From patchwork Mon Aug 31 06:39:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janneke Nieuwenhuizen X-Patchwork-Id: 23839 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0885627BBE5; Mon, 31 Aug 2020 07:40:36 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id EA7C827BBE6 for ; Mon, 31 Aug 2020 07:40:34 +0100 (BST) Received: from localhost ([::1]:41594 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCdUY-0001Ut-H2 for patchwork@mira.cbaines.net; Mon, 31 Aug 2020 02:40:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45916) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kCdU4-0001J7-Al for guix-patches@gnu.org; Mon, 31 Aug 2020 02:40:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39823) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kCdU3-00012F-B7 for guix-patches@gnu.org; Mon, 31 Aug 2020 02:40:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kCdU3-0000QE-9B for guix-patches@gnu.org; Mon, 31 Aug 2020 02:40:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43106] [PATCH v3 2/2] services: childhurd: Support installing secrets from the host. Resent-From: "Jan (janneke) Nieuwenhuizen" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 31 Aug 2020 06:40:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43106 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?utf-8?q?Court=C3=A8s?= , 43106@debbugs.gnu.org Received: via spool by 43106-submit@debbugs.gnu.org id=B43106.15988559871576 (code B ref 43106); Mon, 31 Aug 2020 06:40:03 +0000 Received: (at 43106) by debbugs.gnu.org; 31 Aug 2020 06:39:47 +0000 Received: from localhost ([127.0.0.1]:51367 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdTi-0000PC-ES for submit@debbugs.gnu.org; Mon, 31 Aug 2020 02:39:47 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35778) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCdTW-0000OP-Rm for 43106@debbugs.gnu.org; Mon, 31 Aug 2020 02:39:37 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51266) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCdTR-00011c-Je; Mon, 31 Aug 2020 02:39:25 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=35160 helo=dundal.fritz.box) by fencepost.gnu.org with esmtpa (Exim 4.82) (envelope-from ) id 1kCdTO-0002CR-HZ; Mon, 31 Aug 2020 02:39:25 -0400 From: "Jan (janneke) Nieuwenhuizen" Date: Mon, 31 Aug 2020 08:39:13 +0200 Message-Id: <20200831063913.664-3-janneke@gnu.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200831063913.664-1-janneke@gnu.org> References: <20200831063913.664-1-janneke@gnu.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/system/examples/bare-hurd.tmpl (%hurd-os)[services]: Add secret-service. * gnu/services/virtualization.scm (%hurd-vm-operating-system): Likewise. (hurd-vm-shepherd-service): Use it to install secrets. * doc/guix.texi (The Hurd in a Virtual Machine): Document it. --- doc/guix.texi | 21 ++++++++++ gnu/services/virtualization.scm | 63 ++++++++++++++++++++++++------ gnu/system/examples/bare-hurd.tmpl | 20 +++++----- 3 files changed, 84 insertions(+), 20 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 6206a93857..8a6ab698e6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -25119,6 +25119,7 @@ Return the name of @var{platform}---a string such as @code{"arm"}. @cindex @code{hurd} @cindex the Hurd +@cindex childhurd Service @code{hurd-vm} provides support for running GNU/Hurd in a virtual machine (VM), a so-called ``Childhurd''. The virtual machine is @@ -25191,15 +25192,35 @@ By default, it produces @lisp '("--device" "rtl8139,netdev=net0" "--netdev" "user,id=net0\ + ,hostfwd=tcp:127.0.0.1:-:1004\ ,hostfwd=tcp:127.0.0.1:-:2222\ ,hostfwd=tcp:127.0.0.1:-:5900") @end lisp with forwarded ports @example +: @code{(+ 11004 (* 1000 @var{ID}))} : @code{(+ 10022 (* 1000 @var{ID}))} : @code{(+ 15900 (* 1000 @var{ID}))} @end example +@item @code{secret-root} (default: @code{#f}) +If set, the root directory with out-of-band secrets to be installed into +the childhurd once it runs. Childhurds are volatile which means that on +every startup, secrets such as the SSH host keys and Guix signing key +are recreated. + +Typical use is setting @code{secret-root} to @code{"/etc/childhurd"} +pointing at a tree of non-volatile secrets like so + +@example +/etc/childhurd/etc/guix/signing-key.pub +/etc/childhurd/etc/guix/signing-key.sec +/etc/childhurd/etc/ssh/ssh_host_ed25519_key +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key +/etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub +/etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub +@end example + @end table @end deftp diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 6d6734dcd1..1fa74f815e 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -39,6 +39,7 @@ #:use-module (gnu system) #:use-module (guix derivations) #:use-module (guix gexp) + #:use-module (guix modules) #:use-module (guix monads) #:use-module (guix packages) #:use-module (guix records) @@ -61,7 +62,10 @@ hurd-vm-configuration-options hurd-vm-configuration-id hurd-vm-configuration-net-options + hurd-vm-configuration-secrets + hurd-vm-disk-image + hurd-vm-port hurd-vm-net-options hurd-vm-service-type @@ -846,6 +850,8 @@ can only be accessed by their host."))) (target "/dev/vda") (timeout 0))) (services (cons* + ;; Receive secret keys on port 1004, TCP. + (service secret-service-type 1004) (service openssh-service-type (openssh-configuration (openssh openssh-sans-x) @@ -876,7 +882,9 @@ can only be accessed by their host."))) (default #f)) (net-options hurd-vm-configuration-net-options ;list of string (thunked) - (default (hurd-vm-net-options this-record)))) + (default (hurd-vm-net-options this-record))) + (secret-root hurd-vm-configuration-secret-root ;#f or string + (default #f))) (define (hurd-vm-disk-image config) "Return a disk-image for the Hurd according to CONFIG." @@ -888,15 +896,27 @@ can only be accessed by their host."))) (size disk-size) (operating-system os))))) -(define (hurd-vm-net-options config) +(define (hurd-vm-port config base) + "Return the forwarded vm port for this childhurd config." (let ((id (or (hurd-vm-configuration-id config) 0))) - (define (qemu-vm-port base) - (number->string (+ base (* 1000 id)))) - `("--device" "rtl8139,netdev=net0" - "--netdev" ,(string-append - "user,id=net0" - ",hostfwd=tcp:127.0.0.1:" (qemu-vm-port 10022) "-:2222" - ",hostfwd=tcp:127.0.0.1:" (qemu-vm-port 15900) "-:5900")))) + (+ base (* 1000 id)))) +(define %hurd-vm-secrets-port 11004) +(define %hurd-vm-ssh-port 10022) +(define %hurd-vm-vnc-port 15900) + +(define (hurd-vm-net-options config) + `("--device" "rtl8139,netdev=net0" + "--netdev" + ,(string-append "user,id=net0" + ",hostfwd=tcp:127.0.0.1:" + (number->string (hurd-vm-port config %hurd-vm-secrets-port)) + "-:1004" + ",hostfwd=tcp:127.0.0.1:" + (number->string (hurd-vm-port config %hurd-vm-ssh-port)) + "-:2222" + ",hostfwd=tcp:127.0.0.1:" + (number->string (hurd-vm-port config %hurd-vm-vnc-port)) + "-:5900"))) (define (hurd-vm-shepherd-service config) "Return a for a Hurd in a Virtual Machine with CONFIG." @@ -927,8 +947,29 @@ can only be accessed by their host."))) (string->symbol (number->string id))) provisions) provisions)) - (requirement '(networking)) - (start #~(make-forkexec-constructor #$vm-command)) + (requirement '(loopback networking user-processes)) + (start + (with-imported-modules + (source-module-closure '((gnu build secret-service) + (guix build utils))) + #~(let ((spawn (make-forkexec-constructor #$vm-command))) + (lambda _ + (let ((pid (spawn)) + (port #$(hurd-vm-port config %hurd-vm-secrets-port)) + (root #$(hurd-vm-configuration-secret-root config))) + (and root (directory-exists? root) + (catch #t + (lambda _ + (secret-service-send-secrets port root)) + (lambda (keys . args) + (format (current-error-port) + "failed to send secrets: ~a ~s\n" key args) + (kill pid) + #f)) + pid)))))) + (modules `((gnu build secret-service) + (guix build utils) + ,@%default-modules)) (stop #~(make-kill-destructor)))))) (define hurd-vm-service-type diff --git a/gnu/system/examples/bare-hurd.tmpl b/gnu/system/examples/bare-hurd.tmpl index 414a9379c8..2d00a7c8bb 100644 --- a/gnu/system/examples/bare-hurd.tmpl +++ b/gnu/system/examples/bare-hurd.tmpl @@ -41,14 +41,16 @@ (host-name "guixygnu") (timezone "Europe/Amsterdam") (packages (cons openssh-sans-x %base-packages/hurd)) - (services (cons (service openssh-service-type - (openssh-configuration - (openssh openssh-sans-x) - (use-pam? #f) - (port-number 2222) - (permit-root-login #t) - (allow-empty-passwords? #t) - (password-authentication? #t))) - %base-services/hurd)))) + (services (append (list (service openssh-service-type + (openssh-configuration + (openssh openssh-sans-x) + (use-pam? #f) + (port-number 2222) + (permit-root-login #t) + (allow-empty-passwords? #t) + (password-authentication? #t))) + (service (@@ (gnu services virtualization) + secret-service-type) 5999)) + %base-services/hurd)))) %hurd-os