#29773 urandom-seed-service should run earlier in the boot process

Received: (at 29773) by debbugs.gnu.org; 21 Dec 2017 19:09:19 +0000
From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 21 14:09:19 2017
Received: from localhost ([127.0.0.1]:46439 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1eS6DX-0000d7-58
	for submit@debbugs.gnu.org; Thu, 21 Dec 2017 14:09:19 -0500
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:41563)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1eS6DV-0000cz-6H
 for 29773@debbugs.gnu.org; Thu, 21 Dec 2017 14:09:17 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id CB575207FD;
 Thu, 21 Dec 2017 14:09:16 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
 by compute4.internal (MEProxy); Thu, 21 Dec 2017 14:09:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 mesmtp; bh=aObaNTMyKrHmtooq4zMpPvXIaCcjGXi56yY8WYj//ls=; b=Sk3DW
 5Mcfk6osd3XgojF0ZYqr40kG6PA2eZDahrVrZvPq3738RObCzPLKNNSWGSwyTTUE
 dcz/dK/QeWA+16exsVq0BgmZ8Xi+FeTsDpM6sB/Ycb5gAtaSNq9bkijXMVcbG+um
 YohA4UD/RcqvHoVoOnvkaXfHexHnDBCH4gajxQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm1; bh=aObaNTMyKrHmtooq4zMpPvXIaCcjG
 Xi56yY8WYj//ls=; b=rFc+nmX8zk2Qh3FAvPrvedO/ngq+2fXD/litXJF4b6Mlv
 hxg98HpyKDeqKT7DxdILxRoZf/TTshtABgHddCFfleSWCg1iEz81sp+Xg88zUA+D
 tq9Csb8egld/XTbZiC/TaVQkFws4/Jf13Z9Ddva25JG7Akk7pH4cJhVWP7f+8Quk
 xkNuvv/syfucagTU+753SClrSH+O/y0YDF8DTjl9CPqb/PHqNCut6C+ZWgOh8UBt
 G+Qk3Hl/Ws1NmTLt2mMMn7cgygnvNipWss/wqbNajPXYzsHy9j0gOcHLMo7V7/i8
 V4WqiZlftijDz3hN4mMDwLUUxr82XXRn5MjvL5QzQ==
X-ME-Sender: <xms:3AY8WrksoQtu_Tlwhl5d_o5X4IfSENGeKwpRhpFHjc2q3IEOaBbm5w>
Received: from localhost (unknown [172.58.200.109])
 by mail.messagingengine.com (Postfix) with ESMTPA id 731D47E558;
 Thu, 21 Dec 2017 14:09:16 -0500 (EST)
Date: Thu, 21 Dec 2017 14:09:14 -0500
From: Leo Famulari <leo@famulari.name>
To: Ludovic Courtès <ludo@gnu.org>
Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot
 process
Message-ID: <20171221190914.GA11808@jasmine.lan>
References: <20171219191348.GA19177@jasmine.lan> <87tvwlzop3.fsf@gnu.org>
 <20171220230751.GA18857@jasmine.lan> <87ind0a1kq.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/"
Content-Disposition: inline
In-Reply-To: <87ind0a1kq.fsf@gnu.org>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès
   wrote: > > The attached patch does the trick, AFAICS: > > diff --git a/gnu/services/base.scm
    b/gnu/services/base.scm > index acc5c33f5..7fc8f6aa7 100644 > --- a/gnu/services/base.scm
    > +++ b/gnu/services/base.scm > @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS
    when it is stopped." > (list (shepherd-service > (documentation "Preserve
    entropy across reboots for /dev/urandom.") > (provision '(urandom-seed))
   > - (requirement '(file-systems)) > + > + ;; Depend on udev so that /dev/hwrng
    is available. > + (requirement '(file-systems udev)) > + > (start #~(lambda
    _ > ;; On boot, write random seed into /dev/urandom. > (when (file-exists?
    #$%random-seed-file) [...] 
 
 Content analysis details:   (2.1 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at http://www.dnswl.org/, low
                             trust
                             [66.111.4.27 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                             [66.111.4.27 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
  2.8 PERCENT_RANDOM         Message has a random macro in it
X-Debbugs-Envelope-To: 29773
Cc: 29773@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès
   wrote: > > The attached patch does the trick, AFAICS: > > diff --git a/gnu/services/base.scm
    b/gnu/services/base.scm > index acc5c33f5..7fc8f6aa7 100644 > --- a/gnu/services/base.scm
    > +++ b/gnu/services/base.scm > @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS
    when it is stopped." > (list (shepherd-service > (documentation "Preserve
    entropy across reboots for /dev/urandom.") > (provision '(urandom-seed))
   > - (requirement '(file-systems)) > + > + ;; Depend on udev so that /dev/hwrng
    is available. > + (requirement '(file-systems udev)) > + > (start #~(lambda
    _ > ;; On boot, write random seed into /dev/urandom. > (when (file-exists?
    #$%random-seed-file) [...] 
 
 Content analysis details:   (2.1 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at http://www.dnswl.org/, low
                             trust
                             [66.111.4.27 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                             [66.111.4.27 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
  2.8 PERCENT_RANDOM         Message has a random macro in it