diff options
author | Petr Štetiar <ynezz@true.cz> | 2019-05-20 16:38:33 +0200 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2019-06-11 08:06:28 +0200 |
commit | 27bfde9c9f789dbfabebf13047e8b042c27cdeef (patch) | |
tree | dc9c5f7d394cfb157755a7dde448653aa3166c24 /package/system | |
parent | 9b4de712cae9b3d745ea4331a804242505f58619 (diff) | |
download | upstream-27bfde9c9f789dbfabebf13047e8b042c27cdeef.tar.gz upstream-27bfde9c9f789dbfabebf13047e8b042c27cdeef.tar.bz2 upstream-27bfde9c9f789dbfabebf13047e8b042c27cdeef.zip |
base-files: move urandom seed bits into separate package
So it's possible to install or remove it as needed.
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'package/system')
4 files changed, 88 insertions, 0 deletions
diff --git a/package/system/urandom-seed/Makefile b/package/system/urandom-seed/Makefile new file mode 100644 index 0000000000..6bde2e0b8a --- /dev/null +++ b/package/system/urandom-seed/Makefile @@ -0,0 +1,32 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=urandom-seed +PKG_VERSION:=1.0 +PKG_RELEASE:=1 +PKG_LICENSE:=GPL-2.0 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=base + CATEGORY:=Base system + DEPENDS:=+getrandom + TITLE:=/etc/urandom.seed handling for OpenWrt + URL:=http://openwrt.org/ +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Compile/Default +endef +Build/Compile = $(Build/Compile/Default) + +define Package/$(PKG_NAME)/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,urandom-seed)) diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed b/package/system/urandom-seed/files/etc/init.d/urandom_seed new file mode 100755 index 0000000000..17d9c13400 --- /dev/null +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed @@ -0,0 +1,12 @@ +#!/bin/sh /etc/rc.common + +START=99 +USE_PROCD=1 + +start_service() { + procd_open_instance "urandom_seed" + procd_set_param command "/sbin/urandom_seed" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed new file mode 100644 index 0000000000..26212c60b5 --- /dev/null +++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed @@ -0,0 +1,24 @@ +#!/bin/sh + +log_urandom_seed() { + echo "urandom-seed: $1" > /dev/kmsg +} + +_do_urandom_seed() { + [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; } + [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner / permissions for $1"; return; } + + log_urandom_seed "Seeding with $1" + cat "$1" > /dev/urandom +} + +do_urandom_seed() { + [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; } + + _do_urandom_seed "/etc/urandom.seed" + + SEED="$(uci -q get system.@system[0].urandom_seed)" + [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] && _do_urandom_seed "$SEED" +} + +boot_hook_add preinit_main do_urandom_seed diff --git a/package/system/urandom-seed/files/sbin/urandom_seed b/package/system/urandom-seed/files/sbin/urandom_seed new file mode 100755 index 0000000000..7043e8af4e --- /dev/null +++ b/package/system/urandom-seed/files/sbin/urandom_seed @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT + +save() { + touch "$1.tmp" + chown root:root "$1.tmp" + chmod 600 "$1.tmp" + getrandom 512 > "$1.tmp" + mv "$1.tmp" "$1" + echo "Seed saved ($1)" +} + +SEED="$(uci -q get system.@system[0].urandom_seed || true)" +[ "${SEED:0:1}" = "/" ] && save "$SEED" + +SEED=/etc/urandom.seed +[ ! -f $SEED ] && save "$SEED" +true |