Add inst.rngd cmdline option

rngd should no long be needed, recent kernels have enough entropy out of
the box. This leaves it in the boot.iso but only enables it if inst.rngd
is passed on the kernel cmdline.

Resolves: rhbz#2028720
This commit is contained in:
Brian C. Lane 2021-12-17 13:16:34 -08:00
parent 7cdff9d315
commit 09acfd978e
2 changed files with 17 additions and 4 deletions

View File

@ -0,0 +1,11 @@
[Unit]
Description=Hardware RNG Entropy Gatherer Daemon
ConditionVirtualization=!container
ConditionKernelCommandLine=|inst.rngd
ConditionKernelCommandLine=!inst.rngd=0
# The "-f" option is required for the systemd service rngd to work with Type=simple
[Service]
Type=simple
EnvironmentFile=/etc/sysconfig/rngd
ExecStart=/usr/sbin/rngd -f $RNGD_ARGS

View File

@ -28,10 +28,6 @@ symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target
mkdir etc/systemd/system/local-fs.target.wants/ mkdir etc/systemd/system/local-fs.target.wants/
symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount
## Start rngd
mkdir etc/systemd/system/basic.target.wants/
symlink /lib/systemd/system/rngd.service etc/systemd/system/basic.target.wants/rngd.service
## Disable unwanted systemd services ## Disable unwanted systemd services
systemctl disable systemd-readahead-collect.service \ systemctl disable systemd-readahead-collect.service \
systemd-readahead-replay.service \ systemd-readahead-replay.service \
@ -46,6 +42,7 @@ systemctl mask fedora-configure.service fedora-loadmodules.service \
fedora-wait-storage.service media.mount \ fedora-wait-storage.service media.mount \
systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \ systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \
ldconfig.service ldconfig.service
remove usr/lib/systemd/system/rngd.service
## remove because it cannot be disabled ## remove because it cannot be disabled
remove usr/lib/systemd/system-generators/lvm2-activation-generator remove usr/lib/systemd/system-generators/lvm2-activation-generator
@ -83,6 +80,11 @@ install ${configdir}/pam.sshd etc/pam.d/sshd
install ${configdir}/pam.sshd etc/pam.d/login install ${configdir}/pam.sshd etc/pam.d/login
install ${configdir}/pam.sshd etc/pam.d/remote install ${configdir}/pam.sshd etc/pam.d/remote
## set up inst.rngd support
install ${configdir}/inst.rngd.service etc/systemd/system/inst.rngd.service
mkdir etc/systemd/system/basic.target.wants/
symlink /etc/systemd/system/inst.rngd.service etc/systemd/system/basic.target.wants/inst.rngd.service
## set up "install" user account ## set up "install" user account
append etc/passwd "install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda" append etc/passwd "install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda"
append etc/shadow "install::14438:0:99999:7:::" append etc/shadow "install::14438:0:99999:7:::"