Age | Commit message (Expand) | Author |
2024-02-10 | services: secret-service: Make the endpoint configurable....Until now, the secret service had a hard-coded TCP endpoint on port
1004. This change lets users specify arbitrary socket addresses.
* gnu/build/secret-service.scm (socket-address->string): New procedure,
taken from Shepherd.
(secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust
accordingly.
(secret-service-receive-secrets): Likewise.
* gnu/services/virtualization.scm (secret-service-shepherd-services):
Likewise.
(secret-service-operating-system): Add optional ‘address’ parameter and
honor it. Adjust ‘start’ method accordingly.
Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
| Ludovic Courtès |
2023-10-01 | secret-service: Increase default handshake timeout....* gnu/build/secret-service.scm (secret-service-send-secrets):
Increase #:handshake-timeout.
| Ludovic Courtès |
2023-05-06 | services: dbus-service, secret-service: Do not cause (fibers) to be loaded....* gnu/build/dbus-service.scm (sleep*): Pass #:ensure #f to 'resolve-module'.
* gnu/build/secret-service.scm (wait-for-readable-fd): Likewise.
| Ludovic Courtès |
2022-09-13 | secret-service: Mark sockets as SOCK_CLOEXEC....* gnu/build/secret-service.scm (secret-service-send-secrets)
(secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'.
| Ludovic Courtès |
2022-04-07 | secret-service: Allow cooperative scheduling when Fibers is used....This lets the 'childhurd' service start in the background, letting
shepherd perform other tasks in the meantime, including serving
clients (such as the 'herd' command).
* gnu/build/secret-service.scm (with-modules): New macro.
(wait-for-readable-fd): Add cooperative implementation when Fibers is in
use.
(secret-service-send-secrets): Define 'sleep' so that it cooperates when
Fibers is in use.
| Ludovic Courtès |
2022-04-07 | secret-service: Abstract 'wait-for-readable-fd'....* gnu/build/secret-service.scm (wait-for-readable-fd): New procedure.
(secret-service-send-secrets): Use it instead of 'select'.
| Ludovic Courtès |
2021-12-12 | services: secret-service: Turn into a Shepherd service....* gnu/services/virtualization.scm (secret-service-activation): Remove.
(secret-service-shepherd-services): New procedure.
(secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE
extension. Add SHEPHERD-ROOT-SERVICE-TYPE and
USER-PROCESSES-SERVICE-TYPE extensions.
* gnu/build/secret-service.scm (delete-file*): New procedure.
(secret-service-receive-secrets): Use it.
| Ludovic Courtès |
2020-09-29 | secret-service: Add proper logging procedure and log to syslog....* gnu/build/secret-service.scm (log): New macro.
(secret-service-send-secrets, secret-service-receive-secrets): Use it
instead of raw 'format' calls.
| Ludovic Courtès |
2020-09-29 | services: secret-service: Add initial client/server handshake....This allows the client running on the host to know when it's actually
connect to the server running in the guest. Failing that, the client
would connect right away to QEMU and send secrets even though the server
is not running yet in the guest, which is unreliable.
* gnu/build/secret-service.scm (secret-service-send-secrets): Add
#:handshake-timeout. Read from SOCK an initial message from the
server. Return #f on error.
(secret-service-receive-secrets): Send 'secret-service-server' message
to the client. Close SOCK upon timeout.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start'
method returns #f when 'secret-service-send-secrets' returns #f.
| Ludovic Courtès |
2020-09-29 | secret-service: Fix file port leak in 'secret-service-send-secrets'....* gnu/build/secret-service.scm (secret-service-send-secrets): Use
'call-with-input-file' instead of 'open-input-file'.
| Ludovic Courtès |
2020-09-29 | secret-service: Add a timeout when waiting for a client....* gnu/build/secret-service.scm (secret-service-receive-secrets)
[wait-for-client]: Call 'select' with a 60s timeout before 'accept'.
Return #f upon timeout.
[read-secrets]: Return FILES on success.
Adjust caller of 'wait-for-client' to handle #f.
| Ludovic Courtès |
2020-09-29 | secret-service: Clarify the origin of messages....* gnu/build/secret-service.scm (secret-service-send-secrets)
(secret-service-receive-secrets): Prefix messages by "secret service".
| Ludovic Courtès |
2020-09-01 | services: Add secret-service-type....This adds a "secret-service" that can be added to a Childhurd VM to receive
out-of-band secrets (keys) sent from the host.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (secret-service-activation): New procedure.
(secret-service-type): New variable.
* gnu/build/secret-service.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
| Jan (janneke) Nieuwenhuizen |