From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Craven Subject: Re: [PATCH 2/2] services: Add 'dropbear-service'. Date: Sun, 10 Jul 2016 01:03:50 +0200 Message-ID: References: <20160704205616.11599-1-david@craven.ch> <20160704205616.11599-2-david@craven.ch> <20160707172517.GA5283@jasmine> <20160709224125.GA11385@jasmine> <20160709224357.GA11997@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34117) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bM1Hw-0006wj-LT for guix-devel@gnu.org; Sat, 09 Jul 2016 19:03:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bM1Ht-0005Cw-G4 for guix-devel@gnu.org; Sat, 09 Jul 2016 19:03:56 -0400 Received: from mail-yw0-x241.google.com ([2607:f8b0:4002:c05::241]:35787) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bM1Hs-0005Co-9W for guix-devel@gnu.org; Sat, 09 Jul 2016 19:03:53 -0400 Received: by mail-yw0-x241.google.com with SMTP id c13so10912774ywh.2 for ; Sat, 09 Jul 2016 16:03:50 -0700 (PDT) In-Reply-To: <20160709224357.GA11997@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Yep is probably better. I did think something dough when writing the service. For some reason I thought that /etc was mounted readonly and only writeable by the guix daemon - which is obviously not the case - and that the vm virtual disk was readonly - which has a unionfs overlay. So I can't find a reason not to use the -R option (even if I'd feel better now if I could =3DP) Thank you for pointing this out. On Sun, Jul 10, 2016 at 12:43 AM, Leo Famulari wrote: > On Sat, Jul 09, 2016 at 06:41:25PM -0400, Leo Famulari wrote: >> On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote: >> > If so, what does Dropbear do? How does it get random numbers to genera= te >> > the host key? >> >> I looked into it =E2=80=94 Dropbear uses /dev/urandom, which *may* not b= e safe >> to use immediately after first boot. >> >> What do you think about implementing the '-R' option, described below? > > To clarify, I'm also asking what you think about making it the default > for the dropbear-service.