new file mode 100755
@@ -0,0 +1,22 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+
+SEED=/etc/urandom.seed
+
+error_exit() {
+ logger -t urandom_seed "$1"
+ exit 1
+}
+
+save_seed() {
+ touch $SEED.tmp || error_exit "touch failed"
+ chown root:root $SEED.tmp || error_exit "chown failed"
+ chmod 600 $SEED.tmp || error_exit "chmod failed"
+ getrandom 512 > $SEED.tmp || error_exit "getrandom failed"
+ mv $SEED.tmp $SEED || error_exit "mv failed"
+}
+
+boot() {
+ save_seed
+}
new file mode 100644
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+log_urandom_seed() {
+ echo "urandom-seed: $1" > /dev/kmsg
+}
+
+do_urandom_seed() {
+ S=/etc/urandom.seed
+ U=/dev/urandom
+
+ [ -c $U ] || { log_urandom_seed "Something is wrong with $U"; return; }
+ [ -f $S ] || { log_urandom_seed "Seed file not found: $S"; return; }
+ [ -O $S -a -G $S -a ! -x $S ] || { log_urandom_seed "Wrong owner / permissions for $S"; return; }
+
+ log_urandom_seed "Seeding with $S"
+ cat $S > $U
+}
+
+boot_hook_add preinit_main do_urandom_seed
This commit: 1) seed /dev/urandom with a saved seed as early as possible (using /lib/preinit/81_urandom_seed) 2) save a new seed using getrandom() so we are sure /dev/urandom pool is initialized (using /etc/init.d/urandom_seed) seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8) it's the same size as in ubuntu 14.04 and all systemd systems seed file is /etc/urandom.seed (need a writable path) seeding /dev/urandom doesn't change entropy estimation, so we still have "random: ubus urandom read with 4 bits of entropy available" messages in the logs, but we can now ignore them if after "urandom-seed: Seeding with ..." message We could also add an urandom.seed at build time to improve first boot v2: log preinit messages to /dev/kmsg v3: use non generic function name for logging, as /lib/preinit/ files are all sourced together in /etc/preinit Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com> --- package/base-files/files/etc/init.d/urandom_seed | 22 ++++++++++++++++++++++ .../base-files/files/lib/preinit/81_urandom_seed | 19 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100755 package/base-files/files/etc/init.d/urandom_seed create mode 100644 package/base-files/files/lib/preinit/81_urandom_seed