From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 31 02:39:40 2020 Received: (at 43106) by debbugs.gnu.org; 31 Aug 2020 06:39:40 +0000 Received: from localhost ([127.0.0.1]:51363 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdTY-0000Ol-2n for submit@debbugs.gnu.org; Mon, 31 Aug 2020 02:39:40 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35758) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdTT-0000OJ-8x for 43106@debbugs.gnu.org; Mon, 31 Aug 2020 02:39:30 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51264) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCdTN-00011M-56; Mon, 31 Aug 2020 02:39:21 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=35160 helo=dundal.fritz.box) by fencepost.gnu.org with esmtpa (Exim 4.82) (envelope-from ) id 1kCdTL-0002CR-HN; Mon, 31 Aug 2020 02:39:20 -0400 From: "Jan (janneke) Nieuwenhuizen" To: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , 43106@debbugs.gnu.org Subject: Re: [bug#43106] [PATCH v3 0/2] Secret services for the Childhurd Date: Mon, 31 Aug 2020 08:39:11 +0200 Message-Id: <20200831063913.664-1-janneke@gnu.org> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 43106 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Jan Nieuwenhuizen writes: Hello, As discussed on IRC, version 3 follows. > Ludovic Courtès writes: >> "Jan (janneke) Nieuwenhuizen" skribis: >>> >>> +@example >>> +/etc/childhurd/etc/guix/signing-key.pub >>> +/etc/childhurd/etc/guix/signing-key.sec >>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key >>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key >>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub >>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub >>> +@end example >> >> Would it make sense to have a list of source/target pairs instead of a >> directory: >> >> (("/etc/childhurd/pubkey" . "/etc/guix/signing-key.pub") >> …) >> >> ? > > We could do that...I'm not opposed to it and in fact I thought about > something like this but then opted for the file system root idea because > I didn't see the need for adding this extra indirection. If you think > it's a good idea, sure. Postponed that for now, though. [this still open] Also, I think 5900 is a bad idea, qemu opens a server there. We could use ports 2222 (forwarded to 12222), as SSH only starts later -- but hmm. As this is all running as root anyway, I opted for 1004 (MI5). Greetings, Janneke Jan (janneke) Nieuwenhuizen (2): services: Add secret-service-type. services: childhurd: Support installing secrets from the host. doc/guix.texi | 21 +++++ gnu/build/secret-service.scm | 138 +++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/virtualization.scm | 92 ++++++++++++++++--- gnu/system/examples/bare-hurd.tmpl | 20 +++-- 5 files changed, 251 insertions(+), 21 deletions(-) create mode 100644 gnu/build/secret-service.scm -- Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com