virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys
This commit is contained in:
parent
73487f4619
commit
7a4684bee1
17
nixos/modules/virtualisation/azure-agent-entropy.patch
Normal file
17
nixos/modules/virtualisation/azure-agent-entropy.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
--- a/waagent 2016-03-12 09:58:15.728088851 +0200
|
||||||
|
+++ a/waagent 2016-03-12 09:58:43.572680025 +0200
|
||||||
|
@@ -6173,10 +6173,10 @@
|
||||||
|
Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac]))
|
||||||
|
|
||||||
|
# Consume Entropy in ACPI table provided by Hyper-V
|
||||||
|
- try:
|
||||||
|
- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
|
||||||
|
- except:
|
||||||
|
- pass
|
||||||
|
+ #try:
|
||||||
|
+ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
|
||||||
|
+ #except:
|
||||||
|
+ # pass
|
||||||
|
|
||||||
|
Log("Probing for Azure environment.")
|
||||||
|
self.Endpoint = self.DoDhcpWork()
|
@ -14,6 +14,9 @@ let
|
|||||||
rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
|
rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
|
||||||
sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
|
sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
patches = [ ./azure-agent-entropy.patch ];
|
||||||
|
|
||||||
buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
|
buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
|
||||||
runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
|
runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
|
||||||
nettools # for hostname
|
nettools # for hostname
|
||||||
@ -156,6 +159,24 @@ in
|
|||||||
before = [ "sshd.service" ];
|
before = [ "sshd.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.consume-hypervisor-entropy =
|
||||||
|
{ description = "Consume entropy in ACPI table provided by Hyper-V";
|
||||||
|
|
||||||
|
wantedBy = [ "sshd.service" "waagent.service" ];
|
||||||
|
before = [ "sshd.service" "waagent.service" ];
|
||||||
|
after = [ "local-fs.target" ];
|
||||||
|
|
||||||
|
path = [ pkgs.coreutils ];
|
||||||
|
script =
|
||||||
|
''
|
||||||
|
echo "Fetching entropy..."
|
||||||
|
cat /sys/firmware/acpi/tables/OEM0 > /dev/random
|
||||||
|
'';
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
serviceConfig.StandardError = "journal+console";
|
||||||
|
serviceConfig.StandardOutput = "journal+console";
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.waagent = {
|
systemd.services.waagent = {
|
||||||
wantedBy = [ "sshd.service" ];
|
wantedBy = [ "sshd.service" ];
|
||||||
|
Loading…
Reference in New Issue
Block a user