OK, I implemented approach (2) from the previous comment. The work consists of six steps, in two groups of three:
++ create system/systemd-random-seed-load.service ++ create system/systemd-random-seed-save.service -- get rid of the old system/systemd-random-seed.service ++ create system/sysinit.target.wants/systemd-random-seed-load.service ++ create system/shutdown.target.wants/systemd-random-seed-save.service -- get rid of the old system/sysinit.target.wants/systemd-random-seed.service The two new .service files are simple and straightforward. See attached patch. I retract my previous speculation about reimplementing the old systemd-random-seed.service because AFAICT it was only invoked from sysinit.target ... and anybody else who tried it almost certainly wasn't getting acceptable results. We must drop the whole idea of a systemd-random-seed "service" with an active state bookended by a single start-event and a single stop-event. That might have seemed elegant at first glance, but it did not capture the right semantics. It did not meet the security needs. Implementing two separate one-shot services does what is needed. It is close to the longstanding init.d/urandom behavior. ** Patch added: "two separate one-shot random-seed services" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1652381/+attachment/4796118/+files/random-seed.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1652381 Title: systematic way to refresh the random-seed again and again To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1652381/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
