[2/2] random: Initialise the kernel's PRNG earlier
Commit Message
Since more processes depend on good randomness, we need to
make sure that the kernel's PRNG is initialized as early as
possible.
For systems without a HWRNG, we will need to fall back to our
noisy loop and wait until we have enough randomness.
This patch also removes saving and restoring the seed. This
is no longer useful because the kernel's PRNG only takes any
input after it has successfully been seeded from other sources.
Hence adding this seed does not increase its randomness.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
config/rootfiles/common/aarch64/initscripts | 4 +---
config/rootfiles/common/armv5tel/initscripts | 4 +---
config/rootfiles/common/i586/initscripts | 4 +---
config/rootfiles/common/x86_64/initscripts | 4 +---
lfs/initscripts | 4 +---
src/initscripts/system/random | 21 +-------------------
6 files changed, 6 insertions(+), 35 deletions(-)
@@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron
etc/rc.d/rc0.d/K28apache
etc/rc.d/rc0.d/K30sshd
#etc/rc.d/rc0.d/K34client175
-etc/rc.d/rc0.d/K45random
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
@@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs
etc/rc.d/rc0.d/S90swap
etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
-etc/rc.d/rc3.d/S00random
etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
etc/rc.d/rc3.d/S11unbound
@@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron
etc/rc.d/rc6.d/K28apache
etc/rc.d/rc6.d/K30sshd
#etc/rc.d/rc6.d/K34client175
-etc/rc.d/rc6.d/K45random
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
@@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S65rngd
+etc/rc.d/rcsysinit.d/S66random
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S71pakfire
etc/rc.d/rcsysinit.d/S73swconfig
@@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron
etc/rc.d/rc0.d/K28apache
etc/rc.d/rc0.d/K30sshd
#etc/rc.d/rc0.d/K34client175
-etc/rc.d/rc0.d/K45random
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
@@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs
etc/rc.d/rc0.d/S90swap
etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
-etc/rc.d/rc3.d/S00random
etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
etc/rc.d/rc3.d/S11unbound
@@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron
etc/rc.d/rc6.d/K28apache
etc/rc.d/rc6.d/K30sshd
#etc/rc.d/rc6.d/K34client175
-etc/rc.d/rc6.d/K45random
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
@@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S65rngd
+etc/rc.d/rcsysinit.d/S66random
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S71pakfire
etc/rc.d/rcsysinit.d/S73swconfig
@@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron
etc/rc.d/rc0.d/K28apache
etc/rc.d/rc0.d/K30sshd
#etc/rc.d/rc0.d/K34client175
-etc/rc.d/rc0.d/K45random
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
@@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs
etc/rc.d/rc0.d/S90swap
etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
-etc/rc.d/rc3.d/S00random
etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
etc/rc.d/rc3.d/S12acpid
@@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron
etc/rc.d/rc6.d/K28apache
etc/rc.d/rc6.d/K30sshd
#etc/rc.d/rc6.d/K34client175
-etc/rc.d/rc6.d/K45random
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
@@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S65rngd
+etc/rc.d/rcsysinit.d/S66random
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S71pakfire
etc/rc.d/rcsysinit.d/S74cloud-init
@@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron
etc/rc.d/rc0.d/K28apache
etc/rc.d/rc0.d/K30sshd
#etc/rc.d/rc0.d/K34client175
-etc/rc.d/rc0.d/K45random
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
@@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs
etc/rc.d/rc0.d/S90swap
etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
-etc/rc.d/rc3.d/S00random
etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
etc/rc.d/rc3.d/S12acpid
@@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron
etc/rc.d/rc6.d/K28apache
etc/rc.d/rc6.d/K30sshd
#etc/rc.d/rc6.d/K34client175
-etc/rc.d/rc6.d/K45random
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
@@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S65rngd
+etc/rc.d/rcsysinit.d/S66random
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S71pakfire
etc/rc.d/rcsysinit.d/S74cloud-init
@@ -126,9 +126,6 @@ $(TARGET) :
ln -sf ../init.d/unbound /etc/rc.d/rc0.d/K86unbound
ln -sf ../init.d/unbound /etc/rc.d/rc3.d/S11unbound
ln -sf ../init.d/unbound /etc/rc.d/rc6.d/K86unbound
- ln -sf ../init.d/random /etc/rc.d/rc0.d/K45random
- ln -sf ../init.d/random /etc/rc.d/rc3.d/S00random
- ln -sf ../init.d/random /etc/rc.d/rc6.d/K45random
ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local
ln -sf ../init.d/client175 /etc/rc.d/rc0.d/K34client175
ln -sf ../init.d/client175 /etc/rc.d/rc3.d/S66client175
@@ -174,6 +171,7 @@ $(TARGET) :
ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock
ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock
ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd
+ ln -sf ../init.d/random /etc/rc.d/rcsysinit.d/S66random
ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console
ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire
ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init
@@ -22,29 +22,10 @@ case "$1" in
sync
rm -f /var/tmp/random-tmpfile
done;
-
- boot_mesg "\rInitializing kernel random number generator..."
- if [ -f /var/tmp/random-seed ]; then
- /bin/cat /var/tmp/random-seed >/dev/urandom
- fi
- touch /var/tmp/random-seed
- chmod 600 /var/tmp/random-seed
- /bin/dd if=/dev/urandom of=/var/tmp/random-seed \
- count=1 bs=$poolsize &>/dev/null
- evaluate_retval
- ;;
-
- stop)
- boot_mesg "Saving random seed..."
- touch /var/tmp/random-seed
- chmod 600 /var/tmp/random-seed
- /bin/dd if=/dev/urandom of=/var/tmp/random-seed \
- count=1 bs=$poolsize &>/dev/null
- evaluate_retval
;;
*)
- echo "Usage: $0 {start|stop}"
+ echo "Usage: $0 {start}"
exit 1
;;
esac