#29773 - urandom-seed-service should run earlier in the boot process

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #27 received at 29773-done@debbugs.gnu.org (full text, mbox, reply):

Received: (at 29773-done) by debbugs.gnu.org; 22 Dec 2017 09:06:50 +0000
From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 22 04:06:50 2017
Received: from localhost ([127.0.0.1]:46850 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1eSJI1-0003U5-UE
	for submit@debbugs.gnu.org; Fri, 22 Dec 2017 04:06:50 -0500
Received: from hera.aquilenet.fr ([141.255.128.1]:51779)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1eSJI0-0003Tx-4F
 for 29773-done@debbugs.gnu.org; Fri, 22 Dec 2017 04:06:48 -0500
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 5D4DC102BB;
 Fri, 22 Dec 2017 10:06:51 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1TnHk_vwYAcM; Fri, 22 Dec 2017 10:06:50 +0100 (CET)
Received: from ribbon (unknown [193.50.110.235])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id BFCB2FE65;
 Fri, 22 Dec 2017 10:06:50 +0100 (CET)
From: ludo@gnu.org (Ludovic Courtès)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#29773: urandom-seed-service should run earlier in the boot
 process
References: <20171219191348.GA19177@jasmine.lan> <87tvwlzop3.fsf@gnu.org>
 <20171220230751.GA18857@jasmine.lan> <87ind0a1kq.fsf@gnu.org>
 <20171221190914.GA11808@jasmine.lan>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 2 Nivôse an 226 de la Révolution
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 22 Dec 2017 10:06:46 +0100
In-Reply-To: <20171221190914.GA11808@jasmine.lan> (Leo Famulari's message of
 "Thu, 21 Dec 2017 14:09:14 -0500")
Message-ID: <87po779lnd.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 3.8 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hello, Leo Famulari <leo@famulari.name> skribis: > On Thu,
    Dec 21, 2017 at 10:10:29AM +0100, Ludovic CourtÃ¨s wrote: >> >> The attached
    patch does the trick, AFAICS: >> > >> diff --git a/gnu/services/base.scm
   b/gnu/services/base.scm >> index acc5c33f5..7fc8f6aa7 100644 >> --- a/gnu/services/base.scm
    >> +++ b/gnu/services/base.scm >> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS
    when it is stopped." >> (list (shepherd-service >> (documentation "Preserve
    entropy across reboots for /dev/urandom.") >> (provision '(urandom-seed))
    >> - (requirement '(file-systems)) >> + >> + ;; Depend on udev so that /dev/hwrng
    is available. >> + (requirement '(file-systems udev)) >> + >> (start #~(lambda
    _ >> ;; On boot, write random seed into /dev/urandom. >> (when (file-exists?
    #$%random-seed-file) > > Yes, it seems to work for me. [...] 
 
 Content analysis details:   (3.8 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  2.8 PERCENT_RANDOM         Message has a random macro in it
X-Debbugs-Envelope-To: 29773-done
Cc: 29773-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 3.8 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hello, Leo Famulari <leo@famulari.name> skribis: > On Thu,
    Dec 21, 2017 at 10:10:29AM +0100, Ludovic CourtÃ¨s wrote: >> >> The attached
    patch does the trick, AFAICS: >> > >> diff --git a/gnu/services/base.scm
   b/gnu/services/base.scm >> index acc5c33f5..7fc8f6aa7 100644 >> --- a/gnu/services/base.scm
    >> +++ b/gnu/services/base.scm >> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS
    when it is stopped." >> (list (shepherd-service >> (documentation "Preserve
    entropy across reboots for /dev/urandom.") >> (provision '(urandom-seed))
    >> - (requirement '(file-systems)) >> + >> + ;; Depend on udev so that /dev/hwrng
    is available. >> + (requirement '(file-systems udev)) >> + >> (start #~(lambda
    _ >> ;; On boot, write random seed into /dev/urandom. >> (when (file-exists?
    #$%random-seed-file) > > Yes, it seems to work for me. [...] 
 
 Content analysis details:   (3.8 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  2.8 PERCENT_RANDOM         Message has a random macro in it

Hello,

Leo Famulari <leo@famulari.name> skribis:

> On Thu, Dec 21, 2017 at 10:10:29AM +0100, Ludovic Courtès wrote:
>> 
>> The attached patch does the trick, AFAICS:
>> 
>
>> diff --git a/gnu/services/base.scm b/gnu/services/base.scm
>> index acc5c33f5..7fc8f6aa7 100644
>> --- a/gnu/services/base.scm
>> +++ b/gnu/services/base.scm
>> @@ -529,7 +529,10 @@ in KNOWN-MOUNT-POINTS when it is stopped."
>>    (list (shepherd-service
>>           (documentation "Preserve entropy across reboots for /dev/urandom.")
>>           (provision '(urandom-seed))
>> -         (requirement '(file-systems))
>> +
>> +         ;; Depend on udev so that /dev/hwrng is available.
>> +         (requirement '(file-systems udev))
>> +
>>           (start #~(lambda _
>>                      ;; On boot, write random seed into /dev/urandom.
>>                      (when (file-exists? #$%random-seed-file)
>
> Yes, it seems to work for me.

Great, I’ve pushed the whole series.

> I'm unsure if the stop action of urandom-seed-service is being executed
> on shutdown.
>
> I added some print statements and sleep delays to the stop action but
> the system halts faster than I expected and I don't see any writes to
> /var/lib/random-seed.

/var/lib/random-seed is definitely being updated on shutdown on my
system, as can be seen from its mtime.

Thanks,
Ludo’.

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sat Dec 21 16:47:05 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#29773 urandom-seed-service should run earlier in the boot process