From 152b50304260c8189b020d130a4ed44bc260784d Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Fri, 17 Dec 2021 13:16:34 -0800 Subject: [PATCH] Add inst.rngd cmdline option rngd should no long be needed, recent kernels have enough entropy out of the box. This leaves it in the boot.iso but only enables it if inst.rngd is passed on the kernel cmdline. Resolves: rhbz#2028720 --- .../99-generic/config_files/common/inst.rngd.service | 11 +++++++++++ share/templates.d/99-generic/runtime-postinstall.tmpl | 10 ++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 share/templates.d/99-generic/config_files/common/inst.rngd.service diff --git a/share/templates.d/99-generic/config_files/common/inst.rngd.service b/share/templates.d/99-generic/config_files/common/inst.rngd.service new file mode 100644 index 00000000..7b510337 --- /dev/null +++ b/share/templates.d/99-generic/config_files/common/inst.rngd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Daemon +ConditionVirtualization=!container +ConditionKernelCommandLine=|inst.rngd +ConditionKernelCommandLine=!inst.rngd=0 + +# The "-f" option is required for the systemd service rngd to work with Type=simple +[Service] +Type=simple +EnvironmentFile=/etc/sysconfig/rngd +ExecStart=/usr/sbin/rngd -f $RNGD_ARGS diff --git a/share/templates.d/99-generic/runtime-postinstall.tmpl b/share/templates.d/99-generic/runtime-postinstall.tmpl index 93e16072..52b4eeeb 100644 --- a/share/templates.d/99-generic/runtime-postinstall.tmpl +++ b/share/templates.d/99-generic/runtime-postinstall.tmpl @@ -27,10 +27,6 @@ symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target mkdir etc/systemd/system/local-fs.target.wants/ symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount -## Start rngd -mkdir etc/systemd/system/basic.target.wants/ -symlink /lib/systemd/system/rngd.service etc/systemd/system/basic.target.wants/rngd.service - ## Disable unwanted systemd services systemctl disable systemd-readahead-collect.service \ systemd-readahead-replay.service \ @@ -43,6 +39,7 @@ systemctl mask fedora-configure.service fedora-loadmodules.service \ fedora-wait-storage.service media.mount \ systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \ ldconfig.service +remove usr/lib/systemd/system/rngd.service ## remove because it cannot be disabled remove usr/lib/systemd/system-generators/lvm2-activation-generator @@ -80,6 +77,11 @@ install ${configdir}/pam.sshd etc/pam.d/sshd install ${configdir}/pam.sshd etc/pam.d/login install ${configdir}/pam.sshd etc/pam.d/remote +## set up inst.rngd support +install ${configdir}/inst.rngd.service etc/systemd/system/inst.rngd.service +mkdir etc/systemd/system/basic.target.wants/ +symlink /etc/systemd/system/inst.rngd.service etc/systemd/system/basic.target.wants/inst.rngd.service + ## set up "install" user account append etc/passwd "install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda" append etc/shadow "install::14438:0:99999:7:::"