From patchwork Thu Oct 24 14:01:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos Santos X-Patchwork-Id: 1183097 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="rPeuPbAF"; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46zTT30pzVz9sPc for ; Fri, 25 Oct 2019 01:02:11 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 4B19786914; Thu, 24 Oct 2019 14:02:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VIl4yiw8y2Ye; Thu, 24 Oct 2019 14:02:07 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 1D390868EF; Thu, 24 Oct 2019 14:02:07 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 17A4F1BF5A2 for ; Thu, 24 Oct 2019 14:02:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 14083214D2 for ; Thu, 24 Oct 2019 14:02:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Gq1paBK2Zfb for ; Thu, 24 Oct 2019 14:02:05 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-qt1-f195.google.com (mail-qt1-f195.google.com [209.85.160.195]) by silver.osuosl.org (Postfix) with ESMTPS id B42FB20386 for ; Thu, 24 Oct 2019 14:02:04 +0000 (UTC) Received: by mail-qt1-f195.google.com with SMTP id o25so24612777qtr.5 for ; Thu, 24 Oct 2019 07:02:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=ysH317R29TDVNszTNRoOla3Uh1MxvH9ep6vVPIlQ0X4=; b=rPeuPbAFTOD2XBgQT24OcV8k6MUoXk4WTC5H6rplGZfY/N/1SULpVlw3y7/acNEXNG U2iQQ9SWKiHTtNTjls2EkmLl5AXmnTZvSzwJ+4RlcGzpVG8J5sn3/S0Eo+JInk1rDFnd 9W5/Ni6IuITBZaDNgOE0gR9fwibmyKzJwPAxreg9ov9MLUJreoAKASCpcCc7oAfni1zd beOZ2qQRwN/YfvA/UhS2qiAgbt4VQpvVkuU0khgBlVQQVQooAbVOYfFD3D139Cj/jWkK oMpuCK1DJBSZouqzxDZIP4ly61yHoC/Opss/+NlgPCqmURoE2gfQuzA9OYWU3rCp+Lc+ O98w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ysH317R29TDVNszTNRoOla3Uh1MxvH9ep6vVPIlQ0X4=; b=mdbPTFxtLM3D8MjXtSI/rWVO2BfxSJw2Ycyu5iRDTVSsX7ZT9vjicOeY3iSt2fw1XJ /PUwrKWWaum5s+PvYopyB4Fc0Sfskas+v9F0Umg33pb+/d2H3loBEBy+taqC+BpNfg3R x5iRjh7HF3PobzGWdUxK/dnC2krOTf4YxYhlxEKCZyM5AjhJNyqgqDnLhoK1R9hQsQda d8frn2m+r5uTEsRzdHoXNZnJj1A9crwn1BD6oynLD2noOpd6Y+QFg/mUQ3tkr0RHHZne /UF4HkQq3EkYQI3nUydFVHoz1pAJaOvavvVO6YzUC2pA8hG+B0jobMxOTd/VqM48xFor ndRw== X-Gm-Message-State: APjAAAXncD4eg8wPFxmDoPJjJHvbpLVuTyrp/6jEWcdyvN78W3PbudnK 44sMBzICrDPAKq2R7DPE3Kj8Ci9E X-Google-Smtp-Source: APXvYqzxfFG+12ttYe21daae0vBY8SO6lP3mCLYpEee3WbFjlySwoydVi0mmnfsyKWds5eGLOEFN1g== X-Received: by 2002:ac8:5308:: with SMTP id t8mr4273072qtn.55.1571925723046; Thu, 24 Oct 2019 07:02:03 -0700 (PDT) Received: from casantos.remote.csb ([177.156.131.32]) by smtp.gmail.com with ESMTPSA id l7sm14642621qke.67.2019.10.24.07.01.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Oct 2019 07:02:01 -0700 (PDT) From: unixmania@gmail.com To: buildroot@buildroot.org Date: Thu, 24 Oct 2019 11:01:51 -0300 Message-Id: <20191024140151.546-1-unixmania@gmail.com> X-Mailer: git-send-email 2.18.1 Subject: [Buildroot] [PATCH v2] package/initscripts: refactor S20urandom X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Carlos Santos , Matthew Weber , Maxime Hadjinlian MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Carlos Santos Adapt the format to the current template, used in other init scripts, but do not use start/stop functions due to peculiarities. Treat RNG initialization and random seed backup as separate operations. Read /proc/sys/kernel/random/poolsize to calculate the pool size, as suggestred by the urandom manual page. Ensure that the random seed file has the correct size to prevent dumping an empty file to /dev/urandom on the first boot. Save the seed at /var/lib/random-seed as other non-systemd distributions do (e.g. RHEL6), since /etc can be in a red-only rootfs. The Filesystem Hierarchy Standard defines that /var/lib holds persistent data modified by programs as they run. Users willing to use a different path just need to redefine URANDOM_SEED in /etc/default/urandom instead of rewriting the init script. Signed-off-by: Carlos Santos Tested-by: Matthew Weber --- CC: Matthew Weber --- Changes v1->v2 - Convert start and stop function in init_rng and save_random_seed to avoid duplicated code. - Improve sanity checks - Keep failing gracefully in read-only rootfs cases, as pointed by Matthew Weber. --- package/initscripts/init.d/S20urandom | 98 ++++++++++++++++----------- 1 file changed, 60 insertions(+), 38 deletions(-) diff --git a/package/initscripts/init.d/S20urandom b/package/initscripts/init.d/S20urandom index cababe1023..4f6936a200 100644 --- a/package/initscripts/init.d/S20urandom +++ b/package/initscripts/init.d/S20urandom @@ -1,51 +1,73 @@ #! /bin/sh # -# urandom This script saves the random seed between reboots. -# It is called from the boot, halt and reboot scripts. -# -# Version: @(#)urandom 1.33 22-Jun-1998 miquels@cistron.nl +# Preserve the random seed between reboots. See urandom(4). # +# Quietly do nothing if /dev/urandom does not exist [ -c /dev/urandom ] || exit 0 -#. /etc/default/rcS -case "$1" in - start|"") - # check for read only file system - if ! touch /etc/random-seed 2>/dev/null - then - echo "read-only file system detected...done" - exit - fi - if [ "$VERBOSE" != no ] - then - printf "Initializing random number generator... " +URANDOM_SEED="/var/lib/random-seed" + +# shellcheck source=/dev/null +[ -r "/etc/default/urandom" ] && . "/etc/default/urandom" + +if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then + pool_size=$((pool_bits/8)) +else + pool_size=512 +fi + +check_file_size() { + [ -f "$URANDOM_SEED" ] || return 1 + # Try to read two blocks but exactly one will be read if the file has + # the correct size. + size=$(dd if="$URANDOM_SEED" bs="$pool_size" count=2 2> /dev/null | wc -c) + test "$size" -eq "$pool_size" +} + +init_rng() { + if check_file_size; then + printf 'Initializing random number generator: ' + dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" fi - # Load and then save 512 bytes, - # which is the size of the entropy pool - cat /etc/random-seed >/dev/urandom - rm -f /etc/random-seed + return "$status" + fi +} + +save_random_seed() { + printf 'Saving random seed: ' + if touch "$URANDOM_SEED" 2> /dev/null; then umask 077 - dd if=/dev/urandom of=/etc/random-seed count=1 \ - >/dev/null 2>&1 || echo "urandom start: failed." + dd if=/dev/urandom of="$URANDOM_SEED" bs="$pool_size" count=1 2> /dev/null + status=$? umask 022 - [ "$VERBOSE" != no ] && echo "done." - ;; - stop) - if ! touch /etc/random-seed 2>/dev/null - then - exit + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" fi - # Carry a random seed from shut-down to start-up; - # see documentation in linux/drivers/char/random.c - [ "$VERBOSE" != no ] && printf "Saving random seed... " - umask 077 - dd if=/dev/urandom of=/etc/random-seed count=1 \ - >/dev/null 2>&1 || echo "urandom stop: failed." - [ "$VERBOSE" != no ] && echo "done." - ;; + else + status=$? + echo "SKIP (read-only file system detected)" + fi + return "$status" +} + +case "$1" in + start|restart|reload) + # Carry a random seed from start-up to start-up + # Load and then save the whole entropy pool + init_rng && save_random_seed;; + stop) + # Carry a random seed from shut-down to start-up + # Save the whole entropy pool + save_random_seed;; *) - echo "Usage: urandom {start|stop}" >&2 + echo "Usage: $0 {start|stop|restart|reload}" exit 1 - ;; esac