summaryrefslogtreecommitdiffstats
path: root/source/a/sysvinit-scripts/scripts
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2022-04-11 20:49:27 +0000
committer Eric Hameleers <alien@slackware.com>2022-04-12 06:59:46 +0200
commit953ba4662ba606085f47de6b2fe08c1a80eb898f (patch)
tree12a231673d84c7bf867d925fa6a3b41c2c2808a4 /source/a/sysvinit-scripts/scripts
parentbe3b3218759d05ff14a3109334760b1aa701429d (diff)
downloadcurrent-953ba4662ba606085f47de6b2fe08c1a80eb898f.tar.gz
current-953ba4662ba606085f47de6b2fe08c1a80eb898f.tar.xz
Mon Apr 11 20:49:27 UTC 202220220411204927
a/aaa_libraries-15.1-x86_64-3.txz: Rebuilt. Upgraded: libz.so.1.2.12, libexpat.so.1.8.8, libcap.so.2.64, libicudata.so.70.1, libicui18n.so.70.1, libicuio.so.70.1, libicutest.so.70.1, libicutu.so.70.1, libicuuc.so.70.1. The icu4c libraries are from the previous package (for temporary compatibility) and will be removed in a month or so. Removed: liblber-2.4.so.2.11.7, libldap-2.4.so.2.11.7. a/haveged-1.9.18-x86_64-1.txz: Upgraded. I've decided to turn this back on by default in light of comments in README.md. It doesn't hurt to have an additional source of entropy (especially in early boot), and the overhead from running this daemon is negligible. a/sysvinit-scripts-15.0-noarch-11.txz: Rebuilt. rc.S, rc.6: use a temporary umask and more syncing to avoid any races when creating the random seed directory and files. Use the poolsize rather than a hardcoded 512 bytes when creating a non-creditable seed in the fallback scripts. Thanks to Jason A. Donenfeld. a/xfsprogs-5.13.0-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. ap/inxi-3.3.15_1-noarch-1.txz: Upgraded. ap/sqlite-3.38.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. d/help2man-1.49.2-x86_64-1.txz: Upgraded. kde/attica-5.93.0-x86_64-1.txz: Upgraded. kde/baloo-5.93.0-x86_64-1.txz: Upgraded. kde/bluez-qt-5.93.0-x86_64-1.txz: Upgraded. kde/breeze-icons-5.93.0-noarch-1.txz: Upgraded. kde/extra-cmake-modules-5.93.0-x86_64-1.txz: Upgraded. kde/frameworkintegration-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-5.93.0-x86_64-1.txz: Upgraded. kde/kactivities-stats-5.93.0-x86_64-1.txz: Upgraded. kde/kapidox-5.93.0-x86_64-1.txz: Upgraded. kde/karchive-5.93.0-x86_64-1.txz: Upgraded. kde/kauth-5.93.0-x86_64-1.txz: Upgraded. kde/kbookmarks-5.93.0-x86_64-1.txz: Upgraded. kde/kcalendarcore-5.93.0-x86_64-1.txz: Upgraded. kde/kcmutils-5.93.0-x86_64-1.txz: Upgraded. kde/kcodecs-5.93.0-x86_64-1.txz: Upgraded. kde/kcompletion-5.93.0-x86_64-1.txz: Upgraded. kde/kconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kconfigwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kcontacts-5.93.0-x86_64-1.txz: Upgraded. kde/kcoreaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kcrash-5.93.0-x86_64-1.txz: Upgraded. kde/kdav-5.93.0-x86_64-1.txz: Upgraded. kde/kdbusaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kdeclarative-5.93.0-x86_64-1.txz: Upgraded. kde/kded-5.93.0-x86_64-1.txz: Upgraded. kde/kdelibs4support-5.93.0-x86_64-1.txz: Upgraded. kde/kdesignerplugin-5.93.0-x86_64-1.txz: Upgraded. kde/kdesu-5.93.0-x86_64-1.txz: Upgraded. kde/kdewebkit-5.93.0-x86_64-1.txz: Upgraded. kde/kdnssd-5.93.0-x86_64-1.txz: Upgraded. kde/kdoctools-5.93.0-x86_64-1.txz: Upgraded. kde/kemoticons-5.93.0-x86_64-1.txz: Upgraded. kde/kfilemetadata-5.93.0-x86_64-1.txz: Upgraded. kde/kglobalaccel-5.93.0-x86_64-1.txz: Upgraded. kde/kguiaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kholidays-5.93.0-x86_64-1.txz: Upgraded. kde/khtml-5.93.0-x86_64-1.txz: Upgraded. kde/ki18n-5.93.0-x86_64-1.txz: Upgraded. kde/kiconthemes-5.93.0-x86_64-1.txz: Upgraded. kde/kidletime-5.93.0-x86_64-1.txz: Upgraded. kde/kimageformats-5.93.0-x86_64-1.txz: Upgraded. kde/kinit-5.93.0-x86_64-1.txz: Upgraded. kde/kio-5.93.0-x86_64-1.txz: Upgraded. kde/kirigami2-5.93.0-x86_64-1.txz: Upgraded. kde/kitemmodels-5.93.0-x86_64-1.txz: Upgraded. kde/kitemviews-5.93.0-x86_64-1.txz: Upgraded. kde/kjobwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kjs-5.93.0-x86_64-1.txz: Upgraded. kde/kjsembed-5.93.0-x86_64-1.txz: Upgraded. kde/kmediaplayer-5.93.0-x86_64-1.txz: Upgraded. kde/knewstuff-5.93.0-x86_64-1.txz: Upgraded. kde/knotifications-5.93.0-x86_64-1.txz: Upgraded. kde/knotifyconfig-5.93.0-x86_64-1.txz: Upgraded. kde/kpackage-5.93.0-x86_64-1.txz: Upgraded. kde/kparts-5.93.0-x86_64-1.txz: Upgraded. kde/kpeople-5.93.0-x86_64-1.txz: Upgraded. kde/kplotting-5.93.0-x86_64-1.txz: Upgraded. kde/kpty-5.93.0-x86_64-1.txz: Upgraded. kde/kquickcharts-5.93.0-x86_64-1.txz: Upgraded. kde/kross-5.93.0-x86_64-1.txz: Upgraded. kde/krunner-5.93.0-x86_64-1.txz: Upgraded. kde/kservice-5.93.0-x86_64-1.txz: Upgraded. kde/ktexteditor-5.93.0-x86_64-1.txz: Upgraded. kde/ktextwidgets-5.93.0-x86_64-1.txz: Upgraded. kde/kunitconversion-5.93.0-x86_64-1.txz: Upgraded. kde/kwallet-5.93.0-x86_64-1.txz: Upgraded. kde/kwayland-5.93.0-x86_64-1.txz: Upgraded. kde/kwidgetsaddons-5.93.0-x86_64-1.txz: Upgraded. kde/kwindowsystem-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlgui-5.93.0-x86_64-1.txz: Upgraded. kde/kxmlrpcclient-5.93.0-x86_64-1.txz: Upgraded. kde/modemmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/networkmanager-qt-5.93.0-x86_64-1.txz: Upgraded. kde/oxygen-icons5-5.93.0-noarch-1.txz: Upgraded. kde/plasma-framework-5.93.0-x86_64-1.txz: Upgraded. kde/prison-5.93.0-x86_64-1.txz: Upgraded. kde/purpose-5.93.0-x86_64-1.txz: Upgraded. kde/qqc2-desktop-style-5.93.0-x86_64-1.txz: Upgraded. kde/solid-5.93.0-x86_64-1.txz: Upgraded. kde/sonnet-5.93.0-x86_64-1.txz: Upgraded. kde/syndication-5.93.0-x86_64-1.txz: Upgraded. kde/syntax-highlighting-5.93.0-x86_64-1.txz: Upgraded. kde/threadweaver-5.93.0-x86_64-1.txz: Upgraded. l/boost-1.78.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. l/harfbuzz-4.2.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/icu4c-71.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/libcap-2.64-x86_64-1.txz: Upgraded. l/libical-3.0.14-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. l/libqalculate-4.1.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/libvisio-0.1.7-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/nodejs-16.14.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. l/qt5-5.15.3_20220407_9b1efa0e-x86_64-1.txz: Upgraded. Compiled against icu4c-71.1. l/qt5-webkit-5.212.0_alpha4-x86_64-9.txz: Rebuilt. Recompiled against icu4c-71.1. l/vte-0.66.2-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. n/dovecot-2.3.18-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/links-2.26-x86_64-1.txz: Upgraded. n/openssh-9.0p1-x86_64-1.txz: Upgraded. This update contains some potentially incompatible changes regarding the scp utility. For more information, see: https://www.openssh.com/releasenotes.html#9.0 n/php-7.4.28-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/postfix-3.7.0-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. n/samba-4.16.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. n/tin-2.6.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. t/texlive-2021.210418-x86_64-4.txz: Rebuilt. Recompiled against icu4c-71.1. x/xclock-1.1.1-x86_64-1.txz: Upgraded. x/xdpyinfo-1.3.3-x86_64-1.txz: Upgraded. extra/brltty/brltty-6.4-x86_64-5.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php80/php80-8.0.17-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/php81/php81-8.1.4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-8.17.1-x86_64-3.txz: Rebuilt. Recompiled against icu4c-71.1. extra/sendmail/sendmail-cf-8.17.1-noarch-3.txz: Rebuilt.
Diffstat (limited to 'source/a/sysvinit-scripts/scripts')
-rw-r--r--source/a/sysvinit-scripts/scripts/rc.629
-rw-r--r--source/a/sysvinit-scripts/scripts/rc.S56
2 files changed, 40 insertions, 45 deletions
diff --git a/source/a/sysvinit-scripts/scripts/rc.6 b/source/a/sysvinit-scripts/scripts/rc.6
index 1ebe12b69..6370a1a86 100644
--- a/source/a/sysvinit-scripts/scripts/rc.6
+++ b/source/a/sysvinit-scripts/scripts/rc.6
@@ -223,26 +223,27 @@ if [ -z "$container" ]; then
# Any old seed that exists here shall be deemed useless:
if [ -f /etc/random-seed ]; then
rm -f /etc/random-seed
+ sync /etc
fi
if [ -x /usr/sbin/seedrng ]; then
/usr/sbin/seedrng
else # we have to fall back on the old method:
- # Make sure the new seed storage directory exists:
- if [ ! -d /var/lib/seedrng ]; then
- mkdir -p /var/lib/seedrng
- chmod 700 /var/lib/seedrng
- fi
+ OLD_UMASK="$(umask)"
+ umask 077
+ mkdir -p /var/lib/seedrng
echo "The SeedRNG utility was not found. Generating a non-creditable and"
echo "inferior RNG seed: /var/lib/seedrng/seed.no-credit"
- # To get a seed that matches the pool size, we'll use dd. This assumes that
- # by the time the machine was shut down that the kernel had generated nearly
- # a full entropy pool, but there is no guarantee of this.
- if [ -r /proc/sys/kernel/random/poolsize ]; then
- /bin/dd if=/dev/urandom of=/var/lib/seedrng/seed.no-credit count=1 bs=$(expr $(cat /proc/sys/kernel/random/poolsize) / 8) 2> /dev/null
- else
- /bin/dd if=/dev/urandom of=/var/lib/seedrng/seed.no-credit count=1 bs=512 2> /dev/null
- fi
- /bin/chmod 400 /var/lib/seedrng/seed.no-credit
+ SEED="$(cat /var/lib/seedrng/seed.* 2>/dev/null | base64)"
+ rm -f /var/lib/seedrng/seed.*
+ sync /var/lib/seedrng
+ POOLSIZE=$(expr $(cat /proc/sys/kernel/random/poolsize 2> /dev/null || echo 4096) / 8)
+ {
+ head -c $POOLSIZE /dev/urandom
+ echo "$SEED" | base64 -d
+ } | sha512sum | cut -d ' ' -f 1 > /var/lib/seedrng/seed.no-credit
+ umask "$OLD_UMASK"
+ unset OLD_UMASK
+ unset SEED
fi
fi
diff --git a/source/a/sysvinit-scripts/scripts/rc.S b/source/a/sysvinit-scripts/scripts/rc.S
index c49140616..6cb7e3915 100644
--- a/source/a/sysvinit-scripts/scripts/rc.S
+++ b/source/a/sysvinit-scripts/scripts/rc.S
@@ -474,44 +474,38 @@ fi
# to generate good entropy. We'll favor using seedrng, but if it's missing
# (shouldn't be) then we'll fall back on using the script method.
if [ -z "$container" ]; then
- # Make sure the new seed storage directory exists:
- if [ ! -d /var/lib/seedrng ]; then
- mkdir -p /var/lib/seedrng
- chmod 700 /var/lib/seedrng
- fi
# If the old /etc/random-seed exists and no seedrng-generated seeds exist,
# then we might as well use it for non-creditable entropy:
+ OLD_UMASK="$(umask)"
+ umask 077
if [ -f /etc/random-seed ]; then
- if ! /bin/ls /var/lib/seedrng/seed.* 1> /dev/null 2> /dev/null ; then
- echo "Moving /etc/random-seed to /var/lib/seedrng/seed.no-credit."
- mv /etc/random-seed /var/lib/seedrng/seed.no-credit
- chmod 400 /var/lib/seedrng/seed.no-credit
- fi
+ echo "Appending /etc/random-seed to /var/lib/seedrng/seed.no-credit."
+ SEED="$(base64 /etc/random-seed)"
+ rm -f /etc/random-seed
+ sync /etc
+ mkdir -p /var/lib/seedrng
+ echo "$SEED" | base64 -d >> /var/lib/seedrng/seed.no-credit
fi
# If we have the seedrng utility, we will use it to initialize the RNG:
if [ -x /usr/sbin/seedrng ]; then
/usr/sbin/seedrng
else # we have to fall back on the old method:
- if ! /bin/ls /var/lib/seedrng/seed.* 1> /dev/null 2> /dev/null ; then
- echo "WARNING: no usable RNG seed was found in /var/lib/seedrng."
- else
- echo "The SeedRNG utility was not found. Seeding the RNG with an inferior method."
- SEED="$(cat /var/lib/seedrng/seed.* | base64)"
- rm -f /var/lib/seedrng/seed.*
- sync /var/lib/seedrng
- echo "$SEED" | base64 -d > /dev/urandom
- # The seed saved below isn't going to be as large as the pool size, but
- # it would only be used if the power fails before a proper shutdown is
- # done. Nevertheless we'll try to get a little entropy saved from our
- # previous seed(s) plus some bits from /dev/urandom (which *might* have
- # some additional entropy in it). It's probably better than nothing.
- echo "Saving a new uncreditable seed: /var/lib/seedrng/seed.no-credit"
- {
- head -c 512 /dev/urandom
- echo "$SEED" | base64 -d
- } | sha256sum | cut -d ' ' -f 1 > /var/lib/seedrng/seed.no-credit
- chmod 400 /var/lib/seedrng/seed.no-credit
- unset SEED
- fi
+ echo "The SeedRNG utility was not found. Seeding the RNG with an inferior method."
+ SEED="$(cat /var/lib/seedrng/seed.* 2> /dev/null | base64)"
+ rm -f /var/lib/seedrng/seed.*
+ sync /var/lib/seedrng
+ echo "$SEED" | base64 -d > /dev/urandom
+ # The seed saved below isn't going to be as large as the pool size.
+ # Nevertheless we'll try to get a little entropy saved from our
+ # previous seed(s) plus some bits from /dev/urandom (which *might* have
+ # some additional entropy in it). It's probably better than nothing.
+ echo "Saving a new uncreditable seed: /var/lib/seedrng/seed.no-credit"
+ POOLSIZE=$(expr $(cat /proc/sys/kernel/random/poolsize 2> /dev/null || echo 4096) / 8)
+ {
+ head -c $POOLSIZE /dev/urandom
+ echo "$SEED" | base64 -d
+ } | sha512sum | cut -d ' ' -f 1 > /var/lib/seedrng/seed.no-credit
fi
+ unset SEED
+ umask "$OLD_UMASK"
fi
generated by cgit v1.2.3-79-gdb01 (git 2.46.1) at 2024-09-24 09:16:16 +0000