Use seedrng for seeding the random number generator #507
Conversation
|
@thesamesam @williamh @vapier Any of you should feel free to take over this pull request entirely and add whatever tweaks you think are required. |
zx2c4
force-pushed
the
seedrng
branch
8 times, most recently
from
312c22e to
134a834
Compare
I applied to my workstation and it didn't end up in disaster so far. And output of I am adding this patch to Alpine Linux edge for wider testing. Are there any specific things we should look for? |
@ncopa Would you mind uploading your elog from a few boots, including the first one that uses this? Would be curious to see it progressing. You also might want to wait until @williamh has had a pass at it. And actually I've already made some changes since your backport. |
zx2c4
force-pushed
the
seedrng
branch
2 times, most recently
from
21af539 to
0e4c2a3
Compare
|
I'm happy, it WFM, and I don't see a problem with letting it sit in ~arch in Gentoo at least for a bit, just like Alpine is doing in edge. |
|
Cool, sounds like a plan then. 👍 |
|
Note that were it not for having to keep those Makefiles around, I would have just split up the urandom init.d/conf.d file into one for Linux and one for BSD, since that seems more possible with Meson, instead of this awkward thing I'm doing now where they're kept together. As a note for the future when the Makefiles go away, we might want to do this. |
The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenRC and tweaked as needed: https://git.zx2c4.com/seedrng/about/ This commit imports it into OpenRC and wires up /etc/init.d/urandom to call it. It shouldn't be called by other things on the system, so it lives in rc_sbindir. Closes OpenRC#506. Signed-off-by: Jason A. Donenfeld <[email protected]>
|
@williamh wants to rewrite this or something, so closing this and letting him handle it. |
|
Reopening on the off chance that you want to merge this, as-is, and then apply your own stuff on top of it. |
… one The seedrng patch was committed from an intermediate version in the PR, not the final. So, this commit updates it to the one that was actually committed. Upstream PR: OpenRC/openrc#507 Upstream Patch: OpenRC/openrc@076c255
Upstream PR: OpenRC/openrc#507 Upstream Patch: OpenRC/openrc@076c255
Upstream PR: OpenRC/openrc#507 Upstream Patch: OpenRC/openrc@076c255
Upstream PR: OpenRC/openrc#507 Upstream Patch: OpenRC/openrc@076c255
Upstream PR: OpenRC/openrc#507 Upstream Patch: OpenRC/openrc@076c255
Closes #506.
I don't actually have an OpenRC system handy to test this on, so testers would be welcome here.
CC @thesamesam @williamh @vapier