From 7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Sat, 12 Mar 2016 10:09:02 +0200 Subject: [PATCH] virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys --- .../virtualisation/azure-agent-entropy.patch | 17 +++++++++++++++ nixos/modules/virtualisation/azure-agent.nix | 21 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 nixos/modules/virtualisation/azure-agent-entropy.patch diff --git a/nixos/modules/virtualisation/azure-agent-entropy.patch b/nixos/modules/virtualisation/azure-agent-entropy.patch new file mode 100644 index 000000000000..2a7ad08a4afc --- /dev/null +++ b/nixos/modules/virtualisation/azure-agent-entropy.patch @@ -0,0 +1,17 @@ +--- a/waagent 2016-03-12 09:58:15.728088851 +0200 ++++ a/waagent 2016-03-12 09:58:43.572680025 +0200 +@@ -6173,10 +6173,10 @@ + Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac])) + + # Consume Entropy in ACPI table provided by Hyper-V +- try: +- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) +- except: +- pass ++ #try: ++ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) ++ #except: ++ # pass + + Log("Probing for Azure environment.") + self.Endpoint = self.DoDhcpWork() diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index 6b60419c290c..34ca8df9d91b 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -14,6 +14,9 @@ let rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4"; sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x"; }; + + patches = [ ./azure-agent-entropy.patch ]; + buildInputs = [ makeWrapper python pythonPackages.wrapPython ]; runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh nettools # for hostname @@ -156,6 +159,24 @@ in before = [ "sshd.service" ]; }; + systemd.services.consume-hypervisor-entropy = + { description = "Consume entropy in ACPI table provided by Hyper-V"; + + wantedBy = [ "sshd.service" "waagent.service" ]; + before = [ "sshd.service" "waagent.service" ]; + after = [ "local-fs.target" ]; + + path = [ pkgs.coreutils ]; + script = + '' + echo "Fetching entropy..." + cat /sys/firmware/acpi/tables/OEM0 > /dev/random + ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + serviceConfig.StandardError = "journal+console"; + serviceConfig.StandardOutput = "journal+console"; + }; systemd.services.waagent = { wantedBy = [ "sshd.service" ];