commit 7a4684bee1c7e3eb6e8f0ee27a85244e22ce9dff · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys

Evgeny Egorochkin 10 years ago 7a4684be 73487f46

+38

2 changed files

expand all

unified split

nixos

modules

virtualisation

azure-agent-entropy.patch

azure-agent.nix

+17

nixos/modules/virtualisation/azure-agent-entropy.patch

··· 1 + --- a/waagent 2016-03-12 09:58:15.728088851 +0200 2 + +++ a/waagent 2016-03-12 09:58:43.572680025 +0200 3 + @@ -6173,10 +6173,10 @@ 4 + Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac])) 5 + 6 + # Consume Entropy in ACPI table provided by Hyper-V 7 + - try: 8 + - SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) 9 + - except: 10 + - pass 11 + + #try: 12 + + # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0")) 13 + + #except: 14 + + # pass 15 + 16 + Log("Probing for Azure environment.") 17 + self.Endpoint = self.DoDhcpWork()

+21

nixos/modules/virtualisation/azure-agent.nix

··· 14 14 rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4"; 15 15 sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x"; 16 16 }; 17 + 18 + patches = [ ./azure-agent-entropy.patch ]; 19 + 17 20 buildInputs = [ makeWrapper python pythonPackages.wrapPython ]; 18 21 runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh 19 22 nettools # for hostname ··· 156 159 before = [ "sshd.service" ]; 157 160 }; 158 161 162 + systemd.services.consume-hypervisor-entropy = 163 + { description = "Consume entropy in ACPI table provided by Hyper-V"; 164 + 165 + wantedBy = [ "sshd.service" "waagent.service" ]; 166 + before = [ "sshd.service" "waagent.service" ]; 167 + after = [ "local-fs.target" ]; 168 + 169 + path = [ pkgs.coreutils ]; 170 + script = 171 + '' 172 + echo "Fetching entropy..." 173 + cat /sys/firmware/acpi/tables/OEM0 > /dev/random 174 + ''; 175 + serviceConfig.Type = "oneshot"; 176 + serviceConfig.RemainAfterExit = true; 177 + serviceConfig.StandardError = "journal+console"; 178 + serviceConfig.StandardOutput = "journal+console"; 179 + }; 159 180 160 181 systemd.services.waagent = { 161 182 wantedBy = [ "sshd.service" ];