Bug 789407 - Save entropy during system install
Summary: Save entropy during system install
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-10 17:31 UTC by Bill Nottingham
Modified: 2016-10-04 14:13 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-11 02:02:26 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Bill Nottingham 2012-02-10 17:31:43 UTC 
Description of problem:

There's some discussion in an issue for a pre-systemd release about saving entropy during system installation so that there is *some* saved state.

anaconda isn't exactly the right place to do it, so pushing to systemd.

diff --git a/systemd.spec b/systemd.spec
index 5e805ce..4144827 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -235,6 +235,9 @@ if [ $1 -eq 1 ] ; then
                 remote-fs.target \
                 systemd-readahead-replay.service \
                 systemd-readahead-collect.service >/dev/null 2>&1 || :
+
+	# Save some initial state for the random seed.
+	/lib/systemd/systemd-random-seed save
 else
         # This systemd service does not exist anymore, we now do it
         # internally in PID 1

Version-Release number of selected component (if applicable):

any
Comment 1 Lennart Poettering 2012-02-11 02:02:26 UTC 
Fixed in rawhide
Comment 2 Colin Walters 2016-10-03 20:54:15 UTC 
I'd say Anaconda *is* the right place to do this actually.  At the moment, anyone who wants to generate generic images (docker images, ostree commits, VM images (vagrant/qcow2) etc) needs to[1] nuke this.


[1] well, *should* since it's disingenuous to ship the same random seed to potentially many systems
Note You need to log in before you can comment on or make changes to this bug.