From: Jan Nieuwenhuizen <janneke@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 43155@debbugs.gnu.org
Subject: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service.
Date: Thu, 03 Sep 2020 12:19:49 +0200 [thread overview]
Message-ID: <87wo1b6u2i.fsf@gnu.org> (raw)
In-Reply-To: <877dtc3pss.fsf@gnu.org> ("Ludovic Courtès"'s message of "Wed, 02 Sep 2020 22:08:03 +0200")
Ludovic Courtès writes:
Hi,
> Jan Nieuwenhuizen <janneke@gnu.org> skribis:
>
>> Ludovic Courtès writes:
>> Yes, we can add something like
>>
>> (secret-root (format #f "/etc/childhurd/~a" id))
>>
>> to the
>>
>> (service hurd-vm-service-type
>> (hurd-vm-configuration
>> ...
>
> Sounds good.
>
>> (i'm a bit curious, though, why we would want to differentiate between
>> childhurds, they can be all identical?)
>
> Well, dunno if it really matters for our specific use case, but it seems
> “cleaner” to me to give each childhurd its identity. OTOH, these are
> VMs and they run on the same physical machine, so…
Right...
>>> (I realize that the current code will silently keep going if we forget
>>> to put the secret files in place; IOW, the service config doesn’t show
>>> the files we intended to push as secrets. Oh well, we’ll see that
>>> later.)
>>
>> Yes, I guess that's a feature -- "you" can start it once, then do
>> something like
>>
>> mkdir -p /etc/childhurd/etc
>> scp -r childhurd:/etc/guix /etc/childhurd/etc
>> scp -r childhurd:/etc/ssh /etc/childhurd/etc
>
> Right, that can be convenient. OTOH, from the perspective of having
> declarative OS configs, it’s not great because this aspect of the config
> are left out. But maybe that’s an issue we can have if/when we
> generalize ‘secret-service-type’.
Ah, I see -- it could lead to "silent" failure/differences if
/etc/childhurd somehow disappears -- isn't re-created upon new install.
It makes sense to at least be less than silent, "fail early" is always
good.
>>>> (I guess we then also need to add a cuirass jobs for the Hurd?)
>>>
>>> Yes, or maybe just change ‘systems’ in the Cuirass specs for
>>> ‘guix-master’, but then it’ll try to build everything for GNU/Hurd,
>>> which doesn’t sound like a great idea for now.
>>
>> I agree, not much sense in that yet.
>>
>>> Perhaps we can simply add a separate jobset pulling from ‘master’ but
>>> building only for i586-gnu and only the “core” package set?
>>
>> Hmm, why can't I find the definition of "core"?. Anyway, It would be a
>> great first step to build (everything needef for) "hello", after that we
>> want to have/try "guile-3.0" and possibly "guix".
>
> Sure. The “core” subset is defined in (gnu ci).
As discussed on IRC that could get an update. Would you like to do
that, seems like an easy edit but I'm a bit unsure about the choices and
consequences there?
I think once the offloading works we'll want to try building guix; and
it could be nice if as many dependencies that "just happen to build" are
actually available. It's waay to early to try to build everything but
we may want something in between. Or add "guix" to core-packages,
maybe? Just wondering out loud here...
Janneke
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
prev parent reply other threads:[~2020-09-03 10:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-01 14:46 [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service Jan Nieuwenhuizen
2020-09-01 21:19 ` Ludovic Courtès
2020-09-02 5:58 ` Jan Nieuwenhuizen
2020-09-02 20:08 ` Ludovic Courtès
2020-09-03 10:19 ` Jan Nieuwenhuizen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wo1b6u2i.fsf@gnu.org \
--to=janneke@gnu.org \
--cc=43155@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.