diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-04-12 00:53:49 +0200 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2022-04-14 10:12:34 +0200 |
| commit | a001630a1aafa224f854fa3ea7589ecefb6e01ae (patch) | |
| tree | 9941037631f2533bd433ac494e5fc54d816e5287 /package/system/urandom-seed/files | |
| parent | 9a22943eb2670303393a2103f47fae312f484bd2 (diff) | |
| download | upstream-a001630a1aafa224f854fa3ea7589ecefb6e01ae.tar.gz upstream-a001630a1aafa224f854fa3ea7589ecefb6e01ae.tar.bz2 upstream-a001630a1aafa224f854fa3ea7589ecefb6e01ae.zip | |
urandom-seed: go back to seeding with shell script temporarily
This reverts commit 2edc017a6e0cb92b72b768aaa46c6d336ad84eff.
We shouldn't be using a shell script here, but the SeedRNG integration
into OpenWRT requires a bit more thought. Etienne raised some important
points immediately after this was merged and planned to send some follow
up commits, but became busy with other things. The points he raised are
important enough that we should actually back this out until it's ready
to go, and then merge it as a cohesive unit. So let's revert this for
now, and come back to it later on.
Cc: Etienne Champetier <champetier.etienne@gmail.com>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'package/system/urandom-seed/files')
3 files changed, 34 insertions, 4 deletions
diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed b/package/system/urandom-seed/files/etc/init.d/urandom_seed index d6e81c6079..17d9c13400 100755 --- a/package/system/urandom-seed/files/etc/init.d/urandom_seed +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed @@ -5,7 +5,7 @@ USE_PROCD=1 start_service() { procd_open_instance "urandom_seed" - procd_set_param command "/sbin/seedrng" + procd_set_param command "/sbin/urandom_seed" procd_set_param stdout 1 procd_set_param stderr 1 procd_close_instance diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed index b3014daeaf..2adc6c47f0 100644 --- a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed +++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed @@ -2,11 +2,21 @@ log_urandom_seed() { echo "urandom-seed: $1" > /dev/kmsg } +_do_urandom_seed() { + [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; } + [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner / permissions for $1"; return; } + + log_urandom_seed "Seeding with $1" + cat "$1" > /dev/urandom +} + do_urandom_seed() { [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; } - seedrng 2>&1 | while read -r line; do - log_urandom_seed "$line" - done + + _do_urandom_seed "/etc/urandom.seed" + + SEED="$(uci -q get system.@system[0].urandom_seed)" + [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] && _do_urandom_seed "$SEED" } boot_hook_add preinit_main do_urandom_seed diff --git a/package/system/urandom-seed/files/sbin/urandom_seed b/package/system/urandom-seed/files/sbin/urandom_seed new file mode 100755 index 0000000000..7043e8af4e --- /dev/null +++ b/package/system/urandom-seed/files/sbin/urandom_seed @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT + +save() { + touch "$1.tmp" + chown root:root "$1.tmp" + chmod 600 "$1.tmp" + getrandom 512 > "$1.tmp" + mv "$1.tmp" "$1" + echo "Seed saved ($1)" +} + +SEED="$(uci -q get system.@system[0].urandom_seed || true)" +[ "${SEED:0:1}" = "/" ] && save "$SEED" + +SEED=/etc/urandom.seed +[ ! -f $SEED ] && save "$SEED" +true |