me/guix
Archived
1
0
Fork 0
Code Activity

services: urandom-seed: Credit the entropy added to the PRNG.

Browse source 
Partly fixes <https://bugs.gnu.org/37501>.
Reported by Marius Bakke <mbakke@fastmail.com>.

* gnu/services/base.scm (urandom-seed-shepherd-service): In 'start'
method, add calls to 'add-to-entropy-count'.
This commit is contained in:
Ludovic Courtès 2019-10-05 22:03:06 +02:00
parent 5e5f716794
commit 81bc4533aa
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
gnu/services/base.scm
View file

@ -573,7 +573,13 @@ file systems, as well as corresponding @file{/etc/fstab} entries.")))
(lambda (seed) (lambda (seed)
(call-with-output-file "/dev/urandom" (call-with-output-file "/dev/urandom"
(lambda (urandom) (lambda (urandom)
(dump-port seed urandom)))))) (dump-port seed urandom)
;; Writing SEED to URANDOM isn't enough: we must
;; also tell the kernel to account for these
;; extra bits of entropy.
(let ((bits (* 8 (stat:size (stat seed)))))
(add-to-entropy-count urandom bits)))))))
;; Try writing from /dev/hwrng into /dev/urandom. ;; Try writing from /dev/hwrng into /dev/urandom.
;; It seems that the file /dev/hwrng always exists, even ;; It seems that the file /dev/hwrng always exists, even
@ -590,7 +596,9 @@ file systems, as well as corresponding @file{/etc/fstab} entries.")))
(when buf (when buf
(call-with-output-file "/dev/urandom" (call-with-output-file "/dev/urandom"
(lambda (urandom) (lambda (urandom)
(put-bytevector urandom buf))))) (put-bytevector urandom buf)
(let ((bits (* 8 (bytevector-length buf))))
(add-to-entropy-count urandom bits))))))
;; Immediately refresh the seed in case the system doesn't ;; Immediately refresh the seed in case the system doesn't
;; shut down cleanly. ;; shut down cleanly.