first draft: urandom.conf startup script

1 files changed, 29 insertions, 0 deletions

diff --git a/urandom.conf b/urandom.conf
new file mode 100644
index 0000000..1b40057
--- /dev/null
+++ b/urandom.conf
@@ -0,0 +1,29 @@
+# urandom - load seed-file into kernel pseudorandom number generator
+#
+# This task is run on startup, as early as possible.
+
+description     "load seed-file into urandom"
+
+# Initialize the PRNG as early as possible.
+# Actually, nothing upstart can do is early enough,
+# but this is better than nothing.
+# Note that the root filesystem is probably still read-only at this point.
+start on startup
+
+# The "urandom" event means the PRNG has been initialized.
+# You it may be possible to use /dev/random before this, at your own risk.
+emits urandom
+
+task
+console output
+
+script
+  SAVEDFILE=/var/lib/urandom/random-seed        # probably belongs in a config file
+  if test -r "$SAVEDFILE" ; then
+    cat "$SAVEDFILE" > /dev/urandom
+    initctl emit urandom
+  fi
+end script
+
+# The seed file SHOULD NOT be reused.
+# We rely on urandom-save and urandom-adios to rewrite the seed file.