nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services: Add urandom-seed-service. 

Fixes <http://bugs.gnu.org/23605>.

* gnu/services/base.scm (urandom-seed-service): New procedure.
(%random-seed-file, urandom-seed-service-type): New variables.
(%urandom-seed-shepherd-service): New procedure.
(%base-services): Call 'urandom-seed-service'.
* doc/guix.texi (Base Services): Document it.
This commit is contained in:
Leo Famulari 2016-05-28 13:41:21 -04:00
parent 922fe075d1
commit a535e12226
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/guix.texi
View File

@ -7355,6 +7355,17 @@ Return a service that runs the Guix build daemon according to
Run @var{udev}, which populates the @file{/dev} directory dynamically. Run @var{udev}, which populates the @file{/dev} directory dynamically.
@end deffn @end deffn
@deffn {Scheme Procedure} urandom-seed-service @var{#f}
Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom}
when rebooting.
@end deffn
@defvr {Scheme Variable} %random-seed-file
This is the name of the file where some random bytes are saved by
@var{urandom-seed-service} to seed @file{/dev/urandom} when rebooting.
It defaults to @file{/var/lib/random-seed}.
@end defvr
@deffn {Scheme Procedure} console-keymap-service @var{files} ... @deffn {Scheme Procedure} console-keymap-service @var{files} ...
@cindex keyboard layout @cindex keyboard layout
Return a service to load console keymaps from @var{files} using Return a service to load console keymaps from @var{files} using

62
gnu/services/base.scm
View File

@ -3,6 +3,7 @@
;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com> ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -93,6 +94,8 @@
gpm-service-type gpm-service-type
gpm-service gpm-service
urandom-seed-service
%base-services)) %base-services))
;;; Commentary: ;;; Commentary:
@ -420,6 +423,63 @@ stopped before 'kill' is called."
(service user-processes-service-type (service user-processes-service-type
(list (filter file-system-mount? file-systems) grace-delay))) (list (filter file-system-mount? file-systems) grace-delay)))
;;;
;;; Preserve entropy to seed /dev/urandom on boot.
;;;
(define %random-seed-file
"/var/lib/random-seed")
(define %urandom-seed-activation
;; Activation gexp for the urandom seed
#~(begin
(use-modules (guix build utils))
(mkdir-p (dirname #$%random-seed-file))
(close-port (open-file #$%random-seed-file "a0b"))
(chmod #$%random-seed-file #o600)))
(define (urandom-seed-shepherd-service _)
"Return a shepherd service for the /dev/urandom seed."
(list (shepherd-service
(documentation "Preserve entropy across reboots for /dev/urandom.")
(provision '(urandom-seed))
(requirement '(user-processes))
(start #~(lambda _
;; On boot, write random seed into /dev/urandom.
(when (file-exists? #$%random-seed-file)
(call-with-input-file #$%random-seed-file
(lambda (seed)
(call-with-output-file "/dev/urandom"
(lambda (urandom)
(dump-port seed urandom))))))
#t))
(stop #~(lambda _
;; During shutdown, write from /dev/urandom into random seed.
(let ((buf (make-bytevector 512)))
(call-with-input-file "/dev/urandom"
(lambda (urandom)
(get-bytevector-n! urandom buf 0 512)
(call-with-output-file #$%random-seed-file
(lambda (seed)
(put-bytevector seed buf)))
#t)))))
(modules `((rnrs bytevectors)
(rnrs io ports)
,@%default-modules)))))
(define urandom-seed-service-type
(service-type (name 'urandom-seed)
(extensions
(list (service-extension shepherd-root-service-type
urandom-seed-shepherd-service)
(service-extension activation-service-type
(const %urandom-seed-activation))))))
(define (urandom-seed-service)
(service urandom-seed-service-type #f))
;;; ;;;
;;; System-wide environment variables. ;;; System-wide environment variables.
@ -1200,7 +1260,6 @@ extra rules from the packages listed in @var{rules}."
"Return a service that uses @var{device} as a swap device." "Return a service that uses @var{device} as a swap device."
(service swap-service-type device)) (service swap-service-type device))
(define-record-type* <gpm-configuration> (define-record-type* <gpm-configuration>
gpm-configuration make-gpm-configuration gpm-configuration? gpm-configuration make-gpm-configuration gpm-configuration?
(gpm gpm-configuration-gpm) ;package (gpm gpm-configuration-gpm) ;package
@ -1281,6 +1340,7 @@ This is the GNU operating system, welcome!\n\n")))
(static-networking-service "lo" "127.0.0.1" (static-networking-service "lo" "127.0.0.1"
#:provision '(loopback)) #:provision '(loopback))
(syslog-service) (syslog-service)
(urandom-seed-service)
(guix-service) (guix-service)
(nscd-service) (nscd-service)