[Buildroot] [PATCH] fs/cpio: drop static random-seed

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH] fs/cpio: drop static random-seed
@ 2015-07-07 10:01 Baruch Siach
  2015-07-07 11:10 ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2015-07-07 10:01 UTC (permalink / raw)
  To: buildroot

Initializing the kernel entropy pool in initramfs from a seed file that never
changes doesn't make much sense. Not initializing the entropy pool at all is
better than initializing it from a known seed.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 fs/cpio/cpio.mk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
index e82167e512dc..fa3cde64838e 100644
--- a/fs/cpio/cpio.mk
+++ b/fs/cpio/cpio.mk
@@ -28,7 +28,8 @@ endif # BR2_ROOTFS_DEVICE_CREATION_STATIC
 ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
 
 define ROOTFS_CPIO_CMD
-	cd $(TARGET_DIR) && find . | cpio --quiet -o -H newc > $@
+	cd $(TARGET_DIR) && find . \! -path ./etc/random-seed \
+		| cpio --quiet -o -H newc > $@
 endef
 
 $(BINARIES_DIR)/rootfs.cpio.uboot: $(BINARIES_DIR)/rootfs.cpio host-uboot-tools
-- 
2.1.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] fs/cpio: drop static random-seed
  2015-07-07 10:01 [Buildroot] [PATCH] fs/cpio: drop static random-seed Baruch Siach
@ 2015-07-07 11:10 ` Peter Korsgaard
  2015-07-07 11:28   ` Baruch Siach
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2015-07-07 11:10 UTC (permalink / raw)
  To: buildroot

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > Initializing the kernel entropy pool in initramfs from a seed file that never
 > changes doesn't make much sense. Not initializing the entropy pool at all is
 > better than initializing it from a known seed.

 > Signed-off-by: Baruch Siach <baruch@tkos.co.il>

I agree, but why don't we simply drop our static /etc/random-seed from
the default skeleton instead?

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] fs/cpio: drop static random-seed
  2015-07-07 11:10 ` Peter Korsgaard
@ 2015-07-07 11:28   ` Baruch Siach
  2015-07-07 12:38     ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2015-07-07 11:28 UTC (permalink / raw)
  To: buildroot

Hi Peter,

On Tue, Jul 07, 2015 at 01:10:21PM +0200, Peter Korsgaard wrote:
> >>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> 
>  > Initializing the kernel entropy pool in initramfs from a seed file that never
>  > changes doesn't make much sense. Not initializing the entropy pool at all is
>  > better than initializing it from a known seed.
> 
>  > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> 
> I agree, but why don't we simply drop our static /etc/random-seed from
> the default skeleton instead?

Good idea. /etc/random-seed is less harmful on persistent filesystems, as it 
only affects the first boot. But it probably doesn't do any good either.

In addition to that I think it would also be better not to use 
/etc/random-seed when the filesystem is read-only, even when that file exists. 
Currently /etc/init.d/S20urandom reads /etc/random-seed from a read-only 
filesystem, but doesn't write it, which seems just wrong.

What do you thing?

I'll send patches if everybody agree on the plan.

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH] fs/cpio: drop static random-seed
  2015-07-07 11:28   ` Baruch Siach
@ 2015-07-07 12:38     ` Peter Korsgaard
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2015-07-07 12:38 UTC (permalink / raw)
  To: buildroot

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

Hi,

>> I agree, but why don't we simply drop our static /etc/random-seed from
 >> the default skeleton instead?

 > Good idea. /etc/random-seed is less harmful on persistent filesystems, as it 
 > only affects the first boot. But it probably doesn't do any good either.

Yes, but plenty of people use a readonly /etc, so they have the same
issue.

> In addition to that I think it would also be better not to use 
 > /etc/random-seed when the filesystem is read-only, even when that file exists. 
 > Currently /etc/init.d/S20urandom reads /etc/random-seed from a read-only 
 > filesystem, but doesn't write it, which seems just wrong.

 > What do you thing?

It was discussed recently:

http://lists.busybox.net/pipermail/buildroot/2015-March/121708.html

I think we should just remove the hardcoded seed file. If people have a
persistent RW /etc then S20urandom handles it, and otherwise it doesn't
do anything.

You can argue if it makes sense to update /etc/random-seed directly in
the start phase of the init script (as the system will not have a lot of
interesting entropy), but most systems probably don't get shut down
nicely, so the stop action never runs.

-- 
Venlig hilsen,
Peter Korsgaard 

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-07-07 12:38 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-07 10:01 [Buildroot] [PATCH] fs/cpio: drop static random-seed Baruch Siach
2015-07-07 11:10 ` Peter Korsgaard
2015-07-07 11:28   ` Baruch Siach
2015-07-07 12:38     ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.