Use /dev/random exclusively. /dev/random will be used for uuid with fdisk. /dev/random will be used for entropy when mounting swap with a random key. If /dev/random does not open, the program will exit. Programs will have to wait on /dev/random to supply entropy, which may be a very long time unless you have a random number gathering daemon (hardware random number generator). Using multiple daemons is ideal: http://sourceforge.net/projects/gkernel/ http://www.vanheusden.com/aed/ http://www.vanheusden.com/ved/ This patch goes on top of the loop-aes patch. This patch should only be used if rngd is started before swapon during boot. robert diff -Naur util-linux-ng-2.14.1.orig/fdisk/fdisk.c util-linux-ng-2.14.1/fdisk/fdisk.c --- util-linux-ng-2.14.1.orig/fdisk/fdisk.c 2008-09-10 09:02:43.000000000 +0000 +++ util-linux-ng-2.14.1/fdisk/fdisk.c 2009-02-09 03:49:54.000000000 +0000 @@ -151,7 +151,7 @@ ssize_t rv = -1; struct timeval tv; - fd = open("/dev/urandom", O_RDONLY); + fd = open("/dev/random", O_RDONLY); if (fd >= 0) { rv = xread(fd, &v, sizeof v); close(fd); @@ -160,6 +160,10 @@ if (rv == sizeof v) return v; + /* DIE!: This could only happen in a chroot. */ + fprintf(stderr, _("Error: unable to open /dev/random\n")); + exit(1); + /* Fallback: sucks, but better than nothing */ gettimeofday(&tv, NULL); return (unsigned int)(tv.tv_sec + (tv.tv_usec << 12) + getpid()); diff -Naur util-linux-ng-2.14.1.orig/misc-utils/mcookie.c util-linux-ng-2.14.1/misc-utils/mcookie.c --- util-linux-ng-2.14.1.orig/misc-utils/mcookie.c 2008-09-10 09:02:43.000000000 +0000 +++ util-linux-ng-2.14.1/misc-utils/mcookie.c 2009-02-09 03:37:32.000000000 +0000 @@ -35,10 +35,6 @@ int minlength, maxlength; } rngs[] = { { "/dev/random", 16, 16 }, /* 16 bytes = 128 bits suffice */ - { "/proc/interrupts", 0, 0 }, - { "/proc/slabinfo", 0, 0 }, - { "/proc/stat", 0, 0 }, - { "/dev/urandom", 32, 64 }, }; #define RNGS (sizeof(rngs)/sizeof(struct rngs)) @@ -132,6 +128,8 @@ break; } else if (Verbose) fprintf( stderr, _("Could not open %s\n"), rngs[i].path ); + /* DIE!: This could only happen in a chroot. */ + exit (1); } MD5Final( digest, &ctx ); diff -Naur util-linux-ng-2.14.1.orig/mount/lomount.c util-linux-ng-2.14.1/mount/lomount.c --- util-linux-ng-2.14.1.orig/mount/lomount.c 2009-02-09 03:37:05.000000000 +0000 +++ util-linux-ng-2.14.1/mount/lomount.c 2009-02-09 03:37:19.000000000 +0000 @@ -750,9 +750,10 @@ * SHA-512 of old fs data is used as workaround for missing * entropy in kernel's random number generator. */ - if((fd = open("/dev/urandom", O_RDONLY)) == -1) { - fprintf(stderr, _("Error: unable to open /dev/urandom\n")); - return 1; + if((fd = open("/dev/random", O_RDONLY)) == -1) { + fprintf(stderr, _("Error: unable to open /dev/random\n")); + /* DIE!: This could only happen in a chroot. */ + exit (1); } rd_wr_retry(fd, &b[64], 32, 0); diff -Naur util-linux-ng-2.14.1.orig/mount/swapon.c util-linux-ng-2.14.1/mount/swapon.c --- util-linux-ng-2.14.1.orig/mount/swapon.c 2009-02-09 03:37:05.000000000 +0000 +++ util-linux-ng-2.14.1/mount/swapon.c 2009-02-09 03:37:19.000000000 +0000 @@ -498,9 +498,10 @@ * SHA-512 of old swap data is used as workaround for missing * entropy in kernel's random number generator. */ - if(!(f = fopen("/dev/urandom", "r"))) { - fprintf(stderr, _("swapon: unable to open /dev/urandom\n")); - goto errout0; + if(!(f = fopen("/dev/random", "r"))) { + fprintf(stderr, _("swapon: unable to open /dev/random\n")); + /* DIE!: This could only happen in a chroot */ + exit (1); } fread(&b[64], 32, 1, f); @@ -642,6 +643,13 @@ write(fd, &b[0], 32); fsync(fd); } + /* + * DIE!: This could only happen in a chroot. + * This is really not important, since this patched + * version will not allow swapon to use this for + * entropy. /dev/urandom can be used, needlessly. + */ + else { exit (1); } } close(fd); }