diff options
| author | William Hubbs <w.d.hubbs@gmail.com> | 2022-03-30 11:15:13 -0500 |
|---|---|---|
| committer | William Hubbs <w.d.hubbs@gmail.com> | 2022-03-30 22:07:35 -0500 |
| commit | 0fb11190fa5911f6f9c20c38e74a664826157a34 (patch) | |
| tree | 29649ac0c1724e0cb7c9d9e823587fbd5798d55f /conf.d | |
| parent | df18158e60dc6bfe9a77ac7d1b48417f808f5b11 (diff) | |
add seedrng service for Linux
This moves urandom to *bsd only and adds seedrng as a separate service
for Linux.
This fixes #510
Diffstat (limited to 'conf.d')
| -rw-r--r-- | conf.d/Makefile | 6 | ||||
| -rw-r--r-- | conf.d/meson.build | 4 | ||||
| -rw-r--r-- | conf.d/seedrng | 17 | ||||
| -rw-r--r-- | conf.d/urandom | 9 |
4 files changed, 24 insertions, 12 deletions
diff --git a/conf.d/Makefile b/conf.d/Makefile index 64168374..6d2e7de1 100644 --- a/conf.d/Makefile +++ b/conf.d/Makefile @@ -1,7 +1,7 @@ include ../mk/net.mk DIR= ${CONFDIR} -CONF= bootmisc fsck hostname localmount netmount swap urandom ${CONF-${OS}} +CONF= bootmisc fsck hostname localmount netmount swap ${CONF-${OS}} ifeq (${MKNET},yes) CONF+= network staticroute @@ -10,11 +10,11 @@ endif MK= ../mk include ${MK}/os.mk -CONF-FreeBSD= ipfw modules moused powerd rarpd savecore syscons +CONF-FreeBSD= ipfw modules moused powerd rarpd savecore syscons urandom CONF-Linux= agetty consolefont devfs dmesg hwclock keymaps killprocs modules \ mtab net-online -CONF-NetBSD= moused rarpd savecore +CONF-NetBSD= moused rarpd savecore urandom include ${MK}/scripts.mk diff --git a/conf.d/meson.build b/conf.d/meson.build index ddb056a4..ce704180 100644 --- a/conf.d/meson.build +++ b/conf.d/meson.build @@ -7,7 +7,6 @@ conf_common = [ 'localmount', 'netmount', 'swap', - 'urandom', ] conf_net = [ @@ -23,6 +22,7 @@ conf_FreeBSD = [ 'rarpd', 'savecore', 'syscons', + 'urandom', ] conf_Linux = [ @@ -36,12 +36,14 @@ conf_Linux = [ 'modules', 'mtab', 'net-online', + 'seedrng', ] conf_NetBSD = [ 'moused', 'rarpd', 'savecore', + 'urandom', ] conf_data = conf_common diff --git a/conf.d/seedrng b/conf.d/seedrng new file mode 100644 index 00000000..61670504 --- /dev/null +++ b/conf.d/seedrng @@ -0,0 +1,17 @@ +# The convention in this file is to show the default settings +# commented out. +# +# Sometimes you want to have urandom start before "localmount" +# (say for crypt swap), so you will need to customize this +# behavior. If you have /var on a separate partition, make sure paths +# under /var are adjusted to point to locations on your +# root device. +# +# Set skip_credit to yes or true if you do not want seed files to +# actually credit the random number generator. +# For example, you should set this if you plan to replicate the file +# system image without removing the contents of ${seed_dir}. +# +# lock_file=/var/run/seedrng.lock +# seed_dir=/var/lib/seedrng +# skip_credit=no diff --git a/conf.d/urandom b/conf.d/urandom index 744e4f70..f721a249 100644 --- a/conf.d/urandom +++ b/conf.d/urandom @@ -2,11 +2,4 @@ # (say for crypt swap), so you will need to customize this # behavior. If you have /var on a separate partition, then # make sure this path lives on your root device somewhere. -seed_dir="/var/lib/seedrng" -lock_file="/var/run/seedrng.lock" - -# Set this to true if you do not want seed files to actually -# credit the RNG. Set this if you plan to replicate this -# file system image and do not have the wherewithal to first -# delete the contents of /var/lib/seedrng. -skip_credit="false" +urandom_seed="/var/lib/misc/random-seed" |