd"
- ;; XXX TODO: use "childhurd" after
- ;; updating Shepherd
- #:group "kvm"
- #:environment-variables
- ;; QEMU tries to write to /var/tmp
- ;; by default.
- '("TMPDIR=/tmp")))
- (port #$(hurd-vm-port config %hurd-vm-secrets-port))
- (root #$(hurd-vm-configuration-secret-root config)))
+ (let* ((pid (fork+exec-command #$vm-command
+ #:user "childhurd"
+ ;; XXX TODO: use "childhurd" after
+ ;; updating Shepherd
+ #:group "kvm"
+ #:environment-variables
+ ;; QEMU tries to write to /var/tmp
+ ;; by default.
+ '("TMPDIR=/tmp")))
+ (port #$(hurd-vm-port config %hurd-vm-secrets-port))
+ (root #$(hurd-vm-configuration-secret-root config))
+ (address (make-socket-address AF_INET INADDR_LOOPBACK
+ port)))
(catch #t
(lambda _
;; XXX: 'secret-service-send-secrets' won't complete until
;; the guest has booted and its secret service server is
;; running, which could take 20+ seconds during which PID 1
;; is stuck waiting.
- (if (secret-service-send-secrets port root)
+ (if (secret-service-send-secrets address root)
pid
(begin
(kill (- pid) SIGTERM)
--
2.41.0
next prev parent reply other threads:[~2024-01-23 16:49 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-23 16:46 [bug#68677] [PATCH 0/6] Service for "virtual build machines" Ludovic Courtès
2024-01-23 16:48 ` Ludovic Courtès [this message]
2024-01-23 16:48 ` [bug#68677] [PATCH 2/6] vm: Add ‘date’ field to <virtual-machine> Ludovic Courtès
2024-01-23 16:48 ` [bug#68677] [PATCH 3/6] vm: Export <virtual-machine> accessors Ludovic Courtès
2024-01-23 16:48 ` [bug#68677] [PATCH 4/6] vm: Add ‘cpu-count’ field to <virtual-machine> Ludovic Courtès
2024-01-23 16:48 ` [bug#68677] [PATCH 5/6] marionette: Add #:peek? to ‘wait-for-tcp-port?’ Ludovic Courtès
2024-01-23 16:48 ` [bug#68677] [PATCH 6/6] services: Add ‘virtual-build-machine’ service Ludovic Courtès
2024-01-25 14:18 ` [bug#68677] [PATCH 0/6] Service for "virtual build machines" Simon Tournier
2024-01-29 11:25 ` Ludovic Courtès
2024-02-05 13:37 ` Ludovic Courtès
2024-02-05 15:45 ` Suhail via Guix-patches via
2024-02-07 17:33 ` Ludovic Courtès
2024-02-14 15:15 ` Simon Tournier
2024-02-10 22:35 ` bug#68677: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4eb616e06f6ecc291e3f144728c6010d051acdfb.1706027375.git.ludo@gnu.org \
--to=ludo@gnu.org \
--cc=68677@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.