From patchwork Wed Apr 29 19:33:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3029 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 49C7wC4zr9z3xSR for ; Wed, 29 Apr 2020 19:33:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 49C7wB1Zffz28p; Wed, 29 Apr 2020 19:33:14 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 49C7w96fFhz2xq0; Wed, 29 Apr 2020 19:33:13 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49C7w83cRvz2yLG for ; Wed, 29 Apr 2020 19:33:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 49C7w75bjDz1Sx; Wed, 29 Apr 2020 19:33:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1588188791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e3deFRrcQIQQXApbM8uREVOMNPBG0+bwfDZkz1oQq7c=; b=rrekYLZYdbAUk39t1DoTlwfDwUiKx1QkhLBLFWZWiu9sv5lb0rw/jIA2R1KPNsnEM13Gr/ qSVe7UCNWI6By+DQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1588188791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e3deFRrcQIQQXApbM8uREVOMNPBG0+bwfDZkz1oQq7c=; b=QtVD/Jyx576PqahWtbX6uoKaVQeU0pmJbfR/4kkmM0472W8cl6kHno/TT7OQRH9SPKGW+f 7b7tIio3XHdzNMJsBYScZ5ufSneJG37ME/PVl4g8oY2Y7tPjS7vjtwCJU2vDvYCtLKP/Hq 5DZy1nuVQaIv6u/PCPsuoUPNP/Md58D99Z+t1b8wsFF7pkUZyZQ6sV5Tkx4slvv0Lh78c/ fVZmsmTH7aAnGdUtAUYZfmzsoPBWRTHeFIwd/8rIiQMWVx2erOg2WUreb//pC3EzJxrgPU U7ttlTUDL9OgKyMhM8Htj9fUV/Ao09J1i6akwXyv0ROsLleT1Ka4fL2nhUCy5w== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 1/2] random: Launch rngd earlier in the boot process Date: Wed, 29 Apr 2020 19:33:03 +0000 Message-Id: <20200429193304.21404-2-michael.tremer@ipfire.org> In-Reply-To: <20200429193304.21404-1-michael.tremer@ipfire.org> References: <20200429193304.21404-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" We should initialise the kernel's PRNG as early as we can. Starting rngd very early will seed the random number generator when RDRAND or other hardware random number generators are available. Signed-off-by: Michael Tremer --- config/rootfiles/common/aarch64/initscripts | 2 +- config/rootfiles/common/armv5tel/initscripts | 2 +- config/rootfiles/common/i586/initscripts | 2 +- config/rootfiles/common/x86_64/initscripts | 2 +- lfs/initscripts | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index 54f6f92a3..d6f13224a 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -193,6 +193,7 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig @@ -200,7 +201,6 @@ etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 54f6f92a3..d6f13224a 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -193,6 +193,7 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig @@ -200,7 +201,6 @@ etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index b32efd786..2db7f1aa3 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -192,13 +192,13 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index b32efd786..2db7f1aa3 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -192,13 +192,13 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/lfs/initscripts b/lfs/initscripts index 37ca5cd3f..ba6c9f913 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -173,13 +173,13 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rcsysinit.d/S60setclock ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock + ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init ln -sf ../init.d/firstsetup /etc/rc.d/rcsysinit.d/S75firstsetup ln -sf ../init.d/localnet /etc/rc.d/rcsysinit.d/S80localnet ln -sf ../init.d/firewall /etc/rc.d/rcsysinit.d/S85firewall - ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S92rngd ln -sf ../init.d/vnstat /etc/rc.d/rc3.d/S01vnstat ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat From patchwork Wed Apr 29 19:33:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3030 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 49C7wC6lQbz3xSS for ; Wed, 29 Apr 2020 19:33:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 49C7wB3sgTz2CX; Wed, 29 Apr 2020 19:33:14 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 49C7wB1WVJz2yYg; Wed, 29 Apr 2020 19:33:14 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49C7w84kGDz2ySq for ; Wed, 29 Apr 2020 19:33:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 49C7w83L0Wz1JK; Wed, 29 Apr 2020 19:33:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1588188792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ACHi5cGJHPrWJk0xVmgdRhBh5ni2+WJCvvt49z9aom4=; b=B0ppYkkpe18N2kGazbuAfvZlspIsynaV9+xQlPamESbkRDazm2/W6qrUDcXmIqp5N/muga qLhSXBFzdQEPE+Cg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1588188792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ACHi5cGJHPrWJk0xVmgdRhBh5ni2+WJCvvt49z9aom4=; b=d5qOLMHRYu16w6iN47A2V5Gb+stc77oGr0/TUCXqRB9IgmScmzpbRWigf+Y8f+tg/TLznO plgGKHGjCr7/xHstxxLR83PsZ5nS78/4SVKzUZvovzZazFdoc5KY7LnDTGwb+AynKb0Unn bAytZkQlyfVyO4ZAoyFpQvQjm7QHiqpOYiCqDH4DyrrXAiLTL9owVKC8CFgtp+8+WjSldI vpV1F7XRb3nFuFyc7SOWNLh8EzoVLeBRvRS9mxOT97adXMlk6nCgvhWLRy+qKo8dgXpPA0 Hs2hcMGN4G+bv3V1M+v6HtwKQPo2P3IT2owqIeG2HAL6EEPfWmJJybV+9q4HDg== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 2/2] random: Initialise the kernel's PRNG earlier Date: Wed, 29 Apr 2020 19:33:04 +0000 Message-Id: <20200429193304.21404-3-michael.tremer@ipfire.org> In-Reply-To: <20200429193304.21404-1-michael.tremer@ipfire.org> References: <20200429193304.21404-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Since more processes depend on good randomness, we need to make sure that the kernel's PRNG is initialized as early as possible. For systems without a HWRNG, we will need to fall back to our noisy loop and wait until we have enough randomness. This patch also removes saving and restoring the seed. This is no longer useful because the kernel's PRNG only takes any input after it has successfully been seeded from other sources. Hence adding this seed does not increase its randomness. Signed-off-by: Michael Tremer --- config/rootfiles/common/aarch64/initscripts | 4 +--- config/rootfiles/common/armv5tel/initscripts | 4 +--- config/rootfiles/common/i586/initscripts | 4 +--- config/rootfiles/common/x86_64/initscripts | 4 +--- lfs/initscripts | 4 +--- src/initscripts/system/random | 21 +------------------- 6 files changed, 6 insertions(+), 35 deletions(-) diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index d6f13224a..8d945f7a5 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S11unbound @@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index d6f13224a..8d945f7a5 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -104,7 +104,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -124,7 +123,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S11unbound @@ -157,7 +155,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -194,6 +191,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 2db7f1aa3..996925b7a 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S12acpid @@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 2db7f1aa3..996925b7a 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -103,7 +103,6 @@ etc/rc.d/rc0.d/K08fcron etc/rc.d/rc0.d/K28apache etc/rc.d/rc0.d/K30sshd #etc/rc.d/rc0.d/K34client175 -etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl etc/rc.d/rc0.d/K51vnstat @@ -123,7 +122,6 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S00random etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S12acpid @@ -156,7 +154,6 @@ etc/rc.d/rc6.d/K08fcron etc/rc.d/rc6.d/K28apache etc/rc.d/rc6.d/K30sshd #etc/rc.d/rc6.d/K34client175 -etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl etc/rc.d/rc6.d/K51vnstat @@ -193,6 +190,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock etc/rc.d/rcsysinit.d/S65rngd +etc/rc.d/rcsysinit.d/S66random etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/lfs/initscripts b/lfs/initscripts index ba6c9f913..242de60e5 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -126,9 +126,6 @@ $(TARGET) : ln -sf ../init.d/unbound /etc/rc.d/rc0.d/K86unbound ln -sf ../init.d/unbound /etc/rc.d/rc3.d/S11unbound ln -sf ../init.d/unbound /etc/rc.d/rc6.d/K86unbound - ln -sf ../init.d/random /etc/rc.d/rc0.d/K45random - ln -sf ../init.d/random /etc/rc.d/rc3.d/S00random - ln -sf ../init.d/random /etc/rc.d/rc6.d/K45random ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local ln -sf ../init.d/client175 /etc/rc.d/rc0.d/K34client175 ln -sf ../init.d/client175 /etc/rc.d/rc3.d/S66client175 @@ -174,6 +171,7 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd + ln -sf ../init.d/random /etc/rc.d/rcsysinit.d/S66random ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/src/initscripts/system/random b/src/initscripts/system/random index 1f825cd18..489c7dac9 100644 --- a/src/initscripts/system/random +++ b/src/initscripts/system/random @@ -22,29 +22,10 @@ case "$1" in sync rm -f /var/tmp/random-tmpfile done; - - boot_mesg "\rInitializing kernel random number generator..." - if [ -f /var/tmp/random-seed ]; then - /bin/cat /var/tmp/random-seed >/dev/urandom - fi - touch /var/tmp/random-seed - chmod 600 /var/tmp/random-seed - /bin/dd if=/dev/urandom of=/var/tmp/random-seed \ - count=1 bs=$poolsize &>/dev/null - evaluate_retval - ;; - - stop) - boot_mesg "Saving random seed..." - touch /var/tmp/random-seed - chmod 600 /var/tmp/random-seed - /bin/dd if=/dev/urandom of=/var/tmp/random-seed \ - count=1 bs=$poolsize &>/dev/null - evaluate_retval ;; *) - echo "Usage: $0 {start|stop}" + echo "Usage: $0 {start}" exit 1 ;; esac