[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon' |
|
Date: |
Mon, 11 Apr 2022 22:33:12 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Maxime Devos <maximedevos@telenet.be> skribis:
> Ludovic Courtès schreef op ma 11-04-2022 om 11:48 [+0200]:
>> > * bonus: except possibly for the secret key material, "guix
>> > publish"
>> > does not have to be started as root anymore even if uses a
>> > reserved port such as port 80 (assuming socket activation is
>> > used).
>>
>> But it does need to access the secret key…
>
> The ‘guix publish’ could be run as a separate, say, guix-publish user,
> and the secret key could be made readable to guix-publish.
That doesn’t sound reasonable.
> Alternatively, the shepherd could open the secret key file on behalf of
> ‘guix publish’ and send it together with the listening socket to ‘guix
> publish’.
Sure, that’s feasible, but that’d require a custom protocol that I’d
rather avoid.
As things are now, ‘guix publish’ drops privileges as soon as it has
opened the signing key anyway.
Ludo’.
- [bug#54811] [PATCH 3/3] daemon: Support systemd-style socket activation., (continued)
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/09
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/09
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/09
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/10
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/10
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/11
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/11
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon',
Ludovic Courtès <=
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/12
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/12
- [bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/12
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/11
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Ludovic Courtès, 2022/04/11
[bug#54811] [PATCH 0/3] Support socket activation in 'guix publish' and 'guix-daemon', Maxime Devos, 2022/04/11