[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: services: urandom-seed: Credit the entropy added to the PRNG.
|
From: |
guix-commits |
|
Subject: |
02/02: services: urandom-seed: Credit the entropy added to the PRNG. |
|
Date: |
Sat, 5 Oct 2019 16:05:10 -0400 (EDT) |
civodul pushed a commit to branch core-updates
in repository guix.
commit 81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9
Author: Ludovic Courtès <address@hidden>
Date: Sat Oct 5 22:03:06 2019 +0200
services: urandom-seed: Credit the entropy added to the PRNG.
Partly fixes <https://bugs.gnu.org/37501>.
Reported by Marius Bakke <address@hidden>.
* gnu/services/base.scm (urandom-seed-shepherd-service): In 'start'
method, add calls to 'add-to-entropy-count'.
---
gnu/services/base.scm | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 25716ef..f7e90e2 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -573,7 +573,13 @@ file systems, as well as corresponding @file{/etc/fstab}
entries.")))
(lambda (seed)
(call-with-output-file "/dev/urandom"
(lambda (urandom)
- (dump-port seed urandom))))))
+ (dump-port seed urandom)
+
+ ;; Writing SEED to URANDOM isn't enough: we must
+ ;; also tell the kernel to account for these
+ ;; extra bits of entropy.
+ (let ((bits (* 8 (stat:size (stat seed)))))
+ (add-to-entropy-count urandom bits)))))))
;; Try writing from /dev/hwrng into /dev/urandom.
;; It seems that the file /dev/hwrng always exists, even
@@ -590,7 +596,9 @@ file systems, as well as corresponding @file{/etc/fstab}
entries.")))
(when buf
(call-with-output-file "/dev/urandom"
(lambda (urandom)
- (put-bytevector urandom buf)))))
+ (put-bytevector urandom buf)
+ (let ((bits (* 8 (bytevector-length buf))))
+ (add-to-entropy-count urandom bits))))))
;; Immediately refresh the seed in case the system doesn't
;; shut down cleanly.