[haveged] New module; used in stage31 to fill random pool

8 files changed, 56 insertions, 0 deletions

diff --git a/core/modules/haveged/data/etc/systemd/system/default.target.wants/haveged.service b/core/modules/haveged/data/etc/systemd/system/default.target.wants/haveged.service
new file mode 120000
index 00000000..9d39da30
--- /dev/null
+++ b/core/modules/haveged/data/etc/systemd/system/default.target.wants/haveged.service
@@ -0,0 +1 @@
+../haveged.service
\ No newline at end of file
diff --git a/core/modules/haveged/data/etc/systemd/system/haveged.service b/core/modules/haveged/data/etc/systemd/system/haveged.service
new file mode 100644
index 00000000..53cf36b8
--- /dev/null
+++ b/core/modules/haveged/data/etc/systemd/system/haveged.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=Entropy daemon using the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+ConditionVirtualization=!container
+After=apparmor.service systemd-random-seed.service systemd-tmpfiles-setup.service
+Before=sysinit.target shutdown.target
+
+[Service]
+EnvironmentFile=-/etc/default/haveged
+ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS
+SuccessExitStatus=143
+SecureBits=noroot-locked
+NoNewPrivileges=yes
+CapabilityBoundingSet=CAP_SYS_ADMIN
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectSystem=full
+ProtectHome=yes
+
+[Install]
+WantedBy=default.target
+
diff --git a/core/modules/haveged/module.build b/core/modules/haveged/module.build
new file mode 100644
index 00000000..5fa3a36f
--- /dev/null
+++ b/core/modules/haveged/module.build
@@ -0,0 +1,14 @@
+#!/bin/bash
+fetch_source() {
+	:
+}
+
+build() {
+	COPYLIST="list_dpkg_output"
+	list_packet_files > "$COPYLIST"
+	tarcopy "$(cat "${COPYLIST}" | sort -u)" "${MODULE_BUILD_DIR}"
+}
+
+post_copy() {
+	:
+}
diff --git a/core/modules/haveged/module.conf b/core/modules/haveged/module.conf
new file mode 100644
index 00000000..d40d63fa
--- /dev/null
+++ b/core/modules/haveged/module.conf
@@ -0,0 +1,6 @@
+#!/bin/bash
+REQUIRED_BINARIES="
+	haveged
+"
+REQUIRED_LIBRARIES=""
+REQUIRED_DIRECTORIES=""
diff --git a/core/modules/haveged/module.conf.ubuntu b/core/modules/haveged/module.conf.ubuntu
new file mode 100644
index 00000000..0842d080
--- /dev/null
+++ b/core/modules/haveged/module.conf.ubuntu
@@ -0,0 +1,7 @@
+#!/bin/bash
+REQUIRED_CONTENT_PACKAGES="
+	haveged
+"
+REQUIRED_INSTALLED_PACKAGES="
+	haveged
+"
diff --git a/core/rootfs/rootfs-stage31/data/init b/core/rootfs/rootfs-stage31/data/init
index ad3b1fe5..34c4c416 100755
--- a/core/rootfs/rootfs-stage31/data/init
+++ b/core/rootfs/rootfs-stage31/data/init
@@ -34,6 +34,8 @@ busybox mount -n -t devtmpfs -o 'rw,relatime,nosuid,noexec,mode=0755' initramfsd
 busybox mount -n -t tmpfs -o 'mode=755,size=10m' run "/run"
 busybox mount -n -t tmpfs -o 'mode=755,size=50m' temp "/tmp"
 
+haveged
+
 # IMPORTANT - check if kernel modules in initrams match kernel version
 BASEDIR="/lib/modules/$(uname -r)/kernel/drivers"
 for dir in gpu hid misc; do
diff --git a/core/rootfs/rootfs-stage31/module.conf b/core/rootfs/rootfs-stage31/module.conf
index 48559567..680ef5ad 100644
--- a/core/rootfs/rootfs-stage31/module.conf
+++ b/core/rootfs/rootfs-stage31/module.conf
@@ -6,6 +6,7 @@ REQUIRED_MODULES="
 	busybox
 	kernel
 	system-uuid
+	haveged
 "
 REQUIRED_KERNEL_MODULES="
 	kernel/drivers/net/ethernet/*.ko
diff --git a/core/targets/stage31/haveged b/core/targets/stage31/haveged
new file mode 120000
index 00000000..0b7544e6
--- /dev/null
+++ b/core/targets/stage31/haveged
@@ -0,0 +1 @@
+../../modules/haveged
\ No newline at end of file