diff options
author | Leo Famulari <leo@famulari.name> | 2016-06-03 02:44:32 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-06-05 00:06:26 -0400 |
commit | 71cb237a7d98dafda7dfbb5f3ba7c68463310383 (patch) | |
tree | 574046389347e56289b921257e33f5c0b9eded8c | |
parent | 5d52ac7453e1144086bdc0ac31f01b06edadd04a (diff) | |
download | guix-71cb237a7d98dafda7dfbb5f3ba7c68463310383.tar guix-71cb237a7d98dafda7dfbb5f3ba7c68463310383.tar.gz |
services: urandom-seed: Refresh seed at boot.
* gnu/services/base.scm (urandom-seed-shepherd-service): Refresh the random
seed unconditionally at boot. Ensure directory structure for %random-seed-file
exists when shutting down.
(%urandom-seed-activation): Remove variable.
(urandom-seed-service-type): Remove deleted variable from list of extensions.
-rw-r--r-- | gnu/services/base.scm | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index b8e4741739..2780d124c7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -431,15 +431,6 @@ stopped before 'kill' is called." (define %random-seed-file "/var/lib/random-seed") -(define %urandom-seed-activation - ;; Activation gexp for the urandom seed - #~(begin - (use-modules (guix build utils)) - - (mkdir-p (dirname #$%random-seed-file)) - (close-port (open-file #$%random-seed-file "a0b")) - (chmod #$%random-seed-file #o600))) - (define (urandom-seed-shepherd-service _) "Return a shepherd service for the /dev/urandom seed." (list (shepherd-service @@ -454,6 +445,18 @@ stopped before 'kill' is called." (call-with-output-file "/dev/urandom" (lambda (urandom) (dump-port seed urandom)))))) + ;; Immediately refresh the seed in case the system doesn't + ;; shut down cleanly. + (call-with-input-file "/dev/urandom" + (lambda (urandom) + (let ((previous-umask (umask #o077)) + (buf (make-bytevector 512))) + (mkdir-p (dirname #$%random-seed-file)) + (get-bytevector-n! urandom buf 0 512) + (call-with-output-file #$%random-seed-file + (lambda (seed) + (put-bytevector seed buf))) + (umask previous-umask)))) #t)) (stop #~(lambda _ ;; During shutdown, write from /dev/urandom into random seed. @@ -462,6 +465,7 @@ stopped before 'kill' is called." (lambda (urandom) (let ((previous-umask (umask #o077))) (get-bytevector-n! urandom buf 0 512) + (mkdir-p (dirname #$%random-seed-file)) (call-with-output-file #$%random-seed-file (lambda (seed) (put-bytevector seed buf))) @@ -475,9 +479,7 @@ stopped before 'kill' is called." (service-type (name 'urandom-seed) (extensions (list (service-extension shepherd-root-service-type - urandom-seed-shepherd-service) - (service-extension activation-service-type - (const %urandom-seed-activation)))))) + urandom-seed-shepherd-service))))) (define (urandom-seed-service) (service urandom-seed-service-type #f)) |