summaryrefslogtreecommitdiff
path: root/gnu/build/secret-service.scm
AgeCommit message (Expand)Author
2024-02-10services: secret-service: Make the endpoint configurable....Until now, the secret service had a hard-coded TCP endpoint on port 1004. This change lets users specify arbitrary socket addresses. * gnu/build/secret-service.scm (socket-address->string): New procedure, taken from Shepherd. (secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust accordingly. (secret-service-receive-secrets): Likewise. * gnu/services/virtualization.scm (secret-service-shepherd-services): Likewise. (secret-service-operating-system): Add optional ‘address’ parameter and honor it. Adjust ‘start’ method accordingly. Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578 Ludovic Courtès
2023-10-01secret-service: Increase default handshake timeout....* gnu/build/secret-service.scm (secret-service-send-secrets): Increase #:handshake-timeout. Ludovic Courtès
2023-05-06services: dbus-service, secret-service: Do not cause (fibers) to be loaded....* gnu/build/dbus-service.scm (sleep*): Pass #:ensure #f to 'resolve-module'. * gnu/build/secret-service.scm (wait-for-readable-fd): Likewise. Ludovic Courtès
2022-09-13secret-service: Mark sockets as SOCK_CLOEXEC....* gnu/build/secret-service.scm (secret-service-send-secrets) (secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'. Ludovic Courtès
2022-04-07secret-service: Allow cooperative scheduling when Fibers is used....This lets the 'childhurd' service start in the background, letting shepherd perform other tasks in the meantime, including serving clients (such as the 'herd' command). * gnu/build/secret-service.scm (with-modules): New macro. (wait-for-readable-fd): Add cooperative implementation when Fibers is in use. (secret-service-send-secrets): Define 'sleep' so that it cooperates when Fibers is in use. Ludovic Courtès
2022-04-07secret-service: Abstract 'wait-for-readable-fd'....* gnu/build/secret-service.scm (wait-for-readable-fd): New procedure. (secret-service-send-secrets): Use it instead of 'select'. Ludovic Courtès
2021-12-12services: secret-service: Turn into a Shepherd service....* gnu/services/virtualization.scm (secret-service-activation): Remove. (secret-service-shepherd-services): New procedure. (secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE extension. Add SHEPHERD-ROOT-SERVICE-TYPE and USER-PROCESSES-SERVICE-TYPE extensions. * gnu/build/secret-service.scm (delete-file*): New procedure. (secret-service-receive-secrets): Use it. Ludovic Courtès
2020-09-29secret-service: Add proper logging procedure and log to syslog....* gnu/build/secret-service.scm (log): New macro. (secret-service-send-secrets, secret-service-receive-secrets): Use it instead of raw 'format' calls. Ludovic Courtès
2020-09-29services: secret-service: Add initial client/server handshake....This allows the client running on the host to know when it's actually connect to the server running in the guest. Failing that, the client would connect right away to QEMU and send secrets even though the server is not running yet in the guest, which is unreliable. * gnu/build/secret-service.scm (secret-service-send-secrets): Add #:handshake-timeout. Read from SOCK an initial message from the server. Return #f on error. (secret-service-receive-secrets): Send 'secret-service-server' message to the client. Close SOCK upon timeout. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start' method returns #f when 'secret-service-send-secrets' returns #f. Ludovic Courtès
2020-09-29secret-service: Fix file port leak in 'secret-service-send-secrets'....* gnu/build/secret-service.scm (secret-service-send-secrets): Use 'call-with-input-file' instead of 'open-input-file'. Ludovic Courtès
2020-09-29secret-service: Add a timeout when waiting for a client....* gnu/build/secret-service.scm (secret-service-receive-secrets) [wait-for-client]: Call 'select' with a 60s timeout before 'accept'. Return #f upon timeout. [read-secrets]: Return FILES on success. Adjust caller of 'wait-for-client' to handle #f. Ludovic Courtès
2020-09-29secret-service: Clarify the origin of messages....* gnu/build/secret-service.scm (secret-service-send-secrets) (secret-service-receive-secrets): Prefix messages by "secret service". Ludovic Courtès
2020-09-01services: Add secret-service-type....This adds a "secret-service" that can be added to a Childhurd VM to receive out-of-band secrets (keys) sent from the host. Co-authored-by: Ludovic Courtès <ludo@gnu.org> * gnu/services/virtualization.scm (secret-service-activation): New procedure. (secret-service-type): New variable. * gnu/build/secret-service.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Jan (janneke) Nieuwenhuizen