aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-10-05 22:03:06 +0200
committerLudovic Courtès <ludo@gnu.org>2019-10-05 22:05:02 +0200
commit81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9 (patch)
tree98fbe3947262cb8271e678a8e03314b32ed169f8
parent5e5f7167943b408ae55736a44908a82056c87780 (diff)
downloadpatches-81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9.tar
patches-81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9.tar.gz
services: urandom-seed: Credit the entropy added to the PRNG.
Partly fixes <https://bugs.gnu.org/37501>. Reported by Marius Bakke <mbakke@fastmail.com>. * gnu/services/base.scm (urandom-seed-shepherd-service): In 'start' method, add calls to 'add-to-entropy-count'.
-rw-r--r--gnu/services/base.scm12
1 files changed, 10 insertions, 2 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 25716ef152..f7e90e26b7 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -573,7 +573,13 @@ file systems, as well as corresponding @file{/etc/fstab} entries.")))
(lambda (seed)
(call-with-output-file "/dev/urandom"
(lambda (urandom)
- (dump-port seed urandom))))))
+ (dump-port seed urandom)
+
+ ;; Writing SEED to URANDOM isn't enough: we must
+ ;; also tell the kernel to account for these
+ ;; extra bits of entropy.
+ (let ((bits (* 8 (stat:size (stat seed)))))
+ (add-to-entropy-count urandom bits)))))))
;; Try writing from /dev/hwrng into /dev/urandom.
;; It seems that the file /dev/hwrng always exists, even
@@ -590,7 +596,9 @@ file systems, as well as corresponding @file{/etc/fstab} entries.")))
(when buf
(call-with-output-file "/dev/urandom"
(lambda (urandom)
- (put-bytevector urandom buf)))))
+ (put-bytevector urandom buf)
+ (let ((bits (* 8 (bytevector-length buf))))
+ (add-to-entropy-count urandom bits))))))
;; Immediately refresh the seed in case the system doesn't
;; shut down cleanly.