From 87044318e9acb741e1b74767f30cc4ae802ed398 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 25 Mar 2022 21:37:44 -0600
Subject: Use seedrng for seeding the random number generator

The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like void-runit
and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.

This commit imports it into void-runit and wires up the init scripts to
call it. This also is a significant improvement over the current init
script, which fails to remove seed files that have already been used, or
to ratchet them forward.
---
 rc.conf | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'rc.conf')

diff --git a/rc.conf b/rc.conf
index 2c4cf64..aa3da51 100644
--- a/rc.conf
+++ b/rc.conf
@@ -40,3 +40,8 @@
 # legacy: mount cgroup v1 /sys/fs/cgroup
 # unified: mount cgroup v2 under /sys/fs/cgroup
 #CGROUP_MODE=hybrid
+
+# Set this to true only if you do not want seed files to actually credit the
+# RNG, for example if you plan to replicate this file system image and do not
+# have the wherewithal to first delete the contents of /var/lib/seedrng.
+#SEEDRNG_SKIP_CREDIT=false
-- 
cgit 1.4.1