diff options
author | Ludovic Courtès <ludo@gnu.org> | 2017-12-20 11:09:03 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2017-12-22 08:56:50 +0100 |
commit | 4e9fd50857a917ea30106262e356838c4f45b6ba (patch) | |
tree | b7d2322a428a9c4d43de2b8d4daf19e27b71e1d8 /gnu | |
parent | 206a28d84ad6d2a5c96bcb23fb7beedc4585b79d (diff) | |
download | guix-4e9fd50857a917ea30106262e356838c4f45b6ba.tar guix-4e9fd50857a917ea30106262e356838c4f45b6ba.tar.gz |
services: urandom-seed: Become a dependency of 'user-processes'.
This ensures that 'urandom-seed' is started before programs that rely on
sources of randomness.
Fixes <https://bugs.gnu.org/29773>.
Reported by Leo Famulari <leo@famulari.name>.
* gnu/services/base.scm (urandom-seed-shepherd-service): Change
'requirement' to (file-systems).
(urandom-seed-service-type): Extend USER-PROCESSES-SERVICE-TYPE.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/services/base.scm | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 85c442b385..26525714a5 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -529,7 +529,7 @@ in KNOWN-MOUNT-POINTS when it is stopped." (list (shepherd-service (documentation "Preserve entropy across reboots for /dev/urandom.") (provision '(urandom-seed)) - (requirement '(user-processes)) + (requirement '(file-systems)) (start #~(lambda _ ;; On boot, write random seed into /dev/urandom. (when (file-exists? #$%random-seed-file) @@ -590,7 +590,13 @@ in KNOWN-MOUNT-POINTS when it is stopped." (service-type (name 'urandom-seed) (extensions (list (service-extension shepherd-root-service-type - urandom-seed-shepherd-service))) + urandom-seed-shepherd-service) + + ;; Have 'user-processes' depend on 'urandom-seed'. + ;; This ensures that user processes and daemons don't + ;; start until we have seeded the PRNG. + (service-extension user-processes-service-type + (const '(urandom-seed))))) (description "Seed the @file{/dev/urandom} pseudo-random number generator (RNG) with the value recorded when the system was last shut |