From 6f3e9754ef9446cb8a9f98e593aed23a730c4c10 Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Thu, 15 Sep 2016 11:48:18 +0000
Subject:  Add s6-fillurandompool

---
 doc/index.html              |  1 +
 doc/s6-fillurandompool.html | 74 +++++++++++++++++++++++++++++++++++++++++++++
 doc/s6-freeramdisk.html     |  2 +-
 doc/upgrade.html            |  2 ++
 4 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 doc/s6-fillurandompool.html

(limited to 'doc')

diff --git a/doc/index.html b/doc/index.html
index b3ade25..292d81a 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -88,6 +88,7 @@ the previous versions of s6-linux-utils and the current one. </li>
 <li><a href="s6-devd.html">The <tt>s6-devd</tt> program</a></li>
 <li><a href="s6-uevent-listener.html">The <tt>s6-uevent-listener</tt> program</a></li>
 <li><a href="s6-uevent-spawner.html">The <tt>s6-uevent-spawner</tt> program</a></li>
+<li><a href="s6-fillurandompool.html">The <tt>s6-fillurandompool</tt> program</a></li>
 <li><a href="s6-freeramdisk.html">The <tt>s6-freeramdisk</tt> program</a></li>
 <li><a href="s6-hostname.html">The <tt>s6-hostname</tt> program</a></li>
 <li><a href="s6-logwatch.html">The <tt>s6-logwatch</tt> program</a></li>
diff --git a/doc/s6-fillurandompool.html b/doc/s6-fillurandompool.html
new file mode 100644
index 0000000..777307e
--- /dev/null
+++ b/doc/s6-fillurandompool.html
@@ -0,0 +1,74 @@
+<html>
+  <head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>s6-linux-utils: the s6-fillurandompool program</title>
+    <meta name="Description" content="s6-linux-utils: the s6-fillurandompool program" />
+    <meta name="Keywords" content="s6 linux administration root utilities random urandom /dev/urandom entropy pool getrandom getentropy" />
+    <!-- <link rel="stylesheet" type="text/css" href="http://skarnet.org/default.css" /> -->
+  </head>
+<body>
+
+<p>
+<a href="index.html">s6-linux-utils</a><br />
+<a href="http://skarnet.org/software/">Software</a><br />
+<a href="http://skarnet.org/">skarnet.org</a>
+</p>
+
+<h1> The <tt>s6-fillurandompool</tt> program </h1>
+
+<p>
+<tt>s6-fillurandompool</tt> blocks until the machine's
+<tt>/dev/urandom</tt> entropy pool is filled up. Then it exits.
+</p>
+
+<h2> Interface </h2>
+
+<pre>
+     s6-fillurandompool
+</pre>
+
+<h2> Rationale </h2>
+
+<p>
+ For some reason, Linux has <em>two</em> separate entropy pools: one for
+<tt>/dev/random</tt> and one for <tt>/dev/urandom</tt>.
+</p>
+
+<p>
+ Reading from <tt>/dev/random</tt> blocks when its entropy pool is
+not full enough, so it will never return weak random data. (Reading
+from <tt>/dev/random</tt> is overkill anyway, and
+<a href="http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/">you
+should not be doing it.</a>)
+</p>
+
+<p>
+ However, reading from <tt>/dev/urandom</tt> (which
+<a href="http://www.2uo.de/myths-about-urandom/">you should be doing</a>)
+will not block, even though the entropy pool may not have been
+initialized yet. That's the only insecure thing about it: at boot time,
+<tt>/dev/urandom</tt> may return weak random data, until its entropy
+pool has filled up.
+</p>
+
+<p>
+ <tt>s6-fillurandompool</tt> is meant to address this issue. Call it once
+early on in your boot scripts, before you need any serious random data;
+when it exits, the <tt>/dev/urandom</tt> pool has been properly initialized,
+and it is now safe to read from <tt>/dev/urandom</tt> every time you need
+random data, until the machine shuts down.
+</p>
+
+<h2> Notes </h2>
+
+<ul>
+ <li> <tt>s6-fillurandompool</tt> will only work on a Linux kernel version
+3.17 or later: this is when the
+<a href="http://man7.org/linux/man-pages/man2/getrandom.2.html"><tt>getrandom()</tt></a>
+system call, which it internally uses, has been implemented. </li>
+</ul>
+
+</body>
+</html>
diff --git a/doc/s6-freeramdisk.html b/doc/s6-freeramdisk.html
index a2baa68..880c4d0 100644
--- a/doc/s6-freeramdisk.html
+++ b/doc/s6-freeramdisk.html
@@ -19,7 +19,7 @@
 <h1> The <tt>s6-freeramdisk</tt> program </h1>
 
 <p>
-<tt>freeramdisk</tt> frees the memory occupied by a RAM disk. Call it
+<tt>s6-freeramdisk</tt> frees the memory occupied by a RAM disk. Call it
 when your RAM disk is not in use anymore.
 </p>
 
diff --git a/doc/upgrade.html b/doc/upgrade.html
index 1851be9..6c843ce 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -26,6 +26,8 @@
 by this package anymore: they're now a part of the
 <a href="http://skarnet.org/software/s6-linux-init/">s6-linux-init</a>
 package. </li>
+ <li> The <a href="s6-fillurandompool.html">s6-fillurandompool</a>
+program has been added. </li>
 </ul>
 
 <h2> in 2.1.0.0 </h2>
-- 
cgit v1.2.3