diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-03-24 22:07:16 -0600 |
|---|---|---|
| committer | William Hubbs <w.d.hubbs@gmail.com> | 2022-03-26 19:16:27 -0500 |
| commit | 076c2552aeff88a27fe275dfaae61dedf4bb4bd5 (patch) | |
| tree | ff7a18f569e7b433486a67c982f16194f35eb975 /init.d/urandom.in | |
| parent | 270e5c6828577e50830fd3b5662f2b3ec4fb6772 (diff) | |
Use seedrng for seeding the random number generator
The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like OpenRC and
tweaked as needed: https://git.zx2c4.com/seedrng/about/
This commit imports it into OpenRC and wires up /etc/init.d/urandom to
call it. It shouldn't be called by other things on the system, so it
lives in rc_sbindir.
Closes #506.
Closes #507.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'init.d/urandom.in')
| -rw-r--r-- | init.d/urandom.in | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/init.d/urandom.in b/init.d/urandom.in index 0d6ab66e..cda431fd 100644 --- a/init.d/urandom.in +++ b/init.d/urandom.in @@ -1,5 +1,5 @@ #!@SBINDIR@/openrc-run -# Copyright (c) 2007-2015 The OpenRC Authors. +# Copyright (c) 2007-2022 The OpenRC Authors. # See the Authors file at the top-level directory of this distribution and # https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS # @@ -9,7 +9,10 @@ # This file may not be copied, modified, propagated, or distributed # except according to the terms contained in the LICENSE file. -: ${urandom_seed:=${URANDOM_SEED:-/var/lib/misc/random-seed}} +export SEEDRNG_SEED_DIR="${seed_dir:-/var/lib/seedrng}" +export SEEDRNG_LOCK_FILE="${lock_file:-/var/run/seedrng.lock}" +export SEEDRNG_SKIP_CREDIT="${skip_credit:-false}" +: ${urandom_seed:=${SEEDRNG_SEED_DIR}/../misc/random-seed} description="Initializes the random number generator." depend() @@ -21,33 +24,35 @@ depend() save_seed() { - local psz=1 - - if [ -e /proc/sys/kernel/random/poolsize ]; then - : $(( psz = $(cat /proc/sys/kernel/random/poolsize) / 4096 )) - fi - ( # sub shell to prevent umask pollution umask 077 - dd if=/dev/urandom of="$urandom_seed" count=${psz} 2>/dev/null + dd if=/dev/urandom of="$urandom_seed" count=1 2>/dev/null ) } start() { - [ -c /dev/urandom ] || return - if [ -f "$urandom_seed" ]; then - ebegin "Initializing random number generator" - cat "$urandom_seed" > /dev/urandom - eend $? "Error initializing random number generator" + if [ "$RC_UNAME" = Linux ]; then + seedrng + else + [ -c /dev/urandom ] || return + if [ -f "$urandom_seed" ]; then + ebegin "Initializing random number generator" + cat "$urandom_seed" > /dev/urandom + eend $? "Error initializing random number generator" + fi + rm -f "$urandom_seed" && save_seed fi - rm -f "$urandom_seed" && save_seed return 0 } stop() { - ebegin "Saving random seed" - save_seed - eend $? "Failed to save random seed" + if [ "$RC_UNAME" = Linux ]; then + seedrng + else + ebegin "Saving random seed" + save_seed + eend $? "Failed to save random seed" + fi } |