summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn2
-rw-r--r--src/Propellor/Property/Sbuild.hs13
2 files changed, 12 insertions, 3 deletions
diff --git a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
index e67cf17e..ed8761c6 100644
--- a/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
+++ b/doc/todo/merge_request:_make_Sbuild.keypairInsecurelyGenerated_more_robust.mdwn
@@ -3,3 +3,5 @@ Please consider merging branch `rngd-robust` of repo `https://git.spwhitton.name
Several changes to the `Sbuild.keypairInsecurelyGenerated` property to make it more robust. Please see comments added by the diff.
> <s>done</s> ... however, that sleep 10 after killing rngd seems quite dodgy. --[[Joey]]
+
+>> final merge [[done]] --[[Joey]]
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index d128e3b9..7a27473c 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -358,6 +358,12 @@ secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
-- | Generate the apt keys needed by sbuild using a low-quality source of
-- randomness
--
+-- Note that any running rngd will be killed; if you are using rngd, you should
+-- arrange for it to be restarted after this property has been ensured. E.g.
+--
+-- > & Sbuild.keypairInsecurelyGenerated
+-- > `onChange` Systemd.started "my-rngd-service"
+--
-- Useful on throwaway build VMs.
keypairInsecurelyGenerated :: Property DebianLike
keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
@@ -370,10 +376,11 @@ keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
-- #831462
& File.dirExists "/var/lib/sbuild/apt-keys"
-- If there is already an rngd process running we have to kill
- -- it, as it might not be feeding to /dev/urandom
+ -- it, as it might not be feeding to /dev/urandom. We can't
+ -- kill by pid file because that is not guaranteed to be the
+ -- default (/var/run/rngd.pid), so we killall
& userScriptProperty (User "root")
- [ "kill 2>/dev/null $(cat /var/run/rngd.pid) || true"
- , "sleep 10"
+ [ "start-stop-daemon -q -K -R 10 -o -n rngd"
, "rngd -r /dev/urandom"
]
`assume` MadeChange