From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 19 14:14:08 2017 Received: (at submit) by debbugs.gnu.org; 19 Dec 2017 19:14:08 +0000 Received: from localhost ([127.0.0.1]:42654 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRNL5-0004Wf-N5 for submit@debbugs.gnu.org; Tue, 19 Dec 2017 14:14:07 -0500 Received: from eggs.gnu.org ([208.118.235.92]:50867) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRNL4-0004WE-7c for submit@debbugs.gnu.org; Tue, 19 Dec 2017 14:14:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eRNKx-0008Iy-OM for submit@debbugs.gnu.org; Tue, 19 Dec 2017 14:14:00 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47974) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eRNKx-0008Ip-JY for submit@debbugs.gnu.org; Tue, 19 Dec 2017 14:13:59 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41798) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eRNKw-0005OT-8e for bug-guix@gnu.org; Tue, 19 Dec 2017 14:13:59 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eRNKt-0008GR-1g for bug-guix@gnu.org; Tue, 19 Dec 2017 14:13:58 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:59759) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eRNKs-0008DS-Ps for bug-guix@gnu.org; Tue, 19 Dec 2017 14:13:54 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id E173520BA1; Tue, 19 Dec 2017 14:13:50 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Tue, 19 Dec 2017 14:13:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=mesmtp; bh=Is+nf1k+3EdKsQ SVVd+lxExKXYsPtS8cjsSd7oDFwyI=; b=0eS3oKFzjGfRlZBDvUHhOwQWyuvozI V91Iep0WpwC8XEMfCLMVEKf9EUXKfTz23WzRrtf6h0G8Uo0DlJLQgXxmrjySAy0L 4zRXwM503k2e6fLCUtQvKTS/Y8fxXkb74kaO2CyFYeDaBX//fmQnPenb8aPzJPbb vg2StBmYdnudw= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=Is+nf1k+3EdKsQSVVd+lxExKXYsPtS8cjsSd7oDFwyI=; b=Y95sjbNT zCI0bwQ2k76gMugIebCdR0XFIrpPQb22rZmYLt95KgLxj4455nTV0Zg/eqFEPAqi itke76YP8UcIooKkWVix/kCfjrkDuwqMzuvlkbneew+dPnLieLD0ZBLNXPXhJZRK 0x33EiC3lqEUfx/Fja2XroGLAzyuuhNP6wabLp3yoWZQD+5pT5aC5Q5EUlMJDUvn mnSnWHtjBeQOt3bNAMaFvYc4yCakJ0g8Jt/eJFMJ6+eT7WYFharhNz6xFm7a5Pho 65gwv3lH3LyURMFr07nXNB9VxMpoBCyNYlQgx5KHr7L49E9DxzPif5GxP+SvYhr5 fJWJrUi53yETrA== X-ME-Sender: Received: from localhost (unknown [172.58.201.122]) by mail.messagingengine.com (Postfix) with ESMTPA id 93E9F24009 for ; Tue, 19 Dec 2017 14:13:50 -0500 (EST) Date: Tue, 19 Dec 2017 14:13:48 -0500 From: Leo Famulari To: bug-guix@gnu.org Subject: urandom-seed-service should run earlier in the boot process Message-ID: <20171219191348.GA19177@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB" Content-Disposition: inline User-Agent: Mutt/1.9.2 (2017-12-15) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The urandom-seed-service preserves some of the Linux cryptographic random number generator's (CRNG) pool across reboots so that freshly booted systems have access to unpredictable psuedorandom numbers. It also tries to take advantage of whatever is backing /dev/hwrng. However, the urandom-seed-service may not be started before certain applications that assume a good source of randomness. In some cases, the applications require some random data before any services are started, during activation. For example, our OpenSSH service generates its host keys during activation. And even if it generated host keys during the start of the OpenSSH service, that service does not depend on urandom-seed-service. [0] In systemd, there is an abstract sysinit "target" that basically serves as a checkpoint. All the lower-level system initialization is required before the sysinit.target is met, and the rest of the services depend on sysinit. The random seeding is part of sysinit. I've reproduced a graph of this in [1]. In practice, I'm not sure if it matters. I'd appreciate if GuixSD users could check /var/log/messages for warnings like this one and report them: random: application: uninitialized urandom read (16 bytes read)=20 And I'd also appreciate any feedback or ideas for improvement in this area. [0] See the attached service graph of a bare-bones system with OpenSSH. [1] from: local-fs-pre.target | v (various mounts and (various swap (various cryptsetup fsck services...) devices...) devices...) (various low-le= vel (various low-level | | | services: udev= d, API VFS mounts: v v v tmpfiles, rand= om mqueue, configfs, local-fs.target swap.target cryptsetup.target seed, sysctl, .= =2E.) debugfs, ...) | | | | = | \__________________|_________________ | ___________________|______= ______________/ \|/ v sysinit.target | ____________________________________/|\__________________________= ______________ / | | | = \ | | | | = | v v | v = v (various (various | (various = rescue.service timers...) paths...) | sockets...) = | | | | | = v v v | v = rescue.target timers.target paths.target | sockets.target | | | | v \_________________ | ___________________/ \|/ v basic.target | ____________________________________/| = emergency.service / | | = | | | | = v v v v = emergency.target display- (various system (various system manager.service services services) | required for | | graphical UIs) v | | multi-user.target | | | \_________________ | _________________/ \|/ v graphical.target --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlo5ZOkACgkQJkb6MLrK fwj1ZxAAspjMPR2YabJVapuCz5rPmsSFHzXA9S4QlveffqRtSlHJwfrFxrZfezLY wtbbB640BCEP3UWpHx3pi8F8Kjzv7k1Q/cf5M5nZLevj2ZQRwcI0M7eIVZddUCZm wqZGssC0CIDHYcZv1iC8FE3nW1txsuqpYfUPkdYbcvfOqHywdMpBuMahzX412rG6 B7V44/athWu1werWqgETADb+zCPxggb7OyZBbaBpc6NbOO4I19HvSFAK0Hzp/vV8 PcnnKeOtUqAWf8+uvfkOXiK22Z1d7ZCDGsrVhEx/93Z/Z/RM/LpI360Vis/WpU+0 U7hyvXcpHhcB3+OinOxHDaxwd/fwoWwgQ1rwbb4YfR2lzv10mLWo4/3uq6eH0jmU 7ZQ3c1PygZ/QuJ574lgVnstD787uSvl/kOeununqOJWHRNDpF7H68SGqio3VIbJw ipLvPb/VHfC9gHEqBUOmSi4xJC919uo65pbG+b8wMA9Jwc8WvIdav03Yc/zdV5xJ EVf/42eOYUQuXUesri4McPRyiCx3vbrq5bgcdi0R3J3GQw/h9zh/Z1RDHYYfjtpy C86zXZvBQimSBEGJLDO7C5SEuhXcpEDM5Uo0uh+sucRy7NBiy7jmf5O0b2qO/ATj zlSg1HDg8/JprcIeRlcV1Ah9umCP1umAFzhVqb/jcRprLXKscEg= =ZgHn -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB-- From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 19 14:24:57 2017 Received: (at 29773) by debbugs.gnu.org; 19 Dec 2017 19:24:57 +0000 Received: from localhost ([127.0.0.1]:42663 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRNVY-0004nR-RH for submit@debbugs.gnu.org; Tue, 19 Dec 2017 14:24:57 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:41783) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRNVW-0004nI-N7 for 29773@debbugs.gnu.org; Tue, 19 Dec 2017 14:24:54 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id CF75820C87; Tue, 19 Dec 2017 14:24:53 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Tue, 19 Dec 2017 14:24:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=mesmtp; bh=bPcblv6lqboaX4 uSTAebdXf2+NOts5N/Z10DZDyVV5Q=; b=YM4zyGnRl0V5bLXMBrQrl/RqrfZ7RY r2JfS2Halbu2Ny4dmbyo5ild63rBF7T/Dd3ctS+YpErGmn7GUzVBcZlEtDUH3WeQ ZLYz0NJlOU4HON9tCAy9BetQUjunxcLLaUVCIECEGMVP1p4bf6ZpbTtteWNK86xR D9ipLj3u13JK4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=bPcblv6lqboaX4uSTAebdXf2+NOts5N/Z10DZDyVV5Q=; b=CD6DDiXC 9rI0FAIoGHTZzaTqeq9j5dR7+xqEz9Jg5wUhf7QbMXUMsducCw1XPgeoiAbF0JoU hrwc7TD1ERbZtsLNelX0jFl468+c2cu9Hyu4fik6WJrYK6mSEdCzN0xOV5xK3K4E txemRFUq3IOD4S+VYvOyo4e20joZ2i5ACqBKZmn0dTmJhrVaFUoKo3kiDUCd1wBl 0lNlAEe2G7qgspmpfP6te6eirxiEsOLXPLCvWcNTZDoGRQJtCbZLhxuC4/nA+Lai j/r5Qk3leYP5TBGzK6oQPVIJVpKyDR2YZRjBwx6JErbpwgXcHhrAe7SZYs6JVU2B u0EJtmPX4z5YkQ== X-ME-Sender: Received: from localhost (unknown [172.58.201.122]) by mail.messagingengine.com (Postfix) with ESMTPA id 406E1240F6 for <29773@debbugs.gnu.org>; Tue, 19 Dec 2017 14:24:53 -0500 (EST) Date: Tue, 19 Dec 2017 14:24:52 -0500 From: Leo Famulari To: 29773@debbugs.gnu.org Subject: Service graph Message-ID: <20171219192452.GA20161@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="NDin8bjvE/0mNLFQ" Content-Disposition: inline User-Agent: Mutt/1.9.2 (2017-12-15) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 29773 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --NDin8bjvE/0mNLFQ Content-Type: multipart/mixed; boundary="4Ckj6UjgE2iN1+kY" Content-Disposition: inline --4Ckj6UjgE2iN1+kY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I forgot to attach the GuixSD service graph used an example in my last message.=20 Here it is! --4Ckj6UjgE2iN1+kY Content-Type: image/svg+xml Content-Disposition: attachment; filename="service-graph.svg" Content-Transfer-Encoding: quoted-printable =0A=0A=0A=0A=0A=0AGuix shepherd-service=0A=0A=0A=0Auser-file-systems=0A=0Auser-file-systems=0A=0A= =0A=0Afile-systems=0A=0Afile-systems=0A=0A=0A=0Afile-systems->user-file-systems=0A=0A=0A=0A= =0A=0Aroot-file-system=0A=0Aroot-file-system=0A=0A=0A=0Afi= le-systems->root-file-system=0A=0A=0A=0A=0A=0Afile-system&#= 45;/dev/pts=0A=0Afile-system-/dev/pts=0A=0A=0A=0Afile-systems->file-system-= /dev/pts=0A=0A=0A=0A=0A= =0Afile-systems->file-system-/dev/shm=0A<= path fill=3D"none" stroke=3D"#9400d3" d=3D"M1225.3077,-233.718C1011.2111,-2= 32.1534 99.1043,-222.9764 58,-180 42.3397,-163.6264 48.3236,-137.3258 56.60= 57,-117.3745"/>=0A= =0A=0A=0A=0Afile-system-/gnu/store=0A=0Afile-sys= tem-/gnu/store=0A=0A=0A=0Afile&#= 45;systems->file-system-/gnu/store=0A=0A=0A=0A=0A=0Afile-system-/sys/fs= /cgroup=0A=0Afile-system-/sys/fs/cgroup=0A=0A= =0A=0Afile-systems->file-sys= tem-/sys/fs/cgroup=0A=0A=0A=0A=0A=0A<= title>file-system-/sys/fs/cgroup/cpuset=0A=0Afile&#= 45;system-/sys/fs/cgroup/cpuset=0A=0A=0A=0Afile-systems->file-system-/sys/fs/= cgroup/cpuset=0A=0A= =0A=0A=0A= =0Afile-system-/sys/fs/cgroup/cpu=0A=0Afil= e-system-/sys/fs/cgroup/cpu=0A=0A=0A=0Afile-systems->file-system-/sys/fs/cg= roup/cpu=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/cpuacct=0A=0Afile-= ;system-/sys/fs/cgroup/cpuacct=0A=0A=0A=0Afile-systems->file-system-/sys/fs/= cgroup/cpuacct=0A= =0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/memory=0A=0Afile= -system-/sys/fs/cgroup/memory=0A=0A=0A=0Afile-systems->file-system-/sys/f= s/cgroup/memory=0A=0A=0A= =0A=0A=0Afile-system-/sys/fs/cgroup/devices= =0A=0Afile-system-/sys/fs/cgroup/devices= =0A=0A=0A=0Afile-systems= 5;>file-system-/sys/fs/cgroup/devices=0A=0A=0A=0A=0A=0Afile-system= 5;/sys/fs/cgroup/freezer=0A= =0Afile-system-= /sys/fs/cgroup/freezer=0A=0A=0A= =0Afile-systems->file-system-/sys/fs/cgroup/freez= er=0A=0A=0A=0A=0A=0A= file-system-/sys/fs/cgroup/blkio=0A=0Afile-system-/sys/fs/cgroup/blkio=0A=0A=0A=0Afile-systems->file-system-= /sys/fs/cgroup/blkio=0A=0A=0A= =0A=0A=0Afile-system-/sys/fs/cgroup/perf_even= t=0A=0Afile-system-/sys/fs/cgroup/perf_even= t=0A=0A=0A=0Afile-= ;systems->file-system-/sys/fs/cgroup/perf_event=0A=0A=0A=0A=0A=0Afile&= #45;system-/sys/fs/cgroup/hugetlb=0A=0Afile-system= 5;/sys/fs/cgroup/hugetlb=0A=0A=0A=0Afile-systems->file-system-/sys/fs/cgroup/hug= etlb=0A=0A=0A=0A=0A=0Auser-proce= sses=0A=0Auser-processes=0A=0A=0A=0Auser-processes->file-systems=0A=0A=0A=0A=0A=0Auser-homes=0A=0Auser-homes=0A=0A=0A=0Auser-homes->file-systems</titl= e>=0A<path fill=3D"none" stroke=3D"#b8860b" d=3D"M1357.476,-287.8314C1342.5= 109,-278.6221 1324.1614,-267.3301 1308.1397,-257.4706"/>=0A<polygon fill=3D= "#b8860b" stroke=3D"#b8860b" points=3D"1309.8655,-254.423 1299.5146,-252.16= 28 1306.1968,-260.3847 1309.8655,-254.423"/>=0A</g>=0A<!-- nscd -->=0A<g id= =3D"node5" class=3D"node">=0A<title>nscd=0A=0Anscd=0A<= /g>=0A=0A=0Anscd->user-processes=0A=0A=0A=0A=0A=0Aguix-daemon=0A=0Aguix-dae= mon=0A=0A=0A<= g id=3D"edge5" class=3D"edge">=0Aguix-daemon->user-pr= ocesses=0A=0A=0A=0A=0A=0Aurandom-seed=0A=0Aurando= m-seed=0A=0A=0A=0Aurandom-seed->us= er-processes=0A=0A=0A=0A=0A=0Asyslogd=0A=0Asyslogd=0A=0A=0A=0Asyslogd->user-processes=0A=0A=0A=0A=0A=0Aterm-tty6=0A=0Aterm-tty6=0A=0A=0A=0Aterm-tty6->user-processes</t= itle>=0A<path fill=3D"none" stroke=3D"#8b7765" d=3D"M1563.3823,-362.9341C15= 60.2384,-361.8543 1557.0808,-360.8559 1554,-360 1461.205,-334.2191 1431.995= 5,-344.9515 1334.5067,-324.1852"/>=0A<polygon fill=3D"#8b7765" stroke=3D"#8= b7765" points=3D"1335.0528,-320.7219 1324.5357,-322.0034 1333.5564,-327.560= 1 1335.0528,-320.7219"/>=0A</g>=0A<!-- udev -->=0A<g id=3D"node37" class=3D= "node">=0A<title>udev=0A=0Audev=0A=0A=0A=0Aterm-= ;tty6->udev=0A=0A=0A= =0A=0A=0Ahost&= #45;name=0A=0Ahost-name=0A=0A=0A= =0Aterm-tty6->host-name=0A=0A=0A=0A=0A=0Aterm-tty5=0A=0Aterm-= ;tty5=0A=0A=0A<= g id=3D"edge9" class=3D"edge">=0Aterm-tty5->user-proc= esses=0A=0A=0A=0A=0A=0Aterm-tty5->host-name=0A=0A=0A=0A=0A=0Aterm-tty4=0A=0Aterm-tty4=0A=0A=0A=0Aterm-tty4-&g= t;user-processes=0A=0A=0A=0A=0A=0Aterm-tty4= ->udev=0A=0A=0A=0A=0A=0Aterm-tty4->host-name</= title>=0A<path fill=3D"none" stroke=3D"#8fbc8f" d=3D"M1741.2069,-363.6028C1= 714.509,-352.864 1677.6934,-338.0554 1648.0762,-326.1424"/>=0A<polygon fill= =3D"#8fbc8f" stroke=3D"#8fbc8f" points=3D"1649.3188,-322.8697 1638.7351,-32= 2.3851 1646.7065,-329.364 1649.3188,-322.8697"/>=0A</g>=0A<!-- term-tty= 3 -->=0A<g id=3D"node12" class=3D"node">=0A<title>term-tty3=0A<= polygon fill=3D"none" stroke=3D"#000000" points=3D"1367.5,-396 1296.5,-396 = 1296.5,-360 1367.5,-360 1367.5,-396"/>=0Aterm-tty3=0A=0A=0A=0Aterm-= ;tty3->user-processes=0A=0A=0A=0A=0A=0Aterm-tty3->udev=0A=0A=0A=0A=0A=0Aterm-tty3->host-name= =0A=0A=0A= =0A=0A=0Aterm&= #45;tty2=0A=0Aterm-tty2=0A=0A=0A=0Aterm-tty2->user-processes=0A=0A=0A=0A= =0A=0Aterm-tty2->udev</ti= tle>=0A<path fill=3D"none" stroke=3D"#696969" d=3D"M1443.7108,-359.8314C145= 4.796,-350.9632 1468.2954,-340.1637 1480.2852,-330.5718"/>=0A<polygon fill= =3D"#696969" stroke=3D"#696969" points=3D"1482.6742,-333.1429 1488.2965,-32= 4.1628 1478.3013,-327.6768 1482.6742,-333.1429"/>=0A</g>=0A<!-- term-tt= y2->host-name -->=0A<g id=3D"edge70" class=3D"edge">=0A<title>te= rm-tty2->host-name=0A=0A<= polygon fill=3D"#696969" stroke=3D"#696969" points=3D"1549.291,-329.5179 15= 57.2422,-322.5159 1546.6599,-323.0311 1549.291,-329.5179"/>=0A=0A=0A=0Aterm-tty1<= /title>=0A<polygon fill=3D"none" stroke=3D"#000000" points=3D"1545.5,-396 1= 474.5,-396 1474.5,-360 1545.5,-360 1545.5,-396"/>=0A<text text-anchor=3D"mi= ddle" x=3D"1510" y=3D"-374.3" font-family=3D"Helvetica,sans-Serif" font-siz= e=3D"14.00" fill=3D"#000000">term-tty1</text>=0A</g>=0A<!-- term-tt= y1->user-processes -->=0A<g id=3D"edge13" class=3D"edge">=0A<tit= le>term-tty1->user-processes=0A=0A=0A=0A=0A= =0Aterm-tty1->udev=0A=0A=0A=0A=0A=0Aterm-tty1->host-name<= /title>=0A<path fill=3D"none" stroke=3D"#ff00ff" d=3D"M1532.2061,-359.8314C= 1543.045,-350.9632 1556.2444,-340.1637 1567.9678,-330.5718"/>=0A<polygon fi= ll=3D"#ff00ff" stroke=3D"#ff00ff" points=3D"1570.2777,-333.2041 1575.801,-3= 24.1628 1565.845,-327.7864 1570.2777,-333.2041"/>=0A</g>=0A<!-- networking = -->=0A<g id=3D"node15" class=3D"node">=0A<title>networking=0A=0Anetworking=0A=0A=0A=0Anetworking->user-= ;processes=0A=0A<= polygon fill=3D"#9400d3" stroke=3D"#9400d3" points=3D"1260.5757,-334.9622 1= 261.5606,-324.4133 1254.2123,-332.0456 1260.5757,-334.9622"/>=0A=0A=0A=0Ane= tworking->udev=0A=0A=0A=0A=0A=0Assh-daemon=0Assh-daemon=0A=0A=0A=0Assh-daemon->syslogd=0A=0A=0A=0A=0A=0Aconsole-font-tty6=0A=0Aconsole= 5;font-tty6=0A=0A=0A=0Aconsole-font&= #45;tty6->term-tty6=0A=0A=0A=0A=0A=0Aconsole-font-tty5=0A=0Aconsole= -font-tty5=0A=0A=0A=0Aconsole-fo= nt-tty5->term-tty5=0A=0A=0A=0A=0A=0Aconsole-font-tty4=0A=0Acons= ole-font-tty4=0A=0A=0A=0Aconsole-= ;font-tty4->term-tty4=0A=0A=0A=0A=0A=0Aconsole-font-tty3=0A=0Ac= onsole-font-tty3=0A=0A=0A=0Aconsole&= #45;font-tty3->term-tty3=0A=0A=0A=0A=0A=0Aconsole-font-tty2=0A=0A= console-font-tty2=0A=0A=0A=0Aconsole= -font-tty2->term-tty2=0A=0A=0A=0A=0A=0Aconsole-font-tty1=0A=0Aconsole-font-tty1=0A=0A=0A=0Aconso= le-font-tty1->term-tty1=0A=0A=0A=0A=0A=0Afile-= system-/dev/pts->root-file-system=0A=0A=0A<= /g>=0A=0A=0Afile-system-/gn= u/store->root-file-system=0A=0A=0A=0A=0A=0Afile-sys= tem-/sys/fs/cgroup->root-file-system=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/cpuset->root-fi= le-system=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/c= puset->file-system-/sys/fs/cgroup=0A=0A=0A=0A= =0A=0Afile-system-/sys/fs/cg= roup/cpu->root-file-system=0A=0A=0A= =0A=0A=0Afile-sys= tem-/sys/fs/cgroup/cpu->file-system-/sys/fs/cgroup</titl= e>=0A<path fill=3D"none" stroke=3D"#00cdcd" d=3D"M505.6317,-145.2752C508.78= 91,-144.8305 511.9182,-144.4039 515,-144 682.5766,-122.038 878.8556,-105.52= 37 992.752,-96.8458"/>=0A<polygon fill=3D"#00cdcd" stroke=3D"#00cdcd" point= s=3D"993.1295,-100.3273 1002.8364,-96.0815 992.6005,-93.3473 993.1295,-100.= 3273"/>=0A</g>=0A<!-- file-system-/sys/fs/cgroup/cpuacct->ro= ot-file-system -->=0A<g id=3D"edge29" class=3D"edge">=0A<title>file= -system-/sys/fs/cgroup/cpuacct->root-file-system</ti= tle>=0A<path fill=3D"none" stroke=3D"#ff00ff" d=3D"M723.7909,-143.9841C764.= 3646,-134.8458 812.6082,-122.5795 855,-108 891.8701,-95.3195 897.8875,-83.9= 524 935,-72 1001.8941,-50.4561 1081.1245,-35.6869 1135.6146,-27.1107"/>=0A<= polygon fill=3D"#ff00ff" stroke=3D"#ff00ff" points=3D"1136.4848,-30.5178 11= 45.8319,-25.5295 1135.4142,-23.6001 1136.4848,-30.5178"/>=0A</g>=0A<!-- fil= e-system-/sys/fs/cgroup/cpuacct->file-system-/sys/fs= /cgroup -->=0A<g id=3D"edge43" class=3D"edge">=0A<title>file-system-= ;/sys/fs/cgroup/cpuacct->file-system-/sys/fs/cgroup= =0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/memory->= ;root-file-system=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/memory&= #45;>file-system-/sys/fs/cgroup=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/devices->root-file-s= ystem=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/devices-&= gt;file-system-/sys/fs/cgroup=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/freezer->root-file-sys= tem=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/blkio->root= -file-system=0A=0A=0A= =0A=0A=0Afile-s= ystem-/sys/fs/cgroup/blkio->file-system-/sys/fs/cgroup</= title>=0A<path fill=3D"none" stroke=3D"#8b7765" d=3D"M1512.3125,-145.3882C1= 509.1735,-144.9137 1506.0633,-144.4498 1503,-144 1393.5127,-127.9231 1267.4= 072,-111.8618 1183.2131,-101.4883"/>=0A<polygon fill=3D"#8b7765" stroke=3D"= #8b7765" points=3D"1183.5096,-97.9985 1173.1572,-100.2518 1182.6553,-104.94= 62 1183.5096,-97.9985"/>=0A</g>=0A<!-- file-system-/sys/fs/cgroup/p= erf_event->root-file-system -->=0A<g id=3D"edge34" class=3D"= edge">=0A<title>file-system-/sys/fs/cgroup/perf_event->root&= #45;file-system=0A=0A=0A= =0A=0A=0Afile&= #45;system-/sys/fs/cgroup/perf_event->file-system-/sys/f= s/cgroup=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/hugetlb->root-= ;file-system=0A=0A=0A=0A=0A=0Afile-system-/sys/fs/cgroup/hugetlb= ->file-system-/sys/fs/cgroup=0A=0A=0A= =0A=0A=0Audev->root-file-system=0A=0A=0A=0A=0A=0Aloopback=0A=0Aloopback=0A=0A=0A=0A --4Ckj6UjgE2iN1+kY-- --NDin8bjvE/0mNLFQ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlo5Z4QACgkQJkb6MLrK fwgLiw//VIZZq8bRaWB4lZE6nZbeNauFHI+9zlQtry8KX+7I4j13wlG5dD/HBjiW YwFyDL4236DGLzS8ZOOKLvAFR4q6ozK8BFQGLzDP7qqhX6SfxqS62mpd3NiLni5Y /1eOx1rmAuMp4xNdVxbVMATyPoxCTrpS0+4y2IJyBP4uuy7pZu7l5yy0KbP7k7Od FUEzIaaoiA8g2mJ3vHNsQgd2zC3W5+NQt59NQK5vLaW17AtMaP3VHOsM+2cHN3RU 1UhFxs5+Hk4pTsLEO9Xr1MQrzYWF1erKSGLnKU/OJ88lYZTntQ5JUhgd/F+sBim9 aw35loHD7nAKWrKzGwMvSsI0E2mlzMVxdtmSFhPRhD5G2tmbAAByuGnZYBOcpg/E LUrcGNGtqrVRc9Z0Ckzi+fkRMiNyzC6uxclk3Vul3rJ7IxrmExEhwZ/A5hRuE6+E Y5N6cJkgm37Sbc7Yv39uMVC9PjwOLxjj2QLJ1io2jY8IO/q+UxDByywgbZcpjsbY qGqzsZZ3VI2NFNL2yf8Dw3PvuLS2jTt4NBd7V50Xk9cdz5Bw5t295GnLbp0SM+MP T8pLsJrb8grOqEo8LA/20JLtp9qWLSFsn654q8ff1PvGI3FNuf/TsouXhq0AhHFp SEnqPD3AxLLUEFdmKBVjAre4pmz7VZfCCVwxK8QnAuSbfZrwFYw= =RoAm -----END PGP SIGNATURE----- --NDin8bjvE/0mNLFQ-- From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 20 05:19:41 2017 Received: (at 29773) by debbugs.gnu.org; 20 Dec 2017 10:19:41 +0000 Received: from localhost ([127.0.0.1]:43160 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRbTR-0006qa-6Z for submit@debbugs.gnu.org; Wed, 20 Dec 2017 05:19:41 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:45300) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRbTP-0006qS-DH for 29773@debbugs.gnu.org; Wed, 20 Dec 2017 05:19:40 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id C86B110556; Wed, 20 Dec 2017 11:19:41 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H07lYe7ISJGD; Wed, 20 Dec 2017 11:19:41 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id BF5B92FDA; Wed, 20 Dec 2017 11:19:40 +0100 (CET) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Leo Famulari Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot process References: <20171219191348.GA19177@jasmine.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 30 Frimaire an 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 20 Dec 2017 11:19:36 +0100 In-Reply-To: <20171219191348.GA19177@jasmine.lan> (Leo Famulari's message of "Tue, 19 Dec 2017 14:13:48 -0500") Message-ID: <87tvwlzop3.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 3.8 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello, Leo Famulari skribis: > In some cases, the applications require some random data before any > services are started, during activation. For example, our OpenSSH > service generates its host keys during activation. And even if it > generated host keys during the start of the OpenSSH service, that > service does not depend on urandom-seed-service. [0] > > In systemd, there is an abstract sysinit "target" that basically serves > as a checkpoint. All the lower-level system initialization is required > before the sysinit.target is met, and the rest of the services depend on > sysinit. The random seeding is part of sysinit. I've reproduced a graph > of this in [1]. [...] Content analysis details: (3.8 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.8 PERCENT_RANDOM Message has a random macro in it X-Debbugs-Envelope-To: 29773 Cc: 29773@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 3.8 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello, Leo Famulari skribis: > In some cases, the applications require some random data before any > services are started, during activation. For example, our OpenSSH > service generates its host keys during activation. And even if it > generated host keys during the start of the OpenSSH service, that > service does not depend on urandom-seed-service. [0] > > In systemd, there is an abstract sysinit "target" that basically serves > as a checkpoint. All the lower-level system initialization is required > before the sysinit.target is met, and the rest of the services depend on > sysinit. The random seeding is part of sysinit. I've reproduced a graph > of this in [1]. [...] Content analysis details: (3.8 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.8 PERCENT_RANDOM Message has a random macro in it --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, Leo Famulari skribis: > In some cases, the applications require some random data before any > services are started, during activation. For example, our OpenSSH > service generates its host keys during activation. And even if it > generated host keys during the start of the OpenSSH service, that > service does not depend on urandom-seed-service. [0] > > In systemd, there is an abstract sysinit "target" that basically serves > as a checkpoint. All the lower-level system initialization is required > before the sysinit.target is met, and the rest of the services depend on > sysinit. The random seeding is part of sysinit. I've reproduced a graph > of this in [1]. There=E2=80=99s a =E2=80=98user-processes=E2=80=99 service that serves a si= milar purpose. With the attached patches =E2=80=98urandom-seed=E2=80=99 becomes a dependen= cy of =E2=80=98user-processes=E2=80=99, meaning that daemons & co. start after =E2=80=98urandom-seed=E2=80=99. WDYT? > In practice, I'm not sure if it matters. I'd appreciate if GuixSD users > could check /var/log/messages for warnings like this one and report > them: > > random: application: uninitialized urandom read (16 bytes read)=20 I don=E2=80=99t have any of these. I guess this is most likely to happen w= hen running =E2=80=98ssh-keygen=E2=80=99 on startup, which isn=E2=80=99t the ca= se on my machine. Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-services-urandom-seed-Become-a-dependency-of-user-pr.patch >From 5895acdbc345572434d9efae5cf5cdd11e4c1a07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 20 Dec 2017 11:09:03 +0100 Subject: [PATCH 2/3] services: urandom-seed: Become a dependency of 'user-processes'. This ensures that 'urandom-seed' is started before programs that rely on sources of randomness. Fixes . Reported by Leo Famulari . * gnu/services/base.scm (urandom-seed-shepherd-service): Change 'requirement' to (file-systems). (urandom-seed-service-type): Extend USER-PROCESSES-SERVICE-TYPE. --- gnu/services/base.scm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 481439d4f..cc59ec573 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -529,7 +529,7 @@ in KNOWN-MOUNT-POINTS when it is stopped." (list (shepherd-service (documentation "Preserve entropy across reboots for /dev/urandom.") (provision '(urandom-seed)) - (requirement '(user-processes)) + (requirement '(file-systems)) (start #~(lambda _ ;; On boot, write random seed into /dev/urandom. (when (file-exists? #$%random-seed-file) @@ -590,7 +590,13 @@ in KNOWN-MOUNT-POINTS when it is stopped." (service-type (name 'urandom-seed) (extensions (list (service-extension shepherd-root-service-type - urandom-seed-shepherd-service))) + urandom-seed-shepherd-service) + + ;; Have 'user-processes' depend on 'urandom-seed'. + ;; This ensures that user processes and daemons don't + ;; start until we have seeded the PRNG. + (service-extension user-processes-service-type + (const '(urandom-seed))))) (description "Seed the @file{/dev/urandom} pseudo-random number generator (RNG) with the value recorded when the system was last shut -- 2.15.1 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-services-user-processes-service-type-can-now-be-exte.patch >From 8d0714bdb038e525880aed9de29e78af8c021efb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 20 Dec 2017 11:05:11 +0100 Subject: [PATCH 1/3] services: 'user-processes-service-type' can now be extended. * gnu/services/base.scm (user-processes-shepherd-service): New procedure, taken from former 'user-processes-service-type'. Add REQUIREMENTS argument; remove GRACE-DELAY argument. (user-processes-service-type): Redefine in terms of 'service-type'. (user-processes-service): Remove. (file-system-service-type): Extend USER-PROCESSES-SERVICE-TYPE. * gnu/system.scm (essential-services): Use USER-PROCESSES-SERVICE-TYPE directly. --- gnu/services/base.scm | 236 +++++++++++++++++++++++++++----------------------- gnu/system.scm | 2 +- 2 files changed, 130 insertions(+), 108 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index a3654fd4d..481439d4f 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -57,7 +57,7 @@ file-system-service-type user-unmount-service swap-service - user-processes-service + user-processes-service-type host-name-service console-keymap-service %default-console-font @@ -162,6 +162,129 @@ ;;; ;;; Code: + + +;;; +;;; User processes. +;;; + +(define %do-not-kill-file + ;; Name of the file listing PIDs of processes that must survive when halting + ;; the system. Typical example is user-space file systems. + "/etc/shepherd/do-not-kill") + +(define (user-processes-shepherd-service requirements) + "Return the 'user-processes' Shepherd service with dependencies on +REQUIREMENTS (a list of service names). + +This is a synchronization point used to make sure user processes and daemons +get started only after crucial initial services have been started---file +system mounts, etc. This is similar to 'target' in systemd." + (define grace-delay + ;; Delay after sending SIGTERM and before sending SIGKILL. + 4) + + (list (shepherd-service + (documentation "When stopped, terminate all user processes.") + (provision '(user-processes)) + (requirement requirements) + (start #~(const #t)) + (stop #~(lambda _ + (define (kill-except omit signal) + ;; Kill all the processes with SIGNAL except those listed + ;; in OMIT and the current process. + (let ((omit (cons (getpid) omit))) + (for-each (lambda (pid) + (unless (memv pid omit) + (false-if-exception + (kill pid signal)))) + (processes)))) + + (define omitted-pids + ;; List of PIDs that must not be killed. + (if (file-exists? #$%do-not-kill-file) + (map string->number + (call-with-input-file #$%do-not-kill-file + (compose string-tokenize + (@ (ice-9 rdelim) read-string)))) + '())) + + (define (now) + (car (gettimeofday))) + + (define (sleep* n) + ;; Really sleep N seconds. + ;; Work around . + (define start (now)) + (let loop ((elapsed 0)) + (when (> n elapsed) + (sleep (- n elapsed)) + (loop (- (now) start))))) + + (define lset= (@ (srfi srfi-1) lset=)) + + (display "sending all processes the TERM signal\n") + + (if (null? omitted-pids) + (begin + ;; Easy: terminate all of them. + (kill -1 SIGTERM) + (sleep* #$grace-delay) + (kill -1 SIGKILL)) + (begin + ;; Kill them all except OMITTED-PIDS. XXX: We would + ;; like to (kill -1 SIGSTOP) to get a fixed list of + ;; processes, like 'killall5' does, but that seems + ;; unreliable. + (kill-except omitted-pids SIGTERM) + (sleep* #$grace-delay) + (kill-except omitted-pids SIGKILL) + (delete-file #$%do-not-kill-file))) + + (let wait () + ;; Reap children, if any, so that we don't end up with + ;; zombies and enter an infinite loop. + (let reap-children () + (define result + (false-if-exception + (waitpid WAIT_ANY (if (null? omitted-pids) + 0 + WNOHANG)))) + + (when (and (pair? result) + (not (zero? (car result)))) + (reap-children))) + + (let ((pids (processes))) + (unless (lset= = pids (cons 1 omitted-pids)) + (format #t "waiting for process termination\ + (processes left: ~s)~%" + pids) + (sleep* 2) + (wait)))) + + (display "all processes have been terminated\n") + #f)) + (respawn? #f)))) + +(define user-processes-service-type + (service-type + (name 'user-processes) + (extensions (list (service-extension shepherd-root-service-type + user-processes-shepherd-service))) + (compose concatenate) + (extend append) + + ;; The value is the list of Shepherd services 'user-processes' depends on. + ;; Extensions can add new services to this list. + (default-value '()) + + (description "The @code{user-processes} service is responsible for +terminating all the processes so that the root file system can be re-mounted +read-only, just before rebooting/halting. Processes still running after a few +seconds after @code{SIGTERM} has been sent are terminated with +@code{SIGKILL}."))) + ;;; ;;; File systems. @@ -349,7 +472,11 @@ FILE-SYSTEM." (list (service-extension shepherd-root-service-type file-system-shepherd-services) (service-extension fstab-service-type - identity))) + identity) + + ;; Have 'user-processes' depend on 'file-systems'. + (service-extension user-processes-service-type + (const '(file-systems))))) (compose concatenate) (extend append) (description @@ -389,111 +516,6 @@ file systems, as well as corresponding @file{/etc/fstab} entries."))) in KNOWN-MOUNT-POINTS when it is stopped." (service user-unmount-service-type known-mount-points)) -(define %do-not-kill-file - ;; Name of the file listing PIDs of processes that must survive when halting - ;; the system. Typical example is user-space file systems. - "/etc/shepherd/do-not-kill") - -(define user-processes-service-type - (shepherd-service-type - 'user-processes - (lambda (grace-delay) - (shepherd-service - (documentation "When stopped, terminate all user processes.") - (provision '(user-processes)) - (requirement '(file-systems)) - (start #~(const #t)) - (stop #~(lambda _ - (define (kill-except omit signal) - ;; Kill all the processes with SIGNAL except those listed - ;; in OMIT and the current process. - (let ((omit (cons (getpid) omit))) - (for-each (lambda (pid) - (unless (memv pid omit) - (false-if-exception - (kill pid signal)))) - (processes)))) - - (define omitted-pids - ;; List of PIDs that must not be killed. - (if (file-exists? #$%do-not-kill-file) - (map string->number - (call-with-input-file #$%do-not-kill-file - (compose string-tokenize - (@ (ice-9 rdelim) read-string)))) - '())) - - (define (now) - (car (gettimeofday))) - - (define (sleep* n) - ;; Really sleep N seconds. - ;; Work around . - (define start (now)) - (let loop ((elapsed 0)) - (when (> n elapsed) - (sleep (- n elapsed)) - (loop (- (now) start))))) - - (define lset= (@ (srfi srfi-1) lset=)) - - (display "sending all processes the TERM signal\n") - - (if (null? omitted-pids) - (begin - ;; Easy: terminate all of them. - (kill -1 SIGTERM) - (sleep* #$grace-delay) - (kill -1 SIGKILL)) - (begin - ;; Kill them all except OMITTED-PIDS. XXX: We would - ;; like to (kill -1 SIGSTOP) to get a fixed list of - ;; processes, like 'killall5' does, but that seems - ;; unreliable. - (kill-except omitted-pids SIGTERM) - (sleep* #$grace-delay) - (kill-except omitted-pids SIGKILL) - (delete-file #$%do-not-kill-file))) - - (let wait () - ;; Reap children, if any, so that we don't end up with - ;; zombies and enter an infinite loop. - (let reap-children () - (define result - (false-if-exception - (waitpid WAIT_ANY (if (null? omitted-pids) - 0 - WNOHANG)))) - - (when (and (pair? result) - (not (zero? (car result)))) - (reap-children))) - - (let ((pids (processes))) - (unless (lset= = pids (cons 1 omitted-pids)) - (format #t "waiting for process termination\ - (processes left: ~s)~%" - pids) - (sleep* 2) - (wait)))) - - (display "all processes have been terminated\n") - #f)) - (respawn? #f))))) - -(define* (user-processes-service #:key (grace-delay 4)) - "Return the service that is responsible for terminating all the processes so -that the root file system can be re-mounted read-only, just before -rebooting/halting. Processes still running GRACE-DELAY seconds after SIGTERM -has been sent are terminated with SIGKILL. - -The returned service will depend on 'file-systems', meaning that it is -considered started after all the auto-mount file systems have been mounted. - -All the services that spawn processes must depend on this one so that they are -stopped before 'kill' is called." - (service user-processes-service-type grace-delay)) - ;;; ;;; Preserve entropy to seed /dev/urandom on boot. diff --git a/gnu/system.scm b/gnu/system.scm index 7466ed780..df89ca06d 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -449,7 +449,7 @@ a container or that of a \"bare metal\" system." (other-fs (non-boot-file-system-service os)) (unmount (user-unmount-service known-fs)) (swaps (swap-services os)) - (procs (user-processes-service)) + (procs (service user-processes-service-type)) (host-name (host-name-service (operating-system-host-name os))) (entries (operating-system-directory-base-entries os #:container? container?))) -- 2.15.1 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 20 08:10:19 2017 Received: (at control) by debbugs.gnu.org; 20 Dec 2017 13:10:20 +0000 Received: from localhost ([127.0.0.1]:43253 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRe8Z-00050V-PP for submit@debbugs.gnu.org; Wed, 20 Dec 2017 08:10:19 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:45822) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRe8X-00050L-KS for control@debbugs.gnu.org; Wed, 20 Dec 2017 08:10:17 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id F368E1056C for ; Wed, 20 Dec 2017 14:10:19 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WO9wWavKwcTk for ; Wed, 20 Dec 2017 14:10:19 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 4277E102D3 for ; Wed, 20 Dec 2017 14:10:19 +0100 (CET) Date: Wed, 20 Dec 2017 14:10:14 +0100 Message-Id: <87mv2dy289.fsf@gnu.org> To: control@debbugs.gnu.org From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: control message for bug #29773 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) tags 29773 security From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 20 18:07:59 2017 Received: (at 29773) by debbugs.gnu.org; 20 Dec 2017 23:07:59 +0000 Received: from localhost ([127.0.0.1]:44930 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRnSv-0005gv-Sb for submit@debbugs.gnu.org; Wed, 20 Dec 2017 18:07:59 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:39649) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRnSr-0005gl-Ry for 29773@debbugs.gnu.org; Wed, 20 Dec 2017 18:07:56 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 53FB520AF9; Wed, 20 Dec 2017 18:07:53 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Wed, 20 Dec 2017 18:07:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=/alZXCY2ikQ4AUYFA5rmhO0fKrZc5LpPwC6GzVO2MME=; b=fsMT0 MYSg0aqE0OESqbiEdlArvqOaAzYJHeK0AacqDWfUTHJCsrRMAXDxpZ/1SYdoUhub 6RR/ExG+pRvfQnKJub2ulMz1zfAhY7abhq3QuSGWjmRYpgWxMay/c1ho0oVNOCZQ azv4Pj4OwVO3QHmliy0EB/YxkFrJ+jnCTVhe4I= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=/alZXCY2ikQ4AUYFA5rmhO0fKrZc5 LpPwC6GzVO2MME=; b=SKpJSkC3tdNFMAnvpUKgN/AWpsD/M1xa0Lr3jhZp15mqS +IISFqSlf+Wn14dh4w+BdUWB+DMlkfNNz57Qu7LaG+aSWCFspPju1MDuS9CTy4Ei HY6vYX3d2TqZwIXQ7MPgDuq199KOAsHvTK5LbpuxqStxib20sn+lQX+iW9XOnyoj PtTxrFLcbrj6WpOpqmh1WUWeRvOjPhZn1IqKmQBK6zEvtFzYCJI7yCS5LQYt/0XM gey0NS4ZcFkvgbBqXb6reAS7adpwYyK+1jCE7vfjntOnTDeYIiew/xQ4OlKXe7Y1 kjZnPi+9s/JBfkm5XrBvA6SxxS7dVD3PhsZdfgJTw== X-ME-Sender: Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id F06D67E17D; Wed, 20 Dec 2017 18:07:52 -0500 (EST) Date: Wed, 20 Dec 2017 18:07:51 -0500 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot process Message-ID: <20171220230751.GA18857@jasmine.lan> References: <20171219191348.GA19177@jasmine.lan> <87tvwlzop3.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tKW2IUtsqtDRztdT" Content-Disposition: inline In-Reply-To: <87tvwlzop3.fsf@gnu.org> User-Agent: Mutt/1.9.2 (2017-12-15) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 29773 Cc: 29773@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --tKW2IUtsqtDRztdT Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 20, 2017 at 11:19:36AM +0100, Ludovic Court=C3=A8s wrote: > There=E2=80=99s a =E2=80=98user-processes=E2=80=99 service that serves a = similar purpose. >=20 > With the attached patches =E2=80=98urandom-seed=E2=80=99 becomes a depend= ency of > =E2=80=98user-processes=E2=80=99, meaning that daemons & co. start after > =E2=80=98urandom-seed=E2=80=99. >=20 > WDYT? In general, I think it's a good approach. Currently, the urandom-seed-service seems to non-deterministically but typically start after the udev-service, so that /dev/hwrng is always set up by udev before the urandom-seed-service tries to use it. With these patches, that's not the case. This breaks the hwrng seeding feature added in 9a56cf2b5b (services: urandom-seed: Try using a HWRNG to seed the Linux CRNG at boot). I'll try rearranging the service dependency graph. > > Leo Famulari skribis: > > In practice, I'm not sure if it matters. I'd appreciate if GuixSD users > > could check /var/log/messages for warnings like this one and report > > them: > > > > random: application: uninitialized urandom read (16 bytes read)=20 >=20 > I don=E2=80=99t have any of these. I guess this is most likely to happen= when > running =E2=80=98ssh-keygen=E2=80=99 on startup, which isn=E2=80=99t the = case on my machine. Watching a fresh system boot repeatedly, I noticed that the host keys always seem to be generated immediately after Linux reports "random: crng init done". To me, this suggests that OpenSSH is using the getrandom() syscall. If so, any GuixSD host keys created with glibc >=3D 2.25 and OpenSSH >=3D 7.2 should be unpredictable. But I'm not sure if that's what's happening or not. > +(define (user-processes-shepherd-service requirements) > + "Return the 'user-processes' Shepherd service with dependencies on > +REQUIREMENTS (a list of service names). > + > +This is a synchronization point used to make sure user processes and dae= mons > +get started only after crucial initial services have been started---file > +system mounts, etc. This is similar to 'target' in systemd." To clarify, user-processes may be similar to the sysinit target in systemd. Systemd targets are sort of like run-levels, and there are several of them, such as the multi-user target, the graphical target, etc. --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlo67UQACgkQJkb6MLrK fwh6axAAtP5RZChiH5oEVlfYg6boD9GmalkodpLFys4RF6HxB4JyTmZmHyvVmh56 HtqkoXCypXqHB9ZzZwi4Atc/i7/VidCqoYLNRJmNaUEbqlPpkGVMZWYp/i9qUcxG o6CnYWWIexSlgWREjCXpu5nD/YEABeqWhltDwz2aMU3iIMDFIRx/ci3aVdwdoBeW pgJ65Giq5gdndlYj1Iz8NTSDO+VBSktxCl2IccbH92Gx9BSuZ0/JtmT+hQKOzpF4 GYB1+XDvNXZfcXnigHK0hyMumJf9FLGqLyB9i1DoQUjpqODMHOyVfr3zrCU8y0Yy AkA9nybw3ET0/XLjuG7WJfk1rPcfleyqvd06Hlu1RJcwPomfsTLxiK/WZj7JZYx0 z79XQk7MfFHHNywgoGi8hPDzf9KFyfGi0wPU/U0LWL6PEMBlBb08SW697Rrso+y7 NT+tDTc4qXAttcZAtOirqI/blUzXCYnyWzk+G1XhlEYAGSTiOwJ2R5MGnoxT9YNJ djhAB9zRVtgp4aAnj4me4GUI1A6NfWTAY+C9BGKhzdLdsfsbp17fcGF68fdXrQ3t bREQEyJAIAPFxc7EyiACg37/p1pKJE3CWo9qSeoRgiLMFDUf+o2ZHVPX/h7SYFSl VfIJTzNp2yAyNbWOQ5bm/ftiBPxyZabHnDah3vwHwm9XGwGY4O8= =ShZV -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT-- From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 21 04:10:34 2017 Received: (at 29773) by debbugs.gnu.org; 21 Dec 2017 09:10:34 +0000 Received: from localhost ([127.0.0.1]:45183 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRws4-0005TR-Rz for submit@debbugs.gnu.org; Thu, 21 Dec 2017 04:10:34 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:48736) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eRws3-0005TJ-FH for 29773@debbugs.gnu.org; Thu, 21 Dec 2017 04:10:31 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 2686B102BB; Thu, 21 Dec 2017 10:10:34 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdnVZDQbtWEr; Thu, 21 Dec 2017 10:10:33 +0100 (CET) Received: from ribbon (unknown [193.50.110.235]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 8DECFFEB6; Thu, 21 Dec 2017 10:10:33 +0100 (CET) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Leo Famulari Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot process References: <20171219191348.GA19177@jasmine.lan> <87tvwlzop3.fsf@gnu.org> <20171220230751.GA18857@jasmine.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 1 =?utf-8?Q?Niv=C3=B4se?= an 226 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 21 Dec 2017 10:10:29 +0100 In-Reply-To: <20171220230751.GA18857@jasmine.lan> (Leo Famulari's message of "Wed, 20 Dec 2017 18:07:51 -0500") Message-ID: <87ind0a1kq.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 3.8 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Leo Famulari skribis: > On Wed, Dec 20, 2017 at 11:19:36AM +0100, Ludovic Courtès wrote: >> There’s a ‘user-processes’ service that serves a similar purpose. >> >> With the attached patches ‘urandom-seed’ becomes a dependency of >> ‘user-processes’, meaning that daemons & co. start after >> ‘urandom-seed’. >> >> WDYT? > > In general, I think it's a good approach. > > Currently, the urandom-seed-service seems to non-deterministically but > typically start after the udev-service, so that /dev/hwrng is always set > up by udev before the urandom-seed-service tries to use it. > > With these patches, that's not the case. This breaks the hwrng seeding > feature added in 9a56cf2b5b (services: urandom-seed: Try using a HWRNG > to seed the Linux CRNG at boot). > > I'll try rearranging the service dependency graph. [...] Content analysis details: (3.8 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.8 PERCENT_RANDOM Message has a random macro in it X-Debbugs-Envelope-To: 29773 Cc: 29773@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 3.8 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Leo Famulari skribis: > On Wed, Dec 20, 2017 at 11:19:36AM +0100, Ludovic Courtès wrote: >> There’s a ‘user-processes’ service that serves a similar purpose. >> >> With the attached patches ‘urandom-seed’ becomes a dependency of >> ‘user-processes’, meaning that daemons & co. start after >> ‘urandom-seed’. >> >> WDYT? > > In general, I think it's a good approach. > > Currently, the urandom-seed-service seems to non-deterministically but > typically start after the udev-service, so that /dev/hwrng is always set > up by udev before the urandom-seed-service tries to use it. > > With these patches, that's not the case. This breaks the hwrng seeding > feature added in 9a56cf2b5b (services: urandom-seed: Try using a HWRNG > to seed the Linux CRNG at boot). > > I'll try rearranging the service dependency graph. [...] Content analysis details: (3.8 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.8 PERCENT_RANDOM Message has a random macro in it --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Leo Famulari skribis: > On Wed, Dec 20, 2017 at 11:19:36AM +0100, Ludovic Court=C3=A8s wrote: >> There=E2=80=99s a =E2=80=98user-processes=E2=80=99 service that serves a= similar purpose. >>=20 >> With the attached patches =E2=80=98urandom-seed=E2=80=99 becomes a depen= dency of >> =E2=80=98user-processes=E2=80=99, meaning that daemons & co. start after >> =E2=80=98urandom-seed=E2=80=99. >>=20 >> WDYT? > > In general, I think it's a good approach. > > Currently, the urandom-seed-service seems to non-deterministically but > typically start after the udev-service, so that /dev/hwrng is always set > up by udev before the urandom-seed-service tries to use it. > > With these patches, that's not the case. This breaks the hwrng seeding > feature added in 9a56cf2b5b (services: urandom-seed: Try using a HWRNG > to seed the Linux CRNG at boot). > > I'll try rearranging the service dependency graph. The attached patch does the trick, AFAICS: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/services/base.scm b/gnu/services/base.scm index acc5c33f5..7fc8f6aa7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." (list (shepherd-service (documentation "Preserve entropy across reboots for /dev/urandom.") (provision '(urandom-seed)) - (requirement '(file-systems)) + + ;; Depend on udev so that /dev/hwrng is available. + (requirement '(file-systems udev)) + (start #~(lambda _ ;; On boot, write random seed into /dev/urandom. (when (file-exists? #$%random-seed-file) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable > Watching a fresh system boot repeatedly, I noticed that the host keys > always seem to be generated immediately after Linux reports "random: > crng init done". > > To me, this suggests that OpenSSH is using the getrandom() syscall. If > so, any GuixSD host keys created with glibc >=3D 2.25 and OpenSSH >=3D 7.2 > should be unpredictable. But I'm not sure if that's what's happening or > not. Nice. The problem though is that =E2=80=98ssh-keygen -A=E2=80=99 runs from the ac= tivation snippet, which itself runs before shepherd is started. To work around that, we should either introduce a separate =E2=80=98ssh-key= gen=E2=80=99 service that =E2=80=98ssh-daemon=E2=80=99 would depend on, or invoke =E2=80= =98ssh-keygen=E2=80=99 from the =E2=80=98start=E2=80=99 method of the =E2=80=98ssh-daemon=E2=80=99 serv= ice. >> +(define (user-processes-shepherd-service requirements) >> + "Return the 'user-processes' Shepherd service with dependencies on >> +REQUIREMENTS (a list of service names). >> + >> +This is a synchronization point used to make sure user processes and da= emons >> +get started only after crucial initial services have been started---file >> +system mounts, etc. This is similar to 'target' in systemd." > > To clarify, user-processes may be similar to the sysinit target in > systemd. Systemd targets are sort of like run-levels, and there are > several of them, such as the multi-user target, the graphical target, > etc. Indeed, I=E2=80=99ve fixed it locally. If that=E2=80=99s OK I=E2=80=99ll push these patches later today. Thank you, Ludo=E2=80=99. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 21 14:09:19 2017 Received: (at 29773) by debbugs.gnu.org; 21 Dec 2017 19:09:19 +0000 Received: from localhost ([127.0.0.1]:46439 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eS6DX-0000d7-58 for submit@debbugs.gnu.org; Thu, 21 Dec 2017 14:09:19 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:41563) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eS6DV-0000cz-6H for 29773@debbugs.gnu.org; Thu, 21 Dec 2017 14:09:17 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id CB575207FD; Thu, 21 Dec 2017 14:09:16 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Thu, 21 Dec 2017 14:09:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=aObaNTMyKrHmtooq4zMpPvXIaCcjGXi56yY8WYj//ls=; b=Sk3DW 5Mcfk6osd3XgojF0ZYqr40kG6PA2eZDahrVrZvPq3738RObCzPLKNNSWGSwyTTUE dcz/dK/QeWA+16exsVq0BgmZ8Xi+FeTsDpM6sB/Ycb5gAtaSNq9bkijXMVcbG+um YohA4UD/RcqvHoVoOnvkaXfHexHnDBCH4gajxQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=aObaNTMyKrHmtooq4zMpPvXIaCcjG Xi56yY8WYj//ls=; b=rFc+nmX8zk2Qh3FAvPrvedO/ngq+2fXD/litXJF4b6Mlv hxg98HpyKDeqKT7DxdILxRoZf/TTshtABgHddCFfleSWCg1iEz81sp+Xg88zUA+D tq9Csb8egld/XTbZiC/TaVQkFws4/Jf13Z9Ddva25JG7Akk7pH4cJhVWP7f+8Quk xkNuvv/syfucagTU+753SClrSH+O/y0YDF8DTjl9CPqb/PHqNCut6C+ZWgOh8UBt G+Qk3Hl/Ws1NmTLt2mMMn7cgygnvNipWss/wqbNajPXYzsHy9j0gOcHLMo7V7/i8 V4WqiZlftijDz3hN4mMDwLUUxr82XXRn5MjvL5QzQ== X-ME-Sender: Received: from localhost (unknown [172.58.200.109]) by mail.messagingengine.com (Postfix) with ESMTPA id 731D47E558; Thu, 21 Dec 2017 14:09:16 -0500 (EST) Date: Thu, 21 Dec 2017 14:09:14 -0500 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot process Message-ID: <20171221190914.GA11808@jasmine.lan> References: <20171219191348.GA19177@jasmine.lan> <87tvwlzop3.fsf@gnu.org> <20171220230751.GA18857@jasmine.lan> <87ind0a1kq.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <87ind0a1kq.fsf@gnu.org> User-Agent: Mutt/1.9.2 (2017-12-15) X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès wrote: > > The attached patch does the trick, AFAICS: > > diff --git a/gnu/services/base.scm b/gnu/services/base.scm > index acc5c33f5..7fc8f6aa7 100644 > --- a/gnu/services/base.scm > +++ b/gnu/services/base.scm > @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." > (list (shepherd-service > (documentation "Preserve entropy across reboots for /dev/urandom.") > (provision '(urandom-seed)) > - (requirement '(file-systems)) > + > + ;; Depend on udev so that /dev/hwrng is available. > + (requirement '(file-systems udev)) > + > (start #~(lambda _ > ;; On boot, write random seed into /dev/urandom. > (when (file-exists? #$%random-seed-file) [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [66.111.4.27 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.27 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 2.8 PERCENT_RANDOM Message has a random macro in it X-Debbugs-Envelope-To: 29773 Cc: 29773@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.1 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès wrote: > > The attached patch does the trick, AFAICS: > > diff --git a/gnu/services/base.scm b/gnu/services/base.scm > index acc5c33f5..7fc8f6aa7 100644 > --- a/gnu/services/base.scm > +++ b/gnu/services/base.scm > @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." > (list (shepherd-service > (documentation "Preserve entropy across reboots for /dev/urandom.") > (provision '(urandom-seed)) > - (requirement '(file-systems)) > + > + ;; Depend on udev so that /dev/hwrng is available. > + (requirement '(file-systems udev)) > + > (start #~(lambda _ > ;; On boot, write random seed into /dev/urandom. > (when (file-exists? #$%random-seed-file) [...] Content analysis details: (2.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [66.111.4.27 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.27 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 2.8 PERCENT_RANDOM Message has a random macro in it --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Court=E8s wrote: >=20 > The attached patch does the trick, AFAICS: >=20 > diff --git a/gnu/services/base.scm b/gnu/services/base.scm > index acc5c33f5..7fc8f6aa7 100644 > --- a/gnu/services/base.scm > +++ b/gnu/services/base.scm > @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." > (list (shepherd-service > (documentation "Preserve entropy across reboots for /dev/urando= m.") > (provision '(urandom-seed)) > - (requirement '(file-systems)) > + > + ;; Depend on udev so that /dev/hwrng is available. > + (requirement '(file-systems udev)) > + > (start #~(lambda _ > ;; On boot, write random seed into /dev/urandom. > (when (file-exists? #$%random-seed-file) Yes, it seems to work for me. I'm unsure if the stop action of urandom-seed-service is being executed on shutdown. I added some print statements and sleep delays to the stop action but the system halts faster than I expected and I don't see any writes to /var/lib/random-seed. --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlo8BtoACgkQJkb6MLrK fwhPRw//U4c/2yV4Rap5uD2ixSjjrdxXOO2P4WhH2u6kN1QiolUpYvdtHkgrY4+y 1zKoNqQ3XUIfetclO0ji0cXLTmh1sBfbxl/t5msvMZb66cc1qjdfl9PO8NQbqILF RhtSaihad31A9hDmKlv9MYw2PSzvz4Z7fuTPOpm/2bOfq4CRKHA/P88hRKBhRy9U 2H8/gX9HxU5p1WIU+L7Y/iXUDMjV7RSygRvWyb11q0ioK8o8dZ+mV5OBHauAKvmU IKe7Enygn0d6R3yIpyP0cE7b/iKzzVTpgOXP4JerxEkTdPk1f8KUwRBJMjYaTInt fufLzhrGc+rSMmB7BYU7lJ/fhjOuWeY1Aq/Bx12IAo144OPEH7h+Edk72bksFrmK Xu6YNCU3lZTcypoZDZVVI5TDrWgJpU1Cx/JQmuJFv3ESx0HppeQ7KdNCLYaKQ8uF bHscHSeQKylgZoqdIO2iFr9WH1FEIEtTCI9G8g4LtofXekw7veVqFA/3Hi4Yn5F/ RpMMzU8hP+8Hy6EZHj92Wm2ZvIPweIknpJeaj0Hs9DavisgW4GuCIvidYAqZyfMQ I/Us10AypMG7O7zNTT4tKWhY7n5KxYDJ7PRIKt+B8SXEJgyv2Q21j6oE+vj1buH7 nnn8qGal4UqiNNdvXnIgPxLMFfSnPBe17c4aiVqK9NIkVG/Z9Os= =LrI4 -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 22 04:06:50 2017 Received: (at 29773-done) by debbugs.gnu.org; 22 Dec 2017 09:06:50 +0000 Received: from localhost ([127.0.0.1]:46850 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eSJI1-0003U5-UE for submit@debbugs.gnu.org; Fri, 22 Dec 2017 04:06:50 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:51779) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eSJI0-0003Tx-4F for 29773-done@debbugs.gnu.org; Fri, 22 Dec 2017 04:06:48 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 5D4DC102BB; Fri, 22 Dec 2017 10:06:51 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1TnHk_vwYAcM; Fri, 22 Dec 2017 10:06:50 +0100 (CET) Received: from ribbon (unknown [193.50.110.235]) by hera.aquilenet.fr (Postfix) with ESMTPSA id BFCB2FE65; Fri, 22 Dec 2017 10:06:50 +0100 (CET) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Leo Famulari Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot process References: <20171219191348.GA19177@jasmine.lan> <87tvwlzop3.fsf@gnu.org> <20171220230751.GA18857@jasmine.lan> <87ind0a1kq.fsf@gnu.org> <20171221190914.GA11808@jasmine.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 2 =?utf-8?Q?Niv=C3=B4se?= an 226 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 22 Dec 2017 10:06:46 +0100 In-Reply-To: <20171221190914.GA11808@jasmine.lan> (Leo Famulari's message of "Thu, 21 Dec 2017 14:09:14 -0500") Message-ID: <87po779lnd.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 3.8 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello, Leo Famulari skribis: > On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès wrote: >> >> The attached patch does the trick, AFAICS: >> > >> diff --git a/gnu/services/base.scm b/gnu/services/base.scm >> index acc5c33f5..7fc8f6aa7 100644 >> --- a/gnu/services/base.scm >> +++ b/gnu/services/base.scm >> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." >> (list (shepherd-service >> (documentation "Preserve entropy across reboots for /dev/urandom.") >> (provision '(urandom-seed)) >> - (requirement '(file-systems)) >> + >> + ;; Depend on udev so that /dev/hwrng is available. >> + (requirement '(file-systems udev)) >> + >> (start #~(lambda _ >> ;; On boot, write random seed into /dev/urandom. >> (when (file-exists? #$%random-seed-file) > > Yes, it seems to work for me. [...] Content analysis details: (3.8 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.8 PERCENT_RANDOM Message has a random macro in it X-Debbugs-Envelope-To: 29773-done Cc: 29773-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 3.8 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello, Leo Famulari skribis: > On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès wrote: >> >> The attached patch does the trick, AFAICS: >> > >> diff --git a/gnu/services/base.scm b/gnu/services/base.scm >> index acc5c33f5..7fc8f6aa7 100644 >> --- a/gnu/services/base.scm >> +++ b/gnu/services/base.scm >> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." >> (list (shepherd-service >> (documentation "Preserve entropy across reboots for /dev/urandom.") >> (provision '(urandom-seed)) >> - (requirement '(file-systems)) >> + >> + ;; Depend on udev so that /dev/hwrng is available. >> + (requirement '(file-systems udev)) >> + >> (start #~(lambda _ >> ;; On boot, write random seed into /dev/urandom. >> (when (file-exists? #$%random-seed-file) > > Yes, it seems to work for me. [...] Content analysis details: (3.8 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.8 PERCENT_RANDOM Message has a random macro in it Hello, Leo Famulari skribis: > On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Court=C3=A8s wrote: >>=20 >> The attached patch does the trick, AFAICS: >>=20 > >> diff --git a/gnu/services/base.scm b/gnu/services/base.scm >> index acc5c33f5..7fc8f6aa7 100644 >> --- a/gnu/services/base.scm >> +++ b/gnu/services/base.scm >> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." >> (list (shepherd-service >> (documentation "Preserve entropy across reboots for /dev/urand= om.") >> (provision '(urandom-seed)) >> - (requirement '(file-systems)) >> + >> + ;; Depend on udev so that /dev/hwrng is available. >> + (requirement '(file-systems udev)) >> + >> (start #~(lambda _ >> ;; On boot, write random seed into /dev/urandom. >> (when (file-exists? #$%random-seed-file) > > Yes, it seems to work for me. Great, I=E2=80=99ve pushed the whole series. > I'm unsure if the stop action of urandom-seed-service is being executed > on shutdown. > > I added some print statements and sleep delays to the stop action but > the system halts faster than I expected and I don't see any writes to > /var/lib/random-seed. /var/lib/random-seed is definitely being updated on shutdown on my system, as can be seen from its mtime. Thanks, Ludo=E2=80=99. From unknown Mon Aug 18 09:01:57 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 19 Jan 2018 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator