* [Buildroot] [PATCH] fs/cpio: drop static random-seed
@ 2015-07-07 10:01 Baruch Siach
2015-07-07 11:10 ` Peter Korsgaard
0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2015-07-07 10:01 UTC (permalink / raw)
To: buildroot
Initializing the kernel entropy pool in initramfs from a seed file that never
changes doesn't make much sense. Not initializing the entropy pool at all is
better than initializing it from a known seed.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
fs/cpio/cpio.mk | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
index e82167e512dc..fa3cde64838e 100644
--- a/fs/cpio/cpio.mk
+++ b/fs/cpio/cpio.mk
@@ -28,7 +28,8 @@ endif # BR2_ROOTFS_DEVICE_CREATION_STATIC
ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
define ROOTFS_CPIO_CMD
- cd $(TARGET_DIR) && find . | cpio --quiet -o -H newc > $@
+ cd $(TARGET_DIR) && find . \! -path ./etc/random-seed \
+ | cpio --quiet -o -H newc > $@
endef
$(BINARIES_DIR)/rootfs.cpio.uboot: $(BINARIES_DIR)/rootfs.cpio host-uboot-tools
--
2.1.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] fs/cpio: drop static random-seed
2015-07-07 10:01 [Buildroot] [PATCH] fs/cpio: drop static random-seed Baruch Siach
@ 2015-07-07 11:10 ` Peter Korsgaard
2015-07-07 11:28 ` Baruch Siach
0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2015-07-07 11:10 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Initializing the kernel entropy pool in initramfs from a seed file that never
> changes doesn't make much sense. Not initializing the entropy pool at all is
> better than initializing it from a known seed.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
I agree, but why don't we simply drop our static /etc/random-seed from
the default skeleton instead?
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] fs/cpio: drop static random-seed
2015-07-07 11:10 ` Peter Korsgaard
@ 2015-07-07 11:28 ` Baruch Siach
2015-07-07 12:38 ` Peter Korsgaard
0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2015-07-07 11:28 UTC (permalink / raw)
To: buildroot
Hi Peter,
On Tue, Jul 07, 2015 at 01:10:21PM +0200, Peter Korsgaard wrote:
> >>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
>
> > Initializing the kernel entropy pool in initramfs from a seed file that never
> > changes doesn't make much sense. Not initializing the entropy pool at all is
> > better than initializing it from a known seed.
>
> > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>
> I agree, but why don't we simply drop our static /etc/random-seed from
> the default skeleton instead?
Good idea. /etc/random-seed is less harmful on persistent filesystems, as it
only affects the first boot. But it probably doesn't do any good either.
In addition to that I think it would also be better not to use
/etc/random-seed when the filesystem is read-only, even when that file exists.
Currently /etc/init.d/S20urandom reads /etc/random-seed from a read-only
filesystem, but doesn't write it, which seems just wrong.
What do you thing?
I'll send patches if everybody agree on the plan.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] fs/cpio: drop static random-seed
2015-07-07 11:28 ` Baruch Siach
@ 2015-07-07 12:38 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2015-07-07 12:38 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
Hi,
>> I agree, but why don't we simply drop our static /etc/random-seed from
>> the default skeleton instead?
> Good idea. /etc/random-seed is less harmful on persistent filesystems, as it
> only affects the first boot. But it probably doesn't do any good either.
Yes, but plenty of people use a readonly /etc, so they have the same
issue.
> In addition to that I think it would also be better not to use
> /etc/random-seed when the filesystem is read-only, even when that file exists.
> Currently /etc/init.d/S20urandom reads /etc/random-seed from a read-only
> filesystem, but doesn't write it, which seems just wrong.
> What do you thing?
It was discussed recently:
http://lists.busybox.net/pipermail/buildroot/2015-March/121708.html
I think we should just remove the hardcoded seed file. If people have a
persistent RW /etc then S20urandom handles it, and otherwise it doesn't
do anything.
You can argue if it makes sense to update /etc/random-seed directly in
the start phase of the init script (as the system will not have a lot of
interesting entropy), but most systems probably don't get shut down
nicely, so the stop action never runs.
--
Venlig hilsen,
Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-07-07 12:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-07 10:01 [Buildroot] [PATCH] fs/cpio: drop static random-seed Baruch Siach
2015-07-07 11:10 ` Peter Korsgaard
2015-07-07 11:28 ` Baruch Siach
2015-07-07 12:38 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.