services: urandom-seed: Credit the entropy added to the PRNG.
Partly fixes <https://bugs.gnu.org/37501>. Reported by Marius Bakke <mbakke@fastmail.com>. * gnu/services/base.scm (urandom-seed-shepherd-service): In 'start' method, add calls to 'add-to-entropy-count'.
This commit is contained in:
parent
5e5f716794
commit
81bc4533aa
|
@ -573,7 +573,13 @@ file systems, as well as corresponding @file{/etc/fstab} entries.")))
|
||||||
(lambda (seed)
|
(lambda (seed)
|
||||||
(call-with-output-file "/dev/urandom"
|
(call-with-output-file "/dev/urandom"
|
||||||
(lambda (urandom)
|
(lambda (urandom)
|
||||||
(dump-port seed urandom))))))
|
(dump-port seed urandom)
|
||||||
|
|
||||||
|
;; Writing SEED to URANDOM isn't enough: we must
|
||||||
|
;; also tell the kernel to account for these
|
||||||
|
;; extra bits of entropy.
|
||||||
|
(let ((bits (* 8 (stat:size (stat seed)))))
|
||||||
|
(add-to-entropy-count urandom bits)))))))
|
||||||
|
|
||||||
;; Try writing from /dev/hwrng into /dev/urandom.
|
;; Try writing from /dev/hwrng into /dev/urandom.
|
||||||
;; It seems that the file /dev/hwrng always exists, even
|
;; It seems that the file /dev/hwrng always exists, even
|
||||||
|
@ -590,7 +596,9 @@ file systems, as well as corresponding @file{/etc/fstab} entries.")))
|
||||||
(when buf
|
(when buf
|
||||||
(call-with-output-file "/dev/urandom"
|
(call-with-output-file "/dev/urandom"
|
||||||
(lambda (urandom)
|
(lambda (urandom)
|
||||||
(put-bytevector urandom buf)))))
|
(put-bytevector urandom buf)
|
||||||
|
(let ((bits (* 8 (bytevector-length buf))))
|
||||||
|
(add-to-entropy-count urandom bits))))))
|
||||||
|
|
||||||
;; Immediately refresh the seed in case the system doesn't
|
;; Immediately refresh the seed in case the system doesn't
|
||||||
;; shut down cleanly.
|
;; shut down cleanly.
|
||||||
|
|
Loading…
Reference in New Issue