Use seedrng for seeding the random number generator

The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenRC and tweaked as needed: https://git.zx2c4.com/seedrng/about/ This commit imports it into OpenRC and wires up /etc/init.d/urandom to call it. It shouldn't be called by other things on the system, so it lives in rc_sbindir. Closes #506. Closes #507. Signed-off-by: Jason A. Donenfeld <[email protected]>
OpenRC · Mar 27, 2022 · 076c255 · 076c255
1 parent 270e5c6
commit 076c255
Show file tree

Hide file tree

Showing 6 changed files with 499 additions and 21 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -43,6 +43,7 @@ Ian Stakenvicius <[email protected]>
 Jakob Drexel <[email protected]>
 James Le Cuirot <[email protected]>
 Jan Psota <[email protected]>
+Jason A. Donenfeld <[email protected]>
 Jason Zaman <[email protected]>
 Joe Harvell <[email protected]>
 Joe M <[email protected]>

diff --git a/conf.d/urandom b/conf.d/urandom
@@ -2,4 +2,11 @@
 # (say for crypt swap), so you will need to customize this
 # behavior.  If you have /var on a separate partition, then
 # make sure this path lives on your root device somewhere.
-urandom_seed="/var/lib/misc/random-seed"
+seed_dir="/var/lib/seedrng"
+lock_file="/var/run/seedrng.lock"
+
+# Set this to true if you do not want seed files to actually
+# credit the RNG. Set this if you plan to replicate this
+# file system image and do not have the wherewithal to first
+# delete the contents of /var/lib/seedrng.
+skip_credit="false"
diff --git a/init.d/urandom.in b/init.d/urandom.in
@@ -1,5 +1,5 @@
 #!@SBINDIR@/openrc-run
-# Copyright (c) 2007-2015 The OpenRC Authors.
+# Copyright (c) 2007-2022 The OpenRC Authors.
 # See the Authors file at the top-level directory of this distribution and
 # https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS
 #
@@ -9,7 +9,10 @@
 # This file may not be copied, modified, propagated, or distributed
 # except according to the terms contained in the LICENSE file.
 
-: ${urandom_seed:=${URANDOM_SEED:-/var/lib/misc/random-seed}}
+export SEEDRNG_SEED_DIR="${seed_dir:-/var/lib/seedrng}"
+export SEEDRNG_LOCK_FILE="${lock_file:-/var/run/seedrng.lock}"
+export SEEDRNG_SKIP_CREDIT="${skip_credit:-false}"
+: ${urandom_seed:=${SEEDRNG_SEED_DIR}/../misc/random-seed}
 description="Initializes the random number generator."
 
 depend()
@@ -21,33 +24,35 @@ depend()
 
 save_seed()
 {
-	local psz=1
-
-	if [ -e /proc/sys/kernel/random/poolsize ]; then
-		: $(( psz = $(cat /proc/sys/kernel/random/poolsize) / 4096 ))
-	fi
-
 	(	# sub shell to prevent umask pollution
 		umask 077
-		dd if=/dev/urandom of="$urandom_seed" count=${psz} 2>/dev/null
+		dd if=/dev/urandom of="$urandom_seed" count=1 2>/dev/null
 	)
 }
 
 start()
 {
-	[ -c /dev/urandom ] || return
-	if [ -f "$urandom_seed" ]; then
-		ebegin "Initializing random number generator"
-		cat "$urandom_seed" > /dev/urandom
-		eend $? "Error initializing random number generator"
+	if [ "$RC_UNAME" = Linux ]; then
+		seedrng
+	else
+		[ -c /dev/urandom ] || return
+		if [ -f "$urandom_seed" ]; then
+			ebegin "Initializing random number generator"
+			cat "$urandom_seed" > /dev/urandom
+			eend $? "Error initializing random number generator"
+		fi
+		rm -f "$urandom_seed" && save_seed
 	fi
-	rm -f "$urandom_seed" && save_seed
 	return 0
 }
 
 stop()
 {
-	ebegin "Saving random seed"
-	save_seed
-	eend $? "Failed to save random seed"
+	if [ "$RC_UNAME" = Linux ]; then
+		seedrng
+	else
+		ebegin "Saving random seed"
+		save_seed
+		eend $? "Failed to save random seed"
+	fi
 }
diff --git a/src/rc/Makefile b/src/rc/Makefile
@@ -15,7 +15,7 @@ endif
 
 ifeq (${OS},Linux)
 SRCS+=		kill_all.c openrc-init.c openrc-shutdown.c rc-sysvinit.c broadcast.c \
-			rc-wtmp.c
+			rc-wtmp.c seedrng.c
 endif
 
 CLEANFILES=	version.h rc-selinux.o
@@ -47,6 +47,7 @@ RC_SBINPROGS=	mark_service_starting mark_service_started \
 
 ifeq (${OS},Linux)
 RC_BINPROGS+= kill_all
+RC_SBINPROGS+= seedrng
 SBINPROGS+= openrc-init openrc-shutdown
 endif
 
@@ -180,3 +181,6 @@ shell_var: shell_var.o
 
 swclock: swclock.o _usage.o rc-misc.o
 	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
+
+seedrng: seedrng.o
+	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
diff --git a/src/rc/meson.build b/src/rc/meson.build
@@ -268,7 +268,15 @@ if os == 'Linux'
     link_with: [libeinfo,librc],
     install: true,
     install_dir: rc_bindir)
-  endif
+
+  executable('seedrng',
+    ['seedrng.c'],
+    c_args : cc_branding_flags,
+    include_directories: [incdir, einfo_incdir, rc_incdir],
+    link_with: [libeinfo, librc],
+    install: true,
+    install_dir: rc_sbindir)
+endif
 
 executable('shell_var',
   ['shell_var.c'],