From 0fb11190fa5911f6f9c20c38e74a664826157a34 Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Wed, 30 Mar 2022 11:15:13 -0500 Subject: add seedrng service for Linux This moves urandom to *bsd only and adds seedrng as a separate service for Linux. This fixes #510 --- conf.d/Makefile | 6 +++--- conf.d/meson.build | 4 +++- conf.d/seedrng | 17 +++++++++++++++++ conf.d/urandom | 9 +-------- 4 files changed, 24 insertions(+), 12 deletions(-) create mode 100644 conf.d/seedrng (limited to 'conf.d') diff --git a/conf.d/Makefile b/conf.d/Makefile index 64168374..6d2e7de1 100644 --- a/conf.d/Makefile +++ b/conf.d/Makefile @@ -1,7 +1,7 @@ include ../mk/net.mk DIR= ${CONFDIR} -CONF= bootmisc fsck hostname localmount netmount swap urandom ${CONF-${OS}} +CONF= bootmisc fsck hostname localmount netmount swap ${CONF-${OS}} ifeq (${MKNET},yes) CONF+= network staticroute @@ -10,11 +10,11 @@ endif MK= ../mk include ${MK}/os.mk -CONF-FreeBSD= ipfw modules moused powerd rarpd savecore syscons +CONF-FreeBSD= ipfw modules moused powerd rarpd savecore syscons urandom CONF-Linux= agetty consolefont devfs dmesg hwclock keymaps killprocs modules \ mtab net-online -CONF-NetBSD= moused rarpd savecore +CONF-NetBSD= moused rarpd savecore urandom include ${MK}/scripts.mk diff --git a/conf.d/meson.build b/conf.d/meson.build index ddb056a4..ce704180 100644 --- a/conf.d/meson.build +++ b/conf.d/meson.build @@ -7,7 +7,6 @@ conf_common = [ 'localmount', 'netmount', 'swap', - 'urandom', ] conf_net = [ @@ -23,6 +22,7 @@ conf_FreeBSD = [ 'rarpd', 'savecore', 'syscons', + 'urandom', ] conf_Linux = [ @@ -36,12 +36,14 @@ conf_Linux = [ 'modules', 'mtab', 'net-online', + 'seedrng', ] conf_NetBSD = [ 'moused', 'rarpd', 'savecore', + 'urandom', ] conf_data = conf_common diff --git a/conf.d/seedrng b/conf.d/seedrng new file mode 100644 index 00000000..61670504 --- /dev/null +++ b/conf.d/seedrng @@ -0,0 +1,17 @@ +# The convention in this file is to show the default settings +# commented out. +# +# Sometimes you want to have urandom start before "localmount" +# (say for crypt swap), so you will need to customize this +# behavior. If you have /var on a separate partition, make sure paths +# under /var are adjusted to point to locations on your +# root device. +# +# Set skip_credit to yes or true if you do not want seed files to +# actually credit the random number generator. +# For example, you should set this if you plan to replicate the file +# system image without removing the contents of ${seed_dir}. +# +# lock_file=/var/run/seedrng.lock +# seed_dir=/var/lib/seedrng +# skip_credit=no diff --git a/conf.d/urandom b/conf.d/urandom index 744e4f70..f721a249 100644 --- a/conf.d/urandom +++ b/conf.d/urandom @@ -2,11 +2,4 @@ # (say for crypt swap), so you will need to customize this # behavior. If you have /var on a separate partition, then # make sure this path lives on your root device somewhere. -seed_dir="/var/lib/seedrng" -lock_file="/var/run/seedrng.lock" - -# Set this to true if you do not want seed files to actually -# credit the RNG. Set this if you plan to replicate this -# file system image and do not have the wherewithal to first -# delete the contents of /var/lib/seedrng. -skip_credit="false" +urandom_seed="/var/lib/misc/random-seed" -- cgit v1.2.3