Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure random seeds for installed system #1252

Closed
highvoltage opened this issue Sep 30, 2019 · 0 comments

Comments

@highvoltage
Copy link
Contributor

commented Sep 30, 2019

Forwarding Debian bug #941301:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941301

Calamares does not create a random seed in the location used by either
the urandom init script from the initscripts package nor the systemd
equivalent systemd-random-seed service. Calamares copies the contents
of the squashfs image (which has no random seed file) rather than
copying the live system (which has a random seed file), consequently on
first boot of Calamares installed systems there is no random seed file
so the amount of entropy available is lower.

/var/lib/urandom/random-seed
/var/lib/systemd/random-seed

We could fix this in calamares-settings-debian, but this seems generic enough that it might be better suited for inclusion in upstream calamares.

The bug report referenced above also lists a snippet from debian-installer on how it generates those seeds:

   # If possible, save a random seed so that the installed system has better
   # entropy on first boot.  Based on /etc/init.d/urandom in initscripts.
   if [ -c /dev/urandom ] && [ -d /target/var/lib/urandom ]; then
   	if ! POOLBYTES=$((
   		($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8
   	)); then
   		POOLBYTES=512
   	fi
   	umask 077
   	dd if=/dev/urandom of=/target/var/lib/urandom/random-seed \
   		bs="$POOLBYTES" count=1 >/dev/null 2>&1
   fi
@adriaandegroot adriaandegroot added this to the v3.2.15 milestone Oct 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.