mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-01 19:46:51 +00:00
2edc017a6e
The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenWRT and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>. This commit imports it into the urandom-seed package and wires up the init scripts to call it. This also is a significant improvement over the current init script, which does not robustly handle cleaning up of seeds and syncing to prevent reuse. Additionally, the existing script creates a new seed immediately after writing an old one, which means that the amount of entropy might actually regress, due to failing to credit the old seed. Closes: https://github.com/openwrt/openwrt/issues/9570 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed missing INSTALL_DIR]
33 lines
709 B
Makefile
33 lines
709 B
Makefile
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=urandom-seed
|
|
PKG_RELEASE:=3
|
|
PKG_LICENSE:=GPL-2.0-only
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/urandom-seed
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
TITLE:=/etc/urandom.seed handling for OpenWrt
|
|
URL:=https://openwrt.org/
|
|
endef
|
|
|
|
define Build/Prepare
|
|
mkdir -p $(PKG_BUILD_DIR)
|
|
endef
|
|
|
|
define Build/Compile/Default
|
|
$(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS) \
|
|
-std=gnu99 -o $(PKG_BUILD_DIR)/seedrng seedrng.c
|
|
endef
|
|
Build/Compile = $(Build/Compile/Default)
|
|
|
|
define Package/urandom-seed/install
|
|
$(CP) ./files/* $(1)/
|
|
$(INSTALL_DIR) $(1)/sbin
|
|
$(CP) $(PKG_BUILD_DIR)/seedrng $(1)/sbin/
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,urandom-seed))
|