virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys
This commit is contained in:
parent
73487f4619
commit
7a4684bee1
17
nixos/modules/virtualisation/azure-agent-entropy.patch
Normal file
17
nixos/modules/virtualisation/azure-agent-entropy.patch
Normal file
@ -0,0 +1,17 @@
|
||||
--- a/waagent 2016-03-12 09:58:15.728088851 +0200
|
||||
+++ a/waagent 2016-03-12 09:58:43.572680025 +0200
|
||||
@@ -6173,10 +6173,10 @@
|
||||
Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac]))
|
||||
|
||||
# Consume Entropy in ACPI table provided by Hyper-V
|
||||
- try:
|
||||
- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
|
||||
- except:
|
||||
- pass
|
||||
+ #try:
|
||||
+ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
|
||||
+ #except:
|
||||
+ # pass
|
||||
|
||||
Log("Probing for Azure environment.")
|
||||
self.Endpoint = self.DoDhcpWork()
|
@ -14,6 +14,9 @@ let
|
||||
rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
|
||||
sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
|
||||
};
|
||||
|
||||
patches = [ ./azure-agent-entropy.patch ];
|
||||
|
||||
buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
|
||||
runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
|
||||
nettools # for hostname
|
||||
@ -156,6 +159,24 @@ in
|
||||
before = [ "sshd.service" ];
|
||||
};
|
||||
|
||||
systemd.services.consume-hypervisor-entropy =
|
||||
{ description = "Consume entropy in ACPI table provided by Hyper-V";
|
||||
|
||||
wantedBy = [ "sshd.service" "waagent.service" ];
|
||||
before = [ "sshd.service" "waagent.service" ];
|
||||
after = [ "local-fs.target" ];
|
||||
|
||||
path = [ pkgs.coreutils ];
|
||||
script =
|
||||
''
|
||||
echo "Fetching entropy..."
|
||||
cat /sys/firmware/acpi/tables/OEM0 > /dev/random
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
serviceConfig.StandardError = "journal+console";
|
||||
serviceConfig.StandardOutput = "journal+console";
|
||||
};
|
||||
|
||||
systemd.services.waagent = {
|
||||
wantedBy = [ "sshd.service" ];
|
||||
|
Loading…
Reference in New Issue
Block a user