OneRNG new scripts for testing

Paul Campbell paul at taniwha.com
Mon Dec 14 23:27:25 GMT 2020 

Here are the promised point release for people to test - please install these 
over the top of an existing installation.

Copy onerng.sh and onerng_verify.py to /sbin, and onerng.conf to /etc make 
sure that they are executable.

There are two issues fixed here:

- python vs. python3 - many systems don't have a python3 GPG installation, 
however python3 has replaced python2 as the default python, if this still 
doesn't work for you please edit onerng.conf  setting 
ONERNG_VERIFY_FIRMWARE="0"

- linux kernels 5.5 and later have changed the way that the kernel random pool 
works, gone is the careful accounting of estimated entropy that allowed us to 
only dip into OneRNG's entropy pool when the kernel's dropped low. RNGD, the 
daemon we've fed in the past doesn't really work. Instead I've created a new 
option that periodically takes data from the OneRNG and feeds it into the 
kernel - if you set ONERNG_FEED_KERNEL="1" the OneRNG startup will fork off a 
daemon that will do this (enabled by default in  the /etc/onerng.conf I've 
included here), by default you'll see the LED on the board dimn every 5 secs 
as the kernel is fed, you can change the rate at which this happens using the 
ONERNG_FEED_RATE parameter in /etc/onerng.conf.  (note: at the moment you 
still need to have ONERNG_START_RNGD="1" to start this alternate mechanism for 
collecting kernel entropy)

(the previous behavior of the LED dimming when you suck data out of /dev/
random no longer works in these later kernels)

This is a point release for testing, please let me (and the list) know of any 
issues you run into. The Python stuff probably needs extra work, and I need to 
work on the script to try and figure out which kernel a particular system is 
running and to automatically choose the correct strategy for getting entropy 
into the system pool.

	thanks

	Paul

md5sums:
9ca9dba79510d5faafe3b13857a80b64 onerng.conf
4447700c6125040df87f93d43299bc4f  onerng.sh
4aa006e7c7c44a493cd092773241e15c  onerng_verify.py
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-python
Size: 5963 bytes
Desc: not available
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20201215/ea122821/attachment.py>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/x-shellscript
Size: 1838 bytes
Desc: not available
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20201215/ea122821/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/x-shellscript
Size: 7467 bytes
Desc: not available
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20201215/ea122821/attachment-0001.bin>

More information about the Discuss mailing list