/dev/urandom not seeded across reboots

  • Done
  • quality assurance status badge
Details
5 participants
  • Ben Woodcroft
  • Thompson, David
  • Leo Famulari
  • Ludovic Courtès
  • Taylan Ulrich Bay?rl? /Kammer
Owner
unassigned
Submitted by
Leo Famulari
Severity
normal
L
L
Leo Famulari wrote on 23 May 2016 19:58
(address . bug-guix@gnu.org)
20160523175832.GA10646@jasmine
I realized that we don't seem to be saving any of the entropy in the
kernel's random pool [0] across reboots.

This means that for some period after boot, /dev/urandom may not be safe
to use. From random(4):

---
If a seed file is saved across reboots as recommended below (all major
Linux distributions have done this since 2000 at least),
[/dev/urandom's] output is cryptographically secure against attackers
without local root access as soon as it is reloaded in the boot
sequence, and perfectly adequate for network encryption session keys.
---

I interpret that text to mean that, without use of a seed file,
urandom's output is *not* adequate for network encryption session keys
(SSH, TLS, etc) until enough entropy has been gathered. I don't know how
long that takes.

I've attached my not-yet-working attempt at a urandom-seed-service. I
tried to get it working on my own but I need the assistance of some more
experienced Guix hackers :)

I've also attached a stand-alone Guile script to illustrate what the
effect of the service should be. This script does seem to work. I'm sure
the use of shell tools could be replaced by Guile.

After applying my patch and attempting `guix system vm ...`, I get the
attached backtrace.

Does anyone have advice about the service? Am I wrong that we need to
seed /dev/urandom to make it work properly?

[0] See the man page for random(4).
;;; Carry some entropy across reboots. Adapted from examples in random(4). ;;; We assume Linux >= 2.6, where the poolsize is always 4096 bits (according to ;;; random(4). Otherwise, the example in random(4) reads the 'poolsize' file and ;;; creates a seed of equal size. ;;; This should be run during system shutdown. It saves some random state as a ;;; seed for /dev/urandom, to be used on the next boot. (define (urandom-shutdown seed) (touch seed) (chmod seed #o600) (write-seed seed)) ;;; This should be run at boot, before starting anything that needs random ;;; numbers (sshd, TLS server, etc). (define (urandom-boot seed) (and (if (file-exists? seed) (zero? (system (string-append "cat " seed " > /dev/urandom"))) (touch seed)) (chmod seed #o600) (write-seed seed))) ;;; On Debian, '/var/lib/urandom/random-seed'. ;;; random(4) suggests '/var/run/random-seed'. (define seed "/tmp/random-seed") (define (write-seed seed) (zero? (system* "dd" "if=/dev/urandom" (string-append "of=" seed) "count=1" "bs=512"))) ;; If Linux is not >= 2.6, then 'bs' ;; must be calculated as shown in ;; random(4). (define (touch file) (close-port (open-file file "a0b")))
Toggle diff (77 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 96bf8da..4a85ed0 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -32,7 +32,7 @@
#:use-module ((gnu packages linux)
#:select (eudev kbd e2fsprogs lvm2 fuse alsa-utils crda gpm))
#:use-module ((gnu packages base)
- #:select (canonical-package glibc))
+ #:select (canonical-package glibc coreutils)) ; coreutils for `dd`, `cat`.
#:use-module (gnu packages package-management)
#:use-module (gnu packages lsh)
#:use-module (gnu packages lsof)
@@ -93,6 +93,8 @@
gpm-service-type
gpm-service
+ urandom-seed-service
+
%base-services))
;;; Commentary:
@@ -1200,6 +1202,47 @@ extra rules from the packages listed in @var{rules}."
"Return a service that uses @var{device} as a swap device."
(service swap-service-type device))
+(define %urandom-seed-activation
+ ;; Activation gexp for the urandom seed
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p "/var/run")
+ (close-port (open-file "/var/run/urandom-seed" "a0b"))
+ (chmod "/var/run/urandom-seed" #o600)))
+
+(define (urandom-seed-shepherd-service)
+ "Return a shepherd service for the /dev/urandom seed."
+ (list (shepherd-service
+ (documentation "Preserve entropy across reboots for /dev/urandom.")
+ (provision '(urandom-seed))
+ (requirement '(user-processes)) ; whatever provides file-system /var
+ (start #~(lambda _
+ (exec-command
+ (zero?
+ (system (string-append "cat "
+ "/var/run/urandom-seed"
+ " > /dev/urandom"))))))
+ (stop #~(lambda _
+ (exec-command
+ (zero?
+ (system* "dd" "if=/dev/urandom"
+ (string-append "of=" "/var/run/urandom-seed")
+ "count=1" "bs=512"))))))))
+
+(define urandom-seed-service-type
+ (service-type (name 'urandom-seed)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ urandom-seed-shepherd-service)
+ (service-extension activation-service-type
+ (const %urandom-seed-activation))
+ ;; Add urandom-seed to the system profile
+ ;; Where is profile-service-type defined?
+ (service-extension profile-service-type list)))))
+
+(define (urandom-seed-service)
+ (service urandom-seed-service-type '()))
(define-record-type* <gpm-configuration>
gpm-configuration make-gpm-configuration gpm-configuration?
@@ -1281,6 +1324,7 @@ This is the GNU operating system, welcome!\n\n")))
(static-networking-service "lo" "127.0.0.1"
#:provision '(loopback))
(syslog-service)
+ (urandom-seed-service)
(guix-service)
(nscd-service)
$ ./pre-inst-env guix system vm --no-grafts ~/work/guix/doc/os-config-bare-bones.texi
Backtrace:
In ice-9/boot-9.scm:
1724: 19 [%start-stack load-stack ...]
1729: 18 [#<procedure 1503ea0 ()>]
In unknown file:
?: 17 [primitive-load "/home/leo/work/guix/scripts/guix"]
In guix/ui.scm:
1197: 16 [run-guix-command system "vm" ...]
In ice-9/boot-9.scm:
157: 15 [catch srfi-34 #<procedure 3fa0880 at guix/ui.scm:421:2 ()> ...]
157: 14 [catch system-error ...]
In guix/scripts/system.scm:
882: 13 [#<procedure 3ed9210 at guix/scripts/system.scm:874:2 ()>]
788: 12 [process-action vm # #]
In guix/store.scm:
1163: 11 [run-with-store # ...]
In guix/scripts/system.scm:
800: 10 [#<procedure 46827e0 at guix/scripts/system.scm:792:8 (state)> #]
564: 9 [perform-action vm # # ...]
In gnu/system/vm.scm:
496: 8 [system-qemu-image/shared-store-script # # # ...]
In gnu/system.scm:
601: 7 [operating-system-derivation # # #f]
In gnu/services.scm:
573: 6 [loop #]
In srfi/srfi-1.scm:
578: 5 [map #<procedure loop (sink)> (# # #)]
In gnu/services.scm:
573: 4 [loop #<<service> type: # parameters: #>]
In srfi/srfi-1.scm:
578: 3 [map #<procedure loop (sink)> (# # #)]
In gnu/services.scm:
573: 2 [loop #<<service> type: # parameters: ()>]
In srfi/srfi-1.scm:
578: 1 [map #<procedure 50635e0 at gnu/services.scm:562:4 (service)> (# # # # ...)]
In ice-9/eval.scm:
416: 0 [urandom-seed-shepherd-service ()]

ice-9/eval.scm:416:20: In procedure urandom-seed-shepherd-service:
ice-9/eval.scm:416:20: Wrong number of arguments to #<procedure urandom-seed-shepherd-service ()>
T
T
Taylan Ulrich Bay?rl? /Kammer wrote on 24 May 2016 09:05
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605@debbugs.gnu.org)
87shx8j5qm.fsf@T420.taylan
Leo Famulari <leo@famulari.name> writes:

Toggle quote (35 lines)
> I realized that we don't seem to be saving any of the entropy in the
> kernel's random pool [0] across reboots.
>
> This means that for some period after boot, /dev/urandom may not be safe
> to use. From random(4):
>
> ---
> If a seed file is saved across reboots as recommended below (all major
> Linux distributions have done this since 2000 at least),
> [/dev/urandom's] output is cryptographically secure against attackers
> without local root access as soon as it is reloaded in the boot
> sequence, and perfectly adequate for network encryption session keys.
> ---
>
> I interpret that text to mean that, without use of a seed file,
> urandom's output is *not* adequate for network encryption session keys
> (SSH, TLS, etc) until enough entropy has been gathered. I don't know how
> long that takes.
>
> I've attached my not-yet-working attempt at a urandom-seed-service. I
> tried to get it working on my own but I need the assistance of some more
> experienced Guix hackers :)
>
> I've also attached a stand-alone Guile script to illustrate what the
> effect of the service should be. This script does seem to work. I'm sure
> the use of shell tools could be replaced by Guile.
>
> After applying my patch and attempting `guix system vm ...`, I get the
> attached backtrace.
>
> Does anyone have advice about the service? Am I wrong that we need to
> seed /dev/urandom to make it work properly?
>
> [0] See the man page for random(4).

Yes, this is necessary under Linux if you want urandom to be random
enough immediately after boot, and all the distros do it as part of
their init.

There's also an interesting implication here about the very first time
you boot the system and don't have a urandom seed file from the last
shutdown yet. I don't know how this is typically handled, given that
for instance it's quite possible that a user might generate SSH keys
shortly after their first boot of a system.

I heard BSD kernels are smarter: /dev/random and urandom are the same
file and behave as follows: after boot, until there's enough entropy,
they block (behave like Linux /dev/random), and once there's enough
entropy they never block (behave like Linux /dev/urandom). No idea how
the Hurd does it.

Taylan
L
L
Ludovic Courtès wrote on 24 May 2016 14:24
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605@debbugs.gnu.org)
87d1obabj8.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:

Toggle quote (6 lines)
> I realized that we don't seem to be saving any of the entropy in the
> kernel's random pool [0] across reboots.
>
> This means that for some period after boot, /dev/urandom may not be safe
> to use. From random(4):

Good catch!

Some comments:

Toggle quote (8 lines)
> +(define %urandom-seed-activation
> + ;; Activation gexp for the urandom seed
> + #~(begin
> + (use-modules (guix build utils))
> +
> + (mkdir-p "/var/run")
> + (close-port (open-file "/var/run/urandom-seed" "a0b"))

Or simply ‘open-output-file’.

Maybe do:

(define %random-seed-file
"/var/run/random-seed")

to avoid repeating the file name everywhere.

Toggle quote (7 lines)
> + (start #~(lambda _
> + (exec-command
> + (zero?
> + (system (string-append "cat "
> + "/var/run/urandom-seed"
> + " > /dev/urandom"))))))

Instead of spawning ‘cat’, we can do:

(when (file-exists? #$%random-seed-file)
(call-with-input-file #$%random-seed-file
(lambda (seed)
(call-with-output-file "/dev/urandom"
(lambda (random)
(dump-port seed random))))))
#t ;service successfully “started”

Toggle quote (7 lines)
> + (stop #~(lambda _
> + (exec-command
> + (zero?
> + (system* "dd" "if=/dev/urandom"
> + (string-append "of=" "/var/run/urandom-seed")
> + "count=1" "bs=512"))))))))

Likewise, I would suggest using:

(let ((buf (make-bytevector 512)))
(call-with-input-file "/dev/urandom"
(lambda (random)
(get-bytevector-n! random buf 512)))
…)

Thanks for looking into it!

Ludo’.
L
L
Leo Famulari wrote on 24 May 2016 18:16
(name . Taylan Ulrich Bay?rl?/Kammer)(address . taylanbayirli@gmail.com)(address . 23605@debbugs.gnu.org)
20160524161617.GC29516@jasmine
On Tue, May 24, 2016 at 09:05:21AM +0200, Taylan Ulrich Bay?rl?/Kammer wrote:
Toggle quote (14 lines)
> Leo Famulari <leo@famulari.name> writes:
> > Does anyone have advice about the service? Am I wrong that we need to
> > seed /dev/urandom to make it work properly?
>
> Yes, this is necessary under Linux if you want urandom to be random
> enough immediately after boot, and all the distros do it as part of
> their init.
>
> There's also an interesting implication here about the very first time
> you boot the system and don't have a urandom seed file from the last
> shutdown yet. I don't know how this is typically handled, given that
> for instance it's quite possible that a user might generate SSH keys
> shortly after their first boot of a system.

When I boot a GuixSD VM for the first time [0], it requires me to dance
on the keyboard until it has collected ~200 bits of entropy. I assumed
this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
sure.

[0] I don't remember if I had to do this on bare metal.
T
T
Thompson, David wrote on 24 May 2016 18:26
(name . Leo Famulari)(address . leo@famulari.name)
CAJ=Rwfb0gqA757c5hPXtcNEaT5dOa-Rowp+sf-mQwdT+oLHP=g@mail.gmail.com
On Tue, May 24, 2016 at 12:16 PM, Leo Famulari <leo@famulari.name> wrote:
Toggle quote (20 lines)
> On Tue, May 24, 2016 at 09:05:21AM +0200, Taylan Ulrich Bay?rl?/Kammer wrote:
>> Leo Famulari <leo@famulari.name> writes:
>> > Does anyone have advice about the service? Am I wrong that we need to
>> > seed /dev/urandom to make it work properly?
>>
>> Yes, this is necessary under Linux if you want urandom to be random
>> enough immediately after boot, and all the distros do it as part of
>> their init.
>>
>> There's also an interesting implication here about the very first time
>> you boot the system and don't have a urandom seed file from the last
>> shutdown yet. I don't know how this is typically handled, given that
>> for instance it's quite possible that a user might generate SSH keys
>> shortly after their first boot of a system.
>
> When I boot a GuixSD VM for the first time [0], it requires me to dance
> on the keyboard until it has collected ~200 bits of entropy. I assumed
> this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
> sure.

This is just an annoying feature of GNU lsh. I want to switch my
machines to OpenSSH sometime, partly due to this.

- Dave
L
L
Leo Famulari wrote on 24 May 2016 19:23
(name . Thompson, David)(address . dthompson2@worcester.edu)
20160524172329.GA5216@jasmine
On Tue, May 24, 2016 at 12:26:29PM -0400, Thompson, David wrote:
Toggle quote (24 lines)
> On Tue, May 24, 2016 at 12:16 PM, Leo Famulari <leo@famulari.name> wrote:
> > On Tue, May 24, 2016 at 09:05:21AM +0200, Taylan Ulrich Bay?rl?/Kammer wrote:
> >> Leo Famulari <leo@famulari.name> writes:
> >> > Does anyone have advice about the service? Am I wrong that we need to
> >> > seed /dev/urandom to make it work properly?
> >>
> >> Yes, this is necessary under Linux if you want urandom to be random
> >> enough immediately after boot, and all the distros do it as part of
> >> their init.
> >>
> >> There's also an interesting implication here about the very first time
> >> you boot the system and don't have a urandom seed file from the last
> >> shutdown yet. I don't know how this is typically handled, given that
> >> for instance it's quite possible that a user might generate SSH keys
> >> shortly after their first boot of a system.
> >
> > When I boot a GuixSD VM for the first time [0], it requires me to dance
> > on the keyboard until it has collected ~200 bits of entropy. I assumed
> > this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
> > sure.
>
> This is just an annoying feature of GNU lsh. I want to switch my
> machines to OpenSSH sometime, partly due to this.

Well, it seems that this feature might be protecting us against using
weak SSH session keys on first boot, if it's doing what I think it's
doing...
T
T
Thompson, David wrote on 24 May 2016 19:29
(name . Leo Famulari)(address . leo@famulari.name)
CAJ=RwfaBjocoPiPztPQdxvAB_Cq_ZBydNJV1dnVEGY4FRHjp5w@mail.gmail.com
On Tue, May 24, 2016 at 1:23 PM, Leo Famulari <leo@famulari.name> wrote:
Toggle quote (29 lines)
> On Tue, May 24, 2016 at 12:26:29PM -0400, Thompson, David wrote:
>> On Tue, May 24, 2016 at 12:16 PM, Leo Famulari <leo@famulari.name> wrote:
>> > On Tue, May 24, 2016 at 09:05:21AM +0200, Taylan Ulrich Bay?rl?/Kammer wrote:
>> >> Leo Famulari <leo@famulari.name> writes:
>> >> > Does anyone have advice about the service? Am I wrong that we need to
>> >> > seed /dev/urandom to make it work properly?
>> >>
>> >> Yes, this is necessary under Linux if you want urandom to be random
>> >> enough immediately after boot, and all the distros do it as part of
>> >> their init.
>> >>
>> >> There's also an interesting implication here about the very first time
>> >> you boot the system and don't have a urandom seed file from the last
>> >> shutdown yet. I don't know how this is typically handled, given that
>> >> for instance it's quite possible that a user might generate SSH keys
>> >> shortly after their first boot of a system.
>> >
>> > When I boot a GuixSD VM for the first time [0], it requires me to dance
>> > on the keyboard until it has collected ~200 bits of entropy. I assumed
>> > this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
>> > sure.
>>
>> This is just an annoying feature of GNU lsh. I want to switch my
>> machines to OpenSSH sometime, partly due to this.
>
> Well, it seems that this feature might be protecting us against using
> weak SSH session keys on first boot, if it's doing what I think it's
> doing...

It impedes automated provisioning of servers, which OpenSSH does not do.

- Dave
L
L
Leo Famulari wrote on 25 May 2016 18:38
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160525163815.GA19996@jasmine
On Tue, May 24, 2016 at 02:24:59PM +0200, Ludovic Courtès wrote:
Toggle quote (6 lines)
> Leo Famulari <leo@famulari.name> skribis:
> > + (mkdir-p "/var/run")
> > + (close-port (open-file "/var/run/urandom-seed" "a0b"))
>
> Or simply ‘open-output-file’.

Done in the attached diff.

Toggle quote (5 lines)
> Maybe do:
>
> (define %random-seed-file
> "/var/run/random-seed")

Done.

Toggle quote (17 lines)
> > + (start #~(lambda _
> > + (exec-command
> > + (zero?
> > + (system (string-append "cat "
> > + "/var/run/urandom-seed"
> > + " > /dev/urandom"))))))
>
> Instead of spawning ‘cat’, we can do:
>
> (when (file-exists? #$%random-seed-file)
> (call-with-input-file #$%random-seed-file
> (lambda (seed)
> (call-with-output-file "/dev/urandom"
> (lambda (random)
> (dump-port seed random))))))
> #t ;service successfully “started”

I think I've done this correctly, as attached, but I can't test it yet
since I still get an error: "service: Wrong number of arguments in form
(service urandom-seed-service-type)".

Toggle quote (15 lines)
> > + (stop #~(lambda _
> > + (exec-command
> > + (zero?
> > + (system* "dd" "if=/dev/urandom"
> > + (string-append "of=" "/var/run/urandom-seed")
> > + "count=1" "bs=512"))))))))
>
> Likewise, I would suggest using:
>
> (let ((buf (make-bytevector 512)))
> (call-with-input-file "/dev/urandom"
> (lambda (random)
> (get-bytevector-n! random buf 512)))
> …)

I tried to fill in the …, but again, I'm struggling here :p

More advice requested! :)
Toggle diff (76 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 96bf8da..b26fee1 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -93,6 +93,8 @@
gpm-service-type
gpm-service
+ urandom-seed-service
+
%base-services))
;;; Commentary:
@@ -1200,6 +1202,55 @@ extra rules from the packages listed in @var{rules}."
"Return a service that uses @var{device} as a swap device."
(service swap-service-type device))
+(define %random-seed-file
+ "/var/run/random-seed")
+
+(define %urandom-seed-activation
+ ;; Activation gexp for the urandom seed
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p (dirname %random-seed-file))
+ (close-port (open-output-file %random-seed-file))
+ (chmod %random-seed-file #o600)))
+
+(define (urandom-seed-shepherd-service)
+ "Return a shepherd service for the /dev/urandom seed."
+ (list (shepherd-service
+ (documentation "Preserve entropy across reboots for /dev/urandom.")
+ (provision '(urandom-seed))
+ (requirement '(user-processes)) ; whatever provides file-system /var
+ (start #~(lambda _
+ (when (file-exists? #$%random-seed-file)
+ (call-with-input-file #$%random-seed-file
+ (lambda (seed)
+ (call-with-output-file "/dev/urandom"
+ (lambda (urandom)
+ (dump-port seed urandom))))))
+ #t))
+ (stop #~(lambda _
+ (let ((buf (make-bytevector 512)))
+ (call-with-input-file "/dev/urandom"
+ (lambda (urandom)
+ (get-bytevector-n! urandom buf 0 512)
+ (call-with-output-file #$%random-seed-file
+ (lambda (seed)
+ (dump-port buf seed)))
+ #t))))))))
+
+(define urandom-seed-service-type
+ (service-type (name 'urandom-seed)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ urandom-seed-shepherd-service)
+ (service-extension activation-service-type
+ (const %urandom-seed-activation))
+ ;; Add urandom-seed to the system profile
+ ;; Where is profile-service-type defined?
+ (service-extension profile-service-type list)))))
+
+(define (urandom-seed-service)
+ (service urandom-seed-service-type))
(define-record-type* <gpm-configuration>
gpm-configuration make-gpm-configuration gpm-configuration?
@@ -1281,6 +1332,7 @@ This is the GNU operating system, welcome!\n\n")))
(static-networking-service "lo" "127.0.0.1"
#:provision '(loopback))
(syslog-service)
+ (urandom-seed-service)
(guix-service)
(nscd-service)
$ ./pre-inst-env guix system vm --no-substitutes ~/work/guix/doc/os-config-bare-bones.texi ;;; note: source file /home/leo/work/guix/gnu/services/base.scm
;;; newer than compiled /home/leo/work/guix/gnu/services/base.go
;;; note: source file /home/leo/work/guix/gnu/services/base.scm
;;; newer than compiled /home/leo/.cache/guile/ccache/2.0-LE-8-2.0/home/leo/work/guix/gnu/services/base.scm.go
ice-9/psyntax.scm:1422:32: In procedure expand-macro:
ice-9/psyntax.scm:1422:32: Syntax error:
gnu/services/base.scm:1253:2: service: Wrong number of arguments in form (service urandom-seed-service-type)
L
L
Ludovic Courtès wrote on 25 May 2016 18:54
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605@debbugs.gnu.org)
87vb229ixp.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:

Toggle quote (2 lines)
> On Tue, May 24, 2016 at 02:24:59PM +0200, Ludovic Courtès wrote:

[...]

Toggle quote (14 lines)
>> Instead of spawning ‘cat’, we can do:
>>
>> (when (file-exists? #$%random-seed-file)
>> (call-with-input-file #$%random-seed-file
>> (lambda (seed)
>> (call-with-output-file "/dev/urandom"
>> (lambda (random)
>> (dump-port seed random))))))
>> #t ;service successfully “started”
>
> I think I've done this correctly, as attached, but I can't test it yet
> since I still get an error: "service: Wrong number of arguments in form
> (service urandom-seed-service-type)".

Yes, it’s:

(service TYPE VALUE)

but I think there’s no meaningful value for this service, so you could
do:

(service urandom-seed-service-type #f)

[...]

Toggle quote (5 lines)
> +(define (urandom-seed-shepherd-service)
> + "Return a shepherd service for the /dev/urandom seed."
> + (list (shepherd-service
> + (documentation "Preserve entropy across reboots for /dev/urandom.")

I think you’ll need to specify that additional modules are needed (for
‘make-bytevector’, ‘put-bytevector’, etc.):

(shepherd-service
;; …
(modules `((rnrs bytevectors)
(rnrs io ports)
,@%default-modules)))

(See (gnu services shepherd) for the definition of ‘%default-modules’.)

Toggle quote (6 lines)
> + (stop #~(lambda _
> + (let ((buf (make-bytevector 512)))
> + (call-with-input-file "/dev/urandom"
> + (lambda (urandom)
> + (get-bytevector-n! urandom buf 0 512)
> + (call-with-output-file #$%random-seed-file
^^
Misleading indent here.

Toggle quote (3 lines)
> + (lambda (seed)
> + (dump-port buf seed)))

‘dump-port’ from (guix build utils) takes an input port as its 1st
argument, and an output port as its 2nd argument. Here BUF is a
bytevector, not a port.

So instead, this should be:

(lambda (seed)
(put-bytevector seed buf))

Sounds like you’re pretty much there! :-)

Thanks,
Ludo’.
L
L
Ludovic Courtès wrote on 25 May 2016 23:53
(name . Thompson, David)(address . dthompson2@worcester.edu)
87a8jd9542.fsf@gnu.org
"Thompson, David" <dthompson2@worcester.edu> skribis:

Toggle quote (2 lines)
> On Tue, May 24, 2016 at 12:16 PM, Leo Famulari <leo@famulari.name> wrote:

[...]

Toggle quote (8 lines)
>> When I boot a GuixSD VM for the first time [0], it requires me to dance
>> on the keyboard until it has collected ~200 bits of entropy. I assumed
>> this is to properly bootstrap the CSPRNG in /dev/urandom, but I'm not
>> sure.
>
> This is just an annoying feature of GNU lsh. I want to switch my
> machines to OpenSSH sometime, partly due to this.

It’s actually ‘lsh-make-seed’ that does that (info "(lsh)
lsh-make-seed"), and it’s invoked from our ‘lsh-service’ when
#:initialize? is #t (the default).

It’s possible to set #:initialize? to #f, but then you still need to
create (or provide) the random seed at some point. At the time people
felt that having it default to #t would be less surprising.

Toggle quote (2 lines)
> It impedes automated provisioning of servers, which OpenSSH does not do.

Maybe OpenSSH assumes that the kernel-provided randomness is good
enough?

Ludo’.
L
L
Leo Famulari wrote on 26 May 2016 18:47
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160526164707.GA11671@jasmine
On Wed, May 25, 2016 at 06:54:58PM +0200, Ludovic Courtès wrote:
Toggle quote (10 lines)
>
> Yes, it’s:
>
> (service TYPE VALUE)
>
> but I think there’s no meaningful value for this service, so you could
> do:
>
> (service urandom-seed-service-type #f)

I'm struggling to make this work. Do I need to alter the definition of
urandom-seed-shepherd-service to accept the boolean?

With the attached diff, building a VM fails like this (full backtrace
attached):

[...]
573: 2 [loop #<<service> type: # parameters: ()>]
In srfi/srfi-1.scm:
578: 1 [map #<procedure 519cc20 at gnu/services.scm:562:4 (service)> (# # # # ...)]
In gnu/services/base.scm:
1217: 0 [urandom-seed-shepherd-service #f]

gnu/services/base.scm:1217:0: In procedure urandom-seed-shepherd-service:
gnu/services/base.scm:1217:0: Wrong number of arguments to #<procedure urandom-seed-shepherd-service ()>

Toggle quote (2 lines)
> Sounds like you’re pretty much there! :-)

Almost, I hope! Thanks for your help :)
Backtrace:
In ice-9/boot-9.scm:
1724: 19 [%start-stack load-stack ...]
1729: 18 [#<procedure 151cea0 ()>]
In unknown file:
?: 17 [primitive-load "/home/leo/work/guix/scripts/guix"]
In guix/ui.scm:
1201: 16 [run-guix-command system "vm" "/home/leo/tmp/bare-bones.scm"]
In ice-9/boot-9.scm:
157: 15 [catch srfi-34 #<procedure 31d2e20 at guix/ui.scm:425:2 ()> ...]
157: 14 [catch system-error ...]
In guix/scripts/system.scm:
882: 13 [#<procedure 3f1f7b0 at guix/scripts/system.scm:874:2 ()>]
788: 12 [process-action vm ("/home/leo/tmp/bare-bones.scm") ...]
In guix/store.scm:
1163: 11 [run-with-store # ...]
In guix/scripts/system.scm:
800: 10 [#<procedure 3f72660 at guix/scripts/system.scm:792:8 (state)> #]
564: 9 [perform-action vm # # ...]
In gnu/system/vm.scm:
496: 8 [system-qemu-image/shared-store-script # # # ...]
In gnu/system.scm:
601: 7 [operating-system-derivation # # #f]
In gnu/services.scm:
573: 6 [loop #]
In srfi/srfi-1.scm:
578: 5 [map #<procedure loop (sink)> (# # #)]
In gnu/services.scm:
573: 4 [loop #<<service> type: # parameters: #>]
In srfi/srfi-1.scm:
578: 3 [map #<procedure loop (sink)> (# # #)]
In gnu/services.scm:
573: 2 [loop #<<service> type: # parameters: ()>]
In srfi/srfi-1.scm:
578: 1 [map #<procedure 2dbfcc0 at gnu/services.scm:562:4 (service)> (# # # # ...)]
In gnu/services/base.scm:
1217: 0 [urandom-seed-shepherd-service #f]

gnu/services/base.scm:1217:0: In procedure urandom-seed-shepherd-service:
gnu/services/base.scm:1217:0: Wrong number of arguments to #<procedure urandom-seed-shepherd-service ()>
Toggle diff (78 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 96bf8da..041768f 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -93,6 +93,8 @@
gpm-service-type
gpm-service
+ urandom-seed-service
+
%base-services))
;;; Commentary:
@@ -1200,6 +1202,57 @@ extra rules from the packages listed in @var{rules}."
"Return a service that uses @var{device} as a swap device."
(service swap-service-type device))
+(define %random-seed-file
+ "/var/run/random-seed")
+
+(define %urandom-seed-activation
+ ;; Activation gexp for the urandom seed
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p (dirname %random-seed-file))
+ (close-port (open-output-file %random-seed-file))
+ (chmod %random-seed-file #o600)))
+
+(define (urandom-seed-shepherd-service)
+ "Return a shepherd service for the /dev/urandom seed."
+ (shepherd-service
+ (documentation "Preserve entropy across reboots for /dev/urandom.")
+ (provision '(urandom-seed))
+ (requirement '(user-processes)) ; whatever provides file-systems /var and /dev
+ (start #~(lambda _
+ (when (file-exists? #$%random-seed-file)
+ (call-with-input-file #$%random-seed-file
+ (lambda (seed)
+ (call-with-output-file "/dev/urandom"
+ (lambda (urandom)
+ (dump-port seed urandom))))))
+ #t))
+ (stop #~(lambda _
+ (let ((buf (make-bytevector 512)))
+ (call-with-input-file "/dev/urandom"
+ (lambda (urandom)
+ (get-bytevector-n! urandom buf 0 512)
+ (call-with-output-file #$%random-seed-file
+ (lambda (seed)
+ (put-bytevector seed buf)))
+ #t)))))
+ (modules `((rnrs bytevectors)
+ (rnrs io ports)
+ ,@%default-modules))))
+
+(define urandom-seed-service-type
+ (service-type (name 'urandom-seed)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ urandom-seed-shepherd-service)
+ (service-extension activation-service-type
+ (const %urandom-seed-activation))
+ ;; Add urandom-seed to the system profile
+ (service-extension profile-service-type list)))))
+
+(define (urandom-seed-service)
+ (service urandom-seed-service-type #f))
(define-record-type* <gpm-configuration>
gpm-configuration make-gpm-configuration gpm-configuration?
@@ -1281,6 +1334,7 @@ This is the GNU operating system, welcome!\n\n")))
(static-networking-service "lo" "127.0.0.1"
#:provision '(loopback))
(syslog-service)
+ (urandom-seed-service)
(guix-service)
(nscd-service)
L
L
Leo Famulari wrote on 28 May 2016 03:05
Re: /dev/urandom not seeded across reboots
(address . bug-guix@gnu.org)
20160528010501.GA1478@jasmine
Okay, I finally have some code that works! (attached)

I tested it by using `inotifywait -m /dev/urandom` [0] to see that
/dev/urandom was indeed being open and closed for writing when running
`herd {start, stop} urandom-seed`. If you can suggest a way to see
exactly what is being written to /dev/urandom, I would like to verify it
more fully.

If you test it, don't be surprised that the random-seed is empty the
first time you start the service. It is `touch`-ed at boot but filled
during shutdown.

The big caveat is that the only way I could make it work was to use the
old service API. I just couldn't figure out how to use the extensible
service API for a service that takes to arguments.

If this is a problem, then your help is wanted!

I also had to change the location of %random-seed-file from
/var/run/random-seed to /var/lib/random-seed, because /var/run is
cleared upon reboot. This is specified in the FHS standard [1]. Debian
puts it at /var/lib/urandom/random-seed.

[0] From the inotify-tools package

[1]
From 8d41d37e2d0f8a0edf7ab9d659d1a2c9315965c1 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sun, 8 May 2016 03:08:46 -0400
Subject: [PATCH] services: Add urandom-seed-service.

* gnu/services/base.scm (urandom-seed-service): New procedure.
(%random-seed-file, urandom-seed-service-type): New variables.
(%urandom-seed-shepherd-service): New procedure.
* doc/guix.texi (Base Services): Document it.
---
doc/guix.texi | 10 ++++++++++
gnu/services/base.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 61 insertions(+), 1 deletion(-)

Toggle diff (114 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index bb75425..34a51a8 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7355,6 +7355,16 @@ Return a service that runs the Guix build daemon according to
Run @var{udev}, which populates the @file{/dev} directory dynamically.
@end deffn
+@deffn {Scheme Procedure} urandom-seed-service @var{#f}
+Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom}
+when rebooting.
+@end deffn
+
+@deftp {Data Type} %random-seed-file
+This is where some random bytes are saved by @var{urandom-seed-service}
+to seed @file{/dev/urandom} when rebooting.
+@end deftp
+
@deffn {Scheme Procedure} console-keymap-service @var{files} ...
@cindex keyboard layout
Return a service to load console keymaps from @var{files} using
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 96bf8da..329a989 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -3,6 +3,7 @@
;;; Copyright � 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright � 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright � 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright � 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -93,6 +94,8 @@
gpm-service-type
gpm-service
+ urandom-seed-service
+
%base-services))
;;; Commentary:
@@ -422,6 +425,53 @@ stopped before 'kill' is called."
;;;
+;;; Preserve entropy to seed /dev/urandom on boot.
+;;;
+
+(define %random-seed-file
+ "/var/lib/random-seed")
+
+(define %urandom-seed-shepherd-service
+ (shepherd-service
+ (documentation "Preserve entropy across reboots for /dev/urandom.")
+ (provision '(urandom-seed))
+ (requirement '(user-processes))
+ (start #~(lambda _
+ ;; "Activation"
+ (mkdir-p (dirname #$%random-seed-file))
+ (close-port (open-file #$%random-seed-file "a0b"))
+ (chmod #$%random-seed-file #o600)
+ ;; On boot, write random seed into /dev/urandom
+ (when (file-exists? #$%random-seed-file)
+ (call-with-input-file #$%random-seed-file
+ (lambda (seed)
+ (call-with-output-file "/dev/urandom"
+ (lambda (urandom)
+ (dump-port seed urandom))))))
+ #t))
+ (stop #~(lambda _
+ ;; During shutdown, write from /dev/urandom into random seed
+ (let ((buf (make-bytevector 512)))
+ (call-with-input-file "/dev/urandom"
+ (lambda (urandom)
+ (get-bytevector-n! urandom buf 0 512)
+ (call-with-output-file #$%random-seed-file
+ (lambda (seed)
+ (put-bytevector seed buf)))
+ #t)))))
+ (modules `((rnrs bytevectors)
+ (rnrs io ports)
+ ,@%default-modules))))
+
+(define urandom-seed-service-type
+ (shepherd-service-type 'urandom-seed
+ (const %urandom-seed-shepherd-service)))
+
+(define (urandom-seed-service)
+ (service urandom-seed-service-type #f))
+
+
+;;;
;;; System-wide environment variables.
;;;
@@ -1200,7 +1250,6 @@ extra rules from the packages listed in @var{rules}."
"Return a service that uses @var{device} as a swap device."
(service swap-service-type device))
-
(define-record-type* <gpm-configuration>
gpm-configuration make-gpm-configuration gpm-configuration?
(gpm gpm-configuration-gpm) ;package
@@ -1283,6 +1332,7 @@ This is the GNU operating system, welcome!\n\n")))
(syslog-service)
(guix-service)
(nscd-service)
+ (urandom-seed-service)
;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
;; used, so enable them by default. The FUSE and ALSA rules are
--
2.8.3
B
B
Ben Woodcroft wrote on 28 May 2016 03:11
Re: bug#23605: /dev/urandom not seeded across reboots
5748F037.4030406@uq.edu.au
Hi Leo,

On 28/05/16 11:05, Leo Famulari wrote:
Toggle quote (1 lines)
> Okay, I finally have some code that works! (attached)
Is your patch incomplete?

ben
L
L
Leo Famulari wrote on 28 May 2016 03:12
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160528011201.GA1753@jasmine
On Tue, May 24, 2016 at 02:24:59PM +0200, Ludovic Courtès wrote:
Toggle quote (22 lines)
> Leo Famulari <leo@famulari.name> skribis:
>
> > I realized that we don't seem to be saving any of the entropy in the
> > kernel's random pool [0] across reboots.
> >
> > This means that for some period after boot, /dev/urandom may not be safe
> > to use. From random(4):
>
> Good catch!
>
> Some comments:
>
> > +(define %urandom-seed-activation
> > + ;; Activation gexp for the urandom seed
> > + #~(begin
> > + (use-modules (guix build utils))
> > +
> > + (mkdir-p "/var/run")
> > + (close-port (open-file "/var/run/urandom-seed" "a0b"))
>
> Or simply ‘open-output-file’.

I don't see a way to use (open-output-file) in "append" mode as with
(open-file). Without that, the file is cleared before it is read in the
following lines.
L
L
Leo Famulari wrote on 28 May 2016 03:45
(name . Ben Woodcroft)(address . b.woodcroft@uq.edu.au)(address . 23605@debbugs.gnu.org)
20160528014522.GA2454@jasmine
On Sat, May 28, 2016 at 11:11:20AM +1000, Ben Woodcroft wrote:
Toggle quote (6 lines)
> Hi Leo,
>
> On 28/05/16 11:05, Leo Famulari wrote:
> > Okay, I finally have some code that works! (attached)
> Is your patch incomplete?

What do you mean? Does it not apply to your source tree?

Otherwise, I expect that it's incomplete in the sense that it will
require some more revision before being merged into the master branch on
Savannah.

Your comments are welcome :)
B
B
Ben Woodcroft wrote on 28 May 2016 11:40
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605@debbugs.gnu.org)
5749678D.9010707@uq.edu.au
On 28/05/16 11:45, Leo Famulari wrote:
Toggle quote (8 lines)
> On Sat, May 28, 2016 at 11:11:20AM +1000, Ben Woodcroft wrote:
>> Hi Leo,
>>
>> On 28/05/16 11:05, Leo Famulari wrote:
>>> Okay, I finally have some code that works! (attached)
>> Is your patch incomplete?
> What do you mean? Does it not apply to your source tree?

Oh, nevermind, sorry for the noise. Thunderbird was tripping up on the
strange character and not showing me the full diff.
ben
L
L
Ludovic Courtès wrote on 28 May 2016 15:51
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605@debbugs.gnu.org)
87inxymgsh.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:

Toggle quote (27 lines)
> On Tue, May 24, 2016 at 02:24:59PM +0200, Ludovic Courtès wrote:
>> Leo Famulari <leo@famulari.name> skribis:
>>
>> > I realized that we don't seem to be saving any of the entropy in the
>> > kernel's random pool [0] across reboots.
>> >
>> > This means that for some period after boot, /dev/urandom may not be safe
>> > to use. From random(4):
>>
>> Good catch!
>>
>> Some comments:
>>
>> > +(define %urandom-seed-activation
>> > + ;; Activation gexp for the urandom seed
>> > + #~(begin
>> > + (use-modules (guix build utils))
>> > +
>> > + (mkdir-p "/var/run")
>> > + (close-port (open-file "/var/run/urandom-seed" "a0b"))
>>
>> Or simply ‘open-output-file’.
>
> I don't see a way to use (open-output-file) in "append" mode as with
> (open-file). Without that, the file is cleared before it is read in the
> following lines.

You’re right, sorry for the confusion.

Ludo’.
L
L
Ludovic Courtès wrote on 28 May 2016 15:57
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605@debbugs.gnu.org)
878tyumgjx.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:

Toggle quote (11 lines)
> On Wed, May 25, 2016 at 06:54:58PM +0200, Ludovic Courtès wrote:
>>
>> Yes, it’s:
>>
>> (service TYPE VALUE)
>>
>> but I think there’s no meaningful value for this service, so you could
>> do:
>>
>> (service urandom-seed-service-type #f)

[...]

Toggle quote (3 lines)
> gnu/services/base.scm:1217:0: In procedure urandom-seed-shepherd-service:
> gnu/services/base.scm:1217:0: Wrong number of arguments to #<procedure urandom-seed-shepherd-service ()>

[...]

Toggle quote (2 lines)
> +(define (urandom-seed-shepherd-service)

[...]

Toggle quote (6 lines)
> +(define urandom-seed-service-type
> + (service-type (name 'urandom-seed)
> + (extensions
> + (list (service-extension shepherd-root-service-type
> + urandom-seed-shepherd-service)

Service extension procedures are called with one argument, which is the
service’s value (info "(guix) Service Reference").

Usually, the service’s value is a configuration object, but in this
case, the service’s value doesn’t matter, so you could simply write:

(define (urandom-seed-shepherd-service _)
…)

Toggle quote (3 lines)
> + ;; Add urandom-seed to the system profile
> + (service-extension profile-service-type list)))))

The ‘profile-service-type’ represents the system profile, i.e.,
/run/current-system/profile. Extending it means adding a package to
it.

But here, IIUC, there’s no package to be added to the profile, so you
should just remove it.

Last round and we’re done! :-)

Thanks for persevering, and sorry it’s not easier. Maybe you’ll have
ideas on how to improve the manual and/or the API?

Ludo’.
L
L
Leo Famulari wrote on 28 May 2016 20:05
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160528180535.GA27711@jasmine
On Sat, May 28, 2016 at 03:57:06PM +0200, Ludovic Courtès wrote:
Toggle quote (20 lines)
> Leo Famulari <leo@famulari.name> skribis:
> > On Wed, May 25, 2016 at 06:54:58PM +0200, Ludovic Courtès wrote:
> Usually, the service’s value is a configuration object, but in this
> case, the service’s value doesn’t matter, so you could simply write:
>
> (define (urandom-seed-shepherd-service _)
> …)
>
> > + ;; Add urandom-seed to the system profile
> > + (service-extension profile-service-type list)))))
>
> The ‘profile-service-type’ represents the system profile, i.e.,
> /run/current-system/profile. Extending it means adding a package to
> it.
>
> But here, IIUC, there’s no package to be added to the profile, so you
> should just remove it.
>
> Last round and we’re done! :-)

Please find my latest patch attached. It seems to work for me!
From 18979451b1af7eebaa354c1753ad4c90af288589 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 28 May 2016 13:41:21 -0400
Subject: [PATCH] services: Add urandom-seed-service.

* gnu/services/base.scm (urandom-seed-service): New procedure.
(%random-seed-file, urandom-seed-service-type): New variables.
(%urandom-seed-shepherd-service): New procedure.
* doc/guix.texi (Base Services): Document it.
---
doc/guix.texi | 10 +++++++++
gnu/services/base.scm | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 70 insertions(+), 1 deletion(-)

Toggle diff (116 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index bb75425..34a51a8 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7355,6 +7355,16 @@ Return a service that runs the Guix build daemon according to
Run @var{udev}, which populates the @file{/dev} directory dynamically.
@end deffn
+@deffn {Scheme Procedure} urandom-seed-service @var{#f}
+Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom}
+when rebooting.
+@end deffn
+
+@deftp {Data Type} %random-seed-file
+This is where some random bytes are saved by @var{urandom-seed-service}
+to seed @file{/dev/urandom} when rebooting.
+@end deftp
+
@deffn {Scheme Procedure} console-keymap-service @var{files} ...
@cindex keyboard layout
Return a service to load console keymaps from @var{files} using
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 96bf8da..032f713 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -93,6 +93,8 @@
gpm-service-type
gpm-service
+ urandom-seed-service
+
%base-services))
;;; Commentary:
@@ -422,6 +424,63 @@ stopped before 'kill' is called."
;;;
+;;; Preserve entropy to seed /dev/urandom on boot.
+;;;
+
+(define %random-seed-file
+ "/var/lib/random-seed")
+
+(define %urandom-seed-activation
+ ;; Activation gexp for the urandom seed
+ #~(begin
+ (use-modules (guix build utils))
+
+ (mkdir-p (dirname #$%random-seed-file))
+ (close-port (open-file #$%random-seed-file "a0b"))
+ (chmod #$%random-seed-file #o600)))
+
+(define (urandom-seed-shepherd-service _)
+ "Return a shepherd service for the /dev/urandom seed."
+ (list (shepherd-service
+ (documentation "Preserve entropy across reboots for /dev/urandom.")
+ (provision '(urandom-seed))
+ (requirement '(user-processes))
+ (start #~(lambda _
+ ;; On boot, write random seed into /dev/urandom.
+ (when (file-exists? #$%random-seed-file)
+ (call-with-input-file #$%random-seed-file
+ (lambda (seed)
+ (call-with-output-file "/dev/urandom"
+ (lambda (urandom)
+ (dump-port seed urandom))))))
+ #t))
+ (stop #~(lambda _
+ ;; During shutdown, write from /dev/urandom into random seed.
+ (let ((buf (make-bytevector 512)))
+ (call-with-input-file "/dev/urandom"
+ (lambda (urandom)
+ (get-bytevector-n! urandom buf 0 512)
+ (call-with-output-file #$%random-seed-file
+ (lambda (seed)
+ (put-bytevector seed buf)))
+ #t)))))
+ (modules `((rnrs bytevectors)
+ (rnrs io ports)
+ ,@%default-modules)))))
+
+(define urandom-seed-service-type
+ (service-type (name 'urandom-seed)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ urandom-seed-shepherd-service)
+ (service-extension activation-service-type
+ (const %urandom-seed-activation))))))
+
+(define (urandom-seed-service)
+ (service urandom-seed-service-type #f))
+
+
+;;;
;;; System-wide environment variables.
;;;
@@ -1200,7 +1259,6 @@ extra rules from the packages listed in @var{rules}."
"Return a service that uses @var{device} as a swap device."
(service swap-service-type device))
-
(define-record-type* <gpm-configuration>
gpm-configuration make-gpm-configuration gpm-configuration?
(gpm gpm-configuration-gpm) ;package
@@ -1281,6 +1339,7 @@ This is the GNU operating system, welcome!\n\n")))
(static-networking-service "lo" "127.0.0.1"
#:provision '(loopback))
(syslog-service)
+ (urandom-seed-service)
(guix-service)
(nscd-service)
--
2.8.3
L
L
Leo Famulari wrote on 28 May 2016 20:10
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160528181009.GA27844@jasmine
On Sat, May 28, 2016 at 02:05:35PM -0400, Leo Famulari wrote:
Toggle quote (2 lines)
> Please find my latest patch attached. It seems to work for me!

I forgot to add a copyright line for myself in this version. I'll put it
in for the next patch or when merging.
L
L
Leo Famulari wrote on 28 May 2016 20:26
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160528182623.GA28209@jasmine
On Sat, May 28, 2016 at 02:05:35PM -0400, Leo Famulari wrote:
Toggle quote (2 lines)
> Please find my latest patch attached. It seems to work for me!

I'm currently reconfiguring my GuixSD system with this patch to make
sure bad things don't happen the first time the user halts and the seed
file does not exist. Or something like that. Just to see what happens.

So far, I tested this by generating VM images.
L
L
Leo Famulari wrote on 28 May 2016 22:41
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160528204101.GA31520@jasmine
On Sat, May 28, 2016 at 02:26:23PM -0400, Leo Famulari wrote:
Toggle quote (7 lines)
> On Sat, May 28, 2016 at 02:05:35PM -0400, Leo Famulari wrote:
> > Please find my latest patch attached. It seems to work for me!
>
> I'm currently reconfiguring my GuixSD system with this patch to make
> sure bad things don't happen the first time the user halts and the seed
> file does not exist. Or something like that. Just to see what happens.

No problems. After reconfiguring, the service is started and there is a
zero-byte file at /var/lib/random-seed.
L
L
Ludovic Courtès wrote on 28 May 2016 22:53
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605@debbugs.gnu.org)
87oa7pj45n.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:

Toggle quote (2 lines)
> Please find my latest patch attached. It seems to work for me!

\o/

Toggle quote (5 lines)
> From 18979451b1af7eebaa354c1753ad4c90af288589 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Sat, 28 May 2016 13:41:21 -0400
> Subject: [PATCH] services: Add urandom-seed-service.

Add “Fixes http://bugs.gnu.org/23605.”

Toggle quote (4 lines)
> * gnu/services/base.scm (urandom-seed-service): New procedure.
> (%random-seed-file, urandom-seed-service-type): New variables.
> (%urandom-seed-shepherd-service): New procedure.

Mention the addition to ‘%base-services’ too.

Toggle quote (2 lines)
> * doc/guix.texi (Base Services): Document it.

[...]

Toggle quote (2 lines)
> +@deftp {Data Type} %random-seed-file

Should be:

@defvr {Scheme Variable} %random-seed-file

Toggle quote (2 lines)
> +This is where some random bytes are saved by @var{urandom-seed-service}

s/This is where/This is the name of the file where/

Toggle quote (2 lines)
> +to seed @file{/dev/urandom} when rebooting.

Maybe add “It defaults to @file{/var/run/…}.”

OK with these changes.

Thanks a lot!

Ludo’.
L
L
Leo Famulari wrote on 29 May 2016 02:00
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 23605@debbugs.gnu.org)
20160529000058.GA6182@jasmine
On Sat, May 28, 2016 at 10:53:08PM +0200, Ludovic Court�s wrote:
Toggle quote (3 lines)
>
> OK with these changes.

Done as a535e12226!
L
L
Leo Famulari wrote on 29 May 2016 02:04
(address . 23605-done@debbugs.gnu.org)
20160529000431.GA6304@jasmine
On Sat, May 28, 2016 at 08:00:58PM -0400, Leo Famulari wrote:
Toggle quote (5 lines)
> On Sat, May 28, 2016 at 10:53:08PM +0200, Ludovic Court�s wrote:
> >
> > OK with these changes.
>
> Done as a535e12226!
Closed
L
L
Ludovic Courtès wrote on 29 May 2016 22:23
(name . Leo Famulari)(address . leo@famulari.name)(address . 23605-done@debbugs.gnu.org)
87r3ckvcjx.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:

Toggle quote (6 lines)
> On Sat, May 28, 2016 at 10:53:08PM +0200, Ludovic Courtès wrote:
>>
>> OK with these changes.
>
> Done as a535e12226!

Thank you!

Ludo’.
Closed
?