Hello, Leo Famulari skribis: > In some cases, the applications require some random data before any > services are started, during activation. For example, our OpenSSH > service generates its host keys during activation. And even if it > generated host keys during the start of the OpenSSH service, that > service does not depend on urandom-seed-service. [0] > > In systemd, there is an abstract sysinit "target" that basically serves > as a checkpoint. All the lower-level system initialization is required > before the sysinit.target is met, and the rest of the services depend on > sysinit. The random seeding is part of sysinit. I've reproduced a graph > of this in [1]. There’s a ‘user-processes’ service that serves a similar purpose. With the attached patches ‘urandom-seed’ becomes a dependency of ‘user-processes’, meaning that daemons & co. start after ‘urandom-seed’. WDYT? > In practice, I'm not sure if it matters. I'd appreciate if GuixSD users > could check /var/log/messages for warnings like this one and report > them: > > random: application: uninitialized urandom read (16 bytes read) I don’t have any of these. I guess this is most likely to happen when running ‘ssh-keygen’ on startup, which isn’t the case on my machine. Ludo’.