> Watching a fresh system boot repeatedly, I noticed that the host keys > always seem to be generated immediately after Linux reports "random: > crng init done". > > To me, this suggests that OpenSSH is using the getrandom() syscall. If > so, any GuixSD host keys created with glibc >= 2.25 and OpenSSH >= 7.2 > should be unpredictable. But I'm not sure if that's what's happening or > not. Nice. The problem though is that ‘ssh-keygen -A’ runs from the activation snippet, which itself runs before shepherd is started. To work around that, we should either introduce a separate ‘ssh-keygen’ service that ‘ssh-daemon’ would depend on, or invoke ‘ssh-keygen’ from the ‘start’ method of the ‘ssh-daemon’ service. >> +(define (user-processes-shepherd-service requirements) >> + "Return the 'user-processes' Shepherd service with dependencies on >> +REQUIREMENTS (a list of service names). >> + >> +This is a synchronization point used to make sure user processes and daemons >> +get started only after crucial initial services have been started---file >> +system mounts, etc. This is similar to 'target' in systemd." > > To clarify, user-processes may be similar to the sysinit target in > systemd. Systemd targets are sort of like run-levels, and there are > several of them, such as the multi-user target, the graphical target, > etc. Indeed, I’ve fixed it locally. If that’s OK I’ll push these patches later today. Thank you, Ludo’.