[PATCH 1/1] services: urandom-seed: Refresh seed at boot.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/1] services: urandom-seed: Refresh seed at boot.

From:	Leo Famulari
Subject:	[PATCH 1/1] services: urandom-seed: Refresh seed at boot.
Date:	Fri, 3 Jun 2016 22:56:50 -0400

* gnu/services/base.scm (urandom-seed-shepherd-service): Refresh the random
seed unconditionally at boot. Ensure directory structure for %random-seed-file
exists when shutting down.
(%urandom-seed-activation): Remove variable.
(urandom-seed-service-type): Remove deleted variable from list of extensions.
---
 gnu/services/base.scm | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index b8e4741..2780d12 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -431,15 +431,6 @@ stopped before 'kill' is called."
 (define %random-seed-file
   "/var/lib/random-seed")
 
-(define %urandom-seed-activation
-  ;; Activation gexp for the urandom seed
-  #~(begin
-      (use-modules (guix build utils))
-
-      (mkdir-p (dirname #$%random-seed-file))
-      (close-port (open-file #$%random-seed-file "a0b"))
-      (chmod #$%random-seed-file #o600)))
-
 (define (urandom-seed-shepherd-service _)
   "Return a shepherd service for the /dev/urandom seed."
   (list (shepherd-service
@@ -454,6 +445,18 @@ stopped before 'kill' is called."
                           (call-with-output-file "/dev/urandom"
                             (lambda (urandom)
                               (dump-port seed urandom))))))
+                    ;; Immediately refresh the seed in case the system doesn't
+                    ;; shut down cleanly.
+                    (call-with-input-file "/dev/urandom"
+                      (lambda (urandom)
+                        (let ((previous-umask (umask #o077))
+                              (buf (make-bytevector 512)))
+                          (mkdir-p (dirname #$%random-seed-file))
+                          (get-bytevector-n! urandom buf 0 512)
+                          (call-with-output-file #$%random-seed-file
+                            (lambda (seed)
+                              (put-bytevector seed buf)))
+                          (umask previous-umask))))
                     #t))
          (stop #~(lambda _
                    ;; During shutdown, write from /dev/urandom into random 
seed.
@@ -462,6 +465,7 @@ stopped before 'kill' is called."
                        (lambda (urandom)
                          (let ((previous-umask (umask #o077)))
                            (get-bytevector-n! urandom buf 0 512)
+                           (mkdir-p (dirname #$%random-seed-file))
                            (call-with-output-file #$%random-seed-file
                              (lambda (seed)
                                (put-bytevector seed buf)))
@@ -475,9 +479,7 @@ stopped before 'kill' is called."
   (service-type (name 'urandom-seed)
                 (extensions
                  (list (service-extension shepherd-root-service-type
-                                          urandom-seed-shepherd-service)
-                       (service-extension activation-service-type
-                                          (const %urandom-seed-activation))))))
+                                          urandom-seed-shepherd-service)))))
 
 (define (urandom-seed-service)
   (service urandom-seed-service-type #f))
-- 
2.8.3

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/1] Improvements to urandom-seed service, Leo Famulari, 2016/06/03
- [PATCH 1/1] services: urandom-seed: Refresh seed at boot., Leo Famulari <=
- Re: [PATCH 0/1] Improvements to urandom-seed service, Ludovic Courtès, 2016/06/04

Prev by Date: [PATCH 0/1] Improvements to urandom-seed service
Next by Date: Re: [Patch] Updated patch for emacs-helm
Previous by thread: [PATCH 0/1] Improvements to urandom-seed service
Next by thread: Re: [PATCH 0/1] Improvements to urandom-seed service
Index(es):
- Date
- Thread