Bug#760029: systemd: doesn't initialise RANDOM_SEED upon installation
Raphael Geissert
geissert at debian.org
Thu Feb 4 22:20:12 GMT 2016
Hi Michael,
On 4 February 2016 at 22:36, Michael Biebl <biebl at debian.org> wrote:
> Am 04.02.2016 um 09:11 schrieb Michael Biebl:
>> Ok, what exactly is the problem here. I mean, we shipped the current
>> setup with jessie and I don't remember any entropy related bug reports.
>> I installed systemd on my PI without problems.
>> What exactly happens/can happen, if we don't (pre)initialize the random
>> seed? Do you have any bug reports, which are still valid with modern
>> Linux kernels?
"modern" linux kernels attempt to add more entropy from early boot,
using clock info and others. This might not enough, however, whenever
there is simply no clock that has been initialized at that point.
> So, I thought about this a bit more: Say we do the following in postinst
>
> if [ -z "$2" ] ; then
> /lib/systemd/systemd-random-seed save
> fi
>
> This would create /var/lib/systemd/random-seed upon first installation.
That's what I had in mind, yes.
> What happens though, if someone uses debootstrap to create an image
> which is the deployed on 100s of machines.
> Those images would all ship an identical /var/lib/systemd/random-seed.
> Isn't that a problem?
Given that systemd-random-seed writes to urandom, it only adds data to
the input pools. It does not attempt to alter the kernel's entropy
estimate, which would be done by using the RNDADDENTROPY ioctl.
Having an identical random-seed from systemd should not be any worse
than not having one, pretty much as it should not be any worse for
some random process running as "nobody" writing 0s to u/random.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-systemd-maintainers
mailing list