~ruther/guix-local

a535e1222665f3fe5e195573649b7000e8bc9d34 — Leo Famulari 9 years ago 922fe07 
services: Add urandom-seed-service.

Fixes <http://bugs.gnu.org/23605>.

* gnu/services/base.scm (urandom-seed-service): New procedure.
(%random-seed-file, urandom-seed-service-type): New variables.
(%urandom-seed-shepherd-service): New procedure.
(%base-services): Call 'urandom-seed-service'.
* doc/guix.texi (Base Services): Document it.
patch browse .tar.gz 
2 files changed, 72 insertions(+), 1 deletions(-)

M doc/guix.texi
M gnu/services/base.scm

M doc/guix.texi => doc/guix.texi +11 -0
@@ 7355,6 7355,17 @@ Return a service that runs the Guix build daemon according to
Run @var{udev}, which populates the @file{/dev} directory dynamically.
@end deffn

@deffn {Scheme Procedure} urandom-seed-service @var{#f}
Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom}
when rebooting.
@end deffn

@defvr {Scheme Variable} %random-seed-file
This is the name of the file where some random bytes are saved by
@var{urandom-seed-service} to seed @file{/dev/urandom} when rebooting.
It defaults to @file{/var/lib/random-seed}.
@end defvr

@deffn {Scheme Procedure} console-keymap-service @var{files} ...
@cindex keyboard layout
Return a service to load console keymaps from @var{files} using


M gnu/services/base.scm => gnu/services/base.scm +61 -1
@@ 3,6 3,7 @@
;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;


@@ 93,6 94,8 @@
            gpm-service-type
            gpm-service

            urandom-seed-service

            %base-services))

;;; Commentary:


@@ 422,6 425,63 @@ stopped before 'kill' is called."


;;;
;;; Preserve entropy to seed /dev/urandom on boot.
;;;

(define %random-seed-file
  "/var/lib/random-seed")

(define %urandom-seed-activation
  ;; Activation gexp for the urandom seed
  #~(begin
      (use-modules (guix build utils))

      (mkdir-p (dirname #$%random-seed-file))
      (close-port (open-file #$%random-seed-file "a0b"))
      (chmod #$%random-seed-file #o600)))

(define (urandom-seed-shepherd-service _)
  "Return a shepherd service for the /dev/urandom seed."
  (list (shepherd-service
         (documentation "Preserve entropy across reboots for /dev/urandom.")
         (provision '(urandom-seed))
         (requirement '(user-processes))
         (start #~(lambda _
                    ;; On boot, write random seed into /dev/urandom.
                    (when (file-exists? #$%random-seed-file)
                      (call-with-input-file #$%random-seed-file
                        (lambda (seed)
                          (call-with-output-file "/dev/urandom"
                            (lambda (urandom)
                              (dump-port seed urandom))))))
                    #t))
         (stop #~(lambda _
                   ;; During shutdown, write from /dev/urandom into random seed.
                   (let ((buf (make-bytevector 512)))
                     (call-with-input-file "/dev/urandom"
                       (lambda (urandom)
                         (get-bytevector-n! urandom buf 0 512)
                         (call-with-output-file #$%random-seed-file
                           (lambda (seed)
                             (put-bytevector seed buf)))
                         #t)))))
         (modules `((rnrs bytevectors)
                    (rnrs io ports)
                    ,@%default-modules)))))

(define urandom-seed-service-type
  (service-type (name 'urandom-seed)
                (extensions
                 (list (service-extension shepherd-root-service-type
                                          urandom-seed-shepherd-service)
                       (service-extension activation-service-type
                                          (const %urandom-seed-activation))))))

(define (urandom-seed-service)
  (service urandom-seed-service-type #f))


;;;
;;; System-wide environment variables.
;;;



@@ 1200,7 1260,6 @@ extra rules from the packages listed in @var{rules}."
  "Return a service that uses @var{device} as a swap device."
  (service swap-service-type device))


(define-record-type* <gpm-configuration>
  gpm-configuration make-gpm-configuration gpm-configuration?
  (gpm      gpm-configuration-gpm)                ;package


@@ 1281,6 1340,7 @@ This is the GNU operating system, welcome!\n\n")))
          (static-networking-service "lo" "127.0.0.1"
                                     #:provision '(loopback))
          (syslog-service)
          (urandom-seed-service)
          (guix-service)
          (nscd-service)