From 076c2552aeff88a27fe275dfaae61dedf4bb4bd5 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 24 Mar 2022 22:07:16 -0600 Subject: Use seedrng for seeding the random number generator The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenRC and tweaked as needed: https://git.zx2c4.com/seedrng/about/ This commit imports it into OpenRC and wires up /etc/init.d/urandom to call it. It shouldn't be called by other things on the system, so it lives in rc_sbindir. Closes #506. Closes #507. Signed-off-by: Jason A. Donenfeld --- conf.d/urandom | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'conf.d/urandom') diff --git a/conf.d/urandom b/conf.d/urandom index f721a249..744e4f70 100644 --- a/conf.d/urandom +++ b/conf.d/urandom @@ -2,4 +2,11 @@ # (say for crypt swap), so you will need to customize this # behavior. If you have /var on a separate partition, then # make sure this path lives on your root device somewhere. -urandom_seed="/var/lib/misc/random-seed" +seed_dir="/var/lib/seedrng" +lock_file="/var/run/seedrng.lock" + +# Set this to true if you do not want seed files to actually +# credit the RNG. Set this if you plan to replicate this +# file system image and do not have the wherewithal to first +# delete the contents of /var/lib/seedrng. +skip_credit="false" -- cgit v1.2.3