services: urandom-seed: Refresh seed at boot.
* gnu/services/base.scm (urandom-seed-shepherd-service): Refresh the random seed unconditionally at boot. Ensure directory structure for %random-seed-file exists when shutting down. (%urandom-seed-activation): Remove variable. (urandom-seed-service-type): Remove deleted variable from list of extensions.
This commit is contained in:
parent
5d52ac7453
commit
71cb237a7d
|
@ -431,15 +431,6 @@ stopped before 'kill' is called."
|
||||||
(define %random-seed-file
|
(define %random-seed-file
|
||||||
"/var/lib/random-seed")
|
"/var/lib/random-seed")
|
||||||
|
|
||||||
(define %urandom-seed-activation
|
|
||||||
;; Activation gexp for the urandom seed
|
|
||||||
#~(begin
|
|
||||||
(use-modules (guix build utils))
|
|
||||||
|
|
||||||
(mkdir-p (dirname #$%random-seed-file))
|
|
||||||
(close-port (open-file #$%random-seed-file "a0b"))
|
|
||||||
(chmod #$%random-seed-file #o600)))
|
|
||||||
|
|
||||||
(define (urandom-seed-shepherd-service _)
|
(define (urandom-seed-shepherd-service _)
|
||||||
"Return a shepherd service for the /dev/urandom seed."
|
"Return a shepherd service for the /dev/urandom seed."
|
||||||
(list (shepherd-service
|
(list (shepherd-service
|
||||||
|
@ -454,6 +445,18 @@ stopped before 'kill' is called."
|
||||||
(call-with-output-file "/dev/urandom"
|
(call-with-output-file "/dev/urandom"
|
||||||
(lambda (urandom)
|
(lambda (urandom)
|
||||||
(dump-port seed urandom))))))
|
(dump-port seed urandom))))))
|
||||||
|
;; Immediately refresh the seed in case the system doesn't
|
||||||
|
;; shut down cleanly.
|
||||||
|
(call-with-input-file "/dev/urandom"
|
||||||
|
(lambda (urandom)
|
||||||
|
(let ((previous-umask (umask #o077))
|
||||||
|
(buf (make-bytevector 512)))
|
||||||
|
(mkdir-p (dirname #$%random-seed-file))
|
||||||
|
(get-bytevector-n! urandom buf 0 512)
|
||||||
|
(call-with-output-file #$%random-seed-file
|
||||||
|
(lambda (seed)
|
||||||
|
(put-bytevector seed buf)))
|
||||||
|
(umask previous-umask))))
|
||||||
#t))
|
#t))
|
||||||
(stop #~(lambda _
|
(stop #~(lambda _
|
||||||
;; During shutdown, write from /dev/urandom into random seed.
|
;; During shutdown, write from /dev/urandom into random seed.
|
||||||
|
@ -462,6 +465,7 @@ stopped before 'kill' is called."
|
||||||
(lambda (urandom)
|
(lambda (urandom)
|
||||||
(let ((previous-umask (umask #o077)))
|
(let ((previous-umask (umask #o077)))
|
||||||
(get-bytevector-n! urandom buf 0 512)
|
(get-bytevector-n! urandom buf 0 512)
|
||||||
|
(mkdir-p (dirname #$%random-seed-file))
|
||||||
(call-with-output-file #$%random-seed-file
|
(call-with-output-file #$%random-seed-file
|
||||||
(lambda (seed)
|
(lambda (seed)
|
||||||
(put-bytevector seed buf)))
|
(put-bytevector seed buf)))
|
||||||
|
@ -475,9 +479,7 @@ stopped before 'kill' is called."
|
||||||
(service-type (name 'urandom-seed)
|
(service-type (name 'urandom-seed)
|
||||||
(extensions
|
(extensions
|
||||||
(list (service-extension shepherd-root-service-type
|
(list (service-extension shepherd-root-service-type
|
||||||
urandom-seed-shepherd-service)
|
urandom-seed-shepherd-service)))))
|
||||||
(service-extension activation-service-type
|
|
||||||
(const %urandom-seed-activation))))))
|
|
||||||
|
|
||||||
(define (urandom-seed-service)
|
(define (urandom-seed-service)
|
||||||
(service urandom-seed-service-type #f))
|
(service urandom-seed-service-type #f))
|
||||||
|
|
Loading…
Reference in New Issue