Leo Famulari <l...@famulari.name> skribis:
> * gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
> ---
> gnu/services/base.scm | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/gnu/services/base.scm b/gnu/services/base.scm
> index a45f219..8ed40a4 100644
> --- a/gnu/services/base.scm
> +++ b/gnu/services/base.scm
> @@ -461,6 +461,7 @@ stopped before 'kill' is called."
> (call-with-input-file "/dev/urandom"
> (lambda (urandom)
> (get-bytevector-n! urandom buf 0 512)
> + (umask #o077)
> (call-with-output-file #$%random-seed-file
I think it’s safer to restore the umask afterwards, like:
(let ((previous-umask (umask #o077)))
…
(umask previous-umask))
Otherwise LGTM, thanks!
Ludo’.
