[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#29773: urandom-seed-service should run earlier in the boot process
|
From: |
Ludovic Courtès |
|
Subject: |
bug#29773: urandom-seed-service should run earlier in the boot process |
|
Date: |
Wed, 20 Dec 2017 11:19:36 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Hello,
Leo Famulari <address@hidden> skribis:
> In some cases, the applications require some random data before any
> services are started, during activation. For example, our OpenSSH
> service generates its host keys during activation. And even if it
> generated host keys during the start of the OpenSSH service, that
> service does not depend on urandom-seed-service. [0]
>
> In systemd, there is an abstract sysinit "target" that basically serves
> as a checkpoint. All the lower-level system initialization is required
> before the sysinit.target is met, and the rest of the services depend on
> sysinit. The random seeding is part of sysinit. I've reproduced a graph
> of this in [1].
There’s a ‘user-processes’ service that serves a similar purpose.
With the attached patches ‘urandom-seed’ becomes a dependency of
‘user-processes’, meaning that daemons & co. start after
‘urandom-seed’.
WDYT?
> In practice, I'm not sure if it matters. I'd appreciate if GuixSD users
> could check /var/log/messages for warnings like this one and report
> them:
>
> random: application: uninitialized urandom read (16 bytes read)
I don’t have any of these. I guess this is most likely to happen when
running ‘ssh-keygen’ on startup, which isn’t the case on my machine.
Ludo’.
0002-services-urandom-seed-Become-a-dependency-of-user-pr.patch
Description: Text Data
0001-services-user-processes-service-type-can-now-be-exte.patch
Description: Text Data