qubes-random-seed system service starts too late / audit interaction with systemd-random-seed

[adrelanos]

It's currently not very fixed when it will have actually finished being loaded. It should block other services from starting until it is done. Similar to systemd-random-seed.

For inspiration, we can look into systemd-random-seed.

cat /lib/systemd/system/systemd-random-seed.service

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Load/Save Random Seed
Documentation=man:systemd-random-seed.service(8) man:random(4)
DefaultDependencies=no
RequiresMountsFor=/var/lib/systemd/random-seed
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service
Before=sysinit.target shutdown.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/lib/systemd/systemd-random-seed load
ExecStop=/lib/systemd/systemd-random-seed save

To be compared with...

cat /lib/systemd/system/qubes-random-seed.service

[Unit]
Description=Qubes Random Seed
DefaultDependencies=no
After=qubes-db.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/qubes/init/qubes-random-seed.sh

[Install]
WantedBy=sysinit.target

• a) We could either make it similar to systemd-random-seed.service.
• b) Use a systemd drop-in file using ExecStartPre, ExecStartPost, ExecStart and/or ExecStop.

I think a systemd drop-in file might be the better solution. It would sort out the interaction with systemd-random-seed. And should systemd or systemd-random-seed changes require making it loading earlier again, it eases maintenance effort.

[marmarek]

Do I understand correctly that you want to replace ExecStart in systemd-random-seed?

[marmarek]

Do I understand correctly that you want to replace ExecStart in systemd-random-seed?

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.8-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.8-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.8-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.8-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.2.8-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.2.8-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.2.8-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.2.8-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[adrelanos]

Somehow I did not get an e-mail notification about this earlier.

@marmarek

Do I understand correctly that you want to replace ExecStart in systemd-random-seed?

Created #2179 for it.

[adrelanos]

Somehow I did not get an e-mail notification about this earlier.

@marmarek

Do I understand correctly that you want to replace ExecStart in systemd-random-seed?

Created #2179 for it.

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.9-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.9-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.9-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.9-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.2.10-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-agent_3.2.10-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update