summaryrefslogtreecommitdiffstats
path: root/projectroot
Commit message (Collapse)AuthorAgeFilesLines
* seatd: specify a group to useMichael Olbrich2022-03-102-1/+2
| | | | | | | This way, seatd can by used by all users in the group 'seat' not just by root. Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rootfs: added group 'sgx' (missed by udev)Artur Wiebe2022-02-041-0/+1
| | | | | | | | | systemd-udevd: /usr/lib/udev/rules.d/50-udev-default.rules:42 Unknown group 'sgx', ignoring SUBSYSTEM=="misc", KERNEL=="sgx_enclave", GROUP="sgx", MODE="0660" Signed-off-by: Artur Wiebe <artur@4wiebe.de> Message-Id: <20220128140310.2632256-1-artur@4wiebe.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: rc-once: Fix error handlingAlexander Dahl2021-12-091-11/+5
| | | | | | | | | | | The return of gen_keys() never threw an error, so last block was useless so far. Script worked because gen_key() exited instead of returning. Messages are done like in the openssh rc-once script now. Fixes: cf0424f8ba23 ("dropbear: Refactor rc-once and init to use KEYTYPES") Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211209105127.120588-1-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* redis: new packageClemens Gruber2021-12-094-0/+26
| | | | | | | | | | | Adds a new package for redis, an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. The systemd service file was taken from ArchLinux. Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com> Message-Id: <20211207144223.23091-1-clemens.gruber@pqgruber.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* openssh: rc-once: Do not overwrite existing keysAlexander Dahl2021-11-121-0/+1
| | | | | | | | | | | | | | | | When storing your keys not in rootfs but on a separate data partition (using symbolic links or overlay fs), keys are overwritten on each firmware upgrade which lets rc-once run again (which happens when using opkg upgrade/update or RAUC in an A/B scheme for example). Changing keys are at best annoying, but may be interpreted as an attack as well. Note: if an empty or invalid key is found, the key is still regenerated. Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211105154734.19983-9-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: rc-once: Regenerate key if invalid key is foundAlexander Dahl2021-11-121-1/+2
| | | | | | | | | | | | | Previously just existence of a key file was checked, which allowed empty key files or invalid key files to persist. That would have prevented dropbear server daemon startup. Note: this does not always regenerate keys, only if rc-once is triggered and run again for whatever reason. Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211105154734.19983-8-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: Support ecdsa keys in rc-once and initAlexander Dahl2021-11-123-0/+7
| | | | | | | | | | With 54afea33423c ("dropbear: Added Elliptic Curve Cryptography options.") an option was added to built with ecdsa host key support, but scripts where not adapted back then. Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211105154734.19983-7-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: Refactor rc-once and init to use KEYTYPESAlexander Dahl2021-11-122-4/+32
| | | | | | | | | | | | | | Previously DSS and RSA keys were always generated, regardless if dropbear was built with support for that host key or not, which somehow contradicts what commit message of 01ac7cc409b5 ("dropbear: Remove deprecated options") promised. No other things changed here, just considering that KEYTYPES list for 'rsa' for now. Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211105154734.19983-6-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: Move KEYTYPES to shell lib and set based on menuAlexander Dahl2021-11-122-2/+1
| | | | | | | | | The variable is currently not used, but it will be useful later for key generation and daemon startup based on actually selected host key types. Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211105154734.19983-5-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: Move shell variables to new common shell libAlexander Dahl2021-11-123-8/+6
| | | | | | | | | | | | | | | | init script and rc-once script use some common variables and targetinstall replace happens twice for each, so to make things less complex put those common variables in a common place. While at it, remove that DROPBEAR_xxxKEY_DEFAULT indirection, which probably originates in the init script from Debian, which seems was the base for developing this script at least 15 years ago. The lib will be extended with more variables later. Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211105154734.19983-4-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: Remove host/public key DSS supportAlexander Dahl2021-11-122-10/+1
| | | | | | | | | | | DSS option was removed already from ptxdist, it is not recommended for new keys. In dropbear however, it was still default enabled, this is disabled through localoptions.h now. Fixes: 01ac7cc409b5 ("dropbear: Remove deprecated options") Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20211105154734.19983-2-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* mtd-utils: Introduce systemd unit for ubihealthdAlexander Dahl2021-09-291-0/+13
| | | | | | | | | | It's possible to run multiple instances for multiple ubi devices by creating multiple symlinks. One symlink for the first device ubi0 is already created. Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20210909101652.9288-3-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rc-once: Fix include pathAlexander Dahl2021-09-032-2/+2
| | | | | | | | | | The initmethod shell library was moved, but the include path in scripts using it, was not adapted back then. Fixes: 5c7e5b48a39f ("initmethod: /usr merge") Signed-off-by: Alexander Dahl <ada@thorsis.com> Message-Id: <20210827083353.22152-4-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rc-once: Adapt path in scripts including shell libAlexander Dahl2021-09-032-2/+2
| | | | | | | | | | The usr/lib/init/rc-once.sh script was moved for /usr merge, but scripts using this piece were not updated. Signed-off-by: Alexander Dahl <ada@thorsis.com> Fixes: e74c5e613d9e ("rc-once: /usr merge") Message-Id: <20210827083353.22152-3-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dropbear: Remove not needed include from init scriptAlexander Dahl2021-09-031-2/+0
| | | | | | | | | | After migrating to rc-once this script does not use any functions from the included (shell) library anymore. Signed-off-by: Alexander Dahl <ada@thorsis.com> Fixes: 0e0f5d31e0e0 ("[dropbear] use rc-once to create server keys") Message-Id: <20210827083353.22152-2-ada@thorsis.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* projectroot: rauc-mark-good: adapt unit properties from ↵Bastian Krause2021-09-031-0/+4
| | | | | | | | | | | | | | | | | | | | | | | systemd-bless-boot.service Mark the system "good" when the boot-complete.target [1] is reached. "Type=oneshot" (instead of implicit "Type=simple") makes sure the unit is considered started once "rauc status mark-good" exits. "RemainAfterExit=yes" ensures that this service unit is only started once [2]. These options were adapted from [3] and [4]. [1] https://www.freedesktop.org/software/systemd/man/systemd.special.html#boot-complete.target [2] https://www.freedesktop.org/software/systemd/man/systemd.service.html#id-1.10.4 [3] https://github.com/systemd/systemd/blob/main/units/systemd-bless-boot.service.in [4] https://github.com/rauc/meta-rauc/pull/197 Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20210824165247.31292-1-bst@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* seatd: new packageMichael Tretter2021-07-161-0/+8
| | | | | | Signed-off-by: Michael Tretter <m.tretter@pengutronix.de> Message-Id: <20210709074508.1301617-1-m.tretter@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* busybox: update udhcp config filesRoland Hieber2021-06-252-51/+102
| | | | | | | | | | | | | | Copy the following files from busybox 1.33: * examples/udhcp/simple.script * examples/udhcp/udhcpd.conf This teaches the DHCP client to use iproute2 tools instead of the outdated iputils. Signed-off-by: Roland Hieber <rhi@pengutronix.de> Message-Id: <20210620173954.5608-1-rhi@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dhcp: sync config files with upstream examplesRoland Hieber2021-06-252-106/+106
| | | | | | | | | | | | | | Copy the following files from the ISC DHCP tree: * client/dhclient.conf.example * server/dhcpd.conf.example and comment out all lines, so they serve as examples only and don't configure any strange things on the target. Signed-off-by: Roland Hieber <rhi@pengutronix.de> Message-Id: <20210620171046.25968-4-rhi@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rpcbind: version bump 0.2.3 -> 1.2.6Bastian Krause2021-06-162-24/+0
| | | | | | | | | | | | | | systemd service/socket files are now part of rpcbind. Remote call functionality is now configurable and disabled. Most people won't use that. It also stops rpcbind from opening up random UDP ports. See [1]. [1] https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=2e9c289246c647e25649914bdb0d9400c66f486e Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20210611125538.12935-1-bst@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* ofono: new packageRoland Hieber2021-06-111-0/+1
| | | | | | Signed-off-by: Roland Hieber <rhi@pengutronix.de> Message-Id: <20210609215336.22744-1-rhi@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* ifupdown: Drop default dependencies of ifupdown.serviceUwe Kleine-König2021-03-191-0/+1
| | | | | | | | | | | ifupdown can usually be started quite early. There might be some additional dependencies (e.g. on devices or kernel modules) but these are not formalized with the default dependencies either. So in this case you have to overwrite the service for your device anyhow. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Message-Id: <20210315132728.22554-1-u.kleine-koenig@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* openssh: Don't kill ssh sessions when isolating a unitUwe Kleine-König2021-03-121-0/+1
| | | | | | | | | When system state is switched using systemctl isolate ssh sessions usually shouldn't be killed. Make this the default. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Message-Id: <20210305170435.4466-1-u.kleine-koenig@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* /etc/hosts: add local ipv6 definitionsUwe Kleine-König2021-03-011-0/+4
| | | | | | | | It's 2021! Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Message-Id: <20210226092643.165523-1-u.kleine-koenig@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rsyslog: version bump 8.26.0 -> 8.2012.0Bruno Thomsen2021-01-291-0/+14
| | | | | | | | | | | | | | | | | | | New configure options in 8.2012.0 has been disabled, except 2 new options: - atomic-operations is always enabled. - libsystemd support is {en,dis}abled with RSYSLOG_SYSTEMD. Removed options are no longer available in configure. lmstrmsrv does not exist any longer. According to changelog the gcc 10 compile issues was fixed in 8.2010.0 and included in this version. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> Message-Id: <20210128124111.5290-1-bruno.thomsen@gmail.com> [mol: add local systemd service. It was removed upstream] Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* tpm2-abrmd.service: remove obsolete StandardOutput parameterBruno Thomsen2021-01-151-1/+0
| | | | | | | | | | | | | | | The parameter is no longer needed. Avoid this message during boot: systemd[1]: /usr/lib/systemd/system/tpm2-abrmd.service:12: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> Message-Id: <20210111133724.4644-1-bruno.thomsen@gmail.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* machine-id: make using rc-once optionalArtur Wiebe2020-12-111-0/+0
| | | | | | | | If not set /etc/machine-id will be installed from projectroot (default: empty file). Signed-off-by: Artur Wiebe <artur@4wiebe.de> Message-Id: <20201204093024.1785079-1-artur@4wiebe.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* nfsutils: version bump 1.3.3 -> 2.5.1Bastian Krause2020-10-281-1/+0
| | | | | | Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20201021144149.27886-3-bst@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* nfsutils: fix paths in init scriptBastian Krause2020-10-281-4/+4
| | | | | | | | | The nfs-utils tools are installed into /usr/sbin since the /usr merge. Fixes: e5068a95a ("nfsutils: /usr merge") Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20201021144149.27886-1-bst@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rauc-hawkbit-updater: new packageBastian Krause2020-09-251-0/+43
| | | | | | | Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20200924165621.24177-2-bst@pengutronix.de> [mol: use menuconfig instead of config] Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* passwd/group: add rauc-hawkbit user/groupBastian Krause2020-09-252-0/+2
| | | | | | Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20200924165621.24177-1-bst@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* nvmetcli: new packageLucas Stach2020-09-221-0/+0
| | | | | | | | | | | | | nvmetcli is a program used for viewing, editing, saving, and starting a Linux kernel NVMe Target, used for an NVMe-over-Fabrics network configuration. It allows an administrator to export a storage resource (such as NVMe devices, files, and volumes) to a local block device and expose them to remote systems based on the NVMe-over-Fabrics specification from http://www.nvmexpress.org. Signed-off-by: Lucas Stach <l.stach@pengutronix.de> Message-Id: <20200921083057.4074995-2-l.stach@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rc-once: StandardOutput=syslog+console is deprecated, use journal+console ↵Michael Olbrich2020-09-111-1/+1
| | | | | | instead Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* openssh/rc-once: iterate over configured hostkeysChristian Hermann2020-09-111-30/+19
| | | | | | | | | | | | | | | ...instead of relying on a hardcoded list of keytypes. Some cleanup was performed as well: * merge key gathering functions * absence of sshd_config was tested but properly progagated and therefore not properly handled. Tested with sed implementations of busybox-1.31.1, toybox-0.8.3 and GNU. Signed-off-by: Christian Hermann <christian.hermann@hytera.de> Message-Id: <20200821112902.17281-2-christian.hermann@hytera.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* openssh: fix debug output in rc-once scriptMichael Olbrich2020-08-171-3/+2
| | | | | | | | The variable $_type does not exist, so $prettykeytype is always empty. And 'tr' may not be available. It's just the debug output, so use the lowercase key type to avoid any problem. Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* openssh/rc-once: use fixed string grep to match filenameUwe Kleine-König2020-08-141-1/+1
| | | | | | | | | | | | | | This is a (very) minor optimisation. There is no semantical change as the fixed list of possible filenames doesn't contain anything that has a different meaning when interpreted as a regex, still I consider it better style to interpret the filename as a fixed string to match. Both busybox and the "big" grep support -F unconditionally so there is no problem in using -F. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Message-Id: <20200808083456.26483-2-u.kleine-koenig@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* openssh/rc-once: deduplicate some dataUwe Kleine-König2020-08-141-14/+11
| | | | | | | | | The create_keys() function passed the key type three times. Now it's only passed once. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Message-Id: <20200808083456.26483-1-u.kleine-koenig@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rc-once: make sure data makes it to the mediumRobert Schwebel2020-08-141-0/+2
| | | | | | | | | | | | We have seen that, if the first boot runs under a testsuite that powers the board off after rc-once is finished, data hasn't found its way to the medium. This has been observed to result in an empty ssh key. Adding a sync helps. Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de> Message-Id: <20200810101713.247725-1-r.schwebel@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* gpsd: version bump 3.20 -> 3.21Ladislav Michl2020-08-142-2/+2
| | | | | | | | | | | License checksum changed as '(c)' was removed from text, no changes otherwise. Also remove vanished options and modify systemd service files to expect gpsd socket in /run. Signed-off-by: Ladislav Michl <ladis@linux-mips.org> Message-Id: <20200807153000.GA2625913@lenoch> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* openssh: allow early ssh connectionsMichael Olbrich2020-08-072-2/+4
| | | | | | | | | | | | | | By using DefaultDependencies=no the system can accept ssh connections earlier. This makes it possible to debug problems during startup. This means that tmpfiles.d cannot be used to create the privilege separation directory. So create it as RuntimeDirectory instead. As a side effect, this 'fixes' problems with nfsroot: tmpfiles.d refuses to create /run/sshd if / is not owned by root. This is not checked for RuntimeDirectory= so creating /run/sshd works here. Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* gpsd: fix gpsdctl@.serviceLadislav Michl2020-08-041-2/+2
| | | | | | | | | gpsdctl@.service is supposed to call gpsdctl which is not installed at all. Also fix gpsctl vs gpsdctl confusion. Signed-off-by: Ladislav Michl <ladis@linux-mips.org> Message-Id: <20200803142935.GA2907440@lenoch> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* passwd/group: added chrony UID/GIDBruno Thomsen2020-08-022-0/+2
| | | | | | | | | | Added chrony user id (UID) to /etc/passwd and chrony group id (GID) to /etc/group using next available numbers. Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com> Message-Id: <20200731161141.6155-4-bruno.thomsen@gmail.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* haproxy: new packageBastian Krause2020-06-121-0/+24
| | | | | | | | | | | | | | | | | HAProxy consists of a GPL core and GPL modules while exportable include files are licensed under LGPL. Some options (e.g. lua, pcre) are not yet configurable, this can be extended if someone needs them. A minimalistic config is provided to be able to test it, for everything else an adjusted config must be installed. As HAProxy's config examples expect some custom files in /etc/haproxy install_alternative_tree is used to install custom configuration files and more easily. Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20200610120307.28245-1-bst@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* rauc/image-rauc: use code signing infrastructure for key retrievalBastian Krause2020-05-151-7/+0
| | | | | | | | | | | | | | Use the keys provided by the currently active key provider via PKCS#11 instead of key files placed in the platform config directory. In order to make sure the new mechanics are used after a BSP update the rauc.key file is no longer allowed to exist in the platformconfig directory. Note: requires genimage v13 or later and ptx-code-signing-dev 0.4 or later Signed-off-by: Bastian Krause <bst@pengutronix.de> Message-Id: <20200515142641.812-14-bst@pengutronix.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* syslogng: update to 3.25.1Matthias Schiffer2020-04-092-2/+24
| | | | | | | | | | | | | | | | | | | Update and move out of staging. The new version adds compatiblity with OpenSSL 1.1.x and switches to Python 3. The AMQP and MongoDB destinations are removed, they were never buildable without additional packages not available in plain PTXdist. Various other modules are disabled explicitly to avoid the build nondeterministically picking up undeclared dependencies. A simple replacement for the old systemd unit is added, as the new version only provides an instanced unit which cannot be linked as syslog.service (which is necessary to use syslog-ng as the default system logger by enabling ForwardToSyslog in journald.conf). Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> Message-Id: <20200408123232.12718-1-matthias.schiffer@ew.tq-group.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* dnsmasq: install dnsmasq.conf from package sourceLadislav Michl2020-03-201-679/+0
| | | | | | | | | As projectroot's dnsmasq.conf is copied from example config of dnsmasq package, let's remove it from projectroot. Signed-off-by: Ladislav Michl <ladis@linux-mips.org> Message-Id: <20200316191624.GD16217@lenoch> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* varoverlayfs: support kernels without metacopyMatthias Schiffer2020-02-161-1/+0
| | | | | | | | | | metacopy=on is supported on Linux 4.19+ only. As metacopy is unlikely to have a significant effect on the /var overlay anyways, simply remove the option. Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> Message-Id: <20200214103854.2448-1-matthias.schiffer@ew.tq-group.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* gpsd: Optionally install systemd unit filesLadislav Michl2020-01-303-0/+38
| | | | | Signed-off-by: Ladislav Michl <ladis@linux-mips.org> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* haveged: systemd service: move from multi-user.target to sysinit.targetAndreas Pretzsch2020-01-251-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For devices with no or defective HW RNG, it takes quite long until the kernel random device is seeded, up to several 10 seconds. See kernel "random: crng init done" message for this. As a consequence, anything using /dev/random will block accordingly. This is even true for "ssh-keygen -l" invocations, which should just show the fingerprint of a pubkey. Which can be used e.g. to check for valid keys to be present. One way to expedite this is to run haveged, of course at the cost of reduced quality of the random numbers. But this start has to happen rather early in the boot process. By default (based upon this (old) haveged package), haveged is started late as user service in multi-user.target. So move the start of haveged from multi-user.target to sysinit.target. Also add a service dependency on after systemd-random-seed.service (responsible to seed from a stored random pool, if enabled) and systemd-tmpfiles-setup-dev.service (responsible to setup the dev files). Comparable is done within Fedora and SuSE. Signed-off-by: Andreas Pretzsch <apr@cn-eng.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
* haveged: systemd service: import haveged.service from haveged 1.9.2 sourceAndreas Pretzsch2020-01-251-0/+11
| | | | | Signed-off-by: Andreas Pretzsch <apr@cn-eng.de> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-24 23:19:19 +0000