diff options
| author | Evgeny Egorochkin <phreedom@yandex.ru> | 2016-03-12 10:09:02 +0200 |
|---|---|---|
| committer | Evgeny Egorochkin <phreedom@yandex.ru> | 2016-03-13 13:57:30 +0200 |
| commit | 7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff (patch) | |
| tree | b141932042436129884f9314b24ddd99eefc8b9f /nixos | |
| parent | 73487f461941e89f1d4d76823e5d2fe2a2699f64 (diff) | |
| download | nixlib-7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff.tar nixlib-7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff.tar.gz nixlib-7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff.tar.bz2 nixlib-7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff.tar.lz nixlib-7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff.tar.xz nixlib-7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff.tar.zst nixlib-7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff.zip | |
virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/virtualisation/azure-agent-entropy.patch | 17 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/azure-agent.nix | 21 |
2 files changed, 38 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/azure-agent-entropy.patch b/nixos/modules/virtualisation/azure-agent-entropy.patch new file mode 100644 index 000000000000..2a7ad08a4afc --- /dev/null +++ b/nixos/modules/virtualisation/azure-agent-entropy.patch @@ -0,0 +1,17 @@ +--- a/waagent 2016-03-12 09:58:15.728088851 +0200 ++++ a/waagent 2016-03-12 09:58:43.572680025 +0200 +@@ -6173,10 +6173,10 @@ + Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac])) + + # Consume Entropy in ACPI table provided by Hyper-V +- try: +- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) +- except: +- pass ++ #try: ++ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) ++ #except: ++ # pass + + Log("Probing for Azure environment.") + self.Endpoint = self.DoDhcpWork() diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index 6b60419c290c..34ca8df9d91b 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -14,6 +14,9 @@ let rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4"; sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x"; }; + + patches = [ ./azure-agent-entropy.patch ]; + buildInputs = [ makeWrapper python pythonPackages.wrapPython ]; runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh nettools # for hostname @@ -156,6 +159,24 @@ in before = [ "sshd.service" ]; }; + systemd.services.consume-hypervisor-entropy = + { description = "Consume entropy in ACPI table provided by Hyper-V"; + + wantedBy = [ "sshd.service" "waagent.service" ]; + before = [ "sshd.service" "waagent.service" ]; + after = [ "local-fs.target" ]; + + path = [ pkgs.coreutils ]; + script = + '' + echo "Fetching entropy..." + cat /sys/firmware/acpi/tables/OEM0 > /dev/random + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + serviceConfig.StandardError = "journal+console"; + serviceConfig.StandardOutput = "journal+console"; + }; systemd.services.waagent = { wantedBy = [ "sshd.service" ]; |