[bug#43106] [PATCH v3 0/2] Secret services for the Childhurd

[Jan (janneke) Nieuwenhuizen]

Jan Nieuwenhuizen writes:

Hello,

As discussed on IRC, version 3 follows.

> Ludovic Courtès writes:
>> "Jan (janneke) Nieuwenhuizen" <janneke@gnu.org> skribis:
>>>
>>> +@example
>>> +/etc/childhurd/etc/guix/signing-key.pub
>>> +/etc/childhurd/etc/guix/signing-key.sec
>>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key
>>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key
>>> +/etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub
>>> +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub
>>> +@end example
>>
>> Would it make sense to have a list of source/target pairs instead of a
>> directory:
>>
>>   (("/etc/childhurd/pubkey" . "/etc/guix/signing-key.pub")
>>    …)
>>
>> ?
>
> We could do that...I'm not opposed to it and in fact I thought about
> something like this but then opted for the file system root idea because
> I didn't see the need for adding this extra indirection.  If you think
> it's a good idea, sure.  Postponed that for now, though.

[this still open]

Also, I think 5900 is a bad idea, qemu opens a server there.  We could
use ports 2222 (forwarded to 12222), as SSH only starts later -- but
hmm.  As this is all running as root anyway, I opted for 1004 (MI5).

Greetings,
Janneke

Jan (janneke) Nieuwenhuizen (2):
  services: Add secret-service-type.
  services: childhurd: Support installing secrets from the host.

 doc/guix.texi                      |  21 +++++
 gnu/build/secret-service.scm       | 138 +++++++++++++++++++++++++++++
 gnu/local.mk                       |   1 +
 gnu/services/virtualization.scm    |  92 ++++++++++++++++---
 gnu/system/examples/bare-hurd.tmpl |  20 +++--
 5 files changed, 251 insertions(+), 21 deletions(-)
 create mode 100644 gnu/build/secret-service.scm

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com