diff --git a/package/urandom-scripts/Config.in b/package/urandom-scripts/Config.in index 987e442e22..6b4a609f95 100644 --- a/package/urandom-scripts/Config.in +++ b/package/urandom-scripts/Config.in @@ -1,10 +1,7 @@ config BR2_PACKAGE_URANDOM_SCRIPTS bool "urandom-initscripts" default y if BR2_PACKAGE_INITSCRIPTS + depends on BR2_PACKAGE_BUSYBOX depends on !BR2_PACKAGE_SYSTEMD help Initscript to preserve the random seed between reboots. - - WARNING: this is a poor fit to try and get high-quality - entropy at boot. There are better ways, like haveged, or - rng-tools. diff --git a/package/urandom-scripts/S20seedrng b/package/urandom-scripts/S20seedrng new file mode 100644 index 0000000000..0fea0bea83 --- /dev/null +++ b/package/urandom-scripts/S20seedrng @@ -0,0 +1,40 @@ +#! /bin/sh +# +# Preserve the random seed between reboots. See urandom(4). +# +# This script can be called multiple times during operation (e.g. with +# "reload" argument) to refresh the seed. + +# The following arguments can be added to SEEDRNG_ARGS in +# /etc/default/seedrng: +# --seed-dir=/path/to/seed/directory +# Path to the directory where the seed and the lock files are stored. +# for optimal operation, this should be a persistent, writeable +# location. Default is /var/lib/seedrng +# +# --skip-credit +# Set this to true only if you do not want seed files to actually +# credit the RNG, for example if you plan to replicate this file +# system image and do not have the wherewithal to first delete the +# contents of /var/lib/seedrng. +# +# Example: +# SEEDRNG_ARGS="--seed-dir=/data/seedrng --skip-credit" +# + +DAEMON="seedrng" +SEEDRNG_ARGS="" + +# shellcheck source=/dev/null +[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON" + +case "$1" in + start|stop|restart|reload) + # Never fail, as this isn't worth making a fuss + # over if it doesn't go as planned. + # shellcheck disable=SC2086 # we need the word splitting + seedrng $SEEDRNG_ARGS || true;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/package/urandom-scripts/S20urandom b/package/urandom-scripts/S20urandom deleted file mode 100644 index 6c6aea9eee..0000000000 --- a/package/urandom-scripts/S20urandom +++ /dev/null @@ -1,70 +0,0 @@ -#! /bin/sh -# -# Preserve the random seed between reboots. See urandom(4). -# - -# Quietly do nothing if /dev/urandom does not exist -[ -c /dev/urandom ] || exit 0 - -URANDOM_SEED="/var/lib/random-seed" - -# shellcheck source=/dev/null -[ -r "/etc/default/urandom" ] && . "/etc/default/urandom" - -if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then - pool_size=$((pool_bits/8)) -else - pool_size=512 -fi - -init_rng() { - [ -f "$URANDOM_SEED" ] || return 0 - printf 'Initializing random number generator: ' - dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null - status=$? - if [ "$status" -eq 0 ]; then - echo "OK" - else - echo "FAIL" - fi - return "$status" -} - -save_random_seed() { - printf 'Saving random seed: ' - status=1 - if touch "$URANDOM_SEED.new" 2> /dev/null; then - old_umask=$(umask) - umask 077 - dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null - cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \ - | sha256sum \ - | cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \ - mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0 - rm -f "$URANDOM_SEED.tmp" - umask "$old_umask" - if [ "$status" -eq 0 ]; then - echo "OK" - else - echo "FAIL" - fi - - else - echo "SKIP (read-only file system detected)" - fi - return "$status" -} - -case "$1" in - start|restart|reload) - # Carry a random seed from start-up to start-up - # Load and then save the whole entropy pool - init_rng && save_random_seed;; - stop) - # Carry a random seed from shut-down to start-up - # Save the whole entropy pool - save_random_seed;; - *) - echo "Usage: $0 {start|stop|restart|reload}" - exit 1 -esac diff --git a/package/urandom-scripts/urandom-scripts.mk b/package/urandom-scripts/urandom-scripts.mk index 2c09728c46..32f3e09343 100644 --- a/package/urandom-scripts/urandom-scripts.mk +++ b/package/urandom-scripts/urandom-scripts.mk @@ -5,8 +5,8 @@ ################################################################################ define URANDOM_SCRIPTS_INSTALL_INIT_SYSV - $(INSTALL) -D -m 0755 $(URANDOM_SCRIPTS_PKGDIR)/S20urandom \ - $(TARGET_DIR)/etc/init.d/S20urandom + $(INSTALL) -D -m 0755 $(URANDOM_SCRIPTS_PKGDIR)/S20seedrng \ + $(TARGET_DIR)/etc/init.d/S20seedrng endef $(eval $(generic-package))