From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#29773: urandom-seed-service should run earlier in the boot process Date: Thu, 21 Dec 2017 14:09:14 -0500 Message-ID: <20171221190914.GA11808@jasmine.lan> References: <20171219191348.GA19177@jasmine.lan> <87tvwlzop3.fsf@gnu.org> <20171220230751.GA18857@jasmine.lan> <87ind0a1kq.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37993) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eS6EI-0003ey-2L for bug-guix@gnu.org; Thu, 21 Dec 2017 14:10:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eS6EE-0000uc-Mq for bug-guix@gnu.org; Thu, 21 Dec 2017 14:10:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:37758) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eS6EE-0000uU-IF for bug-guix@gnu.org; Thu, 21 Dec 2017 14:10:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eS6EE-0000e6-B1 for bug-guix@gnu.org; Thu, 21 Dec 2017 14:10:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <87ind0a1kq.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 29773@debbugs.gnu.org --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Court=E8s wrote: >=20 > The attached patch does the trick, AFAICS: >=20 > diff --git a/gnu/services/base.scm b/gnu/services/base.scm > index acc5c33f5..7fc8f6aa7 100644 > --- a/gnu/services/base.scm > +++ b/gnu/services/base.scm > @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped." > (list (shepherd-service > (documentation "Preserve entropy across reboots for /dev/urando= m.") > (provision '(urandom-seed)) > - (requirement '(file-systems)) > + > + ;; Depend on udev so that /dev/hwrng is available. > + (requirement '(file-systems udev)) > + > (start #~(lambda _ > ;; On boot, write random seed into /dev/urandom. > (when (file-exists? #$%random-seed-file) Yes, it seems to work for me. I'm unsure if the stop action of urandom-seed-service is being executed on shutdown. I added some print statements and sleep delays to the stop action but the system halts faster than I expected and I don't see any writes to /var/lib/random-seed. --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlo8BtoACgkQJkb6MLrK fwhPRw//U4c/2yV4Rap5uD2ixSjjrdxXOO2P4WhH2u6kN1QiolUpYvdtHkgrY4+y 1zKoNqQ3XUIfetclO0ji0cXLTmh1sBfbxl/t5msvMZb66cc1qjdfl9PO8NQbqILF RhtSaihad31A9hDmKlv9MYw2PSzvz4Z7fuTPOpm/2bOfq4CRKHA/P88hRKBhRy9U 2H8/gX9HxU5p1WIU+L7Y/iXUDMjV7RSygRvWyb11q0ioK8o8dZ+mV5OBHauAKvmU IKe7Enygn0d6R3yIpyP0cE7b/iKzzVTpgOXP4JerxEkTdPk1f8KUwRBJMjYaTInt fufLzhrGc+rSMmB7BYU7lJ/fhjOuWeY1Aq/Bx12IAo144OPEH7h+Edk72bksFrmK Xu6YNCU3lZTcypoZDZVVI5TDrWgJpU1Cx/JQmuJFv3ESx0HppeQ7KdNCLYaKQ8uF bHscHSeQKylgZoqdIO2iFr9WH1FEIEtTCI9G8g4LtofXekw7veVqFA/3Hi4Yn5F/ RpMMzU8hP+8Hy6EZHj92Wm2ZvIPweIknpJeaj0Hs9DavisgW4GuCIvidYAqZyfMQ I/Us10AypMG7O7zNTT4tKWhY7n5KxYDJ7PRIKt+B8SXEJgyv2Q21j6oE+vj1buH7 nnn8qGal4UqiNNdvXnIgPxLMFfSnPBe17c4aiVqK9NIkVG/Z9Os= =LrI4 -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/--