bug#23605: /dev/urandom not seeded across reboots

[Leo Famulari]

On Tue, May 24, 2016 at 02:24:59PM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
> > +      (mkdir-p "/var/run")
> > +      (close-port (open-file "/var/run/urandom-seed" "a0b"))
> 
> Or simply ‘open-output-file’.

Done in the attached diff.

> Maybe do:
> 
>   (define %random-seed-file
>     "/var/run/random-seed")

Done.

> > +         (start #~(lambda _
> > +                    (exec-command
> > +                      (zero?
> > +                        (system (string-append "cat "
> > +                                               "/var/run/urandom-seed"
> > +                                               " > /dev/urandom"))))))
> 
> Instead of spawning ‘cat’, we can do:
> 
>   (when (file-exists? #$%random-seed-file)
>     (call-with-input-file #$%random-seed-file
>       (lambda (seed)
>         (call-with-output-file "/dev/urandom"
>           (lambda (random)
>             (dump-port seed random))))))
>   #t   ;service successfully “started”

I think I've done this correctly, as attached, but I can't test it yet
since I still get an error: "service: Wrong number of arguments in form
(service urandom-seed-service-type)".

> > +         (stop #~(lambda _
> > +                   (exec-command
> > +                     (zero?
> > +                       (system* "dd" "if=/dev/urandom"
> > +                                (string-append "of=" 
> > "/var/run/urandom-seed")
> > +                                "count=1" "bs=512"))))))))
> 
> Likewise, I would suggest using:
> 
>   (let ((buf (make-bytevector 512)))
>     (call-with-input-file "/dev/urandom"
>       (lambda (random)
>         (get-bytevector-n! random buf 512)))
>     …)

I tried to fill in the …, but again, I'm struggling here :p

More advice requested! :)

urandom-seed-service.patch
Description: Text Data

backtrace
Description: Text document