summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Denker <jsd@av8n.com>2013-11-05 17:00:54 -0700
committerJohn Denker <jsd@av8n.com>2013-11-05 17:04:12 -0700
commit686444948276dbd6565e0bb8cec5b3d998a1621d (patch)
tree054f176e2f6f8e79708a36a377e6c79fbf27c833
parent1c30e25f4adf015865d57a7b5ab670cde446c82c (diff)
first draft: urandom-save
-rw-r--r--urandom-save.conf25
1 files changed, 25 insertions, 0 deletions
diff --git a/urandom-save.conf b/urandom-save.conf
new file mode 100644
index 0000000..eecac2d
--- /dev/null
+++ b/urandom-save.conf
@@ -0,0 +1,25 @@
+# urandom-save - save a new seed-file, for use by kernel PRNG at next boot
+#
+
+description "save seed-file for use by kernel PRNG"
+
+# a) We should refresh the seed-file as soon as possible
+# i.e. as soon as the filesystem is mounted and writeable.
+# b) We should also refresh it again as late as possible,
+# i.e. when shutting down, i.e. runlevels other than 2345
+start on (filesystem or runlevel [!2345])
+
+task
+console output
+
+script
+ SAVEDFILE=/var/lib/urandom/random-seed # probably belongs in a config file
+# 512 is usually the right size, as documented in drivers/char/random.c
+ POOLSIZE=512 # size in bytes
+ if test -f /proc/sys/kernel/random/poolsize \
+ && ProcPoolSize="$(cat /proc/sys/kernel/random/poolsize)" ; then
+# Kernels 2.6.12 and later report poolsize in bits; we convert to bytes here:
+ POOLSIZE=$((ProcPoolSize/8))
+ fi
+ dd if=/dev/urandom of=$SAVEDFILE bs=$POOLSIZE count=1 >/dev/null 2>&1
+end script