076c2552ae
The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenRC and tweaked as needed: https://git.zx2c4.com/seedrng/about/ This commit imports it into OpenRC and wires up /etc/init.d/urandom to call it. It shouldn't be called by other things on the system, so it lives in rc_sbindir. Closes #506. Closes #507. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
13 lines
546 B
Plaintext
13 lines
546 B
Plaintext
# Sometimes you want to have urandom start before "localmount"
|
|
# (say for crypt swap), so you will need to customize this
|
|
# behavior. If you have /var on a separate partition, then
|
|
# make sure this path lives on your root device somewhere.
|
|
seed_dir="/var/lib/seedrng"
|
|
lock_file="/var/run/seedrng.lock"
|
|
|
|
# Set this to true if you do not want seed files to actually
|
|
# credit the RNG. Set this if you plan to replicate this
|
|
# file system image and do not have the wherewithal to first
|
|
# delete the contents of /var/lib/seedrng.
|
|
skip_credit="false"
|