GNU bug report logs - #23605
/dev/urandom not seeded across reboots

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 23 May 2016 17:59:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #26 received at 23605 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 23605 <at> debbugs.gnu.org
Subject: Re: bug#23605: /dev/urandom not seeded across reboots
Date: Wed, 25 May 2016 12:38:15 -0400

[Message part 1 (text/plain, inline)]
On Tue, May 24, 2016 at 02:24:59PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> > +      (mkdir-p "/var/run")
> > +      (close-port (open-file "/var/run/urandom-seed" "a0b"))
> 
> Or simply ‘open-output-file’.

Done in the attached diff.

> Maybe do:
> 
>   (define %random-seed-file
>     "/var/run/random-seed")

Done.

> > +         (start #~(lambda _
> > +                    (exec-command
> > +                      (zero?
> > +                        (system (string-append "cat "
> > +                                               "/var/run/urandom-seed"
> > +                                               " > /dev/urandom"))))))
> 
> Instead of spawning ‘cat’, we can do:
> 
>   (when (file-exists? #$%random-seed-file)
>     (call-with-input-file #$%random-seed-file
>       (lambda (seed)
>         (call-with-output-file "/dev/urandom"
>           (lambda (random)
>             (dump-port seed random))))))
>   #t   ;service successfully “started”

I think I've done this correctly, as attached, but I can't test it yet
since I still get an error: "service: Wrong number of arguments in form
(service urandom-seed-service-type)".

> > +         (stop #~(lambda _
> > +                   (exec-command
> > +                     (zero?
> > +                       (system* "dd" "if=/dev/urandom"
> > +                                (string-append "of=" "/var/run/urandom-seed")
> > +                                "count=1" "bs=512"))))))))
> 
> Likewise, I would suggest using:
> 
>   (let ((buf (make-bytevector 512)))
>     (call-with-input-file "/dev/urandom"
>       (lambda (random)
>         (get-bytevector-n! random buf 512)))
>     …)

I tried to fill in the …, but again, I'm struggling here :p

More advice requested! :)

[urandom-seed-service.patch (text/x-diff, attachment)]
[backtrace (text/plain, attachment)]
This bug report was last modified 9 years and 53 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.