diff options
author | Ludovic Courtès <ludo@gnu.org> | 2019-10-05 22:03:06 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2019-10-05 22:05:02 +0200 |
commit | 81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9 (patch) | |
tree | 98fbe3947262cb8271e678a8e03314b32ed169f8 /gnu/services | |
parent | 5e5f7167943b408ae55736a44908a82056c87780 (diff) | |
download | guix-81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9.tar guix-81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9.tar.gz |
services: urandom-seed: Credit the entropy added to the PRNG.
Partly fixes <https://bugs.gnu.org/37501>.
Reported by Marius Bakke <mbakke@fastmail.com>.
* gnu/services/base.scm (urandom-seed-shepherd-service): In 'start'
method, add calls to 'add-to-entropy-count'.
Diffstat (limited to 'gnu/services')
-rw-r--r-- | gnu/services/base.scm | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 25716ef152..f7e90e26b7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -573,7 +573,13 @@ file systems, as well as corresponding @file{/etc/fstab} entries."))) (lambda (seed) (call-with-output-file "/dev/urandom" (lambda (urandom) - (dump-port seed urandom)))))) + (dump-port seed urandom) + + ;; Writing SEED to URANDOM isn't enough: we must + ;; also tell the kernel to account for these + ;; extra bits of entropy. + (let ((bits (* 8 (stat:size (stat seed))))) + (add-to-entropy-count urandom bits))))))) ;; Try writing from /dev/hwrng into /dev/urandom. ;; It seems that the file /dev/hwrng always exists, even @@ -590,7 +596,9 @@ file systems, as well as corresponding @file{/etc/fstab} entries."))) (when buf (call-with-output-file "/dev/urandom" (lambda (urandom) - (put-bytevector urandom buf))))) + (put-bytevector urandom buf) + (let ((bits (* 8 (bytevector-length buf)))) + (add-to-entropy-count urandom bits)))))) ;; Immediately refresh the seed in case the system doesn't ;; shut down cleanly. |