diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-06-07 11:54:03 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-06-07 11:54:03 +0200 |
commit | aeafff536f933b07836b14d089dfc52b0e432ec9 (patch) | |
tree | 4ede554999f98cf9e19c04098c934db52efae795 /gnu/services/base.scm | |
parent | 9dee9e8ffe4650949bd3ad2edf559cf4a33e9e6e (diff) | |
parent | f82c58539e1f7b9b864e68ea2ab0c6a17c15fbb5 (diff) | |
download | patches-aeafff536f933b07836b14d089dfc52b0e432ec9.tar patches-aeafff536f933b07836b14d089dfc52b0e432ec9.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/services/base.scm')
-rw-r--r-- | gnu/services/base.scm | 66 |
1 files changed, 65 insertions, 1 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 96bf8da02a..2780d124c7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> +;;; Copyright © 2016 Leo Famulari <leo@famulari.name> ;;; ;;; This file is part of GNU Guix. ;;; @@ -93,6 +94,8 @@ gpm-service-type gpm-service + urandom-seed-service + %base-services)) ;;; Commentary: @@ -422,6 +425,67 @@ stopped before 'kill' is called." ;;; +;;; Preserve entropy to seed /dev/urandom on boot. +;;; + +(define %random-seed-file + "/var/lib/random-seed") + +(define (urandom-seed-shepherd-service _) + "Return a shepherd service for the /dev/urandom seed." + (list (shepherd-service + (documentation "Preserve entropy across reboots for /dev/urandom.") + (provision '(urandom-seed)) + (requirement '(user-processes)) + (start #~(lambda _ + ;; On boot, write random seed into /dev/urandom. + (when (file-exists? #$%random-seed-file) + (call-with-input-file #$%random-seed-file + (lambda (seed) + (call-with-output-file "/dev/urandom" + (lambda (urandom) + (dump-port seed urandom)))))) + ;; Immediately refresh the seed in case the system doesn't + ;; shut down cleanly. + (call-with-input-file "/dev/urandom" + (lambda (urandom) + (let ((previous-umask (umask #o077)) + (buf (make-bytevector 512))) + (mkdir-p (dirname #$%random-seed-file)) + (get-bytevector-n! urandom buf 0 512) + (call-with-output-file #$%random-seed-file + (lambda (seed) + (put-bytevector seed buf))) + (umask previous-umask)))) + #t)) + (stop #~(lambda _ + ;; During shutdown, write from /dev/urandom into random seed. + (let ((buf (make-bytevector 512))) + (call-with-input-file "/dev/urandom" + (lambda (urandom) + (let ((previous-umask (umask #o077))) + (get-bytevector-n! urandom buf 0 512) + (mkdir-p (dirname #$%random-seed-file)) + (call-with-output-file #$%random-seed-file + (lambda (seed) + (put-bytevector seed buf))) + (umask previous-umask)) + #t))))) + (modules `((rnrs bytevectors) + (rnrs io ports) + ,@%default-modules))))) + +(define urandom-seed-service-type + (service-type (name 'urandom-seed) + (extensions + (list (service-extension shepherd-root-service-type + urandom-seed-shepherd-service))))) + +(define (urandom-seed-service) + (service urandom-seed-service-type #f)) + + +;;; ;;; System-wide environment variables. ;;; @@ -1200,7 +1264,6 @@ extra rules from the packages listed in @var{rules}." "Return a service that uses @var{device} as a swap device." (service swap-service-type device)) - (define-record-type* <gpm-configuration> gpm-configuration make-gpm-configuration gpm-configuration? (gpm gpm-configuration-gpm) ;package @@ -1281,6 +1344,7 @@ This is the GNU operating system, welcome!\n\n"))) (static-networking-service "lo" "127.0.0.1" #:provision '(loopback)) (syslog-service) + (urandom-seed-service) (guix-service) (nscd-service) |