[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 483803413129ae3999d334b8972bb3daa71f0c9e

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 483803413129ae3999d334b8972bb3daa71f0c9e
@ 2018-06-29 15:08 git
  0 siblings, 0 replies; only message in thread
From: git @ 2018-06-29 15:08 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 9078 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  483803413129ae3999d334b8972bb3daa71f0c9e (commit)
      from  3069380c4189a1d875717441d88082286a85586b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 483803413129ae3999d334b8972bb3daa71f0c9e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Thu Jun 28 20:36:32 2018 +0200

    random: update initskript for machines with low entropy
    
    the script wait until crng is correct initialized before restore the
    random seed and make some disc io to work around low entropy at boot
    on some machines. Not really a fix but it should be better than reverting
    CVE-2018-1108 fixes from kernel.
    
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/common/aarch64/initscripts  |  2 +-
 config/rootfiles/common/armv5tel/initscripts |  2 +-
 config/rootfiles/common/i586/initscripts     |  2 +-
 config/rootfiles/common/x86_64/initscripts   |  2 +-
 config/rootfiles/core/122/filelists/files    |  1 +
 config/rootfiles/core/122/update.sh          |  2 ++
 lfs/initscripts                              |  5 ++--
 src/initscripts/system/random                | 35 +++++++++++++++++++++-------
 8 files changed, 35 insertions(+), 16 deletions(-)

Difference in files:
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index 9e9e1a71a..97ba5ad65 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -117,6 +117,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S11unbound
@@ -130,7 +131,6 @@ etc/rc.d/rc3.d/S19wlanclient
 etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 9e9e1a71a..97ba5ad65 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -117,6 +117,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S11unbound
@@ -130,7 +131,6 @@ etc/rc.d/rc3.d/S19wlanclient
 etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index cc0e4580d..ab8d4f108 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -116,6 +116,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S12acpid
@@ -129,7 +130,6 @@ etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S11unbound
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index cc0e4580d..ab8d4f108 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -116,6 +116,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S12acpid
@@ -129,7 +130,6 @@ etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S11unbound
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
diff --git a/config/rootfiles/core/122/filelists/files b/config/rootfiles/core/122/filelists/files
index f7c692d8b..d87145961 100644
--- a/config/rootfiles/core/122/filelists/files
+++ b/config/rootfiles/core/122/filelists/files
@@ -5,6 +5,7 @@ etc/rc.d/init.d/collectd
 etc/rc.d/init.d/firstsetup
 etc/rc.d/init.d/leds
 etc/rc.d/init.d/partresize
+etc/rc.d/init.d/random
 etc/rc.d/rc0.d/K87acpid
 etc/rc.d/rc3.d/S12acpid
 etc/rc.d/rc6.d/K87acpid
diff --git a/config/rootfiles/core/122/update.sh b/config/rootfiles/core/122/update.sh
index 3e8cab693..bb38696c4 100644
--- a/config/rootfiles/core/122/update.sh
+++ b/config/rootfiles/core/122/update.sh
@@ -117,6 +117,8 @@ if [ -e /boot/pakfire-kernel-update ]; then
 	/boot/pakfire-kernel-update ${KVER}
 fi
 
+mv /etc/rc.d/rc3.d/S??random /etc/rc.d/rc3.d/S00random
+
 case "$(uname -m)" in
 	i?86)
 		# Force (re)install pae kernel if pae is supported
diff --git a/lfs/initscripts b/lfs/initscripts
index 0d7f40cad..848540680 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2016  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2018  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -16,7 +16,6 @@
 # You should have received a copy of the GNU General Public License           #
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
 #                                                                             #
-###############################################################################
 
 ###############################################################################
 # Definitions
@@ -131,7 +130,7 @@ $(TARGET) :
 	ln -sf ../init.d/unbound     /etc/rc.d/rc3.d/S11unbound
 	ln -sf ../init.d/unbound     /etc/rc.d/rc6.d/K79unbound
 	ln -sf ../init.d/random      /etc/rc.d/rc0.d/K45random
-	ln -sf ../init.d/random      /etc/rc.d/rc3.d/S25random
+	ln -sf ../init.d/random      /etc/rc.d/rc3.d/S00random
 	ln -sf ../init.d/random      /etc/rc.d/rc6.d/K45random
 	ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local
 	ln -sf ../init.d/client175   /etc/rc.d/rc0.d/K34client175
diff --git a/src/initscripts/system/random b/src/initscripts/system/random
index 57aef99d4..1f825cd18 100644
--- a/src/initscripts/system/random
+++ b/src/initscripts/system/random
@@ -1,28 +1,45 @@
 #!/bin/sh
-# Begin $rc_base/init.d/random
-
-# Based on sysklogd script from LFS-3.1 and earlier.
-# Rewritten by Gerard Beekmans  - gerard(a)linuxfromscratch.org
-# Random script elements by Larry Lawrence
-
 . /etc/sysconfig/rc
 . $rc_functions
 
+if [ -e /proc/sys/kernel/random/poolsize ]; then
+	poolsize=$(</proc/sys/kernel/random/poolsize);
+	poolsize=$(expr $poolsize / 8 );
+else
+	poolsize=512;
+fi
+
 case "$1" in
 	start)
-		boot_mesg "Initializing kernel random number generator..."
+
+		#CRNG init need 128bit so wait until there is more)
+		avail=$(</proc/sys/kernel/random/entropy_avail)
+		while [ $avail -lt 130 ]; do
+			avail=$(</proc/sys/kernel/random/entropy_avail)
+			boot_mesg -n "\rWait for entropy: $avail/130   "
+			# Generate some disc access to gather entropy
+			echo  avail > /var/tmp/random-tmpfile
+			sync
+			rm -f /var/tmp/random-tmpfile
+		done;
+
+		boot_mesg "\rInitializing kernel random number generator..."
 		if [ -f /var/tmp/random-seed ]; then
 			/bin/cat /var/tmp/random-seed >/dev/urandom
 		fi
+		touch /var/tmp/random-seed
+		chmod 600 /var/tmp/random-seed
 		/bin/dd if=/dev/urandom of=/var/tmp/random-seed \
-			count=4 &>/dev/null
+			count=1 bs=$poolsize &>/dev/null
 		evaluate_retval
 		;;
 
 	stop)
 		boot_mesg "Saving random seed..."
+		touch /var/tmp/random-seed
+		chmod 600 /var/tmp/random-seed
 		/bin/dd if=/dev/urandom of=/var/tmp/random-seed \
-			count=4 &>/dev/null
+			count=1 bs=$poolsize &>/dev/null
 		evaluate_retval
 		;;
 


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2018-06-29 15:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-29 15:08 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 483803413129ae3999d334b8972bb3daa71f0c9e git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox