Am 17.06.2015 um 17:08 schrieb cee1:
2015-06-17 22:03 GMT+08:00 Lennart Poettering <[email protected]>:On Wed, 17.06.15 20:21, cee1 ([email protected]) wrote:What I means is: 1. Load a saved seed to /dev/urandom. 2. The service read /dev/random, which will block until kernel thinks there's enough entropy - then the Random Number should be good? 3. Save the random number returned in step 2 on disk.Blocking at boot for this doesn't really sound like an option. But the kernel does not provide us with any nice notifications about when the RNG pool is complete. If we want to do this kind of polishing, then that'd be great, but we'd need sane notifiers for that, blocking syscalls are not an option.That don't mean blocking boot, but a service, let's say systemd-random-seed.service: 1. systemd-random-seed.service loads a seed from disk to /dev/urandom 2. systemd-random-seed.service tells systemd "I'm ready" (sd_notify()) 3. Instead of quitting immediately, systemd-random-seed.service tries to read /dev/random, and it blocks ... 4. systemd-random-seed.service at last gets a 'good random number', and saves it on disk
* the purpose of systemd-random-seed.service is to seed /dev/random realy at boot so that other services like sshd, vpn, webservers have a random source * seed /dev/random *followed* by suck it out again like has the same result as "systemctl mask systemd-random-seed.service" because if there is enough entrophy it would not be needed and if not after suck it out again it's gone
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
