Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/distrib/utils/embedded/files Extract just the random bits to...



details:   https://anonhg.NetBSD.org/src/rev/8e5ff85fb8ce
branches:  trunk
changeset: 1022466:8e5ff85fb8ce
user:      rhialto <rhialto%NetBSD.org@localhost>
date:      Tue Jul 20 19:31:23 2021 +0000

description:
Extract just the random bits to feed to /dev/urandom.

This makes no difference in the randomness of the pool, but it improves
on the estimation (if any) of how many random bits were obtained.
Also make the ftp -q time out a bit longer since I got some time outs.

diffstat:

 distrib/utils/embedded/files/ec2_init |  18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diffs (56 lines):

diff -r 8d8c594a2b09 -r 8e5ff85fb8ce distrib/utils/embedded/files/ec2_init
--- a/distrib/utils/embedded/files/ec2_init     Tue Jul 20 19:27:51 2021 +0000
+++ b/distrib/utils/embedded/files/ec2_init     Tue Jul 20 19:31:23 2021 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: ec2_init,v 1.3 2021/07/15 19:03:17 rhialto Exp $
+# $NetBSD: ec2_init,v 1.4 2021/07/20 19:31:23 rhialto Exp $
 #
 # PROVIDE: ec2_init
 # REQUIRE: NETWORKING
@@ -28,6 +28,11 @@
        useradd -g users -G wheel,operator -m "${EC2_USER}"
 }
 
+extract_random_seed()
+{
+       sed -n -e '/random_seed/s/.*"random_seed": *"\([A-Za-z0-9+/=]*\)".*/\1/p'
+}
+
 ec2_init()
 {
        (
@@ -38,7 +43,7 @@
        try=0
        while [ $((try++)) -lt 20 ]
        do
-               HOSTNAME=$(ftp -o - -q 1 "${METADATA_URL}${HOSTNAME_URL}")
+               HOSTNAME=$(ftp -o - -q 2 "${METADATA_URL}${HOSTNAME_URL}")
                if [ -n "$HOSTNAME" ]; then
                        echo "Setting EC2 hostname: ${HOSTNAME}"
                        echo "$HOSTNAME" > /etc/myname
@@ -53,7 +58,7 @@
        id "${EC2_USER}" >/dev/null 2>&1 || ec2_newuser
 
        # fetch the public key from Amazon Web Services
-       EC2_SSH_KEY=$(ftp -o - -q 1 "${METADATA_URL}${SSH_KEY_URL}")
+       EC2_SSH_KEY=$(ftp -o - -q 2 "${METADATA_URL}${SSH_KEY_URL}")
 
        if [ -n "$EC2_SSH_KEY" ]; then
                # A key pair is associated with this instance, add it
@@ -71,10 +76,11 @@
                fi
        fi
 
-       # May contain a "random_seed". Everything else doesn't matter.
-       OS_METADATA="$(ftp -o - -q 1 ${OS_METADATA_URL})"
+       # May contain a "random_seed".
+       OS_METADATA="$(ftp -o - -q 2 ${OS_METADATA_URL})"
        if echo "$OS_METADATA" | grep -q random_seed; then
-               echo "$OS_METADATA" >> /dev/urandom
+               echo "$OS_METADATA" | extract_random_seed |
+                   base64 -di >> /dev/urandom
        fi
        )
 }



Home | Main Index | Thread Index | Old Index