Skip to content

feat(agent): reseed verb — host-fed entropy, CRNG reseed, machine-id regen#4

Merged
CMGS merged 1 commit into
mainfrom
feat/reseed-verb
Jul 3, 2026
Merged

feat(agent): reseed verb — host-fed entropy, CRNG reseed, machine-id regen#4
CMGS merged 1 commit into
mainfrom
feat/reseed-verb

Conversation

@CMGS

@CMGS CMGS commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

What

New wire verb reseed — the second verb after exec. After a VM clone/restore, N guests share byte-identical snapshot memory, hence byte-identical CRNG state (colliding TLS keys/UUIDs). The host sends a reseed frame carrying fresh entropy; the agent:

  1. injects it via RNDADDENTROPY (hand-built rand_pool_info: entropy bits + buf size + payload, native-endian),
  2. forces RNDRESEEDCRNG,
  3. removes the stale /var/lib/systemd/random-seed,
  4. optionally regenerates /etc/machine-id (regen_machine_id — clone sets it, same-VM restore doesn't; skipped silently where the file doesn't exist, e.g. Android).

Response reuses the existing terminal frames (MsgExit/MsgError). Non-Linux GOOSes answer with a sentinel error (build-tag stub, same pattern as transport_other.go). Old agents reject the unknown frame type via the existing first-frame check — graceful degradation for free.

Client side: client.Reseed(ctx, conn, entropy, regenMachineID); the connection prologue shared with Run is extracted into openSession.

Validation

  • make lint: 0 issues × {linux, darwin, windows}
  • make test: agent 84.9% / client 21.2% coverage, race-enabled; new tests: dispatch (reseed first-frame, unknown-type rejection), protocol round-trip, client success/error/non-zero-exit
  • Reviewed line-by-line: rand_pool_info layout (bits vs bytes), single-fd ioctl sequence, one-terminal-frame invariant, ctx-cancel conn teardown

…regen

Cloned/restored VMs resume from byte-identical snapshot memory, so their
CRNG state (and /etc/machine-id) is identical across all clones unless
something perturbs it post-boot. Adds a second wire-protocol verb, reseed,
so the host can push fresh entropy and order a CRNG reseed (+ optional
machine-id regen) over the same vsock connection used for exec.
@CMGS CMGS merged commit 5b6b7a4 into main Jul 3, 2026
2 checks passed
@CMGS CMGS deleted the feat/reseed-verb branch July 3, 2026 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant