[OpenWrt-Devel] [PATCH 3/4] base-files: move urandom seed bits into separate package
Stephan Mueller
smueller at chronox.de
Tue May 28 02:34:08 EDT 2019
Am Montag, 27. Mai 2019, 23:29:43 CEST schrieb Petr Štetiar:
Hi Petr,
> So it's possible to install or remove it as needed.
>
> Signed-off-by: Petr Štetiar <ynezz at true.cz>
> ---
> package/base-files/Makefile | 11 +++++++-
> package/base-files/files/etc/init.d/urandom_seed | 12 --------
> .../base-files/files/lib/preinit/81_urandom_seed | 24 ----------------
> package/base-files/files/sbin/urandom_seed | 20 --------------
> package/system/urandom-seed/Makefile | 32
> ++++++++++++++++++++++ .../urandom-seed/files/etc/init.d/urandom_seed |
> 12 ++++++++
> .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 ++++++++++++++++
> .../system/urandom-seed/files/sbin/urandom_seed | 20 ++++++++++++++
> 8 files changed, 98 insertions(+), 57 deletions(-)
> delete mode 100755 package/base-files/files/etc/init.d/urandom_seed
> delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed
> delete mode 100755 package/base-files/files/sbin/urandom_seed
> create mode 100644 package/system/urandom-seed/Makefile
> create mode 100755
> package/system/urandom-seed/files/etc/init.d/urandom_seed create mode
> 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed create
> mode 100755 package/system/urandom-seed/files/sbin/urandom_seed
>
> diff --git a/package/base-files/Makefile b/package/base-files/Makefile
> index 609ffa2c3891..91d677acb3be 100644
> --- a/package/base-files/Makefile
> +++ b/package/base-files/Makefile
> @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk
> include $(INCLUDE_DIR)/feeds.mk
>
> PKG_NAME:=base-files
> -PKG_RELEASE:=197
> +PKG_RELEASE:=198
> PKG_FLAGS:=nonshared
>
> PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
> @@ -43,6 +43,15 @@ define Package/base-files
> VERSION:=$(PKG_RELEASE)-$(REVISION)
> endef
>
> +define Package/urandom-seed
> + SECTION:=base
> + CATEGORY:=Base system
> + DEPENDS:=+libc +ubox-getrandom
> + TITLE:=/etc/urandom.seed handling for OpenWrt
> + URL:=http://openwrt.org/
> + VERSION:=$(PKG_RELEASE)-$(REVISION)
> +endef
> +
> define Package/base-files/conffiles
> /etc/config/
> /etc/config/network
> diff --git a/package/base-files/files/etc/init.d/urandom_seed
> b/package/base-files/files/etc/init.d/urandom_seed deleted file mode 100755
> index 17d9c1340078..000000000000
> --- a/package/base-files/files/etc/init.d/urandom_seed
> +++ /dev/null
> @@ -1,12 +0,0 @@
> -#!/bin/sh /etc/rc.common
> -
> -START=99
> -USE_PROCD=1
> -
> -start_service() {
> - procd_open_instance "urandom_seed"
> - procd_set_param command "/sbin/urandom_seed"
> - procd_set_param stdout 1
> - procd_set_param stderr 1
> - procd_close_instance
> -}
> diff --git a/package/base-files/files/lib/preinit/81_urandom_seed
> b/package/base-files/files/lib/preinit/81_urandom_seed deleted file mode
> 100644
> index 26212c60b5e0..000000000000
> --- a/package/base-files/files/lib/preinit/81_urandom_seed
> +++ /dev/null
> @@ -1,24 +0,0 @@
> -#!/bin/sh
> -
> -log_urandom_seed() {
> - echo "urandom-seed: $1" > /dev/kmsg
> -}
> -
> -_do_urandom_seed() {
> - [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; }
> - [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner
> / permissions for $1"; return; } -
> - log_urandom_seed "Seeding with $1"
> - cat "$1" > /dev/urandom
> -}
> -
> -do_urandom_seed() {
> - [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with
> /dev/urandom"; return; } -
> - _do_urandom_seed "/etc/urandom.seed"
> -
> - SEED="$(uci -q get system. at system[0].urandom_seed)"
> - [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] &&
> _do_urandom_seed "$SEED" -}
> -
> -boot_hook_add preinit_main do_urandom_seed
> diff --git a/package/base-files/files/sbin/urandom_seed
> b/package/base-files/files/sbin/urandom_seed deleted file mode 100755
> index 7043e8af4e6a..000000000000
> --- a/package/base-files/files/sbin/urandom_seed
> +++ /dev/null
> @@ -1,20 +0,0 @@
> -#!/bin/sh
> -set -e
> -
> -trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT
> -
> -save() {
> - touch "$1.tmp"
> - chown root:root "$1.tmp"
> - chmod 600 "$1.tmp"
> - getrandom 512 > "$1.tmp"
> - mv "$1.tmp" "$1"
> - echo "Seed saved ($1)"
> -}
> -
> -SEED="$(uci -q get system. at system[0].urandom_seed || true)"
> -[ "${SEED:0:1}" = "/" ] && save "$SEED"
> -
> -SEED=/etc/urandom.seed
> -[ ! -f $SEED ] && save "$SEED"
> -true
> diff --git a/package/system/urandom-seed/Makefile
> b/package/system/urandom-seed/Makefile new file mode 100644
> index 000000000000..6bde2e0b8a42
> --- /dev/null
> +++ b/package/system/urandom-seed/Makefile
> @@ -0,0 +1,32 @@
> +include $(TOPDIR)/rules.mk
> +
> +PKG_NAME:=urandom-seed
> +PKG_VERSION:=1.0
> +PKG_RELEASE:=1
> +PKG_LICENSE:=GPL-2.0
> +
> +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
> +
> +include $(INCLUDE_DIR)/package.mk
> +
> +define Package/$(PKG_NAME)
> + SECTION:=base
> + CATEGORY:=Base system
> + DEPENDS:=+getrandom
> + TITLE:=/etc/urandom.seed handling for OpenWrt
> + URL:=http://openwrt.org/
> +endef
> +
> +define Build/Prepare
> + mkdir -p $(PKG_BUILD_DIR)
> +endef
> +
> +define Build/Compile/Default
> +endef
> +Build/Compile = $(Build/Compile/Default)
> +
> +define Package/$(PKG_NAME)/install
> + $(CP) ./files/* $(1)/
> +endef
> +
> +$(eval $(call BuildPackage,urandom-seed))
> diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed
> b/package/system/urandom-seed/files/etc/init.d/urandom_seed new file mode
> 100755
> index 000000000000..17d9c1340078
> --- /dev/null
> +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed
> @@ -0,0 +1,12 @@
> +#!/bin/sh /etc/rc.common
> +
> +START=99
> +USE_PROCD=1
> +
> +start_service() {
> + procd_open_instance "urandom_seed"
> + procd_set_param command "/sbin/urandom_seed"
> + procd_set_param stdout 1
> + procd_set_param stderr 1
> + procd_close_instance
Just as a recommendation: what about the script is invoked, say, once every
hour or so?
> +}
> diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed
> b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed new file
> mode 100644
> index 000000000000..26212c60b5e0
> --- /dev/null
> +++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed
> @@ -0,0 +1,24 @@
> +#!/bin/sh
> +
> +log_urandom_seed() {
> + echo "urandom-seed: $1" > /dev/kmsg
> +}
> +
> +_do_urandom_seed() {
> + [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; }
> + [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner
> / permissions for $1"; return; } +
> + log_urandom_seed "Seeding with $1"
> + cat "$1" > /dev/urandom
> +}
> +
> +do_urandom_seed() {
> + [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with
> /dev/urandom"; return; } +
> + _do_urandom_seed "/etc/urandom.seed"
> +
> + SEED="$(uci -q get system. at system[0].urandom_seed)"
> + [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] &&
> _do_urandom_seed "$SEED" +}
> +
> +boot_hook_add preinit_main do_urandom_seed
> diff --git a/package/system/urandom-seed/files/sbin/urandom_seed
> b/package/system/urandom-seed/files/sbin/urandom_seed new file mode 100755
> index 000000000000..7043e8af4e6a
> --- /dev/null
> +++ b/package/system/urandom-seed/files/sbin/urandom_seed
> @@ -0,0 +1,20 @@
> +#!/bin/sh
> +set -e
> +
> +trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT
> +
> +save() {
> + touch "$1.tmp"
> + chown root:root "$1.tmp"
> + chmod 600 "$1.tmp"
> + getrandom 512 > "$1.tmp"
> + mv "$1.tmp" "$1"
> + echo "Seed saved ($1)"
> +}
> +
> +SEED="$(uci -q get system. at system[0].urandom_seed || true)"
> +[ "${SEED:0:1}" = "/" ] && save "$SEED"
> +
> +SEED=/etc/urandom.seed
> +[ ! -f $SEED ] && save "$SEED"
> +true
Ciao
Stephan
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list