From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: bug#37501: [core-updates] Entropy starvation during boot
Date: Fri, 04 Oct 2019 11:15:52 +0200
Message-ID: <87y2y0x453.fsf@gnu.org>
References: <87sgolae6l.fsf@devup.no> <87h84qdbmg.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:49053)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iGJhv-0005DT-O9
 for bug-guix@gnu.org; Fri, 04 Oct 2019 05:17:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iGJhu-0000RO-NN
 for bug-guix@gnu.org; Fri, 04 Oct 2019 05:17:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:32929)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iGJhu-0000R7-K2
 for bug-guix@gnu.org; Fri, 04 Oct 2019 05:17:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iGJhu-0004Ee-8A
 for bug-guix@gnu.org; Fri, 04 Oct 2019 05:17:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.37501.B37501.157018056316213@debbugs.gnu.org>
In-Reply-To: <87h84qdbmg.fsf@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Thu, 03 Oct 2019 00:29:59 +0200")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: 37501@debbugs.gnu.org

Ludovic Court=C3=A8s <ludo@gnu.org> skribis:

> I read some of these, and our =E2=80=98urandom-seed-service-type=E2=80=99=
 has the same
> bug as <https://github.com/systemd/systemd/issues/4271>.  Namely, we
> write the previous seed to /dev/urandom but we don=E2=80=99t credit the
> entropy.

Now that I think about it, =E2=80=98urandom-seed=E2=80=99 normally contribu=
tes 512 bytes
of entropy, but immediately after it *consumes* 512 bytes of entropy:

          ;; Immediately refresh the seed in case the system doesn't
          ;; shut down cleanly.
          (call-with-input-file "/dev/urandom"
            (lambda (urandom)
              (let ((previous-umask (umask #o077))
                    (buf (make-bytevector 512)))
                (mkdir-p (dirname #$%random-seed-file))
                (get-bytevector-n! urandom buf 0 512)
                (call-with-output-file #$%random-seed-file
                  (lambda (seed)
                    (put-bytevector seed buf)))
                (umask previous-umask))))

This comes from commit 71cb237a7d98dafda7dfbb5f3ba7c68463310383 by Leo.

What about deleting the seed instead of populating it right at boot
time?

That way, we would actually have entropy available at boot time.  In
case of a crash, the system may lack entropy upon reboot, but that=E2=80=99s
better than always lacking entropy when booting.

Marius, Leo, WDYT?

(If we wanted to go fancy, we could spawn a separate process that will
attempt to refill the seed minutes after the system has booted.)

Thanks,
Ludo=E2=80=99.