From 09acfd978e2bf0b94be343d45172a5d2d776aedb Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Fri, 17 Dec 2021 13:16:34 -0800 Subject: [PATCH] Add inst.rngd cmdline option rngd should no long be needed, recent kernels have enough entropy out of the box. This leaves it in the boot.iso but only enables it if inst.rngd is passed on the kernel cmdline. Resolves: rhbz#2028720 --- 80-rhel/config_files/common/inst.rngd.service | 11 +++++++++++ 80-rhel/runtime-postinstall.tmpl | 10 ++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 80-rhel/config_files/common/inst.rngd.service diff --git a/80-rhel/config_files/common/inst.rngd.service b/80-rhel/config_files/common/inst.rngd.service new file mode 100644 index 0000000..7b51033 --- /dev/null +++ b/80-rhel/config_files/common/inst.rngd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Daemon +ConditionVirtualization=!container +ConditionKernelCommandLine=|inst.rngd +ConditionKernelCommandLine=!inst.rngd=0 + +# The "-f" option is required for the systemd service rngd to work with Type=simple +[Service] +Type=simple +EnvironmentFile=/etc/sysconfig/rngd +ExecStart=/usr/sbin/rngd -f $RNGD_ARGS diff --git a/80-rhel/runtime-postinstall.tmpl b/80-rhel/runtime-postinstall.tmpl index 0e573ec..5aa9518 100644 --- a/80-rhel/runtime-postinstall.tmpl +++ b/80-rhel/runtime-postinstall.tmpl @@ -28,10 +28,6 @@ symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target mkdir etc/systemd/system/local-fs.target.wants/ symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount -## Start rngd -mkdir etc/systemd/system/basic.target.wants/ -symlink /lib/systemd/system/rngd.service etc/systemd/system/basic.target.wants/rngd.service - ## Disable unwanted systemd services systemctl disable systemd-readahead-collect.service \ systemd-readahead-replay.service \ @@ -46,6 +42,7 @@ systemctl mask fedora-configure.service fedora-loadmodules.service \ fedora-wait-storage.service media.mount \ systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \ ldconfig.service +remove usr/lib/systemd/system/rngd.service ## remove because it cannot be disabled remove usr/lib/systemd/system-generators/lvm2-activation-generator @@ -83,6 +80,11 @@ install ${configdir}/pam.sshd etc/pam.d/sshd install ${configdir}/pam.sshd etc/pam.d/login install ${configdir}/pam.sshd etc/pam.d/remote +## set up inst.rngd support +install ${configdir}/inst.rngd.service etc/systemd/system/inst.rngd.service +mkdir etc/systemd/system/basic.target.wants/ +symlink /etc/systemd/system/inst.rngd.service etc/systemd/system/basic.target.wants/inst.rngd.service + ## set up "install" user account append etc/passwd "install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda" append etc/shadow "install::14438:0:99999:7:::"