pyrox.dev / nixpkgs
lol
fork atom

virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys

Evgeny Egorochkin 7a4684be 73487f46

options
unified split
Changed files
+38
nixos
modules
virtualisation
azure-agent-entropy.patch
azure-agent.nix
+17
nixos/modules/virtualisation/azure-agent-entropy.patch 
···

       

       
1

       
+

       
--- a/waagent	2016-03-12 09:58:15.728088851 +0200


     

       

       
2

       
+

       
+++ a/waagent	2016-03-12 09:58:43.572680025 +0200


     

       

       
3

       
+

       
@@ -6173,10 +6173,10 @@


     

       

       
4

       
+

       
             Log("MAC  address: " + ":".join(["%02X" % Ord(a) for a in mac]))


     

       

       
5

       
+

       
         


     

       

       
6

       
+

       
         # Consume Entropy in ACPI table provided by Hyper-V


     

       

       
7

       
+

       
-        try:


     

       

       
8

       
+

       
-            SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))


     

       

       
9

       
+

       
-        except:


     

       

       
10

       
+

       
-            pass


     

       

       
11

       
+

       
+        #try:


     

       

       
12

       
+

       
+        #    SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))


     

       

       
13

       
+

       
+        #except:


     

       

       
14

       
+

       
+        #    pass


     

       

       
15

       
+

       
 


     

       

       
16

       
+

       
         Log("Probing for Azure environment.")


     

       

       
17

       
+

       
         self.Endpoint = self.DoDhcpWork()
+21
nixos/modules/virtualisation/azure-agent.nix 
···

       
14

       
14

       
 

       
      rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";


     

       
15

       
15

       
 

       
      sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";


     

       
16

       
16

       
 

       
    };


     

       

       
17

       
+

       



     

       

       
18

       
+

       
    patches = [ ./azure-agent-entropy.patch ];


     

       

       
19

       
+

       



     

       
17

       
20

       
 

       
    buildInputs = [ makeWrapper python pythonPackages.wrapPython ];


     

       
18

       
21

       
 

       
    runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh


     

       
19

       
22

       
 

       
                    nettools # for hostname


     
···

       
156

       
159

       
 

       
      before = [ "sshd.service" ];


     

       
157

       
160

       
 

       
    };


     

       
158

       
161

       
 

       



     

       

       
162

       
+

       
  systemd.services.consume-hypervisor-entropy =


     

       

       
163

       
+

       
    { description = "Consume entropy in ACPI table provided by Hyper-V";


     

       

       
164

       
+

       



     

       

       
165

       
+

       
      wantedBy = [ "sshd.service" "waagent.service" ];


     

       

       
166

       
+

       
      before = [ "sshd.service" "waagent.service" ];


     

       

       
167

       
+

       
      after = [ "local-fs.target" ];


     

       

       
168

       
+

       



     

       

       
169

       
+

       
      path  = [ pkgs.coreutils ];


     

       

       
170

       
+

       
      script =


     

       

       
171

       
+

       
        ''


     

       

       
172

       
+

       
          echo "Fetching entropy..."


     

       

       
173

       
+

       
          cat /sys/firmware/acpi/tables/OEM0 > /dev/random


     

       

       
174

       
+

       
        '';


     

       

       
175

       
+

       
      serviceConfig.Type = "oneshot";


     

       

       
176

       
+

       
      serviceConfig.RemainAfterExit = true;


     

       

       
177

       
+

       
      serviceConfig.StandardError = "journal+console";


     

       

       
178

       
+

       
      serviceConfig.StandardOutput = "journal+console";


     

       

       
179

       
+

       
     };


     

       
159

       
180

       
 

       



     

       
160

       
181

       
 

       
    systemd.services.waagent = {


     

       
161

       
182

       
 

       
      wantedBy = [ "sshd.service" ];