Re: Where to put start-up and shutdown code from `man 4 random`?
On Fri, Jul 11, 2014 at 7:46 AM, Henrique de Moraes Holschuh h...@debian.org wrote: On Fri, 11 Jul 2014, Kynn Jones wrote: The documentation in `man 4 random` (**Configuration** section) gives a couple of shell-script snippets that it recommends should be added, respectively, to an appropriate script which is run during the Linux start-up sequence and to an appropriate script which is run during the Linux system shutdown. (It is silent on what those appropriate scripts should be.) Debian already does this properly in sysvinit mode. So Debian wheezy is covered. Refer to /etc/init.d/urandom ... [2] http://eprint.iacr.org/2012/064, https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/ A belated thanks for your comments, and for the links. kj
Where to put start-up and shutdown code from `man 4 random`?
The documentation in `man 4 random` (**Configuration** section) gives a couple of shell-script snippets that it recommends should be added, respectively, to an appropriate script which is run during the Linux start-up sequence and to an appropriate script which is run during the Linux system shutdown. (It is silent on what those appropriate scripts should be.) What should these scripts be for a Debian system? Are there standard scripts in which to put such start-up and shutdown code? Or is one supposed to put those snippets in standalone scripts in special designated directories (which will ensure that they will be run at the startup or shutdown)? Or something else altogether? (In case it matters, I'm using wheezy.) Thanks in advance! kynn
Re: Where to put start-up and shutdown code from `man 4 random`?
On Fri, Jul 11, 2014 at 06:41:49AM -0400, Kynn Jones wrote: The documentation in `man 4 random` (**Configuration** section) gives a couple of shell-script snippets that it recommends should be added, respectively, to an appropriate script which is run during the Linux start-up sequence and to an appropriate script which is run during the Linux system shutdown. (It is silent on what those appropriate scripts should be.) What should these scripts be for a Debian system? According to https://www.debian.org/doc/manuals/debian-faq/ch-customizing.en.html#s-booting, you can create a file in /etc/rc.boot/ with any local scripts to be run at boot time. There is no similar directory for shutdown, however. If you need to do something at shutdown, the best thing to do is to create an initscript. Copy /etc/init.d/skeleton to /etc/init.d/something (where something is whatever you want to call it) and edit appropriately. Then run update-rc.d with appropriate arguments. (The next question in the above FAQ details this). Are there standard scripts in which to put such start-up and shutdown code? Or is one supposed to put those snippets in standalone scripts in special designated directories (which will ensure that they will be run at the startup or shutdown)? Or something else altogether? (In case it matters, I'm using wheezy.) Thanks in advance! kynn signature.asc Description: Digital signature
Re: Where to put start-up and shutdown code from `man 4 random`?
Hi On Fri, Jul 11, 2014 at 06:41:49AM -0400, Kynn Jones wrote: The documentation in `man 4 random` (**Configuration** section) gives a couple of shell-script snippets that it recommends should be added, respectively, to an appropriate script which is run during the Linux start-up sequence and to an appropriate script which is run during the Linux system shutdown. (It is silent on what those appropriate scripts should be.) What should these scripts be for a Debian system? I believe that the initscripts package (which you almost certainly have got installed already) handles this already - if you cast your eyes over /etc/init.d/urandom you should see similar code. Are there standard scripts in which to put such start-up and shutdown code? Or is one supposed to put those snippets in standalone scripts in special designated directories (which will ensure that they will be run at the startup or shutdown)? Or something else altogether? (In case it matters, I'm using wheezy.) For wheezy[1], the normal place for startup/shutdown is in /etc/init.d/ - symlinks will be created from /etc/rcX.d/ as appropriate for each runlevel (X is a run level in this context). For simple hacks by the system admin, tweaking /etc/rc.local is also acceptable - packages are not allowed to interfere with that. There is a plethora of information available about this - https://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit may be a good starting point. [1] Let's not get into the whole systemd saga here Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140711105605.GG1336@hawking
Re: Where to put start-up and shutdown code from `man 4 random`?
On Fri, Jul 11, 2014 at 6:56 AM, Karl E. Jorgensen k...@jorgensen.org.uk wrote: Hi On Fri, Jul 11, 2014 at 06:41:49AM -0400, Kynn Jones wrote: The documentation in `man 4 random` (**Configuration** section) gives a couple of shell-script snippets that it recommends should be added, respectively, to an appropriate script which is run during the Linux start-up sequence and to an appropriate script which is run during the Linux system shutdown. (It is silent on what those appropriate scripts should be.) What should these scripts be for a Debian system? ...if you cast your eyes over /etc/init.d/urandom you should see similar code. Indeed. That pretty much takes care of my question. Thank you all for the replies! kynn
Re: Where to put start-up and shutdown code from `man 4 random`?
On Fri, 11 Jul 2014, Kynn Jones wrote: The documentation in `man 4 random` (**Configuration** section) gives a couple of shell-script snippets that it recommends should be added, respectively, to an appropriate script which is run during the Linux start-up sequence and to an appropriate script which is run during the Linux system shutdown. (It is silent on what those appropriate scripts should be.) Debian already does this properly in sysvinit mode. So Debian wheezy is covered. Refer to /etc/init.d/urandom For Debian jessie and sid, I haven't audited the systemd stuff to make sure this thing actually runs when it should, but there is code to initialize the random pool in systemd (file src/random-seed/random-seed.c). It looks like it does a slightly worse job than the sysvinit shell script (fails to mix in high-res current time), but this is should be harmless on recent kernels (which have a much better random subsystem initialization). systemd could be enhanced to do a lot better: mix in clock_gettime() output, and other variable and machine-specific data such as the kernel and systemd logbuffer, as well any other not-security-sensitive systemd state, all of it compressed[1] through a crypto hash. This is _NOT_ to add randomness, although it will have a little entropy. This is a best-effort defense against equal pool state between otherwise nearly identical boxes[2], and it is valuable even when the kernel already tried to do it. [1] think of it as a extremely lossy compression: we only care to retain the entropy in the source data. [2] http://eprint.iacr.org/2012/064, https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/ -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2014074612.gc25...@khazad-dum.debian.net
