On Mon, Dec 11, 2017 at 10:16:42AM +0100, Ludovic Courtès wrote: > Leo Famulari <[email protected]> skribis: > > At the same time we handle the random seed, we could also try reading > > from /dev/hwrng and, if the read is successful, copy some bytes into > > /dev/urandom. We'd have to try reading and handle failure since we > > always create /dev/hwrng regardless of whether the Linux kernel module > > is loaded or not. > > OK.
Okay, I'll work on adding this to the urandom-seed-service. > > If one always passes the same value to --entropy-seed, it will not > > negatively affect the reproducibility of the image ;) > > > > This would not be something we do for the official release image, but > > merely an optional tool. > > Yeah it’d be OK to add this as an option. > > When the option is present, ‘guix system’ would hook into the VM > creation code somehow, or to extend ‘activation-service-type’ with code > to create the file. > > Maybe we could provide a more generic --copy-file=SOURCE[=DEST] option? > Like --copy-file=./my-seed=/var/lib/random-seed or > --copy-file=$HOME/.ssh/authorized_keys. > > Thoughts? That sounds good to me. I'll try implementing it.
signature.asc
Description: PGP signature
