diff mbox

[1/1] services: urandom-seed: Refresh seed at boot.

Message ID 87b171184d8295e92c4579904d88509bb59667aa.1465007657.git.leo@famulari.name
State New
Headers show

Commit Message

Leo Famulari June 4, 2016, 2:56 a.m. UTC
* gnu/services/base.scm (urandom-seed-shepherd-service): Refresh the random
seed unconditionally at boot. Ensure directory structure for %random-seed-file
exists when shutting down.
(%urandom-seed-activation): Remove variable.
(urandom-seed-service-type): Remove deleted variable from list of extensions.
---
 gnu/services/base.scm | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)
diff mbox

Patch

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index b8e4741..2780d12 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -431,15 +431,6 @@  stopped before 'kill' is called."
 (define %random-seed-file
   "/var/lib/random-seed")
 
-(define %urandom-seed-activation
-  ;; Activation gexp for the urandom seed
-  #~(begin
-      (use-modules (guix build utils))
-
-      (mkdir-p (dirname #$%random-seed-file))
-      (close-port (open-file #$%random-seed-file "a0b"))
-      (chmod #$%random-seed-file #o600)))
-
 (define (urandom-seed-shepherd-service _)
   "Return a shepherd service for the /dev/urandom seed."
   (list (shepherd-service
@@ -454,6 +445,18 @@  stopped before 'kill' is called."
                           (call-with-output-file "/dev/urandom"
                             (lambda (urandom)
                               (dump-port seed urandom))))))
+                    ;; Immediately refresh the seed in case the system doesn't
+                    ;; shut down cleanly.
+                    (call-with-input-file "/dev/urandom"
+                      (lambda (urandom)
+                        (let ((previous-umask (umask #o077))
+                              (buf (make-bytevector 512)))
+                          (mkdir-p (dirname #$%random-seed-file))
+                          (get-bytevector-n! urandom buf 0 512)
+                          (call-with-output-file #$%random-seed-file
+                            (lambda (seed)
+                              (put-bytevector seed buf)))
+                          (umask previous-umask))))
                     #t))
          (stop #~(lambda _
                    ;; During shutdown, write from /dev/urandom into random seed.
@@ -462,6 +465,7 @@  stopped before 'kill' is called."
                        (lambda (urandom)
                          (let ((previous-umask (umask #o077)))
                            (get-bytevector-n! urandom buf 0 512)
+                           (mkdir-p (dirname #$%random-seed-file))
                            (call-with-output-file #$%random-seed-file
                              (lambda (seed)
                                (put-bytevector seed buf)))
@@ -475,9 +479,7 @@  stopped before 'kill' is called."
   (service-type (name 'urandom-seed)
                 (extensions
                  (list (service-extension shepherd-root-service-type
-                                          urandom-seed-shepherd-service)
-                       (service-extension activation-service-type
-                                          (const %urandom-seed-activation))))))
+                                          urandom-seed-shepherd-service)))))
 
 (define (urandom-seed-service)
   (service urandom-seed-service-type #f))