create table if not exists ValidPaths ( id integer primary key autoincrement not null, path text unique not null, hash text not null, registrationTime integer not null, deriver text, narSize integer ); create table if not exists Refs ( referrer integer not null, reference integer not null, primary key (referrer, reference), foreign key (referrer) references ValidPaths(id) on delete cascade, foreign key (reference) references ValidPaths(id) on delete restrict ); create index if not exists IndexReferrer on Refs(referrer); create index if not exists IndexReference on Refs(reference); -- Paths can refer to themselves, causing a tuple (N, N) in the Refs -- table. This causes a deletion of the corresponding row in -- ValidPaths to cause a foreign key constraint violation (due to `on -- delete restrict' on the `reference' column). Therefore, explicitly -- get rid of self-references. create trigger if not exists DeleteSelfRefs before delete on ValidPaths begin delete from Refs where referrer = old.id and reference = old.id; end; create table if not exists DerivationOutputs ( drv integer not null, id text not null, -- symbolic output id, usually "out" path text not null, primary key (drv, id), foreign key (drv) references ValidPaths(id) on delete cascade ); create index if not exists IndexDerivationOutputs on DerivationOutputs(path); create table if not exists FailedPaths ( path text primary key not null, time integer not null ); /a>
path: root/gnu/build/secret-service.scm
AgeCommit message (Expand)Author
2020-09-29secret-service: Add proper logging procedure and log to syslog....* gnu/build/secret-service.scm (log): New macro. (secret-service-send-secrets, secret-service-receive-secrets): Use it instead of raw 'format' calls. Ludovic Courtès
2020-09-29services: secret-service: Add initial client/server handshake....This allows the client running on the host to know when it's actually connect to the server running in the guest. Failing that, the client would connect right away to QEMU and send secrets even though the server is not running yet in the guest, which is unreliable. * gnu/build/secret-service.scm (secret-service-send-secrets): Add #:handshake-timeout. Read from SOCK an initial message from the server. Return #f on error. (secret-service-receive-secrets): Send 'secret-service-server' message to the client. Close SOCK upon timeout. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start' method returns #f when 'secret-service-send-secrets' returns #f. Ludovic Courtès
2020-09-29secret-service: Fix file port leak in 'secret-service-send-secrets'....* gnu/build/secret-service.scm (secret-service-send-secrets): Use 'call-with-input-file' instead of 'open-input-file'. Ludovic Courtès
2020-09-29secret-service: Add a timeout when waiting for a client....* gnu/build/secret-service.scm (secret-service-receive-secrets) [wait-for-client]: Call 'select' with a 60s timeout before 'accept'. Return #f upon timeout. [read-secrets]: Return FILES on success. Adjust caller of 'wait-for-client' to handle #f. Ludovic Courtès
2020-09-29secret-service: Clarify the origin of messages....* gnu/build/secret-service.scm (secret-service-send-secrets) (secret-service-receive-secrets): Prefix messages by "secret service". Ludovic Courtès
2020-09-01services: Add secret-service-type....This adds a "secret-service" that can be added to a Childhurd VM to receive out-of-band secrets (keys) sent from the host. Co-authored-by: Ludovic Courtès <ludo@gnu.org> * gnu/services/virtualization.scm (secret-service-activation): New procedure. (secret-service-type): New variable. * gnu/build/secret-service.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Jan (janneke) Nieuwenhuizen