From f573d3de118476879d4a600b3216a1b49b87cdf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 20 May 2019 16:38:33 +0200 Subject: base-files: move urandom seed bits into separate package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit So it's possible to install or remove it as needed. Tested-by: Lucian Cristian Signed-off-by: Petr Štetiar (cherry picked from commit 27bfde9c9f789dbfabebf13047e8b042c27cdeef) --- package/system/urandom-seed/Makefile | 32 ++++++++++++++++++++++ .../urandom-seed/files/etc/init.d/urandom_seed | 12 ++++++++ .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 ++++++++++++++++ .../system/urandom-seed/files/sbin/urandom_seed | 20 ++++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 package/system/urandom-seed/Makefile create mode 100755 package/system/urandom-seed/files/etc/init.d/urandom_seed create mode 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed create mode 100755 package/system/urandom-seed/files/sbin/urandom_seed (limited to 'package/system') diff --git a/package/system/urandom-seed/Makefile b/package/system/urandom-seed/Makefile new file mode 100644 index 0000000000..6bde2e0b8a --- /dev/null +++ b/package/system/urandom-seed/Makefile @@ -0,0 +1,32 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=urandom-seed +PKG_VERSION:=1.0 +PKG_RELEASE:=1 +PKG_LICENSE:=GPL-2.0 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=base + CATEGORY:=Base system + DEPENDS:=+getrandom + TITLE:=/etc/urandom.seed handling for OpenWrt + URL:=http://openwrt.org/ +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Compile/Default +endef +Build/Compile = $(Build/Compile/Default) + +define Package/$(PKG_NAME)/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,urandom-seed)) diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed b/package/system/urandom-seed/files/etc/init.d/urandom_seed new file mode 100755 index 0000000000..17d9c13400 --- /dev/null +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed @@ -0,0 +1,12 @@ +#!/bin/sh /etc/rc.common + +START=99 +USE_PROCD=1 + +start_service() { + procd_open_instance "urandom_seed" + procd_set_param command "/sbin/urandom_seed" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed new file mode 100644 index 0000000000..26212c60b5 --- /dev/null +++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed @@ -0,0 +1,24 @@ +#!/bin/sh + +log_urandom_seed() { + echo "urandom-seed: $1" > /dev/kmsg +} + +_do_urandom_seed() { + [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; } + [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner / permissions for $1"; return; } + + log_urandom_seed "Seeding with $1" + cat "$1" > /dev/urandom +} + +do_urandom_seed() { + [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; } + + _do_urandom_seed "/etc/urandom.seed" + + SEED="$(uci -q get system.@system[0].urandom_seed)" + [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] && _do_urandom_seed "$SEED" +} + +boot_hook_add preinit_main do_urandom_seed diff --git a/package/system/urandom-seed/files/sbin/urandom_seed b/package/system/urandom-seed/files/sbin/urandom_seed new file mode 100755 index 0000000000..7043e8af4e --- /dev/null +++ b/package/system/urandom-seed/files/sbin/urandom_seed @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT + +save() { + touch "$1.tmp" + chown root:root "$1.tmp" + chmod 600 "$1.tmp" + getrandom 512 > "$1.tmp" + mv "$1.tmp" "$1" + echo "Seed saved ($1)" +} + +SEED="$(uci -q get system.@system[0].urandom_seed || true)" +[ "${SEED:0:1}" = "/" ] && save "$SEED" + +SEED=/etc/urandom.seed +[ ! -f $SEED ] && save "$SEED" +true -- cgit v1.2.3