Since more processes depend on good randomness, we need to make sure that the kernel's PRNG is initialized as early as possible.
For systems without a HWRNG, we will need to fall back to our noisy loop and wait until we have enough randomness.
This patch also removes saving and restoring the seed. This is no longer useful because the kernel's PRNG only takes any input after it has successfully been seeded from other sources.
Hence adding this seed does not increase its randomness.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/rootfiles/common/aarch64/initscripts | 4 +--- config/rootfiles/common/armv5tel/initscripts | 4 +--- config/rootfiles/common/i586/initscripts | 4 +--- config/rootfiles/common/x86_64/initscripts | 4 +--- lfs/initscripts | 4 +--- src/initscripts/system/random | 21 +------------------- 6 files changed, 6 insertions(+), 35 deletions(-)
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index d6f13224a..8d945f7a5 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S11unbound @@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index d6f13224a..8d945f7a5 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S11unbound @@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 2db7f1aa3..996925b7a 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S12acpid @@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 2db7f1aa3..996925b7a 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S12acpid @@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/lfs/initscripts b/lfs/initscripts index ba6c9f913..242de60e5 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -126,9 +126,6 @@ $(TARGET) : ln -sf ../init.d/unbound /etc/rc.d/rc0.d/K86unbound ln -sf ../init.d/unbound /etc/rc.d/rc3.d/S11unbound ln -sf ../init.d/unbound /etc/rc.d/rc6.d/K86unbound - ln -sf ../init.d/random /etc/rc.d/rc0.d/K45random - ln -sf ../init.d/random /etc/rc.d/rc3.d/S00random - ln -sf ../init.d/random /etc/rc.d/rc6.d/K45random ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local ln -sf ../init.d/client175 /etc/rc.d/rc0.d/K34client175 ln -sf ../init.d/client175 /etc/rc.d/rc3.d/S66client175 @@ -174,6 +171,7 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd + ln -sf ../init.d/random /etc/rc.d/rcsysinit.d/S66random ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/src/initscripts/system/random b/src/initscripts/system/random index 1f825cd18..489c7dac9 100644 --- a/src/initscripts/system/random +++ b/src/initscripts/system/random @@ -22,29 +22,10 @@ case "$1" in sync rm -f /var/tmp/random-tmpfile done; - - boot_mesg "\rInitializing kernel random number generator..." - if [ -f /var/tmp/random-seed ]; then - /bin/cat /var/tmp/random-seed >/dev/urandom - fi - touch /var/tmp/random-seed - chmod 600 /var/tmp/random-seed - /bin/dd if=/dev/urandom of=/var/tmp/random-seed \ - count=1 bs=$poolsize &>/dev/null - evaluate_retval - ;; - - stop) - boot_mesg "Saving random seed..." - touch /var/tmp/random-seed - chmod 600 /var/tmp/random-seed - /bin/dd if=/dev/urandom of=/var/tmp/random-seed \ - count=1 bs=$poolsize &>/dev/null - evaluate_retval ;;
*) - echo "Usage: $0 {start|stop}" + echo "Usage: $0 {start}" exit 1 ;; esac