about summary refs log tree commit diff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2016-09-15 11:48:18 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2016-09-15 11:48:18 +0000
commit6f3e9754ef9446cb8a9f98e593aed23a730c4c10 (patch)
treea973052c9a8c818a830ce3304996e45598989863
parent8cbb5587ff1b3770ff570bc120ea532cd62357bb (diff)
downloads6-linux-utils-6f3e9754ef9446cb8a9f98e593aed23a730c4c10.tar.gz
s6-linux-utils-6f3e9754ef9446cb8a9f98e593aed23a730c4c10.tar.xz
s6-linux-utils-6f3e9754ef9446cb8a9f98e593aed23a730c4c10.zip
Add s6-fillurandompool
-rw-r--r--doc/index.html1
-rw-r--r--doc/s6-fillurandompool.html74
-rw-r--r--doc/s6-freeramdisk.html2
-rw-r--r--doc/upgrade.html2
-rw-r--r--package/deps.mak3
-rw-r--r--package/modes1
-rw-r--r--package/targets.mak1
-rw-r--r--src/minutils/deps-exe/s6-fillurandompool1
-rw-r--r--src/minutils/s6-fillurandompool.c26
9 files changed, 110 insertions, 1 deletions
diff --git a/doc/index.html b/doc/index.html
index b3ade25..292d81a 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -88,6 +88,7 @@ the previous versions of s6-linux-utils and the current one. </li>
 <li><a href="s6-devd.html">The <tt>s6-devd</tt> program</a></li>
 <li><a href="s6-uevent-listener.html">The <tt>s6-uevent-listener</tt> program</a></li>
 <li><a href="s6-uevent-spawner.html">The <tt>s6-uevent-spawner</tt> program</a></li>
+<li><a href="s6-fillurandompool.html">The <tt>s6-fillurandompool</tt> program</a></li>
 <li><a href="s6-freeramdisk.html">The <tt>s6-freeramdisk</tt> program</a></li>
 <li><a href="s6-hostname.html">The <tt>s6-hostname</tt> program</a></li>
 <li><a href="s6-logwatch.html">The <tt>s6-logwatch</tt> program</a></li>
diff --git a/doc/s6-fillurandompool.html b/doc/s6-fillurandompool.html
new file mode 100644
index 0000000..777307e
--- /dev/null
+++ b/doc/s6-fillurandompool.html
@@ -0,0 +1,74 @@
+<html>
+  <head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>s6-linux-utils: the s6-fillurandompool program</title>
+    <meta name="Description" content="s6-linux-utils: the s6-fillurandompool program" />
+    <meta name="Keywords" content="s6 linux administration root utilities random urandom /dev/urandom entropy pool getrandom getentropy" />
+    <!-- <link rel="stylesheet" type="text/css" href="http://skarnet.org/default.css" /> -->
+  </head>
+<body>
+
+<p>
+<a href="index.html">s6-linux-utils</a><br />
+<a href="http://skarnet.org/software/">Software</a><br />
+<a href="http://skarnet.org/">skarnet.org</a>
+</p>
+
+<h1> The <tt>s6-fillurandompool</tt> program </h1>
+
+<p>
+<tt>s6-fillurandompool</tt> blocks until the machine's
+<tt>/dev/urandom</tt> entropy pool is filled up. Then it exits.
+</p>
+
+<h2> Interface </h2>
+
+<pre>
+     s6-fillurandompool
+</pre>
+
+<h2> Rationale </h2>
+
+<p>
+ For some reason, Linux has <em>two</em> separate entropy pools: one for
+<tt>/dev/random</tt> and one for <tt>/dev/urandom</tt>.
+</p>
+
+<p>
+ Reading from <tt>/dev/random</tt> blocks when its entropy pool is
+not full enough, so it will never return weak random data. (Reading
+from <tt>/dev/random</tt> is overkill anyway, and
+<a href="http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/">you
+should not be doing it.</a>)
+</p>
+
+<p>
+ However, reading from <tt>/dev/urandom</tt> (which
+<a href="http://www.2uo.de/myths-about-urandom/">you should be doing</a>)
+will not block, even though the entropy pool may not have been
+initialized yet. That's the only insecure thing about it: at boot time,
+<tt>/dev/urandom</tt> may return weak random data, until its entropy
+pool has filled up.
+</p>
+
+<p>
+ <tt>s6-fillurandompool</tt> is meant to address this issue. Call it once
+early on in your boot scripts, before you need any serious random data;
+when it exits, the <tt>/dev/urandom</tt> pool has been properly initialized,
+and it is now safe to read from <tt>/dev/urandom</tt> every time you need
+random data, until the machine shuts down.
+</p>
+
+<h2> Notes </h2>
+
+<ul>
+ <li> <tt>s6-fillurandompool</tt> will only work on a Linux kernel version
+3.17 or later: this is when the
+<a href="http://man7.org/linux/man-pages/man2/getrandom.2.html"><tt>getrandom()</tt></a>
+system call, which it internally uses, has been implemented. </li>
+</ul>
+
+</body>
+</html>
diff --git a/doc/s6-freeramdisk.html b/doc/s6-freeramdisk.html
index a2baa68..880c4d0 100644
--- a/doc/s6-freeramdisk.html
+++ b/doc/s6-freeramdisk.html
@@ -19,7 +19,7 @@
 <h1> The <tt>s6-freeramdisk</tt> program </h1>
 
 <p>
-<tt>freeramdisk</tt> frees the memory occupied by a RAM disk. Call it
+<tt>s6-freeramdisk</tt> frees the memory occupied by a RAM disk. Call it
 when your RAM disk is not in use anymore.
 </p>
 
diff --git a/doc/upgrade.html b/doc/upgrade.html
index 1851be9..6c843ce 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -26,6 +26,8 @@
 by this package anymore: they're now a part of the
 <a href="http://skarnet.org/software/s6-linux-init/">s6-linux-init</a>
 package. </li>
+ <li> The <a href="s6-fillurandompool.html">s6-fillurandompool</a>
+program has been added. </li>
 </ul>
 
 <h2> in 2.1.0.0 </h2>
diff --git a/package/deps.mak b/package/deps.mak
index d1aa40b..74e1ff2 100644
--- a/package/deps.mak
+++ b/package/deps.mak
@@ -4,6 +4,7 @@
 
 src/minutils/s6-chroot.o src/minutils/s6-chroot.lo: src/minutils/s6-chroot.c
 src/minutils/s6-devd.o src/minutils/s6-devd.lo: src/minutils/s6-devd.c src/include/s6-linux-utils/config.h
+src/minutils/s6-fillurandompool.o src/minutils/s6-fillurandompool.lo: src/minutils/s6-fillurandompool.c
 src/minutils/s6-freeramdisk.o src/minutils/s6-freeramdisk.lo: src/minutils/s6-freeramdisk.c
 src/minutils/s6-hostname.o src/minutils/s6-hostname.lo: src/minutils/s6-hostname.c
 src/minutils/s6-logwatch.o src/minutils/s6-logwatch.lo: src/minutils/s6-logwatch.c
@@ -27,6 +28,8 @@ s6-chroot: EXTRA_LIBS :=
 s6-chroot: src/minutils/s6-chroot.o -lskarnet
 s6-devd: EXTRA_LIBS :=
 s6-devd: src/minutils/s6-devd.o -lskarnet
+s6-fillurandompool: EXTRA_LIBS :=
+s6-fillurandompool: src/minutils/s6-fillurandompool.o -lskarnet
 s6-freeramdisk: EXTRA_LIBS :=
 s6-freeramdisk: src/minutils/s6-freeramdisk.o -lskarnet
 s6-hostname: EXTRA_LIBS :=
diff --git a/package/modes b/package/modes
index c436595..b6e43a2 100644
--- a/package/modes
+++ b/package/modes
@@ -2,6 +2,7 @@ s6-chroot		0700
 s6-devd			0700
 s6-uevent-listener	0700
 s6-uevent-spawner	0755
+s6-fillurandompool	0755
 s6-freeramdisk		0700
 s6-hostname		0755
 s6-logwatch		0755
diff --git a/package/targets.mak b/package/targets.mak
index c01bea2..3a68ac7 100644
--- a/package/targets.mak
+++ b/package/targets.mak
@@ -3,6 +3,7 @@ s6-chroot \
 s6-devd \
 s6-uevent-listener \
 s6-uevent-spawner \
+s6-fillurandompool \
 s6-freeramdisk \
 s6-hostname \
 s6-logwatch \
diff --git a/src/minutils/deps-exe/s6-fillurandompool b/src/minutils/deps-exe/s6-fillurandompool
new file mode 100644
index 0000000..e7187fe
--- /dev/null
+++ b/src/minutils/deps-exe/s6-fillurandompool
@@ -0,0 +1 @@
+-lskarnet
diff --git a/src/minutils/s6-fillurandompool.c b/src/minutils/s6-fillurandompool.c
new file mode 100644
index 0000000..775f289
--- /dev/null
+++ b/src/minutils/s6-fillurandompool.c
@@ -0,0 +1,26 @@
+/* ISC license. */
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
+#include <unistd.h>
+#include <sys/syscall.h>
+#include <skalibs/strerr2.h>
+#include <skalibs/djbunix.h>
+
+#define USAGE "s6-fillurandompool"
+
+static int getrandom (void *buf, size_t buflen, unsigned int flags)
+{
+  return syscall(SYS_getrandom, buf, buflen, flags) ;
+}
+
+int main (void)
+{
+  char buf[256] ;
+  PROG = "s6-fillurandompool" ;
+  if (getrandom(buf, 256, 0) != 256)
+    strerr_diefu1sys(111, "getrandom") ;
+  return 0 ;
+}