aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/urandom-seed
diff options
context:
space:
mode:
authorPetr Štetiar <ynezz@true.cz>2019-05-20 16:38:33 +0200
committerPetr Štetiar <ynezz@true.cz>2019-06-11 08:06:28 +0200
commit27bfde9c9f789dbfabebf13047e8b042c27cdeef (patch)
treedc9c5f7d394cfb157755a7dde448653aa3166c24 /package/system/urandom-seed
parent9b4de712cae9b3d745ea4331a804242505f58619 (diff)
downloadupstream-27bfde9c9f789dbfabebf13047e8b042c27cdeef.tar.gz
upstream-27bfde9c9f789dbfabebf13047e8b042c27cdeef.tar.bz2
upstream-27bfde9c9f789dbfabebf13047e8b042c27cdeef.zip
base-files: move urandom seed bits into separate package
So it's possible to install or remove it as needed. Tested-by: Lucian Cristian <lucian.cristian@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'package/system/urandom-seed')
-rw-r--r--package/system/urandom-seed/Makefile32
-rwxr-xr-xpackage/system/urandom-seed/files/etc/init.d/urandom_seed12
-rw-r--r--package/system/urandom-seed/files/lib/preinit/81_urandom_seed24
-rwxr-xr-xpackage/system/urandom-seed/files/sbin/urandom_seed20
4 files changed, 88 insertions, 0 deletions
diff --git a/package/system/urandom-seed/Makefile b/package/system/urandom-seed/Makefile
new file mode 100644
index 0000000000..6bde2e0b8a
--- /dev/null
+++ b/package/system/urandom-seed/Makefile
@@ -0,0 +1,32 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=urandom-seed
+PKG_VERSION:=1.0
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-2.0
+
+PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/$(PKG_NAME)
+ SECTION:=base
+ CATEGORY:=Base system
+ DEPENDS:=+getrandom
+ TITLE:=/etc/urandom.seed handling for OpenWrt
+ URL:=http://openwrt.org/
+endef
+
+define Build/Prepare
+ mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile/Default
+endef
+Build/Compile = $(Build/Compile/Default)
+
+define Package/$(PKG_NAME)/install
+ $(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,urandom-seed))
diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed b/package/system/urandom-seed/files/etc/init.d/urandom_seed
new file mode 100755
index 0000000000..17d9c13400
--- /dev/null
+++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed
@@ -0,0 +1,12 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+
+start_service() {
+ procd_open_instance "urandom_seed"
+ procd_set_param command "/sbin/urandom_seed"
+ procd_set_param stdout 1
+ procd_set_param stderr 1
+ procd_close_instance
+}
diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed
new file mode 100644
index 0000000000..26212c60b5
--- /dev/null
+++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+log_urandom_seed() {
+ echo "urandom-seed: $1" > /dev/kmsg
+}
+
+_do_urandom_seed() {
+ [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; }
+ [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner / permissions for $1"; return; }
+
+ log_urandom_seed "Seeding with $1"
+ cat "$1" > /dev/urandom
+}
+
+do_urandom_seed() {
+ [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; }
+
+ _do_urandom_seed "/etc/urandom.seed"
+
+ SEED="$(uci -q get system.@system[0].urandom_seed)"
+ [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] && _do_urandom_seed "$SEED"
+}
+
+boot_hook_add preinit_main do_urandom_seed
diff --git a/package/system/urandom-seed/files/sbin/urandom_seed b/package/system/urandom-seed/files/sbin/urandom_seed
new file mode 100755
index 0000000000..7043e8af4e
--- /dev/null
+++ b/package/system/urandom-seed/files/sbin/urandom_seed
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT
+
+save() {
+ touch "$1.tmp"
+ chown root:root "$1.tmp"
+ chmod 600 "$1.tmp"
+ getrandom 512 > "$1.tmp"
+ mv "$1.tmp" "$1"
+ echo "Seed saved ($1)"
+}
+
+SEED="$(uci -q get system.@system[0].urandom_seed || true)"
+[ "${SEED:0:1}" = "/" ] && save "$SEED"
+
+SEED=/etc/urandom.seed
+[ ! -f $SEED ] && save "$SEED"
+true