From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
Subject: bug#23605: /dev/urandom not seeded across reboots
Date: Tue, 24 May 2016 14:24:59 +0200
Message-ID: <87d1obabj8.fsf@gnu.org>
References: <20160523175832.GA10646@jasmine>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55429)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b5BPT-0005HU-0n
	for bug-guix@gnu.org; Tue, 24 May 2016 08:26:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b5BPN-0002Sc-TN
	for bug-guix@gnu.org; Tue, 24 May 2016 08:26:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:51448)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b5BPN-0002SY-R2
	for bug-guix@gnu.org; Tue, 24 May 2016 08:26:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b5BPN-00011X-MY
	for bug-guix@gnu.org; Tue, 24 May 2016 08:26:01 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.23605.B23605.14640927153880@debbugs.gnu.org>
In-Reply-To: <20160523175832.GA10646@jasmine> (Leo Famulari's message of "Mon,
	23 May 2016 13:58:32 -0400")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: 23605@debbugs.gnu.org

Leo Famulari <leo@famulari.name> skribis:

> I realized that we don't seem to be saving any of the entropy in the
> kernel's random pool [0] across reboots.
>
> This means that for some period after boot, /dev/urandom may not be safe
> to use. From random(4):

Good catch!

Some comments:

> +(define %urandom-seed-activation
> +  ;; Activation gexp for the urandom seed
> +  #~(begin
> +      (use-modules (guix build utils))
> +
> +      (mkdir-p "/var/run")
> +      (close-port (open-file "/var/run/urandom-seed" "a0b"))

Or simply =E2=80=98open-output-file=E2=80=99.

Maybe do:

  (define %random-seed-file
    "/var/run/random-seed")

to avoid repeating the file name everywhere.

> +         (start #~(lambda _
> +                    (exec-command
> +                      (zero?
> +                        (system (string-append "cat "
> +                                               "/var/run/urandom-seed"
> +                                               " > /dev/urandom"))))))

Instead of spawning =E2=80=98cat=E2=80=99, we can do:

  (when (file-exists? #$%random-seed-file)
    (call-with-input-file #$%random-seed-file
      (lambda (seed)
        (call-with-output-file "/dev/urandom"
          (lambda (random)
            (dump-port seed random))))))
  #t   ;service successfully =E2=80=9Cstarted=E2=80=9D

> +         (stop #~(lambda _
> +                   (exec-command
> +                     (zero?
> +                       (system* "dd" "if=3D/dev/urandom"
> +                                (string-append "of=3D" "/var/run/urandom=
-seed")
> +                                "count=3D1" "bs=3D512"))))))))

Likewise, I would suggest using:

  (let ((buf (make-bytevector 512)))
    (call-with-input-file "/dev/urandom"
      (lambda (random)
        (get-bytevector-n! random buf 512)))
    =E2=80=A6)

Thanks for looking into it!

Ludo=E2=80=99.