Use seedrng for seeding the random number generator

The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenRC and tweaked as needed: https://git.zx2c4.com/seedrng/about/ This commit imports it into OpenRC and wires up /etc/init.d/urandom to call it. It shouldn't be called by other things on the system, so it lives in rc_sbindir. Closes #506. Closes #507. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2022-03-24 22:07:16 -0600
committer: William Hubbs <w.d.hubbs@gmail.com> 2022-03-26 19:16:27 -0500
commit: 076c2552aeff88a27fe275dfaae61dedf4bb4bd5 (patch)
tree: ff7a18f569e7b433486a67c982f16194f35eb975 /conf.d
parent: 270e5c6828577e50830fd3b5662f2b3ec4fb6772 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/conf.d/urandom b/conf.d/urandom
index f721a249..744e4f70 100644
--- a/conf.d/urandom
+++ b/conf.d/urandom
@@ -2,4 +2,11 @@
 # (say for crypt swap), so you will need to customize this
 # behavior.  If you have /var on a separate partition, then
 # make sure this path lives on your root device somewhere.
-urandom_seed="/var/lib/misc/random-seed"
+seed_dir="/var/lib/seedrng"
+lock_file="/var/run/seedrng.lock"
+
+# Set this to true if you do not want seed files to actually
+# credit the RNG. Set this if you plan to replicate this
+# file system image and do not have the wherewithal to first
+# delete the contents of /var/lib/seedrng.
+skip_credit="false"
author	Jason A. Donenfeld <Jason@zx2c4.com>	2022-03-24 22:07:16 -0600
committer	William Hubbs <w.d.hubbs@gmail.com>	2022-03-26 19:16:27 -0500
commit	076c2552aeff88a27fe275dfaae61dedf4bb4bd5 (patch)
tree	ff7a18f569e7b433486a67c982f16194f35eb975 /conf.d
parent	270e5c6828577e50830fd3b5662f2b3ec4fb6772 (diff)