[or-cvs] r16243: Use virtual disk to keep dev random state for proper seeding (torvm/trunk/build/kamikaze/patches)
coderman at seul.org
coderman at seul.org
Wed Jul 30 05:59:41 UTC 2008
Author: coderman
Date: 2008-07-30 01:59:41 -0400 (Wed, 30 Jul 2008)
New Revision: 16243
Modified:
torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch
Log:
Use virtual disk to keep dev random state for proper seeding and incorporate kernel command line into entropy pool at boot (for use when network config is passed)
Modified: torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch
===================================================================
--- torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch 2008-07-30 03:52:01 UTC (rev 16242)
+++ torvm/trunk/build/kamikaze/patches/002-kamikaze-mod-basefiles.patch 2008-07-30 05:59:41 UTC (rev 16243)
@@ -1,6 +1,6 @@
diff -Naur kamikaze-orig/package/base-files/Makefile kamikaze-mod/package/base-files/Makefile
--- kamikaze-orig/package/base-files/Makefile 2008-06-11 19:59:16.494753000 +0000
-+++ kamikaze-mod/package/base-files/Makefile 2008-07-28 15:13:18.420274110 +0000
++++ kamikaze-mod/package/base-files/Makefile 2008-07-30 07:52:16.058968545 +0000
@@ -36,8 +36,8 @@
URL:=http://openwrt.org/
VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -40,6 +40,17 @@
mkdir -p $(1)/root
ln -sf /proc/mounts $(1)/etc/mtab
rm -f $(1)/var
+diff -Naur kamikaze-orig/package/base-files/files/bin/entropy-update.sh kamikaze-mod/package/base-files/files/bin/entropy-update.sh
+--- kamikaze-orig/package/base-files/files/bin/entropy-update.sh 1970-01-01 00:00:00.000000000 +0000
++++ kamikaze-mod/package/base-files/files/bin/entropy-update.sh 2008-07-30 07:51:49.292304454 +0000
+@@ -0,0 +1,7 @@
++#!/bin/sh
++rndfile="$1"
++while true; do
++ head -c 512 /dev/urandom > "$rndfile" 2>&1
++ chmod 600 "$rndfile" >/dev/null 2>&1
++ sleep 60 >/dev/null 2>&1
++done
diff -Naur kamikaze-orig/package/base-files/files/bin/firstboot kamikaze-mod/package/base-files/files/bin/firstboot
--- kamikaze-orig/package/base-files/files/bin/firstboot 2007-07-11 20:46:25.691898000 +0000
+++ kamikaze-mod/package/base-files/files/bin/firstboot 1970-01-01 00:00:00.000000000 +0000
@@ -172,7 +183,7 @@
-}
diff -Naur kamikaze-orig/package/base-files/files/etc/banner kamikaze-mod/package/base-files/files/etc/banner
--- kamikaze-orig/package/base-files/files/etc/banner 2005-12-20 15:03:08.038259000 +0000
-+++ kamikaze-mod/package/base-files/files/etc/banner 2008-07-28 15:13:18.420274110 +0000
++++ kamikaze-mod/package/base-files/files/etc/banner 2008-07-30 07:52:16.058968545 +0000
@@ -1,10 +1,2 @@
- _______ ________ __
- | |.-----.-----.-----.| | | |.----.| |_
@@ -225,6 +236,54 @@
-config system
- option hostname OpenWrt
- option timezone UTC
+diff -Naur kamikaze-orig/package/base-files/files/etc/device_table.txt kamikaze-mod/package/base-files/files/etc/device_table.txt
+--- kamikaze-orig/package/base-files/files/etc/device_table.txt 1970-01-01 00:00:00.000000000 +0000
++++ kamikaze-mod/package/base-files/files/etc/device_table.txt 2008-07-30 07:51:35.553139233 +0000
+@@ -0,0 +1,44 @@
++#<name> <type> <mode> <uid> <gid> <major> <minor> <start> <inc> <count>
++#/dev d 755 0 0 - - - - -
++#/dev d 755 0 0 - - - - -
++/dev/pts d 755 0 0 - - - - -
++/dev/loop b 640 0 0 7 0 0 1 2
++/dev/rtc c 640 0 0 10 135 - - -
++/dev/mtd c 640 0 0 90 0 0 2 4
++/dev/mtdblock b 640 0 0 31 0 0 1 4
++/dev/net d 755 0 0 - - - - -
++/dev/net/tun c 660 0 0 10 200 - - -
++/dev/hda b 640 0 0 3 0 0 0 -
++/dev/hda b 640 0 0 3 1 1 1 15
++/dev/hdb b 640 0 0 3 64 0 0 -
++/dev/hdb b 640 0 0 3 65 1 1 15
++/dev/hdc b 640 0 0 22 0 0 0 -
++/dev/hdc b 640 0 0 22 1 1 1 15
++/dev/hdd b 640 0 0 22 64 0 0 -
++/dev/hdd b 640 0 0 22 65 1 1 15
++/dev/hde b 640 0 0 33 0 0 0 -
++/dev/hde b 640 0 0 33 1 1 1 15
++/dev/hdf b 640 0 0 33 64 0 0 -
++/dev/hdf b 640 0 0 33 65 1 1 15
++/dev/hdg b 640 0 0 34 0 0 0 -
++/dev/hdg b 640 0 0 34 1 1 1 15
++/dev/hdh b 640 0 0 34 64 0 0 -
++/dev/hdh b 640 0 0 34 65 1 1 15
++/dev/sda b 640 0 0 8 0 0 0 -
++/dev/sda b 640 0 0 8 1 1 1 15
++/dev/sdb b 640 0 0 8 16 0 0 -
++/dev/sdb b 640 0 0 8 17 1 1 15
++/dev/sdc b 640 0 0 8 32 0 0 -
++/dev/sdc b 640 0 0 8 33 1 1 15
++/dev/sdd b 640 0 0 8 48 0 0 -
++/dev/sdd b 640 0 0 8 49 1 1 15
++/dev/sde b 640 0 0 8 64 0 0 -
++/dev/sde b 640 0 0 8 65 1 1 15
++/dev/sdf b 640 0 0 8 80 0 0 -
++/dev/sdf b 640 0 0 8 81 1 1 15
++/dev/sdg b 640 0 0 8 96 0 0 -
++/dev/sdg b 640 0 0 8 97 1 1 15
++/dev/sdh b 640 0 0 8 112 0 0 -
++/dev/sdh b 640 0 0 8 113 1 1 15
++/dev/sg c 640 0 0 21 0 0 1 15
++/dev/scd b 640 0 0 11 0 0 1 15
diff -Naur kamikaze-orig/package/base-files/files/etc/diag.sh kamikaze-mod/package/base-files/files/etc/diag.sh
--- kamikaze-orig/package/base-files/files/etc/diag.sh 2007-05-10 19:19:23.337706000 +0000
+++ kamikaze-mod/package/base-files/files/etc/diag.sh 1970-01-01 00:00:00.000000000 +0000
@@ -833,7 +892,7 @@
-}
diff -Naur kamikaze-orig/package/base-files/files/etc/init.d/rcS kamikaze-mod/package/base-files/files/etc/init.d/rcS
--- kamikaze-orig/package/base-files/files/etc/init.d/rcS 2007-11-28 02:36:14.270663000 +0000
-+++ kamikaze-mod/package/base-files/files/etc/init.d/rcS 2008-07-28 15:13:18.423602469 +0000
++++ kamikaze-mod/package/base-files/files/etc/init.d/rcS 2008-07-30 07:52:16.062307447 +0000
@@ -1,8 +1,2 @@
#!/bin/sh
-# Copyright (C) 2006 OpenWrt.org
@@ -846,7 +905,7 @@
+exit 0
diff -Naur kamikaze-orig/package/base-files/files/etc/init.d/sysctl kamikaze-mod/package/base-files/files/etc/init.d/sysctl
--- kamikaze-orig/package/base-files/files/etc/init.d/sysctl 2007-05-10 10:07:38.965405000 +0000
-+++ kamikaze-mod/package/base-files/files/etc/init.d/sysctl 2008-07-28 15:13:18.423602469 +0000
++++ kamikaze-mod/package/base-files/files/etc/init.d/sysctl 2008-07-30 07:52:16.062307447 +0000
@@ -1,7 +1,2 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006 OpenWrt.org
@@ -895,7 +954,7 @@
-}
diff -Naur kamikaze-orig/package/base-files/files/etc/inittab kamikaze-mod/package/base-files/files/etc/inittab
--- kamikaze-orig/package/base-files/files/etc/inittab 2007-05-10 14:50:42.865525000 +0000
-+++ kamikaze-mod/package/base-files/files/etc/inittab 2008-07-28 15:13:18.423602469 +0000
++++ kamikaze-mod/package/base-files/files/etc/inittab 2008-07-30 07:52:16.062307447 +0000
@@ -1,5 +1,3 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K stop
@@ -911,8 +970,8 @@
-dest ram /tmp
diff -Naur kamikaze-orig/package/base-files/files/etc/preinit kamikaze-mod/package/base-files/files/etc/preinit
--- kamikaze-orig/package/base-files/files/etc/preinit 2008-04-23 16:20:46.084166000 +0000
-+++ kamikaze-mod/package/base-files/files/etc/preinit 2008-07-28 15:18:11.433573005 +0000
-@@ -1,92 +1,139 @@
++++ kamikaze-mod/package/base-files/files/etc/preinit 2008-07-30 07:52:33.818966786 +0000
+@@ -1,92 +1,159 @@
#!/bin/sh
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2008 The Tor Project, Inc.
@@ -994,12 +1053,13 @@
-}
+# attempt mount of persistent virtual disk
+mdbin=`which makedevs`
++devtable=/etc/device_table.txt
+if [ -x $mdbin ]; then
-+ makedevs
++ makedevs -d $devtable / >/dev/null 2>&1
+else
+ mdbin=`which MAKEDEVS`
+ if [ -x $mdbin ]; then
-+ MAKEDEVS
++ MAKEDEVS >/dev/null 2>&1
+ fi
+fi
+# last attempt: if no disk exists, assume hda1 and create manually with mknod.
@@ -1012,8 +1072,27 @@
+ fi
+fi
+mkdir /home
-+if [ -e $hddev ]; then
-+ mount $hddev /home
++if [ -e $hddev ] && mount $hddev /home; then
++ # check for saved entropy state and launch update daemon if exists
++ syshome=/home/system
++ if [ ! -d $syshome ]; then
++ mkdir -p $syshome
++ fi
++ chown root:root $syshome
++ chmod 700 $syshome
++ rndstate=$syshome/.rnd
++ if [ -f $rndstate ]; then
++ cat $rndstate > /dev/urandom 2>/dev/null
++ fi
++ # incorporate digest of kernel command line into entropy pool, as this should contain some local information
++ sha1sum /proc/cmdline > /dev/urandom 2>/dev/null
++ # launch process to periodically save entropy from pool for next boot (cannot assume clean shutdown)
++ nohup /bin/sh /bin/entropy-update.sh "$rndstate" >/dev/null 2>&1 &
++else
++ # XXX MRP should we force reboot or halt instead?
++ echo 'ERROR: unable to mount persistent storage virtual disk!'
++ echo ' Do not run Tor in this configuration.'
++ sleep 3
+fi
+
+mkdir -p /var/run
@@ -1121,7 +1200,7 @@
fi
diff -Naur kamikaze-orig/package/base-files/files/etc/rc.common kamikaze-mod/package/base-files/files/etc/rc.common
--- kamikaze-orig/package/base-files/files/etc/rc.common 2008-01-25 10:59:40.292163000 +0000
-+++ kamikaze-mod/package/base-files/files/etc/rc.common 2008-07-28 15:13:18.423602469 +0000
++++ kamikaze-mod/package/base-files/files/etc/rc.common 2008-07-30 07:52:16.065634988 +0000
@@ -1,92 +1,4 @@
#!/bin/sh
-# Copyright (C) 2006 OpenWrt.org
@@ -1220,7 +1299,7 @@
+exit 0
diff -Naur kamikaze-orig/package/base-files/files/etc/sysctl.conf kamikaze-mod/package/base-files/files/etc/sysctl.conf
--- kamikaze-orig/package/base-files/files/etc/sysctl.conf 2007-10-24 18:44:07.273843000 +0000
-+++ kamikaze-mod/package/base-files/files/etc/sysctl.conf 2008-07-28 15:13:18.423602469 +0000
++++ kamikaze-mod/package/base-files/files/etc/sysctl.conf 2008-07-30 07:52:16.065634988 +0000
@@ -1,14 +1,10 @@
kernel.panic=3
-net.ipv4.conf.default.arp_ignore=1
@@ -2712,7 +2791,7 @@
-esac
diff -Naur kamikaze-orig/package/base-files/files/usr/share/udhcpc/default.script kamikaze-mod/package/base-files/files/usr/share/udhcpc/default.script
--- kamikaze-orig/package/base-files/files/usr/share/udhcpc/default.script 2008-02-03 06:48:15.292457000 +0000
-+++ kamikaze-mod/package/base-files/files/usr/share/udhcpc/default.script 2008-07-28 15:13:18.426945885 +0000
++++ kamikaze-mod/package/base-files/files/usr/share/udhcpc/default.script 2008-07-30 07:52:16.068973866 +0000
@@ -1,33 +1,11 @@
#!/bin/sh
[ -z "$1" ] && echo "Error: should be run by udhcpc" && exit 1
More information about the tor-commits
mailing list