On 04/06/2011 01:52 AM, JiaQiang Xu wrote: > Hi Steven, > > Will this patch be merged into a future stable release? > I have to use this in my own work. > > Thanks, > -Jiaqiang >
This would be merged into 1.4.0 but not the 1.3 series. Regards -steve > 2011/3/2 Steven Dake <[email protected]>: >> Great work >> >> Reviewed-by: Steven Dake <[email protected]> >> >> On 02/27/2011 07:47 PM, Open SA Forum AIS Services mailing list wrote: >>> This option (-l or --less-secure) causes corosync-keygen to read from >>> /dev/urandom instead of /dev/random to ensure that no input is required >>> from the user. It may be useful when this command is used from a >>> script. >>> >>> Signed-off-by: Russell Bryant <[email protected]> >>> --- >>> man/corosync-keygen.8 | 10 +++++++- >>> tools/corosync-keygen.c | 49 >>> ++++++++++++++++++++++++++++++++++++++++++---- >>> 2 files changed, 52 insertions(+), 7 deletions(-) >>> >>> diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 >>> index b161569..5dc3f45 100644 >>> --- a/man/corosync-keygen.8 >>> +++ b/man/corosync-keygen.8 >>> @@ -35,7 +35,7 @@ >>> .SH NAME >>> corosync-keygen \- Generate an authentication key for Corosync. >>> .SH SYNOPSIS >>> -.B "corosync-keygen" >>> +.B "corosync-keygen [\-l]" >>> .SH DESCRIPTION >>> >>> If you want to configure corosync to use cryptographic techniques to >>> ensure authenticity >>> @@ -62,7 +62,13 @@ If a message "Invalid digest" appears from the corosync >>> executive, the keys >>> are not consistent between processors. >>> .PP >>> .B Note: corosync-keygen >>> -will ask for user input to assist in generating entropy. >>> +will ask for user input to assist in generating entropy unless the -l >>> option is used. >>> +.SH OPTIONS >>> +.TP >>> +.B -l >>> +Use a less secure random data source that will not require user input to >>> help generate >>> +.br >>> +entropy. This may be useful when this utility is used from a script. >>> .SH EXAMPLES >>> .TP >>> Generate the key. >>> diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c >>> index c842fd1..73ba8d4 100644 >>> --- a/tools/corosync-keygen.c >>> +++ b/tools/corosync-keygen.c >>> @@ -39,6 +39,7 @@ >>> #include <unistd.h> >>> #include <fcntl.h> >>> #include <errno.h> >>> +#include <getopt.h> >>> #include <sys/types.h> >>> #include <sys/stat.h> >>> >>> @@ -46,12 +47,45 @@ >>> >>> #define KEYFILE COROSYSCONFDIR "/authkey" >>> >>> -int main (void) { >>> +static const char usage[] = >>> + "Usage: corosync-keygen [-l]\n" >>> + " -l / --less-secure - Use a less secure random number source\n" >>> + " (/dev/urandom) that is guaranteed not to require user\n" >>> + " input for entropy. This can be used when this\n" >>> + " application is used from a script.\n"; >>> + >>> + >>> +int main (int argc, char *argv[]) >>> +{ >>> int authkey_fd; >>> int random_fd; >>> unsigned char key[128]; >>> ssize_t res; >>> ssize_t bytes_read; >>> + int c; >>> + int option_index; >>> + int less_secure = 0; >>> + static struct option long_options[] = { >>> + { "less-secure", no_argument, NULL, 'l' }, >>> + { "help", no_argument, NULL, 'h' }, >>> + { 0, 0, NULL, 0 }, >>> + }; >>> + >>> + while ((c = getopt_long (argc, argv, "lh", >>> + long_options, &option_index)) != -1) { >>> + switch (c) { >>> + case 'l': >>> + less_secure = 1; >>> + break; >>> + case 'h': >>> + printf ("%s\n", usage); >>> + exit(0); >>> + break; >>> + default: >>> + printf ("Error parsing command line options.\n"); >>> + exit (1); >>> + } >>> + } >>> >>> printf ("Corosync Cluster Engine Authentication key generator.\n"); >>> if (geteuid() != 0) { >>> @@ -65,11 +99,16 @@ int main (void) { >>> } >>> } >>> >>> - printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned >>> long)(sizeof (key) * 8)); >>> - printf ("Press keys on your keyboard to generate entropy.\n"); >>> - random_fd = open ("/dev/random", O_RDONLY); >>> + if (less_secure) { >>> + random_fd = open ("/dev/urandom", O_RDONLY); >>> + } else { >>> + printf ("Gathering %lu bits for key from /dev/random.\n", >>> (unsigned long)(sizeof (key) * 8)); >>> + printf ("Press keys on your keyboard to generate entropy.\n"); >>> + random_fd = open ("/dev/random", O_RDONLY); >>> + } >>> + >>> if (random_fd == -1) { >>> - perror ("Is /dev/random present? Opening /dev/random"); >>> + perror ("Failed to open random source\n"); >>> exit (errno); >>> } >>> >> >> _______________________________________________ >> Openais mailing list >> [email protected] >> https://lists.linux-foundation.org/mailman/listinfo/openais >> _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
