From 3799b786f261f0777f7c2b0b5323ca713a157afe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Fri, 12 Sep 2025 17:34:29 +0200
Subject: [PATCH] =?UTF-8?q?services:=20secret-service:=20Fiberize=20?=
 =?UTF-8?q?=E2=80=98secret-service-receive-secrets=E2=80=99.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/build/secret-service.scm (secret-service-receive-secrets)
[wait-for-client]: Pass ‘SOCK_NONBLOCK’ to ‘socket’.  Use
‘wait-for-readable-fd’ instead of ‘select’.  Pass flags to ‘accept’.

Change-Id: I1d5ff8e286942838af5b77fbb4068689a0529ed1
---
 gnu/build/secret-service.scm | 37 ++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm
index b8cd77081ca..0623e482fb5 100644
--- a/gnu/build/secret-service.scm
+++ b/gnu/build/secret-service.scm
@@ -164,31 +164,32 @@ Return the list of files installed on success, and #f otherwise."
   (define (wait-for-client address)
     ;; Wait for a connection on ADDRESS.  Note: virtio-serial ports are safer
     ;; than TCP connections but they are (presumably) unsupported on GNU/Hurd.
-    (let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0)))
+    (let ((sock (socket AF_INET
+                        (logior SOCK_CLOEXEC SOCK_NONBLOCK SOCK_STREAM)
+                        0)))
       (bind sock address)
       (listen sock 1)
       (log "waiting for secrets on ~a...~%"
            (socket-address->string address))
 
-      (match (select (list sock) '() '() 60)
-        (((_) () ())
-         (match (accept sock)
-           ((client . address)
-            (log "client connection from ~a~%"
-                 (inet-ntop (sockaddr:fam address)
-                            (sockaddr:addr address)))
+      (if (wait-for-readable-fd sock 60)
+          (match (accept sock (logior SOCK_CLOEXEC SOCK_NONBLOCK))
+            ((client . address)
+             (log "client connection from ~a~%"
+                  (inet-ntop (sockaddr:fam address)
+                             (sockaddr:addr address)))
 
-            ;; Send a "hello" message.  This allows the client running on the
-            ;; host to know that it's now actually connected to server running
-            ;; in the guest.
-            (write '(secret-service-server (version 0)) client)
-            (force-output client)
+             ;; Send a "hello" message.  This allows the client running on the
+             ;; host to know that it's now actually connected to server running
+             ;; in the guest.
+             (write '(secret-service-server (version 0)) client)
+             (force-output client)
+             (close-port sock)
+             client))
+          (begin
+            (log "did not receive any secrets; time out~%")
             (close-port sock)
-            client)))
-        ((() () ())
-         (log "did not receive any secrets; time out~%")
-         (close-port sock)
-         #f))))
+            #f))))
 
   (define (read-secrets port)
     ;; Read secret files from PORT and install them.