services: urandom-seed: Refresh seed at boot.

* gnu/services/base.scm (urandom-seed-shepherd-service): Refresh the random
seed unconditionally at boot. Ensure directory structure for %random-seed-file
exists when shutting down.
(%urandom-seed-activation): Remove variable.
(urandom-seed-service-type): Remove deleted variable from list of extensions.
This commit is contained in:
Leo Famulari 2016-06-03 02:44:32 -04:00
parent 5d52ac7453
commit 71cb237a7d
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
1 changed files with 14 additions and 12 deletions

View File

@ -431,15 +431,6 @@ stopped before 'kill' is called."
(define %random-seed-file (define %random-seed-file
"/var/lib/random-seed") "/var/lib/random-seed")
(define %urandom-seed-activation
;; Activation gexp for the urandom seed
#~(begin
(use-modules (guix build utils))
(mkdir-p (dirname #$%random-seed-file))
(close-port (open-file #$%random-seed-file "a0b"))
(chmod #$%random-seed-file #o600)))
(define (urandom-seed-shepherd-service _) (define (urandom-seed-shepherd-service _)
"Return a shepherd service for the /dev/urandom seed." "Return a shepherd service for the /dev/urandom seed."
(list (shepherd-service (list (shepherd-service
@ -454,6 +445,18 @@ stopped before 'kill' is called."
(call-with-output-file "/dev/urandom" (call-with-output-file "/dev/urandom"
(lambda (urandom) (lambda (urandom)
(dump-port seed urandom)))))) (dump-port seed urandom))))))
;; Immediately refresh the seed in case the system doesn't
;; shut down cleanly.
(call-with-input-file "/dev/urandom"
(lambda (urandom)
(let ((previous-umask (umask #o077))
(buf (make-bytevector 512)))
(mkdir-p (dirname #$%random-seed-file))
(get-bytevector-n! urandom buf 0 512)
(call-with-output-file #$%random-seed-file
(lambda (seed)
(put-bytevector seed buf)))
(umask previous-umask))))
#t)) #t))
(stop #~(lambda _ (stop #~(lambda _
;; During shutdown, write from /dev/urandom into random seed. ;; During shutdown, write from /dev/urandom into random seed.
@ -462,6 +465,7 @@ stopped before 'kill' is called."
(lambda (urandom) (lambda (urandom)
(let ((previous-umask (umask #o077))) (let ((previous-umask (umask #o077)))
(get-bytevector-n! urandom buf 0 512) (get-bytevector-n! urandom buf 0 512)
(mkdir-p (dirname #$%random-seed-file))
(call-with-output-file #$%random-seed-file (call-with-output-file #$%random-seed-file
(lambda (seed) (lambda (seed)
(put-bytevector seed buf))) (put-bytevector seed buf)))
@ -475,9 +479,7 @@ stopped before 'kill' is called."
(service-type (name 'urandom-seed) (service-type (name 'urandom-seed)
(extensions (extensions
(list (service-extension shepherd-root-service-type (list (service-extension shepherd-root-service-type
urandom-seed-shepherd-service) urandom-seed-shepherd-service)))))
(service-extension activation-service-type
(const %urandom-seed-activation))))))
(define (urandom-seed-service) (define (urandom-seed-service)
(service urandom-seed-service-type #f)) (service urandom-seed-service-type #f))