From: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Date: Mon, 20 Jul 2020 15:20:10 +0000 (+0200)
Subject: package/urandom-scripts: new package
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=2fb5886fd739f47d811ea0d3f595d50250de5646;p=buildroot.git

package/urandom-scripts: new package

The init script S20urandom is used to preserve the kernel's RNG
seed between reboots. This functionality is not required for the
package "initscripts". Further there are use-cases where this script
should not be installed at all (e.g. systems that only have read-only
partitions), but that's currently not possible as the script is
a mandatory part of the package "initscripts".

Let's move the script into its own package "urandom-scripts" and select it,
if the default skeleton is enabled. This maintains backward-compatibility
and allows to deselect it.

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
[yann.morin.1998@free.fr:
  - extend help text
  - default y if initscripts (instead of skeleton default)
  - allow use with openRC, but not systemd
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---

diff --git a/package/Config.in b/package/Config.in
index 7ab1112644..e6500123f6 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2291,6 +2291,7 @@ menu "Security"
 	source "package/selinux-python/Config.in"
 	source "package/semodule-utils/Config.in"
 	source "package/setools/Config.in"
+	source "package/urandom-scripts/Config.in"
 endmenu
 
 menu "Shell and utilities"
diff --git a/package/initscripts/init.d/S20urandom b/package/initscripts/init.d/S20urandom
deleted file mode 100644
index e4fd125721..0000000000
--- a/package/initscripts/init.d/S20urandom
+++ /dev/null
@@ -1,74 +0,0 @@
-#! /bin/sh
-#
-# Preserve the random seed between reboots. See urandom(4).
-#
-
-# Quietly do nothing if /dev/urandom does not exist
-[ -c /dev/urandom ] || exit 0
-
-URANDOM_SEED="/var/lib/random-seed"
-
-# shellcheck source=/dev/null
-[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
-
-if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
-	pool_size=$((pool_bits/8))
-else
-	pool_size=512
-fi
-
-check_file_size() {
-	[ -f "$URANDOM_SEED" ] || return 1
-	# Try to read two blocks but exactly one will be read if the file has
-	# the correct size.
-	size=$(dd if="$URANDOM_SEED" bs="$pool_size" count=2 2> /dev/null | wc -c)
-	test "$size" -eq "$pool_size"
-}
-
-init_rng() {
-	if check_file_size; then
-		printf 'Initializing random number generator: '
-		dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
-		status=$?
-		if [ "$status" -eq 0 ]; then
-			echo "OK"
-		else
-			echo "FAIL"
-		fi
-		return "$status"
-	fi
-}
-
-save_random_seed() {
-	printf 'Saving random seed: '
-	if touch "$URANDOM_SEED" 2> /dev/null; then
-		old_umask=$(umask)
-		umask 077
-		dd if=/dev/urandom of="$URANDOM_SEED" bs="$pool_size" count=1 2> /dev/null
-		status=$?
-		umask "$old_umask"
-		if [ "$status" -eq 0 ]; then
-			echo "OK"
-		else
-			echo "FAIL"
-		fi
-	else
-		status=$?
-		echo "SKIP (read-only file system detected)"
-	fi
-	return "$status"
-}
-
-case "$1" in
-	start|restart|reload)
-		# Carry a random seed from start-up to start-up
-		# Load and then save the whole entropy pool
-		init_rng && save_random_seed;;
-	stop)
-		# Carry a random seed from shut-down to start-up
-		# Save the whole entropy pool
-		save_random_seed;;
-	*)
-		echo "Usage: $0 {start|stop|restart|reload}"
-		exit 1
-esac
diff --git a/package/urandom-scripts/Config.in b/package/urandom-scripts/Config.in
new file mode 100644
index 0000000000..987e442e22
--- /dev/null
+++ b/package/urandom-scripts/Config.in
@@ -0,0 +1,10 @@
+config BR2_PACKAGE_URANDOM_SCRIPTS
+	bool "urandom-initscripts"
+	default y if BR2_PACKAGE_INITSCRIPTS
+	depends on !BR2_PACKAGE_SYSTEMD
+	help
+	  Initscript to preserve the random seed between reboots.
+
+	  WARNING: this is a poor fit to try and get high-quality
+	  entropy at boot. There are better ways, like haveged, or
+	  rng-tools.
diff --git a/package/urandom-scripts/S20urandom b/package/urandom-scripts/S20urandom
new file mode 100644
index 0000000000..e4fd125721
--- /dev/null
+++ b/package/urandom-scripts/S20urandom
@@ -0,0 +1,74 @@
+#! /bin/sh
+#
+# Preserve the random seed between reboots. See urandom(4).
+#
+
+# Quietly do nothing if /dev/urandom does not exist
+[ -c /dev/urandom ] || exit 0
+
+URANDOM_SEED="/var/lib/random-seed"
+
+# shellcheck source=/dev/null
+[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
+
+if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
+	pool_size=$((pool_bits/8))
+else
+	pool_size=512
+fi
+
+check_file_size() {
+	[ -f "$URANDOM_SEED" ] || return 1
+	# Try to read two blocks but exactly one will be read if the file has
+	# the correct size.
+	size=$(dd if="$URANDOM_SEED" bs="$pool_size" count=2 2> /dev/null | wc -c)
+	test "$size" -eq "$pool_size"
+}
+
+init_rng() {
+	if check_file_size; then
+		printf 'Initializing random number generator: '
+		dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
+		status=$?
+		if [ "$status" -eq 0 ]; then
+			echo "OK"
+		else
+			echo "FAIL"
+		fi
+		return "$status"
+	fi
+}
+
+save_random_seed() {
+	printf 'Saving random seed: '
+	if touch "$URANDOM_SEED" 2> /dev/null; then
+		old_umask=$(umask)
+		umask 077
+		dd if=/dev/urandom of="$URANDOM_SEED" bs="$pool_size" count=1 2> /dev/null
+		status=$?
+		umask "$old_umask"
+		if [ "$status" -eq 0 ]; then
+			echo "OK"
+		else
+			echo "FAIL"
+		fi
+	else
+		status=$?
+		echo "SKIP (read-only file system detected)"
+	fi
+	return "$status"
+}
+
+case "$1" in
+	start|restart|reload)
+		# Carry a random seed from start-up to start-up
+		# Load and then save the whole entropy pool
+		init_rng && save_random_seed;;
+	stop)
+		# Carry a random seed from shut-down to start-up
+		# Save the whole entropy pool
+		save_random_seed;;
+	*)
+		echo "Usage: $0 {start|stop|restart|reload}"
+		exit 1
+esac
diff --git a/package/urandom-scripts/urandom-scripts.mk b/package/urandom-scripts/urandom-scripts.mk
new file mode 100644
index 0000000000..2c09728c46
--- /dev/null
+++ b/package/urandom-scripts/urandom-scripts.mk
@@ -0,0 +1,12 @@
+################################################################################
+#
+# urandom-scripts
+#
+################################################################################
+
+define URANDOM_SCRIPTS_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 0755 $(URANDOM_SCRIPTS_PKGDIR)/S20urandom \
+		$(TARGET_DIR)/etc/init.d/S20urandom
+endef
+
+$(eval $(generic-package))