Re: [PATCH] getrandom: new applet
On 06/28/2016 04:54 PM, Etienne Champetier wrote: > Hi Lauri, > > 2016-06-28 19:10 GMT+02:00 Lauri Kasanen : >> On Tue, Jun 28, 2016, at 19:56, Etienne CHAMPETIER wrote: >>> first user of this applet will be LEDE (OpenWrt) to save an urandom seed >>> using getrandom() (so we are sure /dev/urandom pool is initialized) >> >> In LFS, the boot scripts use dd for this. Is there any need for an >> applet? > > On linux you have /dev/random which block, /dev/urandom which never block, > and the new getrandom() syscall which only block until proper initialisation. > To use getrandom() you need an applet. > > I could use /dev/random + dd but this can take a long time and slow > down other /dev/random consumer > (key generation on first boot) > > Here is the code I found for LFS > https://github.com/ojab/BLFS/blob/master/bootscripts/blfs/init.d/random#L32 > they are using /dev/urandom really early in the boot process so it > might not be initialized yet > We are not sure we will go through stop() (hard reset) > Also getrandom() didn't exists at that time ... > > Basically the right tool for the job is now getrandom() so let's use it. timeout 3 dd bs=128 count=1 if=/dev/random of=blah.img Rob ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH v2] getrandom: new applet
On 06/29/2016 10:31 AM, Daniel Thompson wrote: > On 29/06/16 16:04, Etienne Champetier wrote: > Thanks for the explanation. I had indeed overlooked that the getrandom > applet does not consume any entropy. His use case was saving a random seed and not consuming entropy is an advantage? Rob ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: Error in creating user root
On 06/29/2016 05:44 PM, Vered Zvi wrote: Hello, I'm using busybox 1.20.2 In order to create a new user I ran: addgroup root adduser -h /home/root -G root root I'm getting a message: passwd: unknown uid 0 Can you please help ? Thank you, Z.V Hi, it could be useful if you post the contents of /etc/passwd /etc/group /etc/shadow /etc/gshadow. Eventually you should try: addgroup -g 0 root adduser -H /home/root -G root -u 0 root Ciao, Tito ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Error in creating user root
Hello, I'm using busybox 1.20.2 In order to create a new user I ran: addgroup root adduser -h /home/root -G root root I'm getting a message: passwd: unknown uid 0 Can you please help ? Thank you, Z.V The information contained in this communication is proprietary to Israel Aerospace Industries Ltd. and/or third parties, may contain confidential or privileged information, and is intended only for the use of the intended addressee thereof. If you are not the intended addressee, please be aware that any use, disclosure, distribution and/or copying of this communication is strictly prohibited. If you receive this communication in error, please notify the sender immediately and delete it from your computer. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
[PATCH v3] getrandom: new applet
first user of this applet will be LEDE (OpenWrt) to save an urandom seed using getrandom() (so we are sure /dev/urandom pool is initialized) function old new delta getrandom_main - 162+162 .rodata 156181 156208 +27 applet_names25362546 +10 applet_main 29362944 +8 -- (add/remove: 2/0 grow/shrink: 3/0 up/down: 207/0) Total: 207 bytes v2: reduce size by 40 bytes thanks to Tito v3: release under GPLv2 or later, thanks Bernhard Reutner-Fischer Signed-off-by: Etienne CHAMPETIER --- include/applets.src.h | 1 + util-linux/Config.src | 8 util-linux/Kbuild.src | 1 + util-linux/getrandom.c | 43 +++ 4 files changed, 53 insertions(+) create mode 100644 util-linux/getrandom.c diff --git a/include/applets.src.h b/include/applets.src.h index 6e1b02f..b617d14 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -153,6 +153,7 @@ IF_FTPPUT(APPLET_ODDNAME(ftpput, ftpgetput, BB_DIR_USR_BIN, BB_SUID_DROP, ftpput IF_FUSER(APPLET(fuser, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_GETOPT(APPLET(getopt, BB_DIR_BIN, BB_SUID_DROP)) +IF_GETRANDOM(APPLET(getrandom, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_HD(APPLET_NOEXEC(hd, hexdump, BB_DIR_USR_BIN, BB_SUID_DROP, hd)) IF_HDPARM(APPLET(hdparm, BB_DIR_SBIN, BB_SUID_DROP)) diff --git a/util-linux/Config.src b/util-linux/Config.src index 922cabd..9f47db7 100644 --- a/util-linux/Config.src +++ b/util-linux/Config.src @@ -304,6 +304,14 @@ config FEATURE_GETOPT_LONG help Enable support for long options (option -l). +config GETRANDOM + bool "getrandom" + default y + select PLATFORM_LINUX + help + The getrandom utility get NBYTES random bytes using getrandom() + syscall (available since Linux 3.17) + config HEXDUMP bool "hexdump" default y diff --git a/util-linux/Kbuild.src b/util-linux/Kbuild.src index 0b87c52..b164fb7 100644 --- a/util-linux/Kbuild.src +++ b/util-linux/Kbuild.src @@ -19,6 +19,7 @@ lib-$(CONFIG_FLOCK) += flock.o lib-$(CONFIG_FREERAMDISK) += freeramdisk.o lib-$(CONFIG_FSCK_MINIX)+= fsck_minix.o lib-$(CONFIG_GETOPT)+= getopt.o +lib-$(CONFIG_GETRANDOM) += getrandom.o lib-$(CONFIG_HEXDUMP) += hexdump.o lib-$(CONFIG_HWCLOCK) += hwclock.o lib-$(CONFIG_IPCRM) += ipcrm.o diff --git a/util-linux/getrandom.c b/util-linux/getrandom.c new file mode 100644 index 000..d61b53a --- /dev/null +++ b/util-linux/getrandom.c @@ -0,0 +1,43 @@ +/* vi: set sw=4 ts=4: */ +/* + * getrandom.c - read random bytes using getrandom() syscall + * + * Copyright (C) 2016 Etienne Champetier + * + * Licensed under GPLv2 or later, see file LICENSE in this source tree. + */ + +//usage:#define getrandom_trivial_usage +//usage: "N" +//usage:#define getrandom_full_usage "\n\n" +//usage: "Read N random bytes using getrandom()" + +#include +#include "libbb.h" + +int getrandom_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; +int getrandom_main(int argc, char **argv) +{ + int nbytes, len; + char buf[256]; /* getrandom(2) calls up to 256 bytes always succeed */ + + if (argc != 2) + bb_show_usage(); + + if (isatty(STDOUT_FILENO)) + bb_error_msg_and_die("isatty"); + + nbytes = xatoi_range(argv[1], 1, INT_MAX); + + for (len = sizeof(buf); nbytes > 0; nbytes -= sizeof(buf)) { + if (nbytes < sizeof(buf)) { + len = nbytes; + } + if (syscall(SYS_getrandom, buf, len, 0) != len) { + bb_perror_msg_and_die("getrandom"); + } + xwrite(STDOUT_FILENO, buf, len); + } + + return EXIT_SUCCESS; +} -- 2.5.5 ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH v2] getrandom: new applet
On 29/06/16 16:04, Etienne Champetier wrote: 2016-06-29 16:25 GMT+02:00 Daniel Thompson : On 29/06/16 14:54, Etienne Champetier wrote: If we want to be safe, we have to use /dev/urandom only after its initialised A simple tests adding this in an init script on a LEDE (OpenWrt) VM: getrandom 1 > /dev/null echo "### getrandom ###" > /dev/kmsg dd if=/dev/random of=/dev/null count=1 bs=1 echo "### dd ###" > /dev/kmsg gives: [ 14.321536] ### getrandom ### [ 42.603677] ### dd ### And this can be worse on real hardware .. Not clear it the above shows that dd behaves differently to getrandom or if the difference is merely due to less frequent interrupts after system is booted... What timings to you get if you reverse the commands? You missed how the all thing works you have - /dev/urandom, which never block - getrandom(), which block until /dev/urandom is properly initialized (system wide), then never block again and read from /dev/urandom - /dev/random, which only start it initialization after getrandom() unblock, and block when it estimates entropy is low So getrandom will always finish before dd, and after dd /dev/random unblock you are sure getrandom doesn't block anymore Also running 100 times getrandom will not affect other processes, when running 100 times dd /dev/random might block and block other /dev/random users Thanks for the explanation. I had indeed overlooked that the getrandom applet does not consume any entropy. Daniel. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH v2] getrandom: new applet
2016-06-29 16:25 GMT+02:00 Daniel Thompson : > On 29/06/16 14:54, Etienne Champetier wrote: >> >> If we want to be safe, we have to use /dev/urandom only after its >> initialised >> A simple tests adding this in an init script on a LEDE (OpenWrt) VM: >> >> getrandom 1 > /dev/null >> echo "### getrandom ###" > /dev/kmsg >> dd if=/dev/random of=/dev/null count=1 bs=1 >> echo "### dd ###" > /dev/kmsg >> >> gives: >> [ 14.321536] ### getrandom ### >> [ 42.603677] ### dd ### >> >> And this can be worse on real hardware .. > > > Not clear it the above shows that dd behaves differently to getrandom or if > the difference is merely due to less frequent interrupts after system is > booted... > > What timings to you get if you reverse the commands? You missed how the all thing works you have - /dev/urandom, which never block - getrandom(), which block until /dev/urandom is properly initialized (system wide), then never block again and read from /dev/urandom - /dev/random, which only start it initialization after getrandom() unblock, and block when it estimates entropy is low So getrandom will always finish before dd, and after dd /dev/random unblock you are sure getrandom doesn't block anymore Also running 100 times getrandom will not affect other processes, when running 100 times dd /dev/random might block and block other /dev/random users Regards Etienne > > ~~~ > dd if=/dev/random of=/dev/null count=1 bs=1 > echo "### dd ###" > /dev/kmsg > getrandom 1 > /dev/null > echo "### getrandom ###" > /dev/kmsg > ~~~ > > > Daniel. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: inotifyd
Am 24.06.2016 17:17, schrieb Walter Harms: > hi list, > i have an older system and for a test i needed a current version of busybox. > I download 1.25 as tar.bz2 and compiled out of the box. > > > > CC miscutils/inotifyd.o > In file included from /usr/include/asm/fcntl.h:1, > from /usr/include/linux/fcntl.h:4, > from /usr/include/linux/inotify.h:11, > from miscutils/inotifyd.c:32: > /usr/include/asm-generic/fcntl.h:117: error: redefinition of ‘struct flock’ > /usr/include/asm-generic/fcntl.h:140: error: redefinition of ‘struct flock64’ > make[1]: *** [miscutils/inotifyd.o] Fehler 1 > make: *** [miscutils] Fehler 2 > > the problem is the include > > > > replacing this with solved the problem (for me). > > What was the reason to use linux/inotify.h in the first place ? > Otherwise we should really use sys/inotify.h. > I was just preparing a patch and notice that i found the problem actually in an older version the version 1.25.0 is ok. sorry for the noise. re, wh ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH 2/2] doc: Update bb_common_bufsiz1 usage
On Tue, Jun 28, 2016 at 2:15 PM, Kang-Che Sung wrote: > The commit e6a2f4cc5a47d3022bdf5ca2cacbaa5a8c5baf7a ("libbb: make > bb_common_bufsiz1 1 kbyte, add capability to use bss tail for it") > changes the usage syntax for bb_common_bufsiz1. > Update doc/keep_data_small.txt to reflect the new usage. The change is > probably not perfect, though. I think setup_common_bufsiz() might soon disappear - there is a less weird method to control the size of bb_common_bufsiz1[]. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH v2] getrandom: new applet
On 29/06/16 14:54, Etienne Champetier wrote: If we want to be safe, we have to use /dev/urandom only after its initialised A simple tests adding this in an init script on a LEDE (OpenWrt) VM: getrandom 1 > /dev/null echo "### getrandom ###" > /dev/kmsg dd if=/dev/random of=/dev/null count=1 bs=1 echo "### dd ###" > /dev/kmsg gives: [ 14.321536] ### getrandom ### [ 42.603677] ### dd ### And this can be worse on real hardware .. Not clear it the above shows that dd behaves differently to getrandom or if the difference is merely due to less frequent interrupts after system is booted... What timings to you get if you reverse the commands? ~~~ dd if=/dev/random of=/dev/null count=1 bs=1 echo "### dd ###" > /dev/kmsg getrandom 1 > /dev/null echo "### getrandom ###" > /dev/kmsg ~~~ Daniel. ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH v2] getrandom: new applet
Hi Laurent, 2016-06-29 12:25 GMT+02:00 Laurent Bercot : > On 29/06/2016 00:37, Etienne Champetier wrote: >> >> Or everyone can switch to getrandom() because that's the right way > > > The solution I am suggesting: > - works today and is extremely easy to implement. same here > - does not require patching busybox. the patch is done, just need some review > - will work on every Linux kernel on the planet, not only new ones with > getrandom() support. And you *will* find old kernels out there. Linux 3.17 was released on 05-10-2014, and if i use a recent kernel why not use its features? If you use an old kernel just don't use this applet, it's that simple. If you use recent kernel and want to use getrandom() now you can. > - does not require porting/patching applications if they are currently > using /dev/urandom. My applet doesn't require changing current applications !? If you want to wait until /dev/urandom is initialized, just do getrandom 1 > /dev/null see below why it's better than dd /dev/random > > "The right way" had better be very right in order to be righter than that. > > (If your dd copies more than one byte when you give it count=1 bs=1, it's > a bug. Can you send a strace?) If we want to be safe, we have to use /dev/urandom only after its initialised A simple tests adding this in an init script on a LEDE (OpenWrt) VM: getrandom 1 > /dev/null echo "### getrandom ###" > /dev/kmsg dd if=/dev/random of=/dev/null count=1 bs=1 echo "### dd ###" > /dev/kmsg gives: [ 14.321536] ### getrandom ### [ 42.603677] ### dd ### And this can be worse on real hardware ... > > > -- > Laurent > ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: busybox 1.25 ntpd retry initial DNS resolution (forever, no timeout for now).
On Tue, 28 Jun 2016 20:19:29 +0200 "KP.Kirchdoerfer" wrote: > Hi; > > I'm testing busybox 1.25 and wonder how to deal with the commit > > https://git.busybox.net/busybox/commit/networking?id=e4caf1dd9ce8569371a0eeb77ccf02a572dc0f11 > > At the first look it seems to be an obvious improvement, but then I'm afraid > it > may generate a hard to resolve problem. > > I start ntpd by default from /etc/init.d > > There might be no working network connection (not configured properly for > whatever reason, hardware problems, whatelse). > > With busybox 1.24 ntpd fails to start and the boot process continues up to a > shell login - allowing me to configure, start diagnostics and resolve errors. > > With busybox 1.25 ntpd seems to loop forever if now NTP servers are found, > blocking the boot process and I never get a login to solve a possible pb or > to do a first time configuration. > > Any hints how this can be solved? It looks like the original implementation from Kaarle[1] handled it better. Also, if you add multiple ntp servers and the first is broken, then will ntpd never set time. Kaarle's implementation would just skip the bad server and use the working. To test: ./busybox ntpd -d -n -p qwe.rty.ghj.kl -p 0.no.pool.ntp.org And finally, bloat check on x86_64 suggests that Kaarles implementation is -41 bytes compared to current git master. [1]: http://lists.busybox.net/pipermail/busybox/2016-May/084197.html -nc ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH v2] getrandom: new applet
On 29/06/2016 00:37, Etienne Champetier wrote: Or everyone can switch to getrandom() because that's the right way The solution I am suggesting: - works today and is extremely easy to implement. - does not require patching busybox. - will work on every Linux kernel on the planet, not only new ones with getrandom() support. And you *will* find old kernels out there. - does not require porting/patching applications if they are currently using /dev/urandom. "The right way" had better be very right in order to be righter than that. (If your dd copies more than one byte when you give it count=1 bs=1, it's a bug. Can you send a strace?) -- Laurent ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
Re: [PATCH v2] getrandom: new applet
2016-06-29 9:05 GMT+02:00 Bernhard Reutner-Fischer : > On June 29, 2016 12:10:31 AM GMT+02:00, Etienne CHAMPETIER > wrote: >>first user of this applet will be LEDE (OpenWrt) to save an urandom >>seed >>using getrandom() (so we are sure /dev/urandom pool is initialized) >> >>function old new >>delta >>getrandom_main - 162 >>+162 >>.rodata 156181 156208 >>+27 >>applet_names25362546 >>+10 >>applet_main 29362944 >>+8 >>-- >>(add/remove: 2/0 grow/shrink: 3/0 up/down: 207/0) Total: >>207 bytes >> >>v2: reduce size by 40 bytes thanks to Tito >> >>Signed-off-by: Etienne CHAMPETIER > >>diff --git a/util-linux/getrandom.c b/util-linux/getrandom.c >>new file mode 100644 >>index 000..ac1fe63 >>--- /dev/null >>+++ b/util-linux/getrandom.c >>@@ -0,0 +1,43 @@ >>+/* vi: set sw=4 ts=4: */ >>+/* >>+ * getrandom.c - read random bytes using getrandom() syscall >>+ * >>+ * Copyright (C) 2016 Etienne Champetier >> >>+ * >>+ * Licensed under GPLv2, see file LICENSE in this source tree. > > > It would be great if you could make that "GPLv2+" resp. GPLv2 or later. will resend today (this is a copy paste from pivot_root.c) > > TIA, > ___ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox