From cbf0cecd44a6b422e208f3043f2ceaf7fd0a25a9 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 22 Oct 2016 16:39:53 +0200 Subject: Ensure module 'virtio-rng' is loaded in the guest before creation of key material. --- tdf-postinst-udeb/debian/postinst | 13 +++++++++++++ tdf-postinst-udeb/finish-install.d/07tdf-postinst | 6 +++--- 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100755 tdf-postinst-udeb/debian/postinst (limited to 'tdf-postinst-udeb') diff --git a/tdf-postinst-udeb/debian/postinst b/tdf-postinst-udeb/debian/postinst new file mode 100755 index 0000000..fc933d3 --- /dev/null +++ b/tdf-postinst-udeb/debian/postinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -ue + +if [ "$1" = 'configure' ]; then + # Linux >=3.16 mixes output from the VirtIO RNG (/dev/hwrng) into + # /dev/random hence we no longer need to do this in userspace using + # `rngd` + register-module virtio-rng +fi + +#DEBHELPER# +exit 0 diff --git a/tdf-postinst-udeb/finish-install.d/07tdf-postinst b/tdf-postinst-udeb/finish-install.d/07tdf-postinst index f8c0da2..0ee458c 100755 --- a/tdf-postinst-udeb/finish-install.d/07tdf-postinst +++ b/tdf-postinst-udeb/finish-install.d/07tdf-postinst @@ -3,8 +3,8 @@ set -e . /usr/share/debconf/confmodule || true -in-target modprobe 9pnet_virtio || true -in-target modprobe 9p || true +modprobe -va -d/target virtio-rng +modprobe -va -d/target 9pnet_virtio 9p virtfs="$(mktemp -d)" mount -t 9p -o trans=virtio,version=9p2000.L virtfs "$virtfs" || true @@ -91,7 +91,7 @@ fi if [ -d /target/etc/salt ]; then in-target sh -c ' - HOME="$(echo ~root)" + export HOME="$(echo ~root)" # use ~root/.rnd as OpenSSL seed file pkidir="/etc/salt/pki/minion" mkdir -p -m0700 "$pkidir" -- cgit v1.2.3