1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
random-seed is a random seed management program. In contrast with other random
seed implementations, random-seed will credit the random seed to the kernel
entropy count. It attempts to prevent inadvertent random seed sharing by
checking that certain system identifiers such as the machine ID and filesystem
ID have not changed between a save and load. If these identifiers do not
match, random-seed will still load the random seed, but will not credit the
entropy.
random-seed is intended for distribution use. For a system that is
administratively guaranteed not to be cloned, consider the random-seed-basic
project instead.
random-seed requires the following to compile:
- a sufficiently gcc compatible compiler. clang is fine, icc probably works.
- GNU make. BSD make is not supported.
- sh. dash works.
When compiling from git, autoconf, aclocal, and autoconf-archive are required.
aclocal is provided by the automake package on most operating systems. [1]
random-seed also supports linking with libudev or libmount and libblkid. It is
highly recommended to enable libudev if your target platform includes udevd
(eudev is supported), as it allows detection of the hard drive ID. Otherwise,
it is highly recommended to enable libmount and libblkid, as these allow
reliable detection of the file system UUID. It is assumed that most GNU/Linux
systems will include the util-linux package that contains these libraries, so
that should cover almost everybody. Even so, if neither of these are compiled
in, random-seed will fall back on the statfs(2) system call and use the f_fsid
field to identify the file system, if the file system type is btrfs, ext2/3/4,
JFS, NTFS, reiserfs, or UBIFS. If the file system type is none of these, and
none of the above libraries have been compiled in, random-seed will only use
the machine ID for cloning detection. However, if you do not have libudev, you
probably also do not use systemd or dbus, so you will probably not have a
machine ID. In this case, random-seed will never credit the entropy, so you may
as well use a "dd if=random-seed of=/dev/urandom" script.
random-seed is Linux-specific, as it is my understanding that other operating
systems are either not commonly imaged (e.g. BSDs) or have official tools for
system image preparation (e.g. sysprep for Windows). However, it should be
reasonably easy to port by simply adjusting the paths and changing getrandom to
/dev/random. Other operating systems would be better served by providing an
official sysprep program though.
random-seed supports a daemonize mode. This is recommended on systems without
a centralized timer synchronization mechanism similar to Android or systemd.
random-seed uses under 100 KB of RAM and negligible CPU when daemonized.
[1] Automake has a "Future of aclocal" section in its manual. This section has
contained the text "aclocal is expected to disappear" since its inception in
2003, more than 15 years ago as of writing.
|