random: update initskript for machines with low entropy

the script wait until crng is correct initialized before restore the random seed and make some disc io to work around low entropy at boot on some machines. Not really a fix but it should be better than reverting CVE-2018-1108 fixes from kernel. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-04-28 03:33:25 +02:00 · 2018-06-28 20:36:32 +02:00
parent 3069380c41
commit 4838034131
8 changed files with 35 additions and 16 deletions
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -117,6 +117,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S11unbound
@@ -130,7 +131,6 @@ etc/rc.d/rc3.d/S19wlanclient
 etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -117,6 +117,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S11unbound
@@ -130,7 +131,6 @@ etc/rc.d/rc3.d/S19wlanclient
 etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -116,6 +116,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S12acpid
@@ -129,7 +130,6 @@ etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S11unbound
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -116,6 +116,7 @@ etc/rc.d/rc0.d/S80mountfs
 etc/rc.d/rc0.d/S90swap
 etc/rc.d/rc0.d/S99halt
 #etc/rc.d/rc3.d
+etc/rc.d/rc3.d/S00random
 etc/rc.d/rc3.d/S01vnstat
 etc/rc.d/rc3.d/S10sysklogd
 etc/rc.d/rc3.d/S12acpid
@@ -129,7 +130,6 @@ etc/rc.d/rc3.d/S20network
 etc/rc.d/rc3.d/S11unbound
 etc/rc.d/rc3.d/S21leds
 etc/rc.d/rc3.d/S24cyrus-sasl
-etc/rc.d/rc3.d/S25random
 etc/rc.d/rc3.d/S30sshd
 etc/rc.d/rc3.d/S32apache
 etc/rc.d/rc3.d/S40fcron
--- a/config/rootfiles/core/122/filelists/files
+++ b/config/rootfiles/core/122/filelists/files
@@ -5,6 +5,7 @@ etc/rc.d/init.d/collectd
 etc/rc.d/init.d/firstsetup
 etc/rc.d/init.d/leds
 etc/rc.d/init.d/partresize
+etc/rc.d/init.d/random
 etc/rc.d/rc0.d/K87acpid
 etc/rc.d/rc3.d/S12acpid
 etc/rc.d/rc6.d/K87acpid
--- a/config/rootfiles/core/122/update.sh
+++ b/config/rootfiles/core/122/update.sh
@@ -117,6 +117,8 @@ if [ -e /boot/pakfire-kernel-update ]; then
 	/boot/pakfire-kernel-update ${KVER}
 fi

+mv /etc/rc.d/rc3.d/S??random /etc/rc.d/rc3.d/S00random
+
 case "$(uname -m)" in
 	i?86)
 		# Force (re)install pae kernel if pae is supported