GNU bug report logs - #29773
urandom-seed-service should run earlier in the boot process

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 19 Dec 2017 19:15:01 UTC

Severity: normal

Tags: security

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 29773 <at> debbugs.gnu.org
Subject: bug#29773: urandom-seed-service should run earlier in the boot process
Date: Thu, 21 Dec 2017 14:09:14 -0500

[Message part 1 (text/plain, inline)]
On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès wrote:
> 
> The attached patch does the trick, AFAICS:
> 

> diff --git a/gnu/services/base.scm b/gnu/services/base.scm
> index acc5c33f5..7fc8f6aa7 100644
> --- a/gnu/services/base.scm
> +++ b/gnu/services/base.scm
> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped."
>    (list (shepherd-service
>           (documentation "Preserve entropy across reboots for /dev/urandom.")
>           (provision '(urandom-seed))
> -         (requirement '(file-systems))
> +
> +         ;; Depend on udev so that /dev/hwrng is available.
> +         (requirement '(file-systems udev))
> +
>           (start #~(lambda _
>                      ;; On boot, write random seed into /dev/urandom.
>                      (when (file-exists? #$%random-seed-file)

Yes, it seems to work for me.

I'm unsure if the stop action of urandom-seed-service is being executed
on shutdown.

I added some print statements and sleep delays to the stop action but
the system halts faster than I expected and I don't see any writes to
/var/lib/random-seed.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 213 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.