services: secret-service: Add initial client/server handshake.

This allows the client running on the host to know when it's actually
connect to the server running in the guest.  Failing that, the client
would connect right away to QEMU and send secrets even though the server
is not running yet in the guest, which is unreliable.

* gnu/build/secret-service.scm (secret-service-send-secrets): Add
 #:handshake-timeout.  Read from SOCK an initial message from the
server.  Return #f on error.
(secret-service-receive-secrets): Send 'secret-service-server' message
to the client.  Close SOCK upon timeout.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start'
method returns #f when 'secret-service-send-secrets' returns #f.

1 files changed, 9 insertions, 2 deletions

diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 2410be450b..7e2f5a1490 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -982,8 +982,15 @@ is added to the OS specified in CONFIG."
                    (root #$(hurd-vm-configuration-secret-root config)))
                (catch #t
                  (lambda _
-                   (secret-service-send-secrets port root)
-                   pid)
+                   ;; XXX: 'secret-service-send-secrets' won't complete until
+                   ;; the guest has booted and its secret service server is
+                   ;; running, which could take 20+ seconds during which PID 1
+                   ;; is stuck waiting.
+                   (if (secret-service-send-secrets port root)
+                       pid
+                       (begin
+                         (kill (- pid) SIGTERM)
+                         #f)))
                  (lambda (key . args)
                    (kill (- pid) SIGTERM)
                    (apply throw key args)))))))