[LEDE-DEV] [PATCH v4] base-files: seed /dev/urandom
Etienne Champetier
champetier.etienne at gmail.com
Thu Jun 23 08:26:32 PDT 2016
Hi Daniel,
2016-06-23 17:19 GMT+02:00 Daniel Gimpelevich
<daniel at gimpelevich.san-francisco.ca.us>:
> On Thu, 2016-06-16 at 09:38 +0000, Etienne CHAMPETIER wrote:
>> +SEED=/etc/urandom.seed
>> +
>> +error_exit() {
>> + logger -t urandom_seed "$1"
>> + exit 1
>> +}
>> +
>> +save() {
>> + touch $SEED.tmp || error_exit "touch failed"
>> + chown root:root $SEED.tmp || error_exit "chown failed"
>> + chmod 600 $SEED.tmp || error_exit "chmod failed"
>> + getrandom 512 > $SEED.tmp || error_exit "getrandom failed"
>> + mv $SEED.tmp $SEED || error_exit "mv failed"
>> +}
>
> The .tmp file should go in /tmp,
no, else you loose the atomic part of the 'mv' command
> and maybe SEED would be better off
> in /etc/config, so that it gets picked up by sysupgrade?
and no because if you restore the same config on multiple router you
end up with the same seed,
which is exactly what this patch is about (not having the same state)
>
>
More information about the Lede-dev
mailing list