Use seedrng for seeding the random number generator

The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like void-runit and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>. This commit imports it into void-runit and wires up the init scripts to call it. This also is a significant improvement over the current init script, which fails to remove seed files that have already been used, or to ratchet them forward.
basploeger · Mar 26, 2022 · 8704431 · 8704431
1 parent 5b18be1
commit 8704431
Show file tree

Hide file tree

Showing 6 changed files with 446 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 halt
 pause
 vlogger
+seedrng
diff --git a/3 b/3
@@ -15,8 +15,7 @@ sv exit /var/service/*
 [ -x /etc/rc.shutdown ] && /etc/rc.shutdown
 
 if [ -z "$VIRTUALIZATION" ]; then
-    msg "Saving random seed..."
-    ( umask 077; bytes=$(cat /proc/sys/kernel/random/poolsize) || bytes=512; dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=$bytes >/dev/null 2>&1 )
+    seedrng
 fi
 
 if [ -z "$VIRTUALIZATION" -a -n "$HARDWARECLOCK" ]; then

diff --git a/Makefile b/Makefile
@@ -5,6 +5,7 @@ all:
 	$(CC) $(CFLAGS) halt.c -o halt $(LDFLAGS)
 	$(CC) $(CFLAGS) pause.c -o pause $(LDFLAGS)
 	$(CC) $(CFLAGS) vlogger.c -o vlogger $(LDFLAGS)
+	$(CC) $(CFLAGS) seedrng.c -o seedrng $(LDFLAGS)
 
 install:
 	install -d ${DESTDIR}/${PREFIX}/sbin
@@ -13,6 +14,7 @@ install:
 	install -m755 vlogger ${DESTDIR}/${PREFIX}/sbin
 	install -m755 shutdown ${DESTDIR}/${PREFIX}/sbin/shutdown
 	install -m755 modules-load ${DESTDIR}/${PREFIX}/sbin/modules-load
+	install -m755 seedrng ${DESTDIR}/${PREFIX}/sbin/seedrng
 	install -m755 zzz ${DESTDIR}/${PREFIX}/sbin
 	ln -sf zzz ${DESTDIR}/${PREFIX}/sbin/ZZZ
 	ln -sf halt ${DESTDIR}/${PREFIX}/sbin/poweroff

diff --git a/core-services/05-misc.sh b/core-services/05-misc.sh
@@ -4,8 +4,7 @@ install -m0664 -o root -g utmp /dev/null /run/utmp
 halt -B  # for wtmp
 
 if [ -z "$VIRTUALIZATION" ]; then
-    msg "Initializing random seed..."
-    cp /var/lib/random-seed /dev/urandom >/dev/null 2>&1 || true
+    seedrng || true
 fi
 
 msg "Setting up loopback interface..."

diff --git a/rc.conf b/rc.conf
@@ -40,3 +40,8 @@
 # legacy: mount cgroup v1 /sys/fs/cgroup
 # unified: mount cgroup v2 under /sys/fs/cgroup
 #CGROUP_MODE=hybrid
+
+# Set this to true only if you do not want seed files to actually credit the
+# RNG, for example if you plan to replicate this file system image and do not
+# have the wherewithal to first delete the contents of /var/lib/seedrng.
+#SEEDRNG_SKIP_CREDIT=false
-Original file line number
+Diff line change
@@ -1,3 +1,4 @@
     halt
     pause
     vlogger
+    seedrng