From 2edc017a6e0cb92b72b768aaa46c6d336ad84eff Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 28 Mar 2022 00:25:56 -0400 Subject: urandom-seed: use seedrng for seeding the random number generator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenWRT and tweaked as needed: . This commit imports it into the urandom-seed package and wires up the init scripts to call it. This also is a significant improvement over the current init script, which does not robustly handle cleaning up of seeds and syncing to prevent reuse. Additionally, the existing script creates a new seed immediately after writing an old one, which means that the amount of entropy might actually regress, due to failing to credit the old seed. Closes: https://github.com/openwrt/openwrt/issues/9570 Signed-off-by: Jason A. Donenfeld Signed-off-by: Petr Štetiar [fixed missing INSTALL_DIR] --- package/system/urandom-seed/files/etc/init.d/urandom_seed | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package/system/urandom-seed/files/etc') diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed b/package/system/urandom-seed/files/etc/init.d/urandom_seed index 17d9c13400..d6e81c6079 100755 --- a/package/system/urandom-seed/files/etc/init.d/urandom_seed +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed @@ -5,7 +5,7 @@ USE_PROCD=1 start_service() { procd_open_instance "urandom_seed" - procd_set_param command "/sbin/urandom_seed" + procd_set_param command "/sbin/seedrng" procd_set_param stdout 1 procd_set_param stderr 1 procd_close_instance -- cgit v1.2.3