Skip to content
Snippets Groups Projects
  1. Sep 19, 2016
  2. Sep 16, 2016
  3. Sep 05, 2016
  4. Aug 14, 2016
  5. Aug 13, 2016
  6. Aug 10, 2016
  7. Aug 04, 2016
  8. Aug 01, 2016
  9. Jul 24, 2016
  10. Jul 26, 2016
  11. Jun 30, 2016
    • Etienne CHAMPETIER's avatar
      base-files: seed /dev/urandom · 3946a552
      Etienne CHAMPETIER authored
      
      This commit:
      1) seed /dev/urandom with the saved seeds as early as possible
         (see /lib/preinit/81_urandom_seed)
      2) save a seed at /etc/urandom.seed if it doesn't exists
      3) save a new seed each boot at "system.@system[0].urandom_seed"
         (see /etc/init.d/urandom_seed)
      
      We use getrandom() so we are sure /dev/urandom pool is initialized
      
      Seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8)
      it's the same size as in ubuntu 14.04 and all systemd systems
      
      Seeding /dev/urandom doesn't change entropy estimation, so we still have
      "random: ubus urandom read with 4 bits of entropy available"
      messages in the logs, but we can now ignore them if
      after "urandom-seed: Seeding with ..." message
      
      Saving a new seed on each boot is disabled by default to avoid too much
      writes without user consent
      
      v2: log preinit messages to /dev/kmsg
      v3: use non generic function name for logging, as /lib/preinit/ files
          are all sourced together in /etc/preinit
      v4: after a lot of discussion on the ML, use a uci config param
      v5: config param is now the path of the seed
      
      Signed-off-by: default avatarEtienne CHAMPETIER <champetier.etienne@gmail.com>
      Acked-by: default avatarJo-Philipp Wich <jo@mein.io>
      3946a552
  12. Jun 28, 2016
  13. Jun 24, 2016
  14. Jun 17, 2016
  15. Jun 07, 2016
  16. Jun 08, 2016
  17. Jun 07, 2016
  18. May 27, 2016
    • Jo-Philipp Wich's avatar
      base-files: rework postinstall uci-defaults handling · 7f694582
      Jo-Philipp Wich authored
      
      Some package postinstall operations, e.g. those emitted by the LuCI build
      system, source and delete the uci-defaults themselves upon package insteall,
      causing the generic defaults apply code to trigger shell errors like:
      
          .../luci-app-ddns.postinst: .: line 130: can't open './40_luci-ddns'
      
      Rework the generic apply code to check the existence of the uci-defaults
      script before trying to source it, use sed to prefilter the list of entries
      from the control file and perform the directory change in a subshell,
      avoiding the need for cd $OLDPWD.
      
      Signed-off-by: default avatarJo-Philipp Wich <jo@mein.io>
      7f694582
  19. May 24, 2016
  20. May 23, 2016
  21. May 19, 2016
  22. May 18, 2016
    • Kevin Darbyshire-Bryant's avatar
      base-files: sysfixtime exclude dnsmasq.time · 382779e0
      Kevin Darbyshire-Bryant authored
      dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
      determining if current time is good enough to validate dnssec time
      stamps.  By including /etc/dnsmasq.time as a time source for sysfixtime,
      the mechanism was effectively defeated because time was set to the
      last time that dnsmasq considered current even though that time is in
      the past.  Since that time is out of date, dns(sec) resolution would
      fail thus defeating any ntp based mechanisms for setting the clock
      correctly.
      
      In theory the process is defeated by any files in /etc that are newer
      than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
      on process TERM so hopefully /etc/dnsmasq.time is the latest file
      timestamp in /etc as part of LEDE shutdown/reboot.
      
      Either way, including /etc/dnsmasq.time as a time source for
      sysfixtime is not helpful.
      382779e0
Loading