From 6f3e9754ef9446cb8a9f98e593aed23a730c4c10 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 15 Sep 2016 11:48:18 +0000 Subject: Add s6-fillurandompool --- doc/index.html | 1 + doc/s6-fillurandompool.html | 74 ++++++++++++++++++++++++++++++++ doc/s6-freeramdisk.html | 2 +- doc/upgrade.html | 2 + package/deps.mak | 3 ++ package/modes | 1 + package/targets.mak | 1 + src/minutils/deps-exe/s6-fillurandompool | 1 + src/minutils/s6-fillurandompool.c | 26 +++++++++++ 9 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 doc/s6-fillurandompool.html create mode 100644 src/minutils/deps-exe/s6-fillurandompool create mode 100644 src/minutils/s6-fillurandompool.c diff --git a/doc/index.html b/doc/index.html index b3ade25..292d81a 100644 --- a/doc/index.html +++ b/doc/index.html @@ -88,6 +88,7 @@ the previous versions of s6-linux-utils and the current one.
  • The s6-devd program
  • The s6-uevent-listener program
  • The s6-uevent-spawner program
  • +
  • The s6-fillurandompool program
  • The s6-freeramdisk program
  • The s6-hostname program
  • The s6-logwatch program
  • diff --git a/doc/s6-fillurandompool.html b/doc/s6-fillurandompool.html new file mode 100644 index 0000000..777307e --- /dev/null +++ b/doc/s6-fillurandompool.html @@ -0,0 +1,74 @@ + + + + + + s6-linux-utils: the s6-fillurandompool program + + + + + + +

    +s6-linux-utils
    +Software
    +skarnet.org +

    + +

    The s6-fillurandompool program

    + +

    +s6-fillurandompool blocks until the machine's +/dev/urandom entropy pool is filled up. Then it exits. +

    + +

    Interface

    + +
    +     s6-fillurandompool
    +
    + +

    Rationale

    + +

    + For some reason, Linux has two separate entropy pools: one for +/dev/random and one for /dev/urandom. +

    + +

    + Reading from /dev/random blocks when its entropy pool is +not full enough, so it will never return weak random data. (Reading +from /dev/random is overkill anyway, and +you +should not be doing it.) +

    + +

    + However, reading from /dev/urandom (which +you should be doing) +will not block, even though the entropy pool may not have been +initialized yet. That's the only insecure thing about it: at boot time, +/dev/urandom may return weak random data, until its entropy +pool has filled up. +

    + +

    + s6-fillurandompool is meant to address this issue. Call it once +early on in your boot scripts, before you need any serious random data; +when it exits, the /dev/urandom pool has been properly initialized, +and it is now safe to read from /dev/urandom every time you need +random data, until the machine shuts down. +

    + +

    Notes

    + + + + + diff --git a/doc/s6-freeramdisk.html b/doc/s6-freeramdisk.html index a2baa68..880c4d0 100644 --- a/doc/s6-freeramdisk.html +++ b/doc/s6-freeramdisk.html @@ -19,7 +19,7 @@

    The s6-freeramdisk program

    -freeramdisk frees the memory occupied by a RAM disk. Call it +s6-freeramdisk frees the memory occupied by a RAM disk. Call it when your RAM disk is not in use anymore.

    diff --git a/doc/upgrade.html b/doc/upgrade.html index 1851be9..6c843ce 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -26,6 +26,8 @@ by this package anymore: they're now a part of the s6-linux-init package. +
  • The s6-fillurandompool +program has been added.
  • in 2.1.0.0

    diff --git a/package/deps.mak b/package/deps.mak index d1aa40b..74e1ff2 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -4,6 +4,7 @@ src/minutils/s6-chroot.o src/minutils/s6-chroot.lo: src/minutils/s6-chroot.c src/minutils/s6-devd.o src/minutils/s6-devd.lo: src/minutils/s6-devd.c src/include/s6-linux-utils/config.h +src/minutils/s6-fillurandompool.o src/minutils/s6-fillurandompool.lo: src/minutils/s6-fillurandompool.c src/minutils/s6-freeramdisk.o src/minutils/s6-freeramdisk.lo: src/minutils/s6-freeramdisk.c src/minutils/s6-hostname.o src/minutils/s6-hostname.lo: src/minutils/s6-hostname.c src/minutils/s6-logwatch.o src/minutils/s6-logwatch.lo: src/minutils/s6-logwatch.c @@ -27,6 +28,8 @@ s6-chroot: EXTRA_LIBS := s6-chroot: src/minutils/s6-chroot.o -lskarnet s6-devd: EXTRA_LIBS := s6-devd: src/minutils/s6-devd.o -lskarnet +s6-fillurandompool: EXTRA_LIBS := +s6-fillurandompool: src/minutils/s6-fillurandompool.o -lskarnet s6-freeramdisk: EXTRA_LIBS := s6-freeramdisk: src/minutils/s6-freeramdisk.o -lskarnet s6-hostname: EXTRA_LIBS := diff --git a/package/modes b/package/modes index c436595..b6e43a2 100644 --- a/package/modes +++ b/package/modes @@ -2,6 +2,7 @@ s6-chroot 0700 s6-devd 0700 s6-uevent-listener 0700 s6-uevent-spawner 0755 +s6-fillurandompool 0755 s6-freeramdisk 0700 s6-hostname 0755 s6-logwatch 0755 diff --git a/package/targets.mak b/package/targets.mak index c01bea2..3a68ac7 100644 --- a/package/targets.mak +++ b/package/targets.mak @@ -3,6 +3,7 @@ s6-chroot \ s6-devd \ s6-uevent-listener \ s6-uevent-spawner \ +s6-fillurandompool \ s6-freeramdisk \ s6-hostname \ s6-logwatch \ diff --git a/src/minutils/deps-exe/s6-fillurandompool b/src/minutils/deps-exe/s6-fillurandompool new file mode 100644 index 0000000..e7187fe --- /dev/null +++ b/src/minutils/deps-exe/s6-fillurandompool @@ -0,0 +1 @@ +-lskarnet diff --git a/src/minutils/s6-fillurandompool.c b/src/minutils/s6-fillurandompool.c new file mode 100644 index 0000000..775f289 --- /dev/null +++ b/src/minutils/s6-fillurandompool.c @@ -0,0 +1,26 @@ +/* ISC license. */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif + +#include +#include +#include +#include + +#define USAGE "s6-fillurandompool" + +static int getrandom (void *buf, size_t buflen, unsigned int flags) +{ + return syscall(SYS_getrandom, buf, buflen, flags) ; +} + +int main (void) +{ + char buf[256] ; + PROG = "s6-fillurandompool" ; + if (getrandom(buf, 256, 0) != 256) + strerr_diefu1sys(111, "getrandom") ; + return 0 ; +} -- cgit v1.2.3