[Fusionforge-commits] r10248 - branches/Branch_5_0/gforge branches/Branch_5_0/gforge/debian/dsf-helper branches/Branch_5_0/gforge/debian/dsf-in trunk/src trunk/src/debian/dsf-helper trunk/src/debian/dsf-in
Thorsten Glaser
mirabilos at libremir.placard.fr.eu.org
Fri Jul 16 10:15:49 CEST 2010
Author: mirabilos
Date: 2010-07-16 10:15:48 +0200 (Fri, 16 Jul 2010)
New Revision: 10248
Modified:
branches/Branch_5_0/gforge/debian/dsf-helper/create-random-pw.config
branches/Branch_5_0/gforge/debian/dsf-in/web-apache2.postinst.dsfh-in
branches/Branch_5_0/gforge/setup
trunk/src/debian/dsf-helper/create-random-pw.config
trunk/src/debian/dsf-in/common.postinst
trunk/src/debian/dsf-in/web-apache2.postinst.dsfh-in
trunk/src/fusionforge.spec
trunk/src/setup
Log:
prevent easy depletion of kernel entropy pool
The Linux RNG is relatively weak: reads from /dev/urandom can
deplete the pool very quickly so reads from /dev/random after-
wards will stall, possibly infinitively, and there?\226?\128?\153s no, for
example, /dev/arandom like on some BSDs.
Also, bs=8 count=1 ?\226?\137?\160 bs=1 count=8, because for the random de-
vices, each read request ?\226?\128?\156eats up?\226?\128?\157 a set amount of entropy
to generate a block of output, which will then be truncated
down to the length requested (8 or 1 byte(s), respectively),
so ?\226?\128?\156bs=1 count=8?\226?\128?\157 will use up eight times the entropy from
the kernel pool than ?\226?\128?\156bs=8 count=1?\226?\128?\157 does.
Modified: branches/Branch_5_0/gforge/debian/dsf-helper/create-random-pw.config
===================================================================
--- branches/Branch_5_0/gforge/debian/dsf-helper/create-random-pw.config 2010-07-16 08:15:23 UTC (rev 10247)
+++ branches/Branch_5_0/gforge/debian/dsf-helper/create-random-pw.config 2010-07-16 08:15:48 UTC (rev 10248)
@@ -1,6 +1,6 @@
gen_random_pw () { # Generate a random password
if [ -c /dev/urandom ]; then # ...using /dev/urandom when possible
- tmp=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ tmp=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
else # ...or something else if need be.
# Last I was told, the Hurd had no /dev/urandom
# (Correct me if it has changed)
Modified: branches/Branch_5_0/gforge/debian/dsf-in/web-apache2.postinst.dsfh-in
===================================================================
--- branches/Branch_5_0/gforge/debian/dsf-in/web-apache2.postinst.dsfh-in 2010-07-16 08:15:23 UTC (rev 10247)
+++ branches/Branch_5_0/gforge/debian/dsf-in/web-apache2.postinst.dsfh-in 2010-07-16 08:15:48 UTC (rev 10248)
@@ -30,11 +30,11 @@
case "$1" in
configure)
if [ -c /dev/urandom ]; then # ...using /dev/urandom when possible
- sys_session_key=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-32)
+ sys_session_key=$(dd if=/dev/urandom count=1 bs=16 2> /dev/null | md5sum | cut -b1-32)
else # ...or something else if need be.
# Last I was told, the Hurd had no /dev/urandom
# (Correct me if it has changed)
- sys_session_key=$(dd if=/dev/random count=256 bs=1 2> /dev/null | md5sum | cut -b1-32)
+ sys_session_key=$(dd if=/dev/random count=1 bs=8 2> /dev/null | md5sum | cut -b1-32)
fi
add_onevar_mainconfile sys_session_key $sys_session_key
add_onevar_mainconfile sys_show_source 0
Modified: branches/Branch_5_0/gforge/setup
===================================================================
--- branches/Branch_5_0/gforge/setup 2010-07-16 08:15:23 UTC (rev 10247)
+++ branches/Branch_5_0/gforge/setup 2010-07-16 08:15:48 UTC (rev 10248)
@@ -20,7 +20,7 @@
DEFAULTdb_port=5432
DEFAULTdb_name=gforge
DEFAULTdb_user=gforge
- DEFAULTdb_password=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTdb_password=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTip_address=`hostname -i`
DEFAULTscm_host=scm.$DEFAULTdomain_name
DEFAULTshell_host=shell.$DEFAULTdomain_name
@@ -42,12 +42,12 @@
DEFAULTpeerrating_groupid=4
DEFAULTtemplate_project=5
DEFAULTadmin_login=admin
- DEFAULTadmin_password=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTadmin_password=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTskill_list="Ada;C;C++;HTML;LISP;Perl;PHP;Python;SQL"
DEFAULTdefault_trove_cat=18
DEFAULTldap_host=localhost
DEFAULTldap_base_dn="dc=`echo $DEFAULTdomain_name | sed 's/\./,dc=/g'`"
- DEFAULTldap_web_add_password=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTldap_web_add_password=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTsys_path_to_mailman=$(if test -d /usr/lib/mailman; then echo /usr/lib/mailman; else echo /var/mailman; fi)
DEFAULTcgidir=$CGIDIR
DEFAULTcronolog_path=$(findcronolog)
@@ -64,14 +64,14 @@
# The place where file uploaded with http are stored for download
DEFAULTuploaddir=$GFGDIR/var/lib/gforge/download/
DEFAULTsys_urlroot=$SHAREDIR/www/
- DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTusr_share_gforge=$SHAREDIR
DEFAULTusr_lib_gforge=$LIBDIR
DEFAULTvar_lib_gforge=$GFGDIR/var/lib/gforge
DEFAULTvar_log_gforge=$GFGDIR/var/log/gforge
DEFAULTsys_show_source=0
DEFAULTsys_force_login=0
- DEFAULTsys_session_key=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-32)
+ DEFAULTsys_session_key=$(dd if=/dev/urandom count=1 bs=16 2> /dev/null | md5sum | cut -b1-32)
DEFAULTsys_session_expire='60 * 60 * 24 * 7'
DEFAULTsys_show_contact_info=1
DEFAULTsys_themeroot=$SHAREDIR/www/themes/
@@ -121,7 +121,7 @@
DEFAULTsys_require_accept_conditions=false
DEFAULTsys_require_unique_email=false
DEFAULTsys_localinc=$ETCDIR/local.inc
- DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTsys_plugins_path=$SHAREDIR/plugins/
DEFAULTsys_sslcrt=$(findcrt)
DEFAULTsys_sslkey=$(findkey)
Modified: trunk/src/debian/dsf-helper/create-random-pw.config
===================================================================
--- trunk/src/debian/dsf-helper/create-random-pw.config 2010-07-16 08:15:23 UTC (rev 10247)
+++ trunk/src/debian/dsf-helper/create-random-pw.config 2010-07-16 08:15:48 UTC (rev 10248)
@@ -1,6 +1,6 @@
gen_random_pw () { # Generate a random password
if [ -c /dev/urandom ]; then # ...using /dev/urandom when possible
- tmp=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ tmp=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
else # ...or something else if need be.
# Last I was told, the Hurd had no /dev/urandom
# (Correct me if it has changed)
Modified: trunk/src/debian/dsf-in/common.postinst
===================================================================
--- trunk/src/debian/dsf-in/common.postinst 2010-07-16 08:15:23 UTC (rev 10247)
+++ trunk/src/debian/dsf-in/common.postinst 2010-07-16 08:15:48 UTC (rev 10248)
@@ -47,7 +47,7 @@
if [ ! -e /etc/gforge/config.ini.d/debian-install-secrets.ini ] ; then
t=$(mktemp /etc/gforge/config.ini.d/debian-install-secrets.ini.XXXXXX)
if [ -c /dev/urandom ]; then # ...using /dev/urandom when possible
- pw=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -c-32)
+ pw=$(dd if=/dev/urandom count=1 bs=16 2> /dev/null | md5sum | cut -c-32)
else # ...or something else if need be.
pw=$(date +"%s:%N" | md5sum | cut -c-32)
fi
Modified: trunk/src/debian/dsf-in/web-apache2.postinst.dsfh-in
===================================================================
--- trunk/src/debian/dsf-in/web-apache2.postinst.dsfh-in 2010-07-16 08:15:23 UTC (rev 10247)
+++ trunk/src/debian/dsf-in/web-apache2.postinst.dsfh-in 2010-07-16 08:15:48 UTC (rev 10248)
@@ -30,11 +30,11 @@
case "$1" in
configure)
if [ -c /dev/urandom ]; then # ...using /dev/urandom when possible
- sys_session_key=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-32)
+ sys_session_key=$(dd if=/dev/urandom count=1 bs=16 2> /dev/null | md5sum | cut -b1-32)
else # ...or something else if need be.
# Last I was told, the Hurd had no /dev/urandom
# (Correct me if it has changed)
- sys_session_key=$(dd if=/dev/random count=256 bs=1 2> /dev/null | md5sum | cut -b1-32)
+ sys_session_key=$(dd if=/dev/random count=1 bs=8 2> /dev/null | md5sum | cut -b1-32)
fi
add_onevar_mainconfile sys_session_key $sys_session_key
add_onevar_mainconfile sys_show_source 0
Modified: trunk/src/fusionforge.spec
===================================================================
--- trunk/src/fusionforge.spec 2010-07-16 08:15:23 UTC (rev 10247)
+++ trunk/src/fusionforge.spec 2010-07-16 08:15:48 UTC (rev 10248)
@@ -536,7 +536,7 @@
/etc/init.d/httpd restart >/dev/null 2>&1
# generate random hash for session_key
- HASH=$(/bin/dd if=/dev/urandom bs=1024 count=100 2>/dev/null | /usr/bin/sha1sum | cut -c1-40)
+ HASH=$(/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | /usr/bin/sha1sum | cut -c1-40)
%{__sed} -i -e "s/sys_session_key = 'foobar'/sys_session_key = '$HASH'/g" %{GFORGE_CONF_DIR}/local.inc
# add noreply mail alias
Modified: trunk/src/setup
===================================================================
--- trunk/src/setup 2010-07-16 08:15:23 UTC (rev 10247)
+++ trunk/src/setup 2010-07-16 08:15:48 UTC (rev 10248)
@@ -20,7 +20,7 @@
DEFAULTdb_port=
DEFAULTdb_name=gforge
DEFAULTdb_user=gforge
- DEFAULTdb_password=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTdb_password=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTip_address=`hostname -i | cut -d' ' -f1`
DEFAULTscm_host=scm.$DEFAULTdomain_name
DEFAULTshell_host=shell.$DEFAULTdomain_name
@@ -42,12 +42,12 @@
DEFAULTpeerrating_groupid=4
DEFAULTtemplate_project=5
DEFAULTadmin_login=admin
- DEFAULTadmin_password=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTadmin_password=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTskill_list="Ada;C;C++;HTML;LISP;Perl;PHP;Python;SQL"
DEFAULTdefault_trove_cat=18
DEFAULTldap_host=localhost
DEFAULTldap_base_dn="dc=`echo $DEFAULTdomain_name | sed 's/\./,dc=/g'`"
- DEFAULTldap_web_add_password=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTldap_web_add_password=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTsys_path_to_mailman=$(if test -d /usr/lib/mailman; then echo /usr/lib/mailman; else echo /var/mailman; fi)
DEFAULTcgidir=$CGIDIR
DEFAULTcronolog_path=$(findcronolog)
@@ -64,14 +64,14 @@
# The place where file uploaded with http are stored for download
DEFAULTuploaddir=$GFGDIR/var/lib/gforge/download/
DEFAULTsys_urlroot=$SHAREDIR/www/
- DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTusr_share_gforge=$SHAREDIR
DEFAULTusr_lib_gforge=$LIBDIR
DEFAULTvar_lib_gforge=$GFGDIR/var/lib/gforge
DEFAULTvar_log_gforge=$GFGDIR/var/log/gforge
DEFAULTsys_show_source=0
DEFAULTsys_force_login=0
- DEFAULTsys_session_key=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-32)
+ DEFAULTsys_session_key=$(dd if=/dev/urandom count=1 bs=16 2> /dev/null | md5sum | cut -b1-32)
DEFAULTsys_session_expire='60 * 60 * 24 * 7'
DEFAULTsys_show_contact_info=1
DEFAULTsys_themeroot=$SHAREDIR/www/themes/
@@ -122,7 +122,7 @@
DEFAULTsys_require_accept_conditions=false
DEFAULTsys_require_unique_email=false
DEFAULTsys_localinc=$ETCDIR/local.inc
- DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=256 bs=1 2> /dev/null | md5sum | cut -b1-8)
+ DEFAULTsys_jabber_pass=$(dd if=/dev/urandom count=1 bs=8 2> /dev/null | md5sum | cut -b1-8)
DEFAULTsys_plugins_path=$SHAREDIR/plugins/
DEFAULTsys_sslcrt=$(findcrt)
DEFAULTsys_sslkey=$(findkey)
More information about the Fusionforge-commits
mailing list