[OpenWrt-Devel] [PATCH 3/4] base-files: move urandom seed bits into separate package

Stephan Mueller smueller at chronox.de
Mon May 27 23:34:08 PDT 2019


Am Montag, 27. Mai 2019, 23:29:43 CEST schrieb Petr Štetiar:

Hi Petr,

> So it's possible to install or remove it as needed.
> 
> Signed-off-by: Petr Štetiar <ynezz at true.cz>
> ---
>  package/base-files/Makefile                        | 11 +++++++-
>  package/base-files/files/etc/init.d/urandom_seed   | 12 --------
>  .../base-files/files/lib/preinit/81_urandom_seed   | 24 ----------------
>  package/base-files/files/sbin/urandom_seed         | 20 --------------
>  package/system/urandom-seed/Makefile               | 32
> ++++++++++++++++++++++ .../urandom-seed/files/etc/init.d/urandom_seed     |
> 12 ++++++++
>  .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 ++++++++++++++++
>  .../system/urandom-seed/files/sbin/urandom_seed    | 20 ++++++++++++++
>  8 files changed, 98 insertions(+), 57 deletions(-)
>  delete mode 100755 package/base-files/files/etc/init.d/urandom_seed
>  delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed
>  delete mode 100755 package/base-files/files/sbin/urandom_seed
>  create mode 100644 package/system/urandom-seed/Makefile
>  create mode 100755
> package/system/urandom-seed/files/etc/init.d/urandom_seed create mode
> 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed create
> mode 100755 package/system/urandom-seed/files/sbin/urandom_seed
> 
> diff --git a/package/base-files/Makefile b/package/base-files/Makefile
> index 609ffa2c3891..91d677acb3be 100644
> --- a/package/base-files/Makefile
> +++ b/package/base-files/Makefile
> @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk
>  include $(INCLUDE_DIR)/feeds.mk
> 
>  PKG_NAME:=base-files
> -PKG_RELEASE:=197
> +PKG_RELEASE:=198
>  PKG_FLAGS:=nonshared
> 
>  PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
> @@ -43,6 +43,15 @@ define Package/base-files
>    VERSION:=$(PKG_RELEASE)-$(REVISION)
>  endef
> 
> +define Package/urandom-seed
> +  SECTION:=base
> +  CATEGORY:=Base system
> +  DEPENDS:=+libc +ubox-getrandom
> +  TITLE:=/etc/urandom.seed handling for OpenWrt
> +  URL:=http://openwrt.org/
> +  VERSION:=$(PKG_RELEASE)-$(REVISION)
> +endef
> +
>  define Package/base-files/conffiles
>  /etc/config/
>  /etc/config/network
> diff --git a/package/base-files/files/etc/init.d/urandom_seed
> b/package/base-files/files/etc/init.d/urandom_seed deleted file mode 100755
> index 17d9c1340078..000000000000
> --- a/package/base-files/files/etc/init.d/urandom_seed
> +++ /dev/null
> @@ -1,12 +0,0 @@
> -#!/bin/sh /etc/rc.common
> -
> -START=99
> -USE_PROCD=1
> -
> -start_service() {
> -    procd_open_instance "urandom_seed"
> -    procd_set_param command "/sbin/urandom_seed"
> -    procd_set_param stdout 1
> -    procd_set_param stderr 1
> -    procd_close_instance
> -}
> diff --git a/package/base-files/files/lib/preinit/81_urandom_seed
> b/package/base-files/files/lib/preinit/81_urandom_seed deleted file mode
> 100644
> index 26212c60b5e0..000000000000
> --- a/package/base-files/files/lib/preinit/81_urandom_seed
> +++ /dev/null
> @@ -1,24 +0,0 @@
> -#!/bin/sh
> -
> -log_urandom_seed() {
> -    echo "urandom-seed: $1" > /dev/kmsg
> -}
> -
> -_do_urandom_seed() {
> -    [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; }
> -    [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner
> / permissions for $1"; return; } -
> -    log_urandom_seed "Seeding with $1"
> -    cat "$1" > /dev/urandom
> -}
> -
> -do_urandom_seed() {
> -    [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with
> /dev/urandom"; return; } -
> -    _do_urandom_seed "/etc/urandom.seed"
> -
> -    SEED="$(uci -q get system. at system[0].urandom_seed)"
> -    [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] &&
> _do_urandom_seed "$SEED" -}
> -
> -boot_hook_add preinit_main do_urandom_seed
> diff --git a/package/base-files/files/sbin/urandom_seed
> b/package/base-files/files/sbin/urandom_seed deleted file mode 100755
> index 7043e8af4e6a..000000000000
> --- a/package/base-files/files/sbin/urandom_seed
> +++ /dev/null
> @@ -1,20 +0,0 @@
> -#!/bin/sh
> -set -e
> -
> -trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT
> -
> -save() {
> -    touch "$1.tmp"
> -    chown root:root "$1.tmp"
> -    chmod 600 "$1.tmp"
> -    getrandom 512 > "$1.tmp"
> -    mv "$1.tmp" "$1"
> -    echo "Seed saved ($1)"
> -}
> -
> -SEED="$(uci -q get system. at system[0].urandom_seed || true)"
> -[ "${SEED:0:1}" = "/" ] && save "$SEED"
> -
> -SEED=/etc/urandom.seed
> -[ ! -f $SEED ] && save "$SEED"
> -true
> diff --git a/package/system/urandom-seed/Makefile
> b/package/system/urandom-seed/Makefile new file mode 100644
> index 000000000000..6bde2e0b8a42
> --- /dev/null
> +++ b/package/system/urandom-seed/Makefile
> @@ -0,0 +1,32 @@
> +include $(TOPDIR)/rules.mk
> +
> +PKG_NAME:=urandom-seed
> +PKG_VERSION:=1.0
> +PKG_RELEASE:=1
> +PKG_LICENSE:=GPL-2.0
> +
> +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
> +
> +include $(INCLUDE_DIR)/package.mk
> +
> +define Package/$(PKG_NAME)
> +  SECTION:=base
> +  CATEGORY:=Base system
> +  DEPENDS:=+getrandom
> +  TITLE:=/etc/urandom.seed handling for OpenWrt
> +  URL:=http://openwrt.org/
> +endef
> +
> +define Build/Prepare
> +	mkdir -p $(PKG_BUILD_DIR)
> +endef
> +
> +define Build/Compile/Default
> +endef
> +Build/Compile = $(Build/Compile/Default)
> +
> +define Package/$(PKG_NAME)/install
> +	$(CP) ./files/* $(1)/
> +endef
> +
> +$(eval $(call BuildPackage,urandom-seed))
> diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed
> b/package/system/urandom-seed/files/etc/init.d/urandom_seed new file mode
> 100755
> index 000000000000..17d9c1340078
> --- /dev/null
> +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed
> @@ -0,0 +1,12 @@
> +#!/bin/sh /etc/rc.common
> +
> +START=99
> +USE_PROCD=1
> +
> +start_service() {
> +    procd_open_instance "urandom_seed"
> +    procd_set_param command "/sbin/urandom_seed"
> +    procd_set_param stdout 1
> +    procd_set_param stderr 1
> +    procd_close_instance

Just as a recommendation: what about the script is invoked, say, once every 
hour or so?

> +}
> diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed
> b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed new file
> mode 100644
> index 000000000000..26212c60b5e0
> --- /dev/null
> +++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed
> @@ -0,0 +1,24 @@
> +#!/bin/sh
> +
> +log_urandom_seed() {
> +    echo "urandom-seed: $1" > /dev/kmsg
> +}
> +
> +_do_urandom_seed() {
> +    [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; }
> +    [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner
> / permissions for $1"; return; } +
> +    log_urandom_seed "Seeding with $1"
> +    cat "$1" > /dev/urandom
> +}
> +
> +do_urandom_seed() {
> +    [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with
> /dev/urandom"; return; } +
> +    _do_urandom_seed "/etc/urandom.seed"
> +
> +    SEED="$(uci -q get system. at system[0].urandom_seed)"
> +    [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] &&
> _do_urandom_seed "$SEED" +}
> +
> +boot_hook_add preinit_main do_urandom_seed
> diff --git a/package/system/urandom-seed/files/sbin/urandom_seed
> b/package/system/urandom-seed/files/sbin/urandom_seed new file mode 100755
> index 000000000000..7043e8af4e6a
> --- /dev/null
> +++ b/package/system/urandom-seed/files/sbin/urandom_seed
> @@ -0,0 +1,20 @@
> +#!/bin/sh
> +set -e
> +
> +trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT
> +
> +save() {
> +    touch "$1.tmp"
> +    chown root:root "$1.tmp"
> +    chmod 600 "$1.tmp"
> +    getrandom 512 > "$1.tmp"
> +    mv "$1.tmp" "$1"
> +    echo "Seed saved ($1)"
> +}
> +
> +SEED="$(uci -q get system. at system[0].urandom_seed || true)"
> +[ "${SEED:0:1}" = "/" ] && save "$SEED"
> +
> +SEED=/etc/urandom.seed
> +[ ! -f $SEED ] && save "$SEED"
> +true



Ciao
Stephan





More information about the openwrt-devel mailing list