openwrtv4/package/base-files/files/etc
Etienne CHAMPETIER 3946a55291 base-files: seed /dev/urandom
This commit:
1) seed /dev/urandom with the saved seeds as early as possible
   (see /lib/preinit/81_urandom_seed)
2) save a seed at /etc/urandom.seed if it doesn't exists
3) save a new seed each boot at "system.@system[0].urandom_seed"
   (see /etc/init.d/urandom_seed)

We use getrandom() so we are sure /dev/urandom pool is initialized

Seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8)
it's the same size as in ubuntu 14.04 and all systemd systems

Seeding /dev/urandom doesn't change entropy estimation, so we still have
"random: ubus urandom read with 4 bits of entropy available"
messages in the logs, but we can now ignore them if
after "urandom-seed: Seeding with ..." message

Saving a new seed on each boot is disabled by default to avoid too much
writes without user consent

v2: log preinit messages to /dev/kmsg
v3: use non generic function name for logging, as /lib/preinit/ files
    are all sourced together in /etc/preinit
v4: after a lot of discussion on the ML, use a uci config param
v5: config param is now the path of the seed

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2016-06-30 22:48:39 +02:00
..
board.d base-files: remove default /etc/config/network, generate it via board.d instead 2016-01-25 16:30:41 +00:00
hotplug.d/net sysctl: read settings from /etc/sysctl.d/*.conf 2015-07-07 13:47:23 +00:00
init.d base-files: seed /dev/urandom 2016-06-30 22:48:39 +02:00
iproute2 base-files: add netifd's default prelocal table to /etc/iproute2/rt_tables 2016-02-09 12:34:05 +00:00
rc.button base-files: rework reset button script to indicate factory reset 2015-08-17 06:16:39 +00:00
sysctl.d sysctl: read settings from /etc/sysctl.d/*.conf 2015-07-07 13:47:23 +00:00
uci-defaults base-files: fix group/user settings after sysupgrade 2016-04-29 04:15:34 +02:00
banner Centralize setting of all version info to include/version.mk 2016-05-24 13:30:58 +02:00
banner.failsafe failsafe-mode: print short help on commandline 2014-10-20 06:29:05 +00:00
device_info base-files: add URL option for OEM manufacturer info 2015-10-05 10:28:53 +00:00
diag.sh
fstab base-files: remove fstab symlink 2016-06-17 04:13:07 +02:00
group
hosts base-files: add /etc/hosts entries for ::1, ff02::1 and ff02::2 2015-09-02 11:54:03 +00:00
inittab image / basefiles: make console password configurable 2016-04-18 21:53:07 +02:00
openwrt_release base-files: properly escape strings for version info 2014-07-29 13:30:23 +00:00
openwrt_version include, base-files, opkg: introduce version configuration to override the embedded version info of generated images - Introduce new Kconfig symbols VERSION_DIST, VERSION_NICK, VERSION_NUMBER and VERSION_REPO to specify distribution, release name, version and repository for a given build - Introduce include/version.mk to provide common helpers for packages dealing with versions - Make opkg use version.mk to populate the opkg.conf template - Make base-files use version.mk to populate /etc/openwrt_version, /etc/openwrt_release and /etc/banner 2012-04-12 17:31:16 +00:00
os-release base-files: Add standard os-release file 2016-06-24 13:52:53 +02:00
passwd base-files: prime root password with "x" to notify programs that there is a shadow record, fix /bin/login.sh password detection accordingly. Solves broken key based dropbear login with empty password after r28935. 2011-11-14 19:02:01 +00:00
preinit base-files: honor CONFIG_TARGET_INIT_PATH 2016-02-08 14:28:50 +00:00
profile base-files: Enhancements to /etc/profile 2016-05-14 16:53:10 +02:00
protocols base-files: add DCCP to /etc/protocols 2015-11-15 22:09:13 +00:00
rc.common base-files: add a init.d option that will start the syscall tracer 2015-03-26 10:58:17 +00:00
rc.local
services Add munin to /etc/services 2012-03-18 19:41:57 +00:00
shadow the root password should be empty for real, like before 2014-02-21 10:39:14 +00:00
shells
sysctl.conf base-files: revert to default ECN settings 2015-10-07 21:11:24 +00:00
sysupgrade.conf