Bug#760029: systemd: doesn't initialise RANDOM_SEED upon installation

Thu Feb 4 06:42:59 GMT 2016

Hi Michael,

On Feb 4, 2016 3:11 AM, "Michael Biebl" <biebl at debian.org> wrote:
>
> Am 20.06.2015 um 16:43 schrieb Felipe Sateler:
> > Control: tags -1 moreinfo
> >
> > On Sat, 30 Aug 2014 20:56:15 -0700 Raphael Geissert <geissert at debian.org>
wrote:
> >> Source: systemd
> >> Source-Version: 208-8
> >> Tags: security
> >>
> >> Hi,
> >>
> >> At some point between squeeze and wheezy initscript started
initialising the
> >> RANDOM_SEED file in its postinst by basically doing the equivalent of a
> >> "service urandom start". This feature doesn't actually seem to have
been
> >> integrated into the systemd package - which I personally consider it
to be a
> >> regression.
> >>
> >> Could you please then initialise RANDOM_SEED at the package
installation
> >> time?
> >
> > I'm not sure when do you want to run this. Is this for first-time
> > installation of systemd only?
> >
> > When systemd is already installed and running,
> > systemd-random-seed.service should take care of writing the seed file
> > on shutdown.
> >
> > Or do you mean that for some reason, systemd upgrades are a good time
> > to force a seed write?
>
> Raphael, seems you haven't answered Felipe's questions yet.
> Can you elaborate exactly what you have in mind here and why.

Oh, it must have fallen through the cracks.
Anyway, the problem at hand is the lack of entropy during first boot. Think
about a raspberry pi for an example.

By initialising the seed file during the installation of the package,
systemd would be helping the first boot with pseudo random data based on
the entropy of the system running the installer - be it debootstrap or
debian-installer, or any other.

HTH.

Cheers,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20160204/04cbd1ed/attachment-0002.html>