03/14: services: secret-service: Fiberize ‘secret-service-receive-secrets’.

[guix-commits]

guix_mirror_bot pushed a commit to branch master
in repository guix.

commit 3799b786f261f0777f7c2b0b5323ca713a157afe
Author: Ludovic Courtès <l...@gnu.org>
AuthorDate: Fri Sep 12 17:34:29 2025 +0200

    services: secret-service: Fiberize ‘secret-service-receive-secrets’.
    
    * gnu/build/secret-service.scm (secret-service-receive-secrets)
    [wait-for-client]: Pass ‘SOCK_NONBLOCK’ to ‘socket’.  Use
    ‘wait-for-readable-fd’ instead of ‘select’.  Pass flags to ‘accept’.
    
    Change-Id: I1d5ff8e286942838af5b77fbb4068689a0529ed1
---
 gnu/build/secret-service.scm | 39 ++++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm
index b8cd77081c..0623e482fb 100644
--- a/gnu/build/secret-service.scm
+++ b/gnu/build/secret-service.scm
@@ -164,31 +164,32 @@ Return the list of files installed on success, and #f 
otherwise."
   (define (wait-for-client address)
     ;; Wait for a connection on ADDRESS.  Note: virtio-serial ports are safer
     ;; than TCP connections but they are (presumably) unsupported on GNU/Hurd.
-    (let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0)))
+    (let ((sock (socket AF_INET
+                        (logior SOCK_CLOEXEC SOCK_NONBLOCK SOCK_STREAM)
+                        0)))
       (bind sock address)
       (listen sock 1)
       (log "waiting for secrets on ~a...~%"
            (socket-address->string address))
 
-      (match (select (list sock) '() '() 60)
-        (((_) () ())
-         (match (accept sock)
-           ((client . address)
-            (log "client connection from ~a~%"
-                 (inet-ntop (sockaddr:fam address)
-                            (sockaddr:addr address)))
-
-            ;; Send a "hello" message.  This allows the client running on the
-            ;; host to know that it's now actually connected to server running
-            ;; in the guest.
-            (write '(secret-service-server (version 0)) client)
-            (force-output client)
+      (if (wait-for-readable-fd sock 60)
+          (match (accept sock (logior SOCK_CLOEXEC SOCK_NONBLOCK))
+            ((client . address)
+             (log "client connection from ~a~%"
+                  (inet-ntop (sockaddr:fam address)
+                             (sockaddr:addr address)))
+
+             ;; Send a "hello" message.  This allows the client running on the
+             ;; host to know that it's now actually connected to server running
+             ;; in the guest.
+             (write '(secret-service-server (version 0)) client)
+             (force-output client)
+             (close-port sock)
+             client))
+          (begin
+            (log "did not receive any secrets; time out~%")
             (close-port sock)
-            client)))
-        ((() () ())
-         (log "did not receive any secrets; time out~%")
-         (close-port sock)
-         #f))))
+            #f))))
 
   (define (read-secrets port)
     ;; Read secret files from PORT and install them.