From: Petr Štetiar Date: Mon, 20 May 2019 14:38:33 +0000 (+0200) Subject: base-files: move urandom seed bits into separate package X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=27bfde9c9f789dbfabebf13047e8b042c27cdeef;p=openwrt%2Fstaging%2Fthess.git base-files: move urandom seed bits into separate package So it's possible to install or remove it as needed. Tested-by: Lucian Cristian Signed-off-by: Petr Štetiar --- diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 609ffa2c38..91d677acb3 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=197 +PKG_RELEASE:=198 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ @@ -43,6 +43,15 @@ define Package/base-files VERSION:=$(PKG_RELEASE)-$(REVISION) endef +define Package/urandom-seed + SECTION:=base + CATEGORY:=Base system + DEPENDS:=+libc +ubox-getrandom + TITLE:=/etc/urandom.seed handling for OpenWrt + URL:=http://openwrt.org/ + VERSION:=$(PKG_RELEASE)-$(REVISION) +endef + define Package/base-files/conffiles /etc/config/ /etc/config/network diff --git a/package/base-files/files/etc/init.d/urandom_seed b/package/base-files/files/etc/init.d/urandom_seed deleted file mode 100755 index 17d9c13400..0000000000 --- a/package/base-files/files/etc/init.d/urandom_seed +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=99 -USE_PROCD=1 - -start_service() { - procd_open_instance "urandom_seed" - procd_set_param command "/sbin/urandom_seed" - procd_set_param stdout 1 - procd_set_param stderr 1 - procd_close_instance -} diff --git a/package/base-files/files/lib/preinit/81_urandom_seed b/package/base-files/files/lib/preinit/81_urandom_seed deleted file mode 100644 index 26212c60b5..0000000000 --- a/package/base-files/files/lib/preinit/81_urandom_seed +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -log_urandom_seed() { - echo "urandom-seed: $1" > /dev/kmsg -} - -_do_urandom_seed() { - [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; } - [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner / permissions for $1"; return; } - - log_urandom_seed "Seeding with $1" - cat "$1" > /dev/urandom -} - -do_urandom_seed() { - [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; } - - _do_urandom_seed "/etc/urandom.seed" - - SEED="$(uci -q get system.@system[0].urandom_seed)" - [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] && _do_urandom_seed "$SEED" -} - -boot_hook_add preinit_main do_urandom_seed diff --git a/package/base-files/files/sbin/urandom_seed b/package/base-files/files/sbin/urandom_seed deleted file mode 100755 index 7043e8af4e..0000000000 --- a/package/base-files/files/sbin/urandom_seed +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -set -e - -trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT - -save() { - touch "$1.tmp" - chown root:root "$1.tmp" - chmod 600 "$1.tmp" - getrandom 512 > "$1.tmp" - mv "$1.tmp" "$1" - echo "Seed saved ($1)" -} - -SEED="$(uci -q get system.@system[0].urandom_seed || true)" -[ "${SEED:0:1}" = "/" ] && save "$SEED" - -SEED=/etc/urandom.seed -[ ! -f $SEED ] && save "$SEED" -true diff --git a/package/system/urandom-seed/Makefile b/package/system/urandom-seed/Makefile new file mode 100644 index 0000000000..6bde2e0b8a --- /dev/null +++ b/package/system/urandom-seed/Makefile @@ -0,0 +1,32 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=urandom-seed +PKG_VERSION:=1.0 +PKG_RELEASE:=1 +PKG_LICENSE:=GPL-2.0 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=base + CATEGORY:=Base system + DEPENDS:=+getrandom + TITLE:=/etc/urandom.seed handling for OpenWrt + URL:=http://openwrt.org/ +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Compile/Default +endef +Build/Compile = $(Build/Compile/Default) + +define Package/$(PKG_NAME)/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,urandom-seed)) diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed b/package/system/urandom-seed/files/etc/init.d/urandom_seed new file mode 100755 index 0000000000..17d9c13400 --- /dev/null +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed @@ -0,0 +1,12 @@ +#!/bin/sh /etc/rc.common + +START=99 +USE_PROCD=1 + +start_service() { + procd_open_instance "urandom_seed" + procd_set_param command "/sbin/urandom_seed" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed new file mode 100644 index 0000000000..26212c60b5 --- /dev/null +++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed @@ -0,0 +1,24 @@ +#!/bin/sh + +log_urandom_seed() { + echo "urandom-seed: $1" > /dev/kmsg +} + +_do_urandom_seed() { + [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; } + [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner / permissions for $1"; return; } + + log_urandom_seed "Seeding with $1" + cat "$1" > /dev/urandom +} + +do_urandom_seed() { + [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; } + + _do_urandom_seed "/etc/urandom.seed" + + SEED="$(uci -q get system.@system[0].urandom_seed)" + [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] && _do_urandom_seed "$SEED" +} + +boot_hook_add preinit_main do_urandom_seed diff --git a/package/system/urandom-seed/files/sbin/urandom_seed b/package/system/urandom-seed/files/sbin/urandom_seed new file mode 100755 index 0000000000..7043e8af4e --- /dev/null +++ b/package/system/urandom-seed/files/sbin/urandom_seed @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT + +save() { + touch "$1.tmp" + chown root:root "$1.tmp" + chmod 600 "$1.tmp" + getrandom 512 > "$1.tmp" + mv "$1.tmp" "$1" + echo "Seed saved ($1)" +} + +SEED="$(uci -q get system.@system[0].urandom_seed || true)" +[ "${SEED:0:1}" = "/" ] && save "$SEED" + +SEED=/etc/urandom.seed +[ ! -f $SEED ] && save "$SEED" +true