diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2016-09-15 11:48:18 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2016-09-15 11:48:18 +0000 |
commit | 6f3e9754ef9446cb8a9f98e593aed23a730c4c10 (patch) | |
tree | a973052c9a8c818a830ce3304996e45598989863 | |
parent | 8cbb5587ff1b3770ff570bc120ea532cd62357bb (diff) | |
download | s6-linux-utils-6f3e9754ef9446cb8a9f98e593aed23a730c4c10.tar.gz s6-linux-utils-6f3e9754ef9446cb8a9f98e593aed23a730c4c10.tar.xz s6-linux-utils-6f3e9754ef9446cb8a9f98e593aed23a730c4c10.zip |
Add s6-fillurandompool
-rw-r--r-- | doc/index.html | 1 | ||||
-rw-r--r-- | doc/s6-fillurandompool.html | 74 | ||||
-rw-r--r-- | doc/s6-freeramdisk.html | 2 | ||||
-rw-r--r-- | doc/upgrade.html | 2 | ||||
-rw-r--r-- | package/deps.mak | 3 | ||||
-rw-r--r-- | package/modes | 1 | ||||
-rw-r--r-- | package/targets.mak | 1 | ||||
-rw-r--r-- | src/minutils/deps-exe/s6-fillurandompool | 1 | ||||
-rw-r--r-- | src/minutils/s6-fillurandompool.c | 26 |
9 files changed, 110 insertions, 1 deletions
diff --git a/doc/index.html b/doc/index.html index b3ade25..292d81a 100644 --- a/doc/index.html +++ b/doc/index.html @@ -88,6 +88,7 @@ the previous versions of s6-linux-utils and the current one. </li> <li><a href="s6-devd.html">The <tt>s6-devd</tt> program</a></li> <li><a href="s6-uevent-listener.html">The <tt>s6-uevent-listener</tt> program</a></li> <li><a href="s6-uevent-spawner.html">The <tt>s6-uevent-spawner</tt> program</a></li> +<li><a href="s6-fillurandompool.html">The <tt>s6-fillurandompool</tt> program</a></li> <li><a href="s6-freeramdisk.html">The <tt>s6-freeramdisk</tt> program</a></li> <li><a href="s6-hostname.html">The <tt>s6-hostname</tt> program</a></li> <li><a href="s6-logwatch.html">The <tt>s6-logwatch</tt> program</a></li> diff --git a/doc/s6-fillurandompool.html b/doc/s6-fillurandompool.html new file mode 100644 index 0000000..777307e --- /dev/null +++ b/doc/s6-fillurandompool.html @@ -0,0 +1,74 @@ +<html> + <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <meta http-equiv="Content-Language" content="en" /> + <title>s6-linux-utils: the s6-fillurandompool program</title> + <meta name="Description" content="s6-linux-utils: the s6-fillurandompool program" /> + <meta name="Keywords" content="s6 linux administration root utilities random urandom /dev/urandom entropy pool getrandom getentropy" /> + <!-- <link rel="stylesheet" type="text/css" href="http://skarnet.org/default.css" /> --> + </head> +<body> + +<p> +<a href="index.html">s6-linux-utils</a><br /> +<a href="http://skarnet.org/software/">Software</a><br /> +<a href="http://skarnet.org/">skarnet.org</a> +</p> + +<h1> The <tt>s6-fillurandompool</tt> program </h1> + +<p> +<tt>s6-fillurandompool</tt> blocks until the machine's +<tt>/dev/urandom</tt> entropy pool is filled up. Then it exits. +</p> + +<h2> Interface </h2> + +<pre> + s6-fillurandompool +</pre> + +<h2> Rationale </h2> + +<p> + For some reason, Linux has <em>two</em> separate entropy pools: one for +<tt>/dev/random</tt> and one for <tt>/dev/urandom</tt>. +</p> + +<p> + Reading from <tt>/dev/random</tt> blocks when its entropy pool is +not full enough, so it will never return weak random data. (Reading +from <tt>/dev/random</tt> is overkill anyway, and +<a href="http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/">you +should not be doing it.</a>) +</p> + +<p> + However, reading from <tt>/dev/urandom</tt> (which +<a href="http://www.2uo.de/myths-about-urandom/">you should be doing</a>) +will not block, even though the entropy pool may not have been +initialized yet. That's the only insecure thing about it: at boot time, +<tt>/dev/urandom</tt> may return weak random data, until its entropy +pool has filled up. +</p> + +<p> + <tt>s6-fillurandompool</tt> is meant to address this issue. Call it once +early on in your boot scripts, before you need any serious random data; +when it exits, the <tt>/dev/urandom</tt> pool has been properly initialized, +and it is now safe to read from <tt>/dev/urandom</tt> every time you need +random data, until the machine shuts down. +</p> + +<h2> Notes </h2> + +<ul> + <li> <tt>s6-fillurandompool</tt> will only work on a Linux kernel version +3.17 or later: this is when the +<a href="http://man7.org/linux/man-pages/man2/getrandom.2.html"><tt>getrandom()</tt></a> +system call, which it internally uses, has been implemented. </li> +</ul> + +</body> +</html> diff --git a/doc/s6-freeramdisk.html b/doc/s6-freeramdisk.html index a2baa68..880c4d0 100644 --- a/doc/s6-freeramdisk.html +++ b/doc/s6-freeramdisk.html @@ -19,7 +19,7 @@ <h1> The <tt>s6-freeramdisk</tt> program </h1> <p> -<tt>freeramdisk</tt> frees the memory occupied by a RAM disk. Call it +<tt>s6-freeramdisk</tt> frees the memory occupied by a RAM disk. Call it when your RAM disk is not in use anymore. </p> diff --git a/doc/upgrade.html b/doc/upgrade.html index 1851be9..6c843ce 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -26,6 +26,8 @@ by this package anymore: they're now a part of the <a href="http://skarnet.org/software/s6-linux-init/">s6-linux-init</a> package. </li> + <li> The <a href="s6-fillurandompool.html">s6-fillurandompool</a> +program has been added. </li> </ul> <h2> in 2.1.0.0 </h2> diff --git a/package/deps.mak b/package/deps.mak index d1aa40b..74e1ff2 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -4,6 +4,7 @@ src/minutils/s6-chroot.o src/minutils/s6-chroot.lo: src/minutils/s6-chroot.c src/minutils/s6-devd.o src/minutils/s6-devd.lo: src/minutils/s6-devd.c src/include/s6-linux-utils/config.h +src/minutils/s6-fillurandompool.o src/minutils/s6-fillurandompool.lo: src/minutils/s6-fillurandompool.c src/minutils/s6-freeramdisk.o src/minutils/s6-freeramdisk.lo: src/minutils/s6-freeramdisk.c src/minutils/s6-hostname.o src/minutils/s6-hostname.lo: src/minutils/s6-hostname.c src/minutils/s6-logwatch.o src/minutils/s6-logwatch.lo: src/minutils/s6-logwatch.c @@ -27,6 +28,8 @@ s6-chroot: EXTRA_LIBS := s6-chroot: src/minutils/s6-chroot.o -lskarnet s6-devd: EXTRA_LIBS := s6-devd: src/minutils/s6-devd.o -lskarnet +s6-fillurandompool: EXTRA_LIBS := +s6-fillurandompool: src/minutils/s6-fillurandompool.o -lskarnet s6-freeramdisk: EXTRA_LIBS := s6-freeramdisk: src/minutils/s6-freeramdisk.o -lskarnet s6-hostname: EXTRA_LIBS := diff --git a/package/modes b/package/modes index c436595..b6e43a2 100644 --- a/package/modes +++ b/package/modes @@ -2,6 +2,7 @@ s6-chroot 0700 s6-devd 0700 s6-uevent-listener 0700 s6-uevent-spawner 0755 +s6-fillurandompool 0755 s6-freeramdisk 0700 s6-hostname 0755 s6-logwatch 0755 diff --git a/package/targets.mak b/package/targets.mak index c01bea2..3a68ac7 100644 --- a/package/targets.mak +++ b/package/targets.mak @@ -3,6 +3,7 @@ s6-chroot \ s6-devd \ s6-uevent-listener \ s6-uevent-spawner \ +s6-fillurandompool \ s6-freeramdisk \ s6-hostname \ s6-logwatch \ diff --git a/src/minutils/deps-exe/s6-fillurandompool b/src/minutils/deps-exe/s6-fillurandompool new file mode 100644 index 0000000..e7187fe --- /dev/null +++ b/src/minutils/deps-exe/s6-fillurandompool @@ -0,0 +1 @@ +-lskarnet diff --git a/src/minutils/s6-fillurandompool.c b/src/minutils/s6-fillurandompool.c new file mode 100644 index 0000000..775f289 --- /dev/null +++ b/src/minutils/s6-fillurandompool.c @@ -0,0 +1,26 @@ +/* ISC license. */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif + +#include <unistd.h> +#include <sys/syscall.h> +#include <skalibs/strerr2.h> +#include <skalibs/djbunix.h> + +#define USAGE "s6-fillurandompool" + +static int getrandom (void *buf, size_t buflen, unsigned int flags) +{ + return syscall(SYS_getrandom, buf, buflen, flags) ; +} + +int main (void) +{ + char buf[256] ; + PROG = "s6-fillurandompool" ; + if (getrandom(buf, 256, 0) != 256) + strerr_diefu1sys(111, "getrandom") ; + return 0 ; +} |