From patchwork Fri Sep 22 12:54:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54151 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9FE7F27BBEA; Fri, 22 Sep 2023 13:55:04 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id E238B27BBE2 for ; Fri, 22 Sep 2023 13:55:03 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfgL-00012W-HN; Fri, 22 Sep 2023 08:54:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfgJ-00011e-SX for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:51 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfgJ-0007pV-KT for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:51 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfgU-0005gK-0r for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 01/12] system: vm: Remove unused variable. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:55:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538728921722 (code B ref 66156); Fri, 22 Sep 2023 12:55:01 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:49 +0000 Received: from localhost ([127.0.0.1]:35552 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgG-0005eG-Rw for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41038) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgF-0005dw-Sk for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:48 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjffz-0007hz-WB; Fri, 22 Sep 2023 08:54:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=ZGlerw3K7OKiAcIhhspU1FeTNN6FdhrrNcr8HkJE9Fs=; b=HpVJRnTWGvttyIdsfWQs 0WXnFIWkj/fMubKKofh5JroNQGuAsdGfot9X5z0G+YbLYaV+uG7+iSNzkJoOLMDdQNYjw9itO76dH 3CpdESoVtUVXCoDpWLciFUYUDyJ9s2D0RGz4jgHcMF262BU4rujss1gy1hFMUVgnZohhv77JgmHu1 8yAYs60flbGtfTv+vByLGwMGzeMfAPP78sUbl6oAI75ye53oj+Tscqq4keOqWkjyzEmWGI8pVJb94 HGHrCNxs+IFyqL0ZAnIJPpmeOtAHYnyBMe3FnizdZd9Qu5pbBQnM9iJoZMUJRa/brXDRZW7sRvPSp Eoca42KyDLblcQ==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:02 +0200 Message-ID: <02183e2b969d684ab500453bc9bc05834fa366dd.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This is a followup to 05a9d1f378e2e13e8f759be926ea368358afc27c, which removed its sole user. * gnu/system/vm.scm (%linux-vm-file-systems): Remove. (mapping->file-system): Add comment about “cache=loose”. --- gnu/system/vm.scm | 41 ++++++----------------------------------- 1 file changed, 6 insertions(+), 35 deletions(-) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index b7bccd72a4..70f7b00116 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -87,41 +87,6 @@ (define-module (gnu system vm) ;; conservative default. (define %default-msize-value (* 100 (expt 2 20))) ;100 MiB -(define %linux-vm-file-systems - ;; File systems mounted for 'derivation-in-linux-vm'. These are shared with - ;; the host over 9p. - ;; - ;; The 9p documentation says that cache=loose is "intended for exclusive, - ;; read-only mounts", without additional details. It's much faster than the - ;; default cache=none, especially when copying and registering store items. - ;; Thus, use cache=loose, except for /xchg where we want to ensure - ;; consistency. - (list (file-system - (mount-point (%store-prefix)) - (device "store") - (type "9p") - (needed-for-boot? #t) - (flags '(read-only)) - (options (format #f "trans=virtio,cache=loose,msize=~a" - %default-msize-value)) - (check? #f)) - (file-system - (mount-point "/xchg") - (device "xchg") - (type "9p") - (needed-for-boot? #t) - (options (format #f "trans=virtio,msize=~a" %default-msize-value)) - (check? #f)) - (file-system - (mount-point "/tmp") - (device "tmp") - (type "9p") - (needed-for-boot? #t) - (options (format #f "trans=virtio,cache=loose,msize=~a" - %default-msize-value)) - (check? #f)))) - - ;;; ;;; VMs that share file systems with the host. ;;; @@ -145,6 +110,12 @@ (define (mapping->file-system mapping) (device (file-system->mount-tag source)) (type "9p") (flags (if writable? '() '(read-only))) + + ;; The 9p documentation says that cache=loose is "intended for + ;; exclusive, read-only mounts", without additional details. It's + ;; faster than the default cache=none, especially when copying and + ;; registering store items. Thus, use cache=loose, except for writable + ;; mounts, to ensure consistency. (options (string-append "trans=virtio" (if writable? "" ",cache=loose") ",msize=" (number->string %default-msize-value))) From patchwork Fri Sep 22 12:54:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54154 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2568527BBEA; Fri, 22 Sep 2023 13:55:24 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9D0E627BBE9 for ; Fri, 22 Sep 2023 13:55:23 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfgM-000137-1e; Fri, 22 Sep 2023 08:54:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfgK-00011m-C8 for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:52 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfgK-0007pd-49 for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:52 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfgU-0005gR-MV for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 02/12] secret-service: Increase default handshake timeout. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538729521767 (code B ref 66156); Fri, 22 Sep 2023 12:55:02 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:55 +0000 Received: from localhost ([127.0.0.1]:35566 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgM-0005ez-7z for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41048) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgH-0005e0-2s for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg0-0007jW-SL; Fri, 22 Sep 2023 08:54:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=S6ksjGEKu1rbAm5F6Zxr5JjZ9jJP6P4UjdhfQfGluls=; b=JEmPLcS9VZzeV/lWIFi7 abwTLu2K6KfnvUsLTLdWqEW1xZRjvkNgLL6hc1kyyD3Uo15x5atCfd87C2MrxjgNNvboMQCiD1rCp /7TytHm+L/SHp2itOv6nEHbWd71vzUlzmgCbZ3d0EV0s5qoauiIQ3VUxizAjzq0OzVBD+2tqsz6qJ djF1PHbr6WPoo0ppYpIsnzWWBl9y4e8S0Rw+5WB6QxIiAAKiqZ1OvfuUkiJciPDEKTobR5KFgKxBO /H8DNeAvA+MXbfsxX/vTDe795HhkFibNor8vQ5Nrh8LbYj/Mrl8T3GRAEI4JzH9DYotip9MLDP2yP ZI0k+L4os7IffQ==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:03 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/build/secret-service.scm (secret-service-send-secrets): Increase #:handshake-timeout. --- gnu/build/secret-service.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm index c53145c8e7..e13fd4eef3 100644 --- a/gnu/build/secret-service.scm +++ b/gnu/build/secret-service.scm @@ -95,7 +95,7 @@ (define (wait-for-readable-fd port timeout) (define* (secret-service-send-secrets port secret-root #:key (retry 60) - (handshake-timeout 120)) + (handshake-timeout 180)) "Copy all files under SECRET-ROOT using TCP to secret-service listening at local PORT. If connect fails, sleep 1s and retry RETRY times; once connected, wait for at most HANDSHAKE-TIMEOUT seconds for handshake to complete. Return From patchwork Fri Sep 22 12:54:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54150 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AAD7327BBEA; Fri, 22 Sep 2023 13:54:56 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 19B2727BBE2 for ; Fri, 22 Sep 2023 13:54:56 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfgL-00012e-PF; Fri, 22 Sep 2023 08:54:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfgK-00012H-Tm for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:52 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfgK-0007pj-Li for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:52 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfgV-0005gZ-6p for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 03/12] services: hurd-vm: Use the default SSH port number. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:55:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538729521781 (code B ref 66156); Fri, 22 Sep 2023 12:55:03 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:55 +0000 Received: from localhost ([127.0.0.1]:35568 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgM-0005f2-PT for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41056) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgH-0005e1-Jr for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg1-0007ke-No; Fri, 22 Sep 2023 08:54:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=LfFClDoczWd/Q+4rQHflhRVyiL0ipmoliSVo47uOphM=; b=rivVGOroYRe7BkfAaMEC OvSYG25xS0s01+PfhTEVTfDtf2bJjjMMBEl01iG4SGCUzfzYuohkcMoD/nX8FN/mOorZyE2l4kity 8B3hq7suQqlB6azGoJQPIfL88rWezOijh1vjZ86G/m3T0+boJQqLJhgtCFveW/qFdeLwgwpUA7TTf KGnNTc9uMhdCsKJy8jM33qw13WIOjoiuLmyv99pxazRz+wGRYNP+1Bqqh1kLaCmg2MuhmvFVAV/B5 gzFqDgZ4TrtxkAwXwfvM/stftp4zvdnOcsa9vT0OouOpmvSiUY3Tjv9nbC484c74Xjo8to/tCs7Vr 4SvWiKf9jR7Ydg==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:04 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove ‘port-number’ from ‘openssh-configuration’. (hurd-vm-net-options): Change 2222 to 22 in port forwarding. --- gnu/services/virtualization.scm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index e1a206e0eb..fd153dd051 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1078,7 +1078,6 @@ (define %hurd-vm-operating-system (openssh-configuration (openssh openssh-sans-x) (use-pam? #f) - (port-number 2222) (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) @@ -1146,7 +1145,7 @@ (define (hurd-vm-net-options config) "-:1004" ",hostfwd=tcp:127.0.0.1:" (number->string (hurd-vm-port config %hurd-vm-ssh-port)) - "-:2222" + "-:22" ",hostfwd=tcp:127.0.0.1:" (number->string (hurd-vm-port config %hurd-vm-vnc-port)) "-:5900"))) From patchwork Fri Sep 22 12:54:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54152 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8F38F27BBE9; Fri, 22 Sep 2023 13:55:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B9AFA27BBE2 for ; Fri, 22 Sep 2023 13:55:08 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfgN-00014H-P1; Fri, 22 Sep 2023 08:54:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfgL-00012V-Ch for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:53 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfgL-0007pp-4W for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:53 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfgV-0005gg-M3 for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 04/12] gnu: glibc-utf8-locales: Reintroduce input labels. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:55:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538729621789 (code B ref 66156); Fri, 22 Sep 2023 12:55:03 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:56 +0000 Received: from localhost ([127.0.0.1]:35572 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005fG-A6 for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41072) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgJ-0005e4-Dz for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg3-0007lC-HN; Fri, 22 Sep 2023 08:54:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=haTthdaC5trc6FJhl0PHylvd5grmMAlkAhwlWfP3Z98=; b=KfWLKO2Hy9T7aqxeQihx yZSVIGrmGpJKWEO4f04/NIKAico6iaMEmk5nytQd+ShHAEKa/jkdDoJSs7VVR7NFMRQr4XHRvRX8M ymtQF9Hj0x6cZSRXlYIftXPLkzaPzTGoV4fEkwtvZJuUfi/ebVJHyR46/PbXNRPfgktpHe28iBqTt WMXkgceB2qwbjKOH36eEhtqFllX4RmPaDD0OQQHn+ombJssd11cMsleCoSpNRnBK2n5pIYebp5eRb +HivZ59slwPoqVfwRDqo3XS/8hiQCuYD3BjlmE80FlK/GMV1KSybpU15u1h5ycSIBDVBHycdRJ/ci 6+PHkZtF2WVy9w==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:05 +0200 Message-ID: <7f005d58b07c4e577e4eb45f80831f6f4480498c.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Since 2f73ea3487b3bf6eb055c08aae7c53713d61a4d7, ‘make-glibc-utf8-locales’ couldn’t be passed a package with a name other than “glibc” (in particular “glibc-hurd”) since the builder expects the name “glibc” in ‘%build-inputs’. * gnu/packages/base.scm (make-glibc-utf8-locales): Reintroduce labels in ‘native-inputs’. --- gnu/packages/base.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 0b6cb2ddc5..c0813f7de0 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -1382,7 +1382,9 @@ (define*-public (make-glibc-utf8-locales glibc #:key locale ".UTF-8"))) ',locales) #t)))) - (native-inputs (list glibc gzip)) + (native-inputs + `(("glibc" ,glibc) + ("gzip" ,gzip))) (synopsis (if default-locales? (P_ "Small sample of UTF-8 locales") (P_ "Customized sample of UTF-8 locales"))) From patchwork Fri Sep 22 12:54:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54153 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9B6D427BBE2; Fri, 22 Sep 2023 13:55:20 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B5E2527BBE9 for ; Fri, 22 Sep 2023 13:55:18 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfgO-00014a-12; Fri, 22 Sep 2023 08:54:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfgL-00012i-QE for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:53 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfgL-0007pv-I8 for guix-patches@gnu.org; Fri, 22 Sep 2023 08:54:53 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfgW-0005gn-3x for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 05/12] services: guix: Use the right locale package on GNU/Hurd. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:55:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538729721797 (code B ref 66156); Fri, 22 Sep 2023 12:55:04 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:54:57 +0000 Received: from localhost ([127.0.0.1]:35574 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005fO-Kn for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41080) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgK-0005e6-Cl for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg4-0007lk-Fy; Fri, 22 Sep 2023 08:54:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=Y8E+4zulALqHL3vEakC0nXvIb5r/vVsKAsv9l64DTvQ=; b=rk3sBHK1QqFgusxG9jMn vr/M4z0AnXcMUV+RmezpmTq4yncDF4eGJrIOrrksx1ZtSnMTj8deDfJAtw1ra/r9nopKTg4YO0fL3 6xma3JCoL9Nv4xqu0D7P59vZqAMEuy0PxjxBlAC2crwNjPQyza8llcvPsUbF1Z/7Q0QG7KNVDmEy3 PGJa2++U6ebodacCjUrVzsUoC2YrAXPkV5g94CIivnhre4nl42GniOGWTjnd/TbWlFORc9LiOjDqi jFwxRsQSbdub1Ortx2rMh8b9mhXAPx8tMMM1U6sYebpXkabX2oLys65aLWD579/9F/r7nOKzML14Z Fp5TkHXbGJefcg==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:06 +0200 Message-ID: <7646a159c95b899d0d0008d63e1eb98b6b07a218.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Fixes a bug introduced in 0dd293b4d9095137c9952e16ca951f887b7e7018 whereby guix-daemon on GNU/Hurd would have ‘GUIX_LOCPATH’ set to the “wrong” locale data (2.35 instead of 2.37). Consequently, it would fail to setlocale(3) and calls to ‘std::stoi’ (when reading the output of ‘guix authenticate’) would throw, leading to this error message of guix-daemon: unexpected build daemon error: stoi This would manifest when sending store items to a childhurd: $ guix copy --to=localhost:10022 sed guix copy: sending 1 store item (1 MiB) to 'localhost'... guix copy: error: unknown error while sending files over SSH The “unknown error” is the ‘stoi’ exception. This commit fixes that, but for the ‘guix-daemon’ service only. * gnu/services/base.scm (guix-shepherd-service)[locales]: New variable. Use it instead of ‘glibc-utf8-locales’. --- gnu/services/base.scm | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index b3f2d2e8b8..10e0d4cf9d 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -62,8 +62,9 @@ (define-module (gnu services base) util-linux xfsprogs)) #:use-module (gnu packages bash) #:use-module ((gnu packages base) - #:select (coreutils glibc glibc-utf8-locales tar - canonical-package)) + #:select (coreutils glibc glibc/hurd + glibc-utf8-locales make-glibc-utf8-locales + tar canonical-package)) #:use-module ((gnu packages compression) #:select (gzip)) #:use-module (gnu packages fonts) #:autoload (gnu packages guile-xyz) (guile-netlink) @@ -87,6 +88,7 @@ (define-module (gnu services base) #:use-module ((guix self) #:select (make-config.scm)) #:use-module (guix diagnostics) #:use-module (guix i18n) + #:autoload (guix utils) (target-hurd?) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) @@ -1831,6 +1833,12 @@ (define shepherd-discover-action (define (guix-shepherd-service config) "Return a for the Guix daemon service with CONFIG." + (define locales + (let-system (system target) + (if (target-hurd? (or target system)) + (make-glibc-utf8-locales glibc/hurd) + glibc-utf8-locales))) + (match-record config (guix build-group build-accounts authorize-key? authorized-keys use-substitutes? substitute-urls max-silent-time timeout @@ -1912,8 +1920,7 @@ (define (guix-shepherd-service config) ;; 'nss-certs'. See ;; . (string-append "GUIX_LOCPATH=" - #$glibc-utf8-locales - "/lib/locale") + #$locales "/lib/locale") "LC_ALL=en_US.utf8" ;; Make 'tar' and 'gzip' available so ;; that 'guix perform-download' can use From patchwork Fri Sep 22 12:54:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54156 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AE78227BBEC; Fri, 22 Sep 2023 13:56:24 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5077E27BBE2 for ; Fri, 22 Sep 2023 13:56:20 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0001Nv-Aj; Fri, 22 Sep 2023 08:55:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfhH-0001NP-TN for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:51 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfhH-0008At-Kg for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:51 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfhS-0005is-5S for guix-patches@gnu.org; Fri, 22 Sep 2023 08:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 06/12] services: guix: Support declarative offloading setup. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538731121892 (code B ref 66156); Fri, 22 Sep 2023 12:56:02 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:11 +0000 Received: from localhost ([127.0.0.1]:35589 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgc-0005h0-Ig for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41096) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgL-0005e7-9K for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:53 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg5-0007mD-CX; Fri, 22 Sep 2023 08:54:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=IUpl87JnzSpapiHtxjjagb3VgMXMf/2W4r89ek4yA/k=; b=aJaobxCTTJwJS07gfDsB VR5wZc9PSNk+2LmyGwGEwBG3sTRZQi7AT2JxjNhgrDKtVEmZzjPShk/vYdWZuN26DumfIZibBCjNO tGEkCiVlLlfl+KKo70AXNkKGYsFpcD7nPiXUHwQVYgVotjz18tw3rD1niGnMps5ypBBQd4V+Y4Js+ KBl5VW4z/fgmoNg4lK1f/fj7/aDVkBAHSTtZVN7THBBSXDpSveJf6s39rrRaHCWEOAyjN+iLWHFqa vjNRaaM2Qz+/nvfBwQSUBQai35hMauEEqsuME9z7lGkMKGGBq6e1QXfZeSNJkSeKCQJfJ+iUu3a+z MCj/ef8SXCz1KQ==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:07 +0200 Message-ID: <733d12daff33a35bceaf6d36346a5a3ddd8faa0d.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/base.scm (guix-machines-files-installation): New procedure. ()[build-machines]: New field. (guix-activation): Call ‘ guix-machines-files-installation’. ()[build-machines]: New field. (guix-extension-merge): Handle it. (guix-service-type)[extend]: Likewise. * doc/guix.texi (Daemon Offload Setup): Add note linking to ‘guix-configuration’. (Base Services): Document ‘build-machines’ field of and of . (Virtualization Services): Add ‘hurd-vm’ anchor. --- doc/guix.texi | 42 +++++++++++++++++++++++++++++++++++++++++- gnu/services/base.scm | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 50c4984d71..ca48d6c404 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1484,6 +1484,14 @@ Daemon Offload Setup @end table @end deftp +@quotation Note +On Guix System, instead of managing @file{/etc/guix/machines.scm} +independently, you can choose to specify build machines directly in the +@code{operating-system} declaration, in the @code{build-machines} field +of @code{guix-configuration}. @xref{guix-configuration-build-machines, +@code{build-machines} field of @code{guix-configuration}}. +@end quotation + The @command{guix} command must be in the search path on the build machines. You can check whether this is the case by running: @@ -19259,6 +19267,28 @@ Base Services Whether to discover substitute servers on the local network using mDNS and DNS-SD. +@anchor{guix-configuration-build-machines} +@item @code{build-machines} (default: @code{#f}) +This field must be either @code{#f} or a list of gexps evaluating to a +@code{build-machine} record (@pxref{Daemon Offload Setup}). + +When it is @code{#f}, the @file{/etc/guix/machines.scm} file is left +untouched. Otherwise, the list of of gexps is written to +@file{/etc/guix/machines.scm}; if a previously-existing file is found, +it is backed up as @file{/etc/guix/machines.scm.bak}. This allows you +to declare build machines for offloading directly in the operating +system declaration, like so: + +@lisp +(guix-configuration + (build-machines + (list #~(build-machine (name "foo.example.org") @dots{}) + #~(build-machine (name "bar.example.org") @dots{})))) +@end lisp + +Additional build machines may be added @i{via} the @code{guix-extension} +mechanism (see below). + @item @code{extra-options} (default: @code{'()}) List of extra command-line options for @command{guix-daemon}. @@ -19296,7 +19326,6 @@ Base Services @end deftp @deftp {Data Type} guix-extension - This data type represents the parameters of the Guix build daemon that are extendable. This is the type of the object that must be used within a guix service extension. @@ -19309,6 +19338,16 @@ Base Services @item @code{substitute-urls} (default: @code{'()}) A list of strings where each element is a substitute URL. +@item @code{build-machines} (default: @code{'()}) +A list of gexps that evaluate to @code{build-machine} records +(@pxref{Daemon Offload Setup}). + +Using this field, a service may add new build machines to receive builds +offloaded by the daemon. This is useful for a service such as +@code{hurd-vm-service-type}, which can make a GNU/Hurd virtual machine +directly usable for offloading (@pxref{hurd-vm, +@code{hurd-vm-service-type}}). + @item @code{chroot-directories} (default: @code{'()}) A list of file-like objects or strings pointing to additional directories the build daemon can use. @end table @@ -35650,6 +35689,7 @@ Virtualization Services @end deftp +@anchor{hurd-vm} @subsubheading The Hurd in a Virtual Machine @cindex @code{hurd} diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 10e0d4cf9d..98d59fd36d 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1743,6 +1743,31 @@ (define %default-authorized-guix-keys (list (file-append guix "/share/guix/berlin.guix.gnu.org.pub") (file-append guix "/share/guix/bordeaux.guix.gnu.org.pub"))) +(define (guix-machines-files-installation machines) + "Return a gexp to install MACHINES, a list of gexps, as +/etc/guix/machines.scm, which is used for offloading." + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (define machines-file + "/etc/guix/machines.scm") + + ;; If MACHINES-FILE already exists, move it out of the way. + ;; Create a backup if it's a regular file: it's likely that the + ;; user manually updated it. + (if (file-exists? machines-file) + (if (and (symbolic-link? machines-file) + (store-file-name? (readlink machines-file))) + (delete-file machines-file) + (rename-file machines-file + (string-append machines-file ".bak"))) + (mkdir-p (dirname machines-file))) + + ;; Installed the declared machines file. + (symlink #+(scheme-file "machines.scm" machines) + machines-file)))) + (define-record-type* guix-configuration make-guix-configuration guix-configuration? @@ -1780,6 +1805,8 @@ (define-record-type* (default #f)) (tmpdir guix-tmpdir ;string | #f (default #f)) + (build-machines guix-build-machines ;list of gexps | #f + (default #f)) (environment guix-configuration-environment ;list of strings (default '()))) @@ -1965,8 +1992,15 @@ (define (guix-activation config) (system* #$(file-append guix "/bin/guix") "archive" "--generate-key")) + ;; Optionally install /etc/guix/acl... #$(if authorize-key? (substitute-key-authorization authorized-keys guix) + #~#f) + + ;; ... and /etc/guix/machines.scm. + #$(if (guix-build-machines config) + (guix-machines-files-installation + #~(list #$@(guix-build-machines config))) #~#f)))) (define-record-type* @@ -1976,6 +2010,8 @@ (define-record-type* (default '())) (substitute-urls guix-extension-substitute-urls ;list of strings (default '())) + (build-machines guix-extension-build-machines ;list of gexps + (default '())) (chroot-directories guix-extension-chroot-directories ;list of file-like/strings (default '()))) @@ -1985,6 +2021,8 @@ (define (guix-extension-merge a b) (guix-extension-authorized-keys b))) (substitute-urls (append (guix-extension-substitute-urls a) (guix-extension-substitute-urls b))) + (build-machines (append (guix-extension-build-machines a) + (guix-extension-build-machines b))) (chroot-directories (append (guix-extension-chroot-directories a) (guix-extension-chroot-directories b))))) @@ -2008,6 +2046,11 @@ (define guix-service-type (guix-configuration-authorized-keys config))) (substitute-urls (append (guix-extension-substitute-urls extension) (guix-configuration-substitute-urls config))) + (build-machines + (and (or (guix-build-machines config) + (pair? (guix-extension-build-machines extension))) + (append (or (guix-build-machines config) '()) + (guix-extension-build-machines extension)))) (chroot-directories (append (guix-extension-chroot-directories extension) (guix-configuration-chroot-directories config)))))) From patchwork Fri Sep 22 12:54:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54157 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 445EF27BBEC; Fri, 22 Sep 2023 13:56:29 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5356327BBEA for ; Fri, 22 Sep 2023 13:56:22 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0001Nx-CO; Fri, 22 Sep 2023 08:55:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfhI-0001NW-9U for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:52 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfhI-0008B1-1I for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:52 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfhS-0005j1-Ji for guix-patches@gnu.org; Fri, 22 Sep 2023 08:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 07/12] services: childhurd: Authorize the =?utf-8?q?childhurd=E2=80=99s?= key on the host. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538731221901 (code B ref 66156); Fri, 22 Sep 2023 12:56:02 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:12 +0000 Received: from localhost ([127.0.0.1]:35591 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgd-0005h3-L4 for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41108) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgM-0005eI-5A for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:54 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg6-0007nH-8U; Fri, 22 Sep 2023 08:54:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=F8/ITNybdKENRcRhPNVo7d37tSrUe4l7QUIGWPatBPc=; b=Sq+6AsE2Lj+i33o1BBfm m0l5bSfMIeDGm5U0veBnWCoNljRyxFDvK18vGExQqd2Ii44Ui1C/uXlvKyuq3Pn2sIjSrivJmLiWd jOZIdj8K46Ro3RHtF4Aj6hoxI2tadvDrbO2wARkP2nd/aJIJB9YmAVriO+RhRvDDVCZ/lNSFJtJyF sTzm+uaKCWW8mIyvvEPbe5aNaeFM21XM0HFSxXJTGEJ9pruWYYF90RBitr/WWHLxAxFPIFEMTEB/J h9qD1z7UxcPrtaofgyXdskpRvxABg8Jn3CaVAF4DM1qnDEnW9ldDm3dAX3hM6lmkgNPLPFgvf43Yt +99g+tux90P8rg==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:08 +0200 Message-ID: <0f2ebabd36558e2f660e4f1037a3c0a7f77f53d5.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This partly automates setting up a childhurd for offloading purposes. * gnu/services/virtualization.scm (authorize-guest-substitutes-on-host): New procedure. (hurd-vm-activation): Use it. --- gnu/services/virtualization.scm | 51 ++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index fd153dd051..ca000f5d28 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -28,6 +28,7 @@ (define-module (gnu services virtualization) #:use-module (gnu image) #:use-module (gnu packages admin) #:use-module (gnu packages gdb) + #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu packages package-management) #:use-module (gnu packages ssh) #:use-module (gnu packages virtualization) @@ -50,6 +51,7 @@ (define-module (gnu services virtualization) #:use-module (guix records) #:use-module (guix store) #:use-module (guix utils) + #:autoload (guix self) (make-config.scm) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -1271,6 +1273,50 @@ (define (initialize-hurd-vm-substitutes) (program-file "initialize-hurd-vm-substitutes" run)) +(define (authorize-guest-substitutes-on-host) + "Return a program that authorizes the guest's archive signing key (passed as +an argument) on the host." + (define not-config? + (match-lambda + ('(guix config) #f) + (('guix _ ...) #t) + (('gnu _ ...) #t) + (_ #f))) + + (define run + (with-extensions (list guile-gcrypt) + (with-imported-modules `(((guix config) => ,(make-config.scm)) + ,@(source-module-closure + '((guix pki) + (guix build utils)) + #:select? not-config?)) + #~(begin + (use-modules (ice-9 match) + (ice-9 textual-ports) + (gcrypt pk-crypto) + (guix pki) + (guix build utils)) + + (match (command-line) + ((_ guest-config-directory) + (let ((guest-key (string-append guest-config-directory + "/signing-key.pub"))) + (if (file-exists? guest-key) + ;; Add guest key to the host's ACL. + (let* ((key (string->canonical-sexp + (call-with-input-file guest-key + get-string-all))) + (acl (public-keys->acl + (cons key (acl->public-keys (current-acl)))))) + (with-atomic-file-replacement %acl-file + (lambda (_ port) + (write-acl acl port)))) + (format (current-error-port) + "warning: guest key missing from '~a'~%" + guest-key))))))))) + + (program-file "authorize-guest-substitutes-on-host" run)) + (define (hurd-vm-activation config) "Return a gexp to activate the Hurd VM according to CONFIG." (with-imported-modules '((guix build utils)) @@ -1294,7 +1340,10 @@ (define (hurd-vm-activation config) (unless (file-exists? guix-directory) (invoke #$(initialize-hurd-vm-substitutes) - guix-directory))))) + guix-directory)) + + ;; Authorize the archive signing key from GUIX-DIRECTORY in the host. + (invoke #$(authorize-guest-substitutes-on-host) guix-directory)))) (define hurd-vm-service-type (service-type From patchwork Fri Sep 22 12:54:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54159 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id BB01D27BBEB; Fri, 22 Sep 2023 13:56:37 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9435F27BBEA for ; Fri, 22 Sep 2023 13:56:32 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfhN-0001Pn-Gz; Fri, 22 Sep 2023 08:55:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0001O9-Sv for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:53 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0008BS-Kc for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:53 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfhU-0005jU-6r for guix-patches@gnu.org; Fri, 22 Sep 2023 08:56:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 08/12] services: hurd-vm: =?utf-8?b?4oCYaW1hZ2U=?= =?utf-8?b?4oCZ?= field has to be an record. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:56:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538733021954 (code B ref 66156); Fri, 22 Sep 2023 12:56:04 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:30 +0000 Received: from localhost ([127.0.0.1]:35599 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgv-0005hw-BG for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41118) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgN-0005ea-3S for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg7-0007nW-65; Fri, 22 Sep 2023 08:54:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=tyLy0lQfDi/ivo0oyExa9j0PWTGiBCNaTJYJKER3804=; b=q/iw6oOuAUDlMmKrZoO4 sGE2gV+Pm8lmgZTEM0kIT4PsaCAOCPFB24+2zaFk0zBxou1hKkEMJmYvrLJk9d/eDc1X3wARboYNQ sSJc1RysM23KvPL13AsrP5LLZchXl6JO8Y7Qmra5VF40FNHyNEHZHyVMW0/YuEKjtJP32wkPqifxS WQItxJshE8QQtsSR+Pz1hdisD6sPmLT50Gbx0tyjq91KJEsKXhBbfo7aeGaEko1Xgcyzsp1+DcpaI S51mLvM6S0/n2ZISH6ZaAMwQBmVDrmgoGdprS6yHA0CkQWyuGDPIXBy7iMnPor1hx/dh03kvknyTg mqzebjM+4uWz8g==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:09 +0200 Message-ID: <5140f6c61c7b377f97b6ff5d85ae31931c9f9b24.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/virtualization.scm ()[image]: Document as being an record. (hurd-vm-disk-image): Remove call to ‘system-image’. (hurd-vm-shepherd-service): Add call to ‘system-image’. * gnu/tests/virtualization.scm (hurd-vm-disk-image-raw): Remove call to ‘system-image’. * doc/guix.texi (Virtualization Services): Adjust accordingly. --- doc/guix.texi | 4 ++-- gnu/services/virtualization.scm | 9 ++++----- gnu/tests/virtualization.scm | 11 +++++------ 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index ca48d6c404..472e2e0958 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35766,8 +35766,8 @@ Virtualization Services The QEMU package to use. @item @code{image} (default: @var{hurd-vm-disk-image}) -The procedure used to build the disk-image built from this -configuration. +The image object representing the disk image of this virtual machine +(@pxref{System Images}). @item @code{disk-size} (default: @code{'guess}) The size of the disk image. diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index ca000f5d28..258b503461 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1101,7 +1101,7 @@ (define-record-type* (default %hurd-vm-operating-system)) (qemu hurd-vm-configuration-qemu ;file-like (default qemu-minimal)) - (image hurd-vm-configuration-image ;string + (image hurd-vm-configuration-image ; (thunked) (default (hurd-vm-disk-image this-record))) (disk-size hurd-vm-configuration-disk-size ;number or 'guess @@ -1126,9 +1126,8 @@ (define (hurd-vm-disk-image config) (disk-size (hurd-vm-configuration-disk-size config)) (type (lookup-image-type-by-name 'hurd-qcow2)) (os->image (image-type-constructor type))) - (system-image - (image (inherit (os->image os)) - (size disk-size))))) + (image (inherit (os->image os)) + (size disk-size)))) (define (hurd-vm-port config base) "Return the forwarded vm port for this childhurd config." @@ -1170,7 +1169,7 @@ (define (hurd-vm-shepherd-service config) "-m" (number->string #$memory-size) #$@net-options #$@options - "--hda" #+image + "--hda" #+(system-image image) ;; Cause the service to be respawned if the guest ;; reboots (it can reboot for instance if it did not diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 73c8099b79..41253968e9 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -230,12 +230,11 @@ (define (hurd-vm-disk-image-raw config) (let ((os ((@@ (gnu services virtualization) secret-service-operating-system) (hurd-vm-configuration-os config))) (disk-size (hurd-vm-configuration-disk-size config))) - (system-image - (image - (inherit hurd-disk-image) - (format 'disk-image) - (size disk-size) - (operating-system os))))) + (image + (inherit hurd-disk-image) + (format 'disk-image) + (size disk-size) + (operating-system os)))) (define %childhurd-os (simple-operating-system From patchwork Fri Sep 22 12:54:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54161 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 27FB827BBE2; Fri, 22 Sep 2023 13:56:40 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id CE79D27BBE9 for ; Fri, 22 Sep 2023 13:56:38 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfhK-0001OE-0g; Fri, 22 Sep 2023 08:55:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0001Nr-1K for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:53 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfhI-0008BG-PN for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:52 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfhT-0005jF-Bm for guix-patches@gnu.org; Fri, 22 Sep 2023 08:56:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 09/12] tests: hurd-vm: Remove custom disk image configuration. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:56:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538732821939 (code B ref 66156); Fri, 22 Sep 2023 12:56:03 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:28 +0000 Received: from localhost ([127.0.0.1]:35595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgf-0005hM-BK for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50932) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005ei-UI for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg8-0007oA-30; Fri, 22 Sep 2023 08:54:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=zVxSiWmiS2cjF7P9JxuvGUvSz261vLrhyVQvNxIQH74=; b=BhclJqNVPcIFSuLwaqJ/ KBhzokKielDRZNsZlSqNSqlUhclqfccZzbVJjtmcBwi6yWRRTIorgy+mt+rNwg34lIoRwfDzwIgXm 37bY7yCcYfHscwPCWWuJC8Abzc4QB0vl+ogLf/QiH8HT9hV18UlSfHoJMi8j1h4eMzgc6UNy0k/Bw aSVrdjyyDB6VgguHRR1ZQRZ9k5mZPCc/yNpxtKkoNyt4ms6MRqJS9XCFYPqW/oNIjYn3u+66EFRTX BNRZ2Q36CbRz9KIi3eV4McBXv6LzYhZ/valnFbafEAVkNgdG3X/pR6NNzFpLmlG7SNNNYLDD/9MWc F6xAGPcuOPqPdQ==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:10 +0200 Message-ID: <9dfb8d083002c9f6a6252a13a422420dc9c8ab73.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This was added in 18e76f89055f25f015fadb7c999b410f38a88cc6. Presumably, the problem was that using compressed QCOW2 images makes the childhurd slower, so it’s eventually marked as failing to start. By enabling KVM inside the Guix System VM, we allow the childhurd to run on KVM, which compensates the slowdown due to the use of a compressed image. * gnu/tests/virtualization.scm (hurd-vm-disk-image-raw): Remove. (%childhurd-os): Use default config for ‘hurd-vm-service-type’. (run-childhurd-test)[test]: Pass “-cpu host” to the run-vm script. --- gnu/tests/virtualization.scm | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 41253968e9..9e7928703e 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -225,23 +225,10 @@ (define %test-qemu-guest-agent ;;; GNU/Hurd virtual machines, aka. childhurds. ;;; -;; Copy of `hurd-vm-disk-image', using plain disk-image for test -(define (hurd-vm-disk-image-raw config) - (let ((os ((@@ (gnu services virtualization) secret-service-operating-system) - (hurd-vm-configuration-os config))) - (disk-size (hurd-vm-configuration-disk-size config))) - (image - (inherit hurd-disk-image) - (format 'disk-image) - (size disk-size) - (operating-system os)))) - (define %childhurd-os (simple-operating-system (service dhcp-client-service-type) - (service hurd-vm-service-type - (hurd-vm-configuration - (image (hurd-vm-disk-image-raw this-record)))))) + (service hurd-vm-service-type))) (define (run-childhurd-test) (define os @@ -292,7 +279,10 @@ (define (run-childhurd-test) (ice-9 match)) (define marionette - (make-marionette (list #$vm))) + ;; Emulate the host CPU so that KVM is available inside as well + ;; ("nested KVM"), provided + ;; /sys/module/kvm_intel/parameters/nested (or similar) allows it. + (make-marionette (list #$vm "-cpu" "host"))) (test-runner-current (system-test-runner #$output)) (test-begin "childhurd") From patchwork Fri Sep 22 12:54:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54155 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id CD31327BBE2; Fri, 22 Sep 2023 13:56:13 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C942C27BBE9 for ; Fri, 22 Sep 2023 13:56:08 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0001O6-Um; Fri, 22 Sep 2023 08:55:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfhI-0001Nf-LU for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:52 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfhI-0008B8-DQ for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:52 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfhS-0005j8-VG for guix-patches@gnu.org; Fri, 22 Sep 2023 08:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 10/12] services: hurd-vm: Disable password-based authentication for root. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538731321912 (code B ref 66156); Fri, 22 Sep 2023 12:56:02 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:13 +0000 Received: from localhost ([127.0.0.1]:35593 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfge-0005hC-EH for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50938) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgO-0005ej-UI for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg8-0007oC-Vp; Fri, 22 Sep 2023 08:54:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=OcHqeEYET742kbyA1nLhJB1CYXuKwjrA2DAtXQyIPAs=; b=E3Y0GPepdhAPV5LLeAdr nomQFxgIAydN+VXhEyFT75pLqvIAMcCCo/u8154o6lnVIetAqCosrpag2Nnyi3oAJPrqL3DgXG9d/ GDDDXf1EfV6VU7bEBIOZF5x+ko7N2c0oqVr6YdF/8z9ESLVpZCgsZsFY0B7Nj40UchtDM3p4GMkxL HLs0KRoCrWzE8hYoJcD8oizEPb+pL43TENBqBOksyfUpqaMBckWkmGdmIwBAYHkEKLAzU+DbY2Dzk as7DikVb0EjakpmRGLHRIflv3ngTmpMNi1PEdh+YCh0FLNh9AsVirczeqG6sVBRvbkmbz1KyT6yXt 2jf74csk2n/obw==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:11 +0200 Message-ID: <6e196f23d37629348018a5e63b9701998c7453e5.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches With offloading to a childhurd is enabled, allowing password-less root login in the childhurd to anyone amounts to providing write access to the host’s store to anyone. Thus, disable password-based root logins in the childhurd. * gnu/services/virtualization.scm (%hurd-vm-operating-system): Change ‘permit-root-login’ to 'prohibit-password. * gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’ field for ‘hurd-vm-configuration’. * doc/guix.texi (Virtualization Services): Remove mention of password-less root login. --- doc/guix.texi | 5 ----- gnu/services/virtualization.scm | 2 +- gnu/tests/virtualization.scm | 15 ++++++++++++++- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 472e2e0958..95f29a2d19 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35718,11 +35718,6 @@ Virtualization Services The default configuration (see @code{hurd-vm-configuration} below) spawns a secure shell (SSH) server in your GNU/Hurd system, which QEMU (the virtual machine emulator) redirects to port 10222 on the host. -Thus, you can connect over SSH to the childhurd with: - -@example -ssh root@@localhost -p 10022 -@end example The childhurd is volatile and stateless: it starts with a fresh root file system every time you restart it. By default though, all the files diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 258b503461..930c2ce702 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -1080,7 +1080,7 @@ (define %hurd-vm-operating-system (openssh-configuration (openssh openssh-sans-x) (use-pam? #f) - (permit-root-login #t) + (permit-root-login 'prohibit-password) (allow-empty-passwords? #t) (password-authentication? #t))) diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 9e7928703e..599e58edf0 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -31,6 +31,7 @@ (define-module (gnu tests virtualization) #:use-module (gnu services) #:use-module (gnu services dbus) #:use-module (gnu services networking) + #:use-module (gnu services ssh) #:use-module (gnu services virtualization) #:use-module (gnu packages ssh) #:use-module (gnu packages virtualization) @@ -228,7 +229,19 @@ (define %test-qemu-guest-agent (define %childhurd-os (simple-operating-system (service dhcp-client-service-type) - (service hurd-vm-service-type))) + (service hurd-vm-service-type + (hurd-vm-configuration + ;; Allow root login with an empty password to simplify the test + ;; below. + (os (operating-system + (inherit %hurd-vm-operating-system) + (services + (modify-services (operating-system-user-services + %hurd-vm-operating-system) + (openssh-service-type + config => (openssh-configuration + (inherit config) + (permit-root-login #t))))))))))) (define (run-childhurd-test) (define os From patchwork Fri Sep 22 12:54:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54158 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 4F41527BBEC; Fri, 22 Sep 2023 13:56:33 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D1B2127BBE2 for ; Fri, 22 Sep 2023 13:56:28 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfhL-0001PU-7P; Fri, 22 Sep 2023 08:55:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0001O1-I5 for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:53 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfhJ-0008BM-9r for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:53 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfhT-0005jN-Ro for guix-patches@gnu.org; Fri, 22 Sep 2023 08:56:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 11/12] doc: Give an example showing how to add an account in the childhurd. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:56:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538732921947 (code B ref 66156); Fri, 22 Sep 2023 12:56:03 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:29 +0000 Received: from localhost ([127.0.0.1]:35597 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgu-0005ho-IU for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50940) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgP-0005el-Rh for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfg9-0007oT-Tj; Fri, 22 Sep 2023 08:54:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=pUjrXJUX9eKGtGm587eZct8sK4fKXFTJ2Xtdr9fLHro=; b=RkZADcjAvy/8WGhG2FXe EwR9lUuCLcH3RYFJOW8MMZw7NNcmbqwYrmyQ4riSCaQtZhubpGXM5f6HHP1Myf2IaSnz/cxsYrrze 3LWpoyDUlFPSXMugrmtcpURTsN3wJJTZMyOlljFoLQSFCaXNQeqFvAgyJ+g3D2DIHlWcxHpvwfU8r rW2EVu9xJ5LygRyMGxozkkcZDxBM5qUzXNPQmTiw84fWwuFFiUy3y9OLbqVodriIO2MA9DGV6Pgpz 3aQQGo0dAuUtfkurdX3JyorVtRDzqYup3CFmqe3yCgON3/V8X3Y+VH5mWjrNBm6Wm+zF2VjLecJGf 194M3ZN5hBueNg==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:12 +0200 Message-ID: <1968705cf32f300e0874c69284c8222386d9dbc4.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix.texi (Virtualization Services): Give an example showing how to add an account. --- doc/guix.texi | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 95f29a2d19..53b0ebd1db 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35727,6 +35727,57 @@ Virtualization Services substitute keys, and so on---see the explanation of @code{secret-root} below. +You will probably find it useful to create an account for you in the +GNU/Hurd virtual machine and to authorize logins with your SSH key. To +do that, you can define the GNU/Hurd system in the usual way +(@pxref{Using the Configuration System}), and then pass that operating +system as the @code{os} field of @code{hurd-vm-configuration}, as in +this example: + +@lisp +(define childhurd-os + ;; Definition of my GNU/Hurd system, derived from the default one. + (operating-system + (inherit %hurd-vm-operating-system) + + ;; Add a user account. + (users (cons (user-account + (name "charlie") + (comment "This is me!") + (group "users") + (supplementary-groups '("wheel"))) ;for 'sudo' + %base-user-accounts)) + + (services + ;; Modify the SSH configuration to allow login as "root" + ;; and as "charlie" using public key authentication. + (modify-services (operating-system-user-services + %hurd-vm-operating-system) + (openssh-service-type + config => (openssh-configuration + (inherit config) + (authorized-keys + `(("root" + ,(local-file + "/home/charlie/.ssh/id_rsa.pub")) + ("charlie" + ,(local-file + "/home/charlie/.ssh/id_rsa.pub")))))))))) + +(operating-system + ;; @dots{} + (services + ;; Add the 'hurd-vm' service, configured to use the + ;; operating system configuration above. + (append (list (service hurd-vm-service-type + (hurd-vm-configuration + (os %childhurd-os)))) + %base-services))) +@end lisp + +That's it! The remainder of this section provides the reference of the +service configuration. + @defvar hurd-vm-service-type This is the type of the Hurd in a Virtual Machine service. Its value must be a @code{hurd-vm-configuration} object, which specifies the From patchwork Fri Sep 22 12:54:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 54160 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C694627BBEA; Fri, 22 Sep 2023 13:56:39 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 48A1F27BBE2 for ; Fri, 22 Sep 2023 13:56:35 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qjfhN-0001Pm-AB; Fri, 22 Sep 2023 08:55:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfhK-0001Oh-Br for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:54 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qjfhK-0008BZ-31 for guix-patches@gnu.org; Fri, 22 Sep 2023 08:55:54 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qjfhU-0005jb-LY for guix-patches@gnu.org; Fri, 22 Sep 2023 08:56:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#66156] [PATCH 12/12] services: hurd-vm: Implement zero-configuration offloading. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Sep 2023 12:56:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66156 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 66156@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= Received: via spool by 66156-submit@debbugs.gnu.org id=B66156.169538733121961 (code B ref 66156); Fri, 22 Sep 2023 12:56:04 +0000 Received: (at 66156) by debbugs.gnu.org; 22 Sep 2023 12:55:31 +0000 Received: from localhost ([127.0.0.1]:35601 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgw-0005i3-0m for submit@debbugs.gnu.org; Fri, 22 Sep 2023 08:55:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50948) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qjfgQ-0005er-Nt for 66156@debbugs.gnu.org; Fri, 22 Sep 2023 08:54:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qjfgA-0007ol-RG; Fri, 22 Sep 2023 08:54:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=maO3OuiPFv95+j8j3MSQsCmAerMER+/gdIg9As0d1Eo=; b=N/ICV8ilWfWMosQViGqy RKvvronwNqqfVyz5ojNDUpdaIKhfFraoeR2TDQk1LW5WcPuEQzbWYJ4E0ZI+oipHJbMsPJVqvOen9 01sgwWRZxOHvEGrrq62jZ+cq38Dfrs4fT7Z+as+Ml2vFvxCwJ/Y3Qdf0NNxUFCpN56K9cb/kiRwBF OlnVnzP5Zn8qla7KrRqrqhimuETOPyt/cPw1+CoJQ7eCETbv5ms4tzXKTPLgniLxYhuOd6LjS+i/k b5xff3pkZ/Q3itvM622GkCFFIORQUyBH5AZJ3AmfGnBJOUnNdlzjg4N8xaMZ4uC3oJzzLvBK6T1UC FuOw5w/2K8xKSQ==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 22 Sep 2023 14:54:13 +0200 Message-ID: <9cbf81703f0f37606a30a19ce1fa30eb1a533feb.1695386493.git.ludo@gnu.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This allows for zero-configuration offloading to a childhurd. * gnu/services/virtualization.scm (operating-system-with-offloading-account): New procedure. ()[offloading?]: New field. (hurd-vm-disk-image): Define ‘transform’ and use it. (hurd-vm-activation): Generate SSH key for user ‘offloading’ and add authorize it via /etc/childhurd/etc/ssh/authorized_keys.d. (hurd-vm-configuration-offloading-ssh-key) (hurd-vm-guix-extension): New procedures. (hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension. * gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New procedure. [os]: Add (gnu build install) and its closure to #:import-modules. [test]: Add “copy-on-write store” and “offloading” tests. * doc/guix.texi (Virtualization Services): Document it. --- doc/guix.texi | 71 +++++++++++++++---------- gnu/services/virtualization.scm | 92 +++++++++++++++++++++++++++++++-- gnu/tests/virtualization.scm | 38 +++++++++++++- 3 files changed, 169 insertions(+), 32 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 53b0ebd1db..35da58e59f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35718,6 +35718,15 @@ Virtualization Services The default configuration (see @code{hurd-vm-configuration} below) spawns a secure shell (SSH) server in your GNU/Hurd system, which QEMU (the virtual machine emulator) redirects to port 10222 on the host. +By default, the service enables @dfn{offloading} such that the host +@code{guix-daemon} automatically offloads GNU/Hurd builds to the +childhurd (@pxref{Daemon Offload Setup}). This is what happens when +running a command like the following one, where @code{i586-gnu} is the +system type of 32-bit GNU/Hurd: + +@example +guix build emacs-minimal -s i586-gnu +@end example The childhurd is volatile and stateless: it starts with a fresh root file system every time you restart it. By default though, all the files @@ -35851,6 +35860,41 @@ Virtualization Services @var{vnc-port}: @code{(+ 15900 (* 1000 @var{ID}))} @end example +@cindex childhurd, offloading +@cindex Hurd, offloading +@item @code{offloading?} (default: @code{#t}) +Whether to automatically set up offloading of builds to the childhurd. + +When enabled, this lets you run GNU/Hurd builds on the host and have +them transparently offloaded to the VM, for instance when running a +command like this: + +@example +guix build coreutils -s i586-gnu +@end example + +This option automatically sets up offloading like so: + +@enumerate +@item +Authorizing the childhurd's key on the host so that the host accepts +build results coming from the childhurd, which can be done like so +(@pxref{Invoking guix archive, @command{guix archive --authorize}}, for +more on that). + +@item +Creating a user account called @code{offloading} dedicated to offloading +in the childhurd. + +@item +Creating an SSH key pair on the host and making it an authorized key of +the @code{offloading} account in the childhurd. + +@item +Adding the childhurd to @file{/etc/guix/machines.scm} (@pxref{Daemon +Offload Setup}). +@end enumerate + @item @code{secret-root} (default: @file{/etc/childhurd}) The root directory with out-of-band secrets to be installed into the childhurd once it runs. Childhurds are volatile which means that on @@ -35868,38 +35912,13 @@ Virtualization Services /etc/childhurd/etc/guix/acl /etc/childhurd/etc/guix/signing-key.pub /etc/childhurd/etc/guix/signing-key.sec +/etc/childhurd/etc/ssh/authorized_keys.d/offloading /etc/childhurd/etc/ssh/ssh_host_ed25519_key /etc/childhurd/etc/ssh/ssh_host_ecdsa_key /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub @end example -These files are automatically sent to the guest Hurd VM when it boots, -including permissions. - -@cindex childhurd, offloading -@cindex Hurd, offloading -Having these files in place means that only a couple of things are -missing to allow the host to offload @code{i586-gnu} builds to the -childhurd: - -@enumerate -@item -Authorizing the childhurd's key on the host so that the host accepts -build results coming from the childhurd, which can be done like so: - -@example -guix archive --authorize < \ - /etc/childhurd/etc/guix/signing-key.pub -@end example - -@item -Adding the childhurd to @file{/etc/guix/machines.scm} (@pxref{Daemon -Offload Setup}). -@end enumerate - -We're working towards making that happen automatically---get in touch -with us at @email{guix-devel@@gnu.org} to discuss it! @end table @end deftp diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm index 930c2ce702..076eca7ea2 100644 --- a/gnu/services/virtualization.scm +++ b/gnu/services/virtualization.scm @@ -27,6 +27,7 @@ (define-module (gnu services virtualization) #:use-module (gnu bootloader grub) #:use-module (gnu image) #:use-module (gnu packages admin) + #:use-module (gnu packages bash) #:use-module (gnu packages gdb) #:autoload (gnu packages gnupg) (guile-gcrypt) #:use-module (gnu packages package-management) @@ -52,6 +53,7 @@ (define-module (gnu services virtualization) #:use-module (guix store) #:use-module (guix utils) #:autoload (guix self) (make-config.scm) + #:autoload (guix platform) (platform-system) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -1063,6 +1065,26 @@ (define (secret-service-operating-system os) ;;; The Hurd in VM service: a Childhurd. ;;; +(define (operating-system-with-offloading-account os) + (define accounts + (list (user-group + (name "offloading") + (system? #t)) + (user-account + (name "offloading") + (group "offloading") + (system? #t) + (comment "Offloading privilege separation user") + (home-directory "/var/run/offloading") + (shell (file-append bash-minimal "/bin/sh"))))) + + (operating-system + (inherit os) + (services (cons (simple-service 'offloading-account + account-service-type + accounts) + (operating-system-user-services os))))) + (define %hurd-vm-operating-system (operating-system (inherit %hurd-default-operating-system) @@ -1115,14 +1137,21 @@ (define-record-type* (net-options hurd-vm-configuration-net-options ;list of string (thunked) (default (hurd-vm-net-options this-record))) + (offloading? hurd-vm-configuration-offloading? ;Boolean + (default #t)) (secret-root hurd-vm-configuration-secret-root ;string (default "/etc/childhurd"))) (define (hurd-vm-disk-image config) "Return a disk-image for the Hurd according to CONFIG. The secret-service is added to the OS specified in CONFIG." - (let* ((os (secret-service-operating-system - (hurd-vm-configuration-os config))) + (define transform + (compose secret-service-operating-system + (if (hurd-vm-configuration-offloading? config) + operating-system-with-offloading-account + identity))) + + (let* ((os (transform (hurd-vm-configuration-os config))) (disk-size (hurd-vm-configuration-disk-size config)) (type (lookup-image-type-by-name 'hurd-qcow2)) (os->image (image-type-constructor type))) @@ -1331,18 +1360,71 @@ (define (hurd-vm-activation config) (define guix-directory (string-append secret-directory "/etc/guix")) + (define offloading-ssh-key + #$(hurd-vm-configuration-offloading-ssh-key config)) + (unless (file-exists? ssh-directory) ;; Generate SSH host keys under SSH-DIRECTORY. (mkdir-p ssh-directory) (invoke #$(file-append openssh "/bin/ssh-keygen") "-A" "-f" secret-directory)) + (unless (or (not #$(hurd-vm-configuration-offloading? config)) + (file-exists? offloading-ssh-key)) + ;; Generate a user SSH key pair for the host to use when offloading + ;; to the guest. + (mkdir-p (dirname offloading-ssh-key)) + (invoke #$(file-append openssh "/bin/ssh-keygen") + "-t" "ed25519" "-N" "" + "-f" offloading-ssh-key) + + ;; Authorize it in the guest for user 'offloading'. + (let ((authorizations + (string-append ssh-directory + "/authorized_keys.d/offloading"))) + (mkdir-p (dirname authorizations)) + (copy-file (string-append offloading-ssh-key ".pub") + authorizations) + (chmod (dirname authorizations) #o555))) + (unless (file-exists? guix-directory) (invoke #$(initialize-hurd-vm-substitutes) guix-directory)) - ;; Authorize the archive signing key from GUIX-DIRECTORY in the host. - (invoke #$(authorize-guest-substitutes-on-host) guix-directory)))) + (when #$(hurd-vm-configuration-offloading? config) + ;; Authorize the archive signing key from GUIX-DIRECTORY in the host. + (invoke #$(authorize-guest-substitutes-on-host) guix-directory))))) + +(define (hurd-vm-configuration-offloading-ssh-key config) + "Return the name of the file containing the SSH key of user 'offloading'." + (string-append "/etc/guix/offload/ssh/childhurd" + (or (and=> (hurd-vm-configuration-id config) + number->string) + ""))) + +(define (hurd-vm-guix-extension config) + "When offloading is enabled, add this childhurd to the list of offlading +machines in /etc/guix/machines.scm." + (if (hurd-vm-configuration-offloading? config) + (let* ((image (hurd-vm-configuration-image config)) + (platform (image-platform image)) + (system (platform-system platform)) + (vm-ssh-key (string-append + (hurd-vm-configuration-secret-root config) + "/etc/ssh/ssh_host_ed25519_key.pub")) + (host-ssh-key (hurd-vm-configuration-offloading-ssh-key config))) + (guix-extension + (build-machines + (list #~(build-machine + (name "localhost") + (port #$(hurd-vm-port config %hurd-vm-ssh-port)) + (systems '(#$system)) + (host-key (call-with-input-file #$vm-ssh-key + (@ (ice-9 textual-ports) + get-string-all))) + (user "offloading") + (private-key #$host-ssh-key)))))) + (guix-extension))) (define hurd-vm-service-type (service-type @@ -1351,6 +1433,8 @@ (define hurd-vm-service-type hurd-vm-shepherd-service) (service-extension account-service-type (const %hurd-vm-accounts)) + (service-extension guix-service-type + hurd-vm-guix-extension) (service-extension activation-service-type hurd-vm-activation))) (default-value (hurd-vm-configuration)) diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm index 599e58edf0..b79164737b 100644 --- a/gnu/tests/virtualization.scm +++ b/gnu/tests/virtualization.scm @@ -38,6 +38,7 @@ (define-module (gnu tests virtualization) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix store) + #:use-module (guix modules) #:export (%test-libvirt %test-qemu-guest-agent %test-childhurd)) @@ -244,11 +245,19 @@ (define %childhurd-os (permit-root-login #t))))))))))) (define (run-childhurd-test) + (define (import-module? module) + ;; This module is optional and depends on Guile-Gcrypt, do skip it. + (and (guix-module-name? module) + (not (equal? module '(guix store deduplication))))) + (define os (marionette-operating-system %childhurd-os - #:imported-modules '((gnu services herd) - (guix combinators)))) + #:imported-modules (source-module-closure + '((gnu services herd) + (guix combinators) + (gnu build install)) + #:select? import-module?))) (define vm (virtual-machine @@ -373,6 +382,31 @@ (define (run-childhurd-test) (pk 'drv (string-trim-right drv))) drv))) + (test-assert "copy-on-write store" + ;; Set up a writable store. The root partition is already an + ;; overlayfs, which is not suitable as the bottom part of this + ;; additional overlayfs; thus, create a tmpfs for the backing + ;; store. + ;; TODO: Remove this when creates a writable + ;; store. + (marionette-eval + '(begin + (use-modules (gnu build install) + (guix build syscalls)) + + (mkdir "/run/writable-store") + (mount "none" "/run/writable-store" "tmpfs") + (mount-cow-store "/run/writable-store" "/backing-store") + (system* "df" "-hT")) + marionette)) + + (test-equal "offloading" + 0 + (marionette-eval + '(and (file-exists? "/etc/guix/machines.scm") + (system* "guix" "offload" "test")) + marionette)) + (test-end)))) (gexp->derivation "childhurd-test" test))