GNU bug report logs - #29773
urandom-seed-service should run earlier in the boot process

Previous Next

Full log

Message #22 received at 29773 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 29773 <at> debbugs.gnu.org
Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot
 process
Date: Thu, 21 Dec 2017 14:09:14 -0500

[Message part 1 (text/plain, inline)]

On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès wrote:
> 
> The attached patch does the trick, AFAICS:
> 

> diff --git a/gnu/services/base.scm b/gnu/services/base.scm
> index acc5c33f5..7fc8f6aa7 100644
> --- a/gnu/services/base.scm
> +++ b/gnu/services/base.scm
> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped."
>    (list (shepherd-service
>           (documentation "Preserve entropy across reboots for /dev/urandom.")
>           (provision '(urandom-seed))
> -         (requirement '(file-systems))
> +
> +         ;; Depend on udev so that /dev/hwrng is available.
> +         (requirement '(file-systems udev))
> +
>           (start #~(lambda _
>                      ;; On boot, write random seed into /dev/urandom.
>                      (when (file-exists? #$%random-seed-file)

Yes, it seems to work for me.

I'm unsure if the stop action of urandom-seed-service is being executed
on shutdown.

I added some print statements and sleep delays to the stop action but
the system halts faster than I expected and I don't see any writes to
/var/lib/random-seed.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.