Prepare for 2.6.0.0; delete s6-fillurandompool; add rngseed

Signed-off-by: Laurent Bercot <ska@appnovation.com>

.gitignore

@@ -5,8 +5,8 @@
 *.so.*
 /config.mak
 /src/include/s6-linux-utils/config.h
+/rngseed
 /s6-chroot
-/s6-fillurandompool
 /s6-freeramdisk
 /s6-hostname
 /s6-logwatch

AUTHORS

@@ -11,3 +11,4 @@ Thanks to:
   Jorge Almeida <jalmeida@math.ist.utl.pt>
   Olivier Brunel <jjk@jjacky.com>
   Natanael Copa <ncopa@alpinelinux.org>
+  Jason Donenfeld <jason@zx2c4.com>

NEWS

@@ -1,9 +1,12 @@
 Changelog for s6-linux-utils.
 
-In 2.5.1.8
+In 2.6.0.0
 ----------
 
  - Adaptation to skalibs-2.12.0.0.
+ - s6-fillurandompool removed.
+ - New program: rngseed, replacing s6-fillurandompool, with
+a lot more features.
 
 
 In 2.5.1.7

configure

@@ -46,6 +46,7 @@ Optional features:
   --enable-absolute-paths       do not rely on PATH to access this package's binaries,
                                   hardcode absolute BINDIR/foobar paths instead [disabled]
   --enable-nsss                 use the nsss library for user information [disabled]
+  --with-seed-dir=DIR           make DIR the default rngseed directory [/var/lib/rngseed]
 
 EOF
 exit 0
@@ -160,6 +161,7 @@ addlibdpath=''
 vpaths=''
 vpathd=''
 build=
+seeddir=/var/lib/rngseed
 
 for arg ; do
   case "$arg" in
@@ -192,6 +194,7 @@ for arg ; do
     --disable-absolute-paths|--enable-absolute-paths=no) abspath=false ;;
     --enable-nsss|--enable-nsss=yes) usensss=true ;;
     --disable-nsss|--enable-nsss=no) usensss=false ;;
+    --with-seed-file=*) seed=${arg#*=} ;;
     --enable-*|--disable-*|--with-*|--without-*|--*dir=*) ;;
     --host=*|--target=*) target=${arg#*=} ;;
     --build=*) build=${arg#*=} ;;
@@ -476,6 +479,7 @@ else
   echo "#define ${package_macro_name}_EXTBINPREFIX \"\""
 fi
 echo "#define ${package_macro_name}_LIBEXECPREFIX \"$libexecdir/\""
+echo "#define RNGSEED_DIR \"$seeddir\""
 echo
 echo "#endif"
 exec 1>&3 3>&-

doc/index.html

@@ -63,7 +63,7 @@ <h3> Download </h3>
 
 <ul>
  <li> The current released version of s6-linux-utils is
-<a href="s6-linux-utils-2.5.1.8.tar.gz">2.5.1.8</a>. </li>
+<a href="s6-linux-utils-2.6.0.0.tar.gz">2.6.0.0</a>. </li>
  <li> Alternatively, you can checkout a copy of the
 <a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6-linux-utils/">s6-linux-utils
 git repository</a>:
@@ -100,8 +100,8 @@ <h3> Commands </h3>
 </p>
 
 <ul>
+<li><a href="rngseed.html">The <tt>rngseed</tt> program</a></li>
 <li><a href="s6-chroot.html">The <tt>s6-chroot</tt> program</a></li>
-<li><a href="s6-fillurandompool.html">The <tt>s6-fillurandompool</tt> program</a></li>
 <li><a href="s6-freeramdisk.html">The <tt>s6-freeramdisk</tt> program</a></li>
 <li><a href="s6-hostname.html">The <tt>s6-hostname</tt> program</a></li>
 <li><a href="s6-logwatch.html">The <tt>s6-logwatch</tt> program</a></li>

doc/rngseed.html

@@ -0,0 +1,134 @@
+<html>
+  <head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta http-equiv="Content-Language" content="en" />
+    <title>s6-linux-utils: the rngseed program</title>
+    <meta name="Description" content="s6-linux-utils: the rngseed program" />
+    <meta name="Keywords" content="s6 linux administration root utilities rngseed random pool entropy getrandom seedrng secure random number generator" />
+    <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> -->
+  </head>
+<body>
+
+<p>
+<a href="index.html">s6-linux-utils</a><br />
+<a href="//skarnet.org/software/">Software</a><br />
+<a href="//skarnet.org/">skarnet.org</a>
+</p>
+
+<h1> The <tt>rngseed</tt> program </h1>
+
+<p>
+ <tt>rngseed</tt> manipulates the Linux kernel's entropy pool. It can seed
+the kernel's random number generator from a file, save a new seed into a
+file, wait until the entropy pool is full, and so on. Please read the
+options list carefully in order to use it in a secure way.
+</p>
+
+<p>
+ <tt>rngseed</tt> can only be run as root.
+</p>
+
+<h2> Interface </h2>
+
+<pre>
+     rngseed [ -r | -R ] [ -N | -n ] [ -w | -W ] [ -d <em>dir</em> ] [ -v <em>verbosity</em> ]
+</pre>
+
+<p>
+ The behaviour of rngseed depends on what options it is given. By default, it
+just waits until the entropy pool is full, then exits 0.
+</p>
+
+<h2> Options </h2>
+
+<h3> Configuration options </h3>
+
+<ul>
+ <li> <tt>-v&nbsp;<em>verbosity</em></tt>&nbsp;: be more or less verbose.
+Default is <tt>1</tt>, meaning rngseed will print warning and error
+messages. <tt>0</tt> will make it only print error messages, not warnings.
+<tt>2</tt> or more will make it add informational messages. </li>
+ <li> <tt>-d&nbsp;<em>dir</em></tt>&nbsp;: use <em>dir</em> as the
+directory where the seed file is located (for reading as well as writing).
+<em>dir</em> must be located on a writable, permanent filesystem.
+Default is <tt>/var/lib/rngseed</tt>. </li>
+</ul>
+
+<h3> Behaviour options </h3>
+
+<ul>
+ <li> <tt>-r</tt>&nbsp;: read from a seed file. rngseed will attempt to read
+some bits from <tt><em>dir</em>/seed</tt> and seed the kernel's RNG with the data.
+<em>dir</em> must be on a writable filesystem, because the seed file will be unlinked
+(the same data must not be used to seed the RNG twice). <tt>rngseed -r</tt> is
+typically used at boot time, in init scripts, right after mounting the
+filesystem where the seed has been saved. </li>
+ <li> <tt>-R</tt>&nbsp;: read from a seed file, ignoring creditability.
+Behaves like <tt>-r</tt>, but will not increase the entropy count of the
+kernel RNG even if the seed file is marked as creditable. </li>
+ <li> <tt>-w</tt>&nbsp;: write to a seed file. rngseed will save some
+random bits into <tt><em>dir</em>/seed</tt>, marking the seed as creditable if the
+RNG's entropy pool is fully initialized. <tt>rngseed -w</tt> is typically used at
+shutdown time, right before unmounting filesystems; the point is to store
+a seed on disk so it can be reused on next boot by <tt>rngseed -r</tt>. </li>
+ <li> <tt>-W</tt>&nbsp;: write to a seed file, without registering
+creditability. Behaves like <tt>-w</tt>, but does not mark the new seed
+file as creditable. </li>
+ <li> <tt>-N</tt>&nbsp;: block. After reading a seed file if required,
+and before writing a new seed file if required, rngseed will wait until the
+entropy pool is ready. This ensures that future readings of the kernel
+RNG will be cryptographically secure, and that new seed files will be
+creditable. This is the default. </li>
+ <li> <tt>-n</tt>&nbsp;: do not block. Immediately proceed even if the entropy
+pool is not ready. This may make a new seed file non-creditable. </li>
+</ul>
+
+<h2> Creditability </h2>
+
+<p>
+ A seed is said to be <em>creditable</em> if it has been obtained through a
+cryptographically secure RNG. This means it is safe from replay attacks, and
+safe to use to count towards the entropy pool when seeding the kernel RNG.
+<tt>rngseed -w</tt> will normally always create a creditable seed file,
+especially if used at shutdown time: by then, the kernel's entropy pool
+should have been initialized for a while.
+</p>
+
+<p>
+ An <em>uncreditable</em> seed can be used to add to the random pool, but
+should not increment the entropy count, because it is not safe from
+replay attacks. <tt>rngseed -r</tt> will do the right thing if the seed
+it reads is uncreditable.
+</p>
+
+<p>
+ <tt>rngseed</tt> uses the seed file's permissions to mark creditability.
+An uncreditable seed has rights 0600; a creditable seed has rights 0400.
+</p>
+
+<h2> Exit codes </h2>
+
+<ul>
+ <li> 0: success </li>
+ <li> 100: wrong usage </li>
+ <li> 111: system call failure </li>
+</ul>
+
+<h2> Notes </h2>
+
+<ul>
+ <li> <tt>rngseed -N</tt> replaces the old <tt>s6-fillurandompool</tt> program,
+that only waited for the entropy pool to get ready, but did not include any
+seed file management. </li>
+ <li> The options are named <tt>r</tt> and <tt>w</tt> from the <em>seed file</em>'s
+point of view.
+<tt>rngseed -r</tt> reads from the file (and unlinks it) and writes to the kernel
+RNG. <tt>rngseed -w</tt> reads from the kernel RNG and writes to the file. </li>
+ <li> <tt>rngseed</tt> is inspired by Jason Donenfeld's
+<a href="https://git.zx2c4.com/seedrng/about/">seedrng</a> program. It is,
+however, an independent implementation of the same concept. </li>
+</ul>
+
+</body>
+</html>

doc/upgrade.html

@@ -18,11 +18,13 @@
 
 <h1> What has changed in s6-linux-utils </h1>
 
-<h2> in 2.5.1.8 </h2>
+<h2> in 2.6.0.0 </h2>
 
 <ul>
  <li> <a href="//skarnet.org/software/skalibs/">skalibs</a>
 dependency bumped to 2.12.0.0. </li>
+ <li> <tt>s6-fillurandompool</tt> has been replaced with the new
+<a href="rngseed.html">rngseed</a> program. </li>
 </ul>
 
 <h2> in 2.5.1.7 </h2>

package/deps.mak

@@ -2,8 +2,8 @@
 # This file has been generated by tools/gen-deps.sh
 #
 
+src/minutils/rngseed.o src/minutils/rngseed.lo: src/minutils/rngseed.c src/include/s6-linux-utils/config.h
 src/minutils/s6-chroot.o src/minutils/s6-chroot.lo: src/minutils/s6-chroot.c
-src/minutils/s6-fillurandompool.o src/minutils/s6-fillurandompool.lo: src/minutils/s6-fillurandompool.c
 src/minutils/s6-freeramdisk.o src/minutils/s6-freeramdisk.lo: src/minutils/s6-freeramdisk.c
 src/minutils/s6-hostname.o src/minutils/s6-hostname.lo: src/minutils/s6-hostname.c
 src/minutils/s6-logwatch.o src/minutils/s6-logwatch.lo: src/minutils/s6-logwatch.c
@@ -21,10 +21,10 @@ src/minutils/s6ps_statparse.o src/minutils/s6ps_statparse.lo: src/minutils/s6ps_
 src/minutils/s6ps_ttycache.o src/minutils/s6ps_ttycache.lo: src/minutils/s6ps_ttycache.c src/minutils/s6-ps.h
 src/minutils/s6ps_wchan.o src/minutils/s6ps_wchan.lo: src/minutils/s6ps_wchan.c src/minutils/s6-ps.h
 
+rngseed: EXTRA_LIBS := -lskarnet ${SYSCLOCK_LIB}
+rngseed: src/minutils/rngseed.o
 s6-chroot: EXTRA_LIBS := -lskarnet
 s6-chroot: src/minutils/s6-chroot.o
-s6-fillurandompool: EXTRA_LIBS := -lskarnet
-s6-fillurandompool: src/minutils/s6-fillurandompool.o
 s6-freeramdisk: EXTRA_LIBS := -lskarnet
 s6-freeramdisk: src/minutils/s6-freeramdisk.o
 s6-hostname: EXTRA_LIBS := -lskarnet

package/info

@@ -1,4 +1,4 @@
 package=s6-linux-utils
-version=2.5.1.8
+version=2.6.0.0
 category=admin
 package_macro_name=S6_LINUX_UTILS

package/modes

@@ -1,5 +1,5 @@
+rngseed			0744
 s6-chroot		0744
-s6-fillurandompool	0755
 s6-freeramdisk		0744
 s6-hostname		0755
 s6-logwatch		0755

package/targets.mak

@@ -1,6 +1,6 @@
 BIN_TARGETS := \
+rngseed \
 s6-chroot \
-s6-fillurandompool \
 s6-freeramdisk \
 s6-hostname \
 s6-logwatch \

src/minutils/deps-exe/rngseed

@@ -0,0 +1,2 @@
+-lskarnet
+${SYSCLOCK_LIB}