diff options
Diffstat (limited to 'source/a/sysvinit-scripts')
-rw-r--r-- | source/a/sysvinit-scripts/scripts/rc.6 | 29 | ||||
-rw-r--r-- | source/a/sysvinit-scripts/scripts/rc.S | 56 | ||||
-rwxr-xr-x | source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild | 2 |
3 files changed, 41 insertions, 46 deletions
diff --git a/source/a/sysvinit-scripts/scripts/rc.6 b/source/a/sysvinit-scripts/scripts/rc.6 index 1ebe12b69..6370a1a86 100644 --- a/source/a/sysvinit-scripts/scripts/rc.6 +++ b/source/a/sysvinit-scripts/scripts/rc.6 @@ -223,26 +223,27 @@ if [ -z "$container" ]; then # Any old seed that exists here shall be deemed useless: if [ -f /etc/random-seed ]; then rm -f /etc/random-seed + sync /etc fi if [ -x /usr/sbin/seedrng ]; then /usr/sbin/seedrng else # we have to fall back on the old method: - # Make sure the new seed storage directory exists: - if [ ! -d /var/lib/seedrng ]; then - mkdir -p /var/lib/seedrng - chmod 700 /var/lib/seedrng - fi + OLD_UMASK="$(umask)" + umask 077 + mkdir -p /var/lib/seedrng echo "The SeedRNG utility was not found. Generating a non-creditable and" echo "inferior RNG seed: /var/lib/seedrng/seed.no-credit" - # To get a seed that matches the pool size, we'll use dd. This assumes that - # by the time the machine was shut down that the kernel had generated nearly - # a full entropy pool, but there is no guarantee of this. - if [ -r /proc/sys/kernel/random/poolsize ]; then - /bin/dd if=/dev/urandom of=/var/lib/seedrng/seed.no-credit count=1 bs=$(expr $(cat /proc/sys/kernel/random/poolsize) / 8) 2> /dev/null - else - /bin/dd if=/dev/urandom of=/var/lib/seedrng/seed.no-credit count=1 bs=512 2> /dev/null - fi - /bin/chmod 400 /var/lib/seedrng/seed.no-credit + SEED="$(cat /var/lib/seedrng/seed.* 2>/dev/null | base64)" + rm -f /var/lib/seedrng/seed.* + sync /var/lib/seedrng + POOLSIZE=$(expr $(cat /proc/sys/kernel/random/poolsize 2> /dev/null || echo 4096) / 8) + { + head -c $POOLSIZE /dev/urandom + echo "$SEED" | base64 -d + } | sha512sum | cut -d ' ' -f 1 > /var/lib/seedrng/seed.no-credit + umask "$OLD_UMASK" + unset OLD_UMASK + unset SEED fi fi diff --git a/source/a/sysvinit-scripts/scripts/rc.S b/source/a/sysvinit-scripts/scripts/rc.S index c49140616..6cb7e3915 100644 --- a/source/a/sysvinit-scripts/scripts/rc.S +++ b/source/a/sysvinit-scripts/scripts/rc.S @@ -474,44 +474,38 @@ fi # to generate good entropy. We'll favor using seedrng, but if it's missing # (shouldn't be) then we'll fall back on using the script method. if [ -z "$container" ]; then - # Make sure the new seed storage directory exists: - if [ ! -d /var/lib/seedrng ]; then - mkdir -p /var/lib/seedrng - chmod 700 /var/lib/seedrng - fi # If the old /etc/random-seed exists and no seedrng-generated seeds exist, # then we might as well use it for non-creditable entropy: + OLD_UMASK="$(umask)" + umask 077 if [ -f /etc/random-seed ]; then - if ! /bin/ls /var/lib/seedrng/seed.* 1> /dev/null 2> /dev/null ; then - echo "Moving /etc/random-seed to /var/lib/seedrng/seed.no-credit." - mv /etc/random-seed /var/lib/seedrng/seed.no-credit - chmod 400 /var/lib/seedrng/seed.no-credit - fi + echo "Appending /etc/random-seed to /var/lib/seedrng/seed.no-credit." + SEED="$(base64 /etc/random-seed)" + rm -f /etc/random-seed + sync /etc + mkdir -p /var/lib/seedrng + echo "$SEED" | base64 -d >> /var/lib/seedrng/seed.no-credit fi # If we have the seedrng utility, we will use it to initialize the RNG: if [ -x /usr/sbin/seedrng ]; then /usr/sbin/seedrng else # we have to fall back on the old method: - if ! /bin/ls /var/lib/seedrng/seed.* 1> /dev/null 2> /dev/null ; then - echo "WARNING: no usable RNG seed was found in /var/lib/seedrng." - else - echo "The SeedRNG utility was not found. Seeding the RNG with an inferior method." - SEED="$(cat /var/lib/seedrng/seed.* | base64)" - rm -f /var/lib/seedrng/seed.* - sync /var/lib/seedrng - echo "$SEED" | base64 -d > /dev/urandom - # The seed saved below isn't going to be as large as the pool size, but - # it would only be used if the power fails before a proper shutdown is - # done. Nevertheless we'll try to get a little entropy saved from our - # previous seed(s) plus some bits from /dev/urandom (which *might* have - # some additional entropy in it). It's probably better than nothing. - echo "Saving a new uncreditable seed: /var/lib/seedrng/seed.no-credit" - { - head -c 512 /dev/urandom - echo "$SEED" | base64 -d - } | sha256sum | cut -d ' ' -f 1 > /var/lib/seedrng/seed.no-credit - chmod 400 /var/lib/seedrng/seed.no-credit - unset SEED - fi + echo "The SeedRNG utility was not found. Seeding the RNG with an inferior method." + SEED="$(cat /var/lib/seedrng/seed.* 2> /dev/null | base64)" + rm -f /var/lib/seedrng/seed.* + sync /var/lib/seedrng + echo "$SEED" | base64 -d > /dev/urandom + # The seed saved below isn't going to be as large as the pool size. + # Nevertheless we'll try to get a little entropy saved from our + # previous seed(s) plus some bits from /dev/urandom (which *might* have + # some additional entropy in it). It's probably better than nothing. + echo "Saving a new uncreditable seed: /var/lib/seedrng/seed.no-credit" + POOLSIZE=$(expr $(cat /proc/sys/kernel/random/poolsize 2> /dev/null || echo 4096) / 8) + { + head -c $POOLSIZE /dev/urandom + echo "$SEED" | base64 -d + } | sha512sum | cut -d ' ' -f 1 > /var/lib/seedrng/seed.no-credit fi + unset SEED + umask "$OLD_UMASK" fi diff --git a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild index 17e0dd5ce..2f918911a 100755 --- a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild +++ b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=sysvinit-scripts VERSION=${VERSION:-15.0} ARCH=noarch -BUILD=${BUILD:-10} +BUILD=${BUILD:-11} # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information |