From 97b1857ba47f0e94896976028e99a3275328c819 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 29 Apr 2020 19:33:04 +0000 Subject: [PATCH] random: Initialise the kernel's PRNG earlier Since more processes depend on good randomness, we need to make sure that the kernel's PRNG is initialized as early as possible. For systems without a HWRNG, we will need to fall back to our noisy loop and wait until we have enough randomness. This patch also removes saving and restoring the seed. This is no longer useful because the kernel's PRNG only takes any input after it has successfully been seeded from other sources. Hence adding this seed does not increase its randomness. Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- config/rootfiles/common/aarch64/initscripts | 4 +--- config/rootfiles/common/armv5tel/initscripts | 4 +--- config/rootfiles/common/i586/initscripts | 4 +--- config/rootfiles/common/x86_64/initscripts | 4 +--- lfs/initscripts | 4 +--- src/initscripts/system/random | 21 +------------------- 6 files changed, 6 insertions(+), 35 deletions(-) diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index d6f13224a9..8d945f7a5a 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S11unbound @@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index d6f13224a9..8d945f7a5a 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S11unbound @@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 2db7f1aa3f..996925b7af 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S12acpid @@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 2db7f1aa3f..996925b7af 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S12acpid @@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/lfs/initscripts b/lfs/initscripts index ba6c9f9136..242de60e5d 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -126,9 +126,6 @@ $(TARGET) : ln -sf ../init.d/unbound /etc/rc.d/rc0.d/K86unbound ln -sf ../init.d/unbound /etc/rc.d/rc3.d/S11unbound ln -sf ../init.d/unbound /etc/rc.d/rc6.d/K86unbound - ln -sf ../init.d/random /etc/rc.d/rc0.d/K45random - ln -sf ../init.d/random /etc/rc.d/rc3.d/S00random - ln -sf ../init.d/random /etc/rc.d/rc6.d/K45random ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local ln -sf ../init.d/client175 /etc/rc.d/rc0.d/K34client175 ln -sf ../init.d/client175 /etc/rc.d/rc3.d/S66client175 @@ -174,6 +171,7 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd + ln -sf ../init.d/random /etc/rc.d/rcsysinit.d/S66random ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/src/initscripts/system/random b/src/initscripts/system/random index 1f825cd183..489c7dac90 100644 --- a/src/initscripts/system/random +++ b/src/initscripts/system/random @@ -22,29 +22,10 @@ case "$1" in sync rm -f /var/tmp/random-tmpfile done; - - boot_mesg "\rInitializing kernel random number generator..." - if [ -f /var/tmp/random-seed ]; then - /bin/cat /var/tmp/random-seed >/dev/urandom - fi - touch /var/tmp/random-seed - chmod 600 /var/tmp/random-seed - /bin/dd if=/dev/urandom of=/var/tmp/random-seed \ - count=1 bs=$poolsize &>/dev/null - evaluate_retval - ;; - - stop) - boot_mesg "Saving random seed..." - touch /var/tmp/random-seed - chmod 600 /var/tmp/random-seed - /bin/dd if=/dev/urandom of=/var/tmp/random-seed \ - count=1 bs=$poolsize &>/dev/null - evaluate_retval ;; *) - echo "Usage: $0 {start|stop}" + echo "Usage: $0 {start}" exit 1 ;; esac -- 2.39.2