[Pkg-sysvinit-commits] [GIT] sysvinit branch master updated. debian/sysvinit-2.88dsf-22-74-g84f5bd1
Roger Leigh
rleigh at alioth.debian.org
Mon Apr 9 20:02:27 UTC 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "sysvinit".
The branch, master has been updated
via 84f5bd13c2c3e2f51663ce580fc32e431ce845bc (commit)
via bf6adce26fabe855fa26e40b9c238360cb83b674 (commit)
via 9116fe034b9d99548faa1e9e0d3ccc34596d1815 (commit)
via 03398db331d382228a0527660045242c43d62e57 (commit)
via b6a3099ee182a4b3fa70ea699530b4d50e993030 (commit)
via 6c9271cc9cbede05d7222cf6bfc7123839a767f0 (commit)
from 2e9e3cd15b6904b68ec2012b02fa2fd640ea9c9c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 84f5bd13c2c3e2f51663ce580fc32e431ce845bc
Author: Roger Leigh <rleigh at debian.org>
Date: Mon Apr 9 21:02:04 2012 +0100
debian: Close #596479, #596480, #596481, #596482, #596483
commit bf6adce26fabe855fa26e40b9c238360cb83b674
Author: John Denker <jsd at av8n.com>
Date: Mon Apr 9 20:58:59 2012 +0100
urandom: Do not "rm -f $SAVEDFILE"
This is important in the case where $SAVEDFILE is a symlink.
Simply overwriting the file is easier and better.
commit 9116fe034b9d99548faa1e9e0d3ccc34596d1815
Author: John Denker <jsd at av8n.com>
Date: Mon Apr 9 20:56:35 2012 +0100
urandom: Include date and time when seeding the RNG
During initialization, include this: date +%s.%N > /dev/random
This is important for systems that boot from read-only media and
have few if any realtime sources of new entropy. Unattended and/or
embedded systems tend to fall into this category.
This solution was discussed on the cryptography mailing list, and
there was 100% consensus that it would be a good idea.
Tangential remark: Back in 2007, Bug #455230 expressed a similar
goal, but did not correctly identify the important use-case, and did
not offer the correct solution. The solution here meets the goals
of that earlier request.
*) Using the date+time as part of the seed is important every time a
system is /rebooted/ from read-only media; that is, it is important
for every boot except the first. We don't want to restore the RNG
to a previously-used state.
*) This is most effective as part 1 of a two-part solution. Part 2 is
to ensure that the read-only random.seed file is unshared and unique
on a host-by-host basis. Part 2 is not the subject of this report.
We can and should implement Part 1 without waiting for Part 2. The
date+time is /different/ on each reboot, and that is all that is
needed, provided the random.seed is unshared and unique.
commit 03398db331d382228a0527660045242c43d62e57
Author: John Denker <jsd at av8n.com>
Date: Mon Apr 9 20:51:11 2012 +0100
urandom: Explain why we write the seed at boot time
Also document assumptions about random.seed.
commit b6a3099ee182a4b3fa70ea699530b4d50e993030
Author: John Denker <jsd at av8n.com>
Date: Mon Apr 9 20:38:17 2012 +0100
urandom: Calculate POOLBYTES correctly
Note that /proc/sys/kernel/random/poolsize reports
the number of bits, not bytes, so a conversion is necessary.
commit 6c9271cc9cbede05d7222cf6bfc7123839a767f0
Author: John Denker <jsd at av8n.com>
Date: Mon Apr 9 20:35:33 2012 +0100
urandom: Don't write to /proc/sys/kernel/random/poolsize
Remove code that tried to write to the read-only file
/proc/sys/kernel/random/poolsize. This code was added in 2004 and has
never worked.
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 5 ++-
debian/src/initscripts/etc/init.d/urandom | 71 ++++++++++++++++++++---------
2 files changed, 53 insertions(+), 23 deletions(-)
hooks/post-receive
--
sysvinit
More information about the Pkg-sysvinit-commits
mailing list