On Mon, Dec 11, 2017 at 10:16:42AM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> > At the same time we handle the random seed, we could also try reading
> > from /dev/hwrng and, if the read is successful, copy some bytes into
> > /dev/urandom. We'd have to try reading and handle failure since we
> > always create /dev/hwrng regardless of whether the Linux kernel module
> > is loaded or not.
> 
> OK.

Okay, I'll work on adding this to the urandom-seed-service.

> > If one always passes the same value to --entropy-seed, it will not
> > negatively affect the reproducibility of the image ;)
> >
> > This would not be something we do for the official release image, but
> > merely an optional tool.
> 
> Yeah it’d be OK to add this as an option.
> 
> When the option is present, ‘guix system’ would hook into the VM
> creation code somehow, or to extend ‘activation-service-type’ with code
> to create the file.
> 
> Maybe we could provide a more generic --copy-file=SOURCE[=DEST] option?
> Like --copy-file=./my-seed=/var/lib/random-seed or
> --copy-file=$HOME/.ssh/authorized_keys.
> 
> Thoughts?

That sounds good to me. I'll try implementing it.