Check every 2 seconds if haveged is needed

This commit is contained in:
oblique 2015-03-25 01:21:01 +02:00
parent d55adb7d50
commit d0a013eaf8
2 changed files with 43 additions and 8 deletions

View File

@ -13,6 +13,7 @@
### General ### General
* bash (to run this script) * bash (to run this script)
* util-linux (for getopt) * util-linux (for getopt)
* procps or procps-ng
* hostapd * hostapd
* iproute2 * iproute2
* iw * iw

View File

@ -3,6 +3,7 @@
# general dependencies: # general dependencies:
# bash (to run this script) # bash (to run this script)
# util-linux (for getopt) # util-linux (for getopt)
# procps or procps-ng
# hostapd # hostapd
# iproute2 # iproute2
# iw # iw
@ -40,6 +41,7 @@ usage() {
echo " --freq-band <GHz> Set frequency band. Valid inputs: 2.4, 5 (default: 2.4)" echo " --freq-band <GHz> Set frequency band. Valid inputs: 2.4, 5 (default: 2.4)"
echo " --driver Choose your WiFi adapter driver (default: nl80211)" echo " --driver Choose your WiFi adapter driver (default: nl80211)"
echo " --no-virt Do not create virtual interface" echo " --no-virt Do not create virtual interface"
echo " --no-haveged Do not run \`haveged' automatically when needed"
echo " --fix-unmanaged If NetworkManager shows your interface as unmanaged after you" echo " --fix-unmanaged If NetworkManager shows your interface as unmanaged after you"
echo " close create_ap, then use this option to switch your interface" echo " close create_ap, then use this option to switch your interface"
echo " back to managed" echo " back to managed"
@ -267,6 +269,29 @@ get_new_macaddr() {
echo $NEWMAC echo $NEWMAC
} }
# start haveged when needed
haveged_watchdog() {
local show_warn=0
while :; do
if [[ $(cat /proc/sys/kernel/random/entropy_avail) -lt 1000 ]]; then
if ! which haveged > /dev/null 2>&1; then
if [[ $show_warn -eq 0 ]]; then
echo "WARN: Low entropy detected. We recommend you to install \`haveged'"
show_warn=1
fi
elif ! pidof haveged > /dev/null 2>&1; then
echo "Low entropy detected, starting haveged"
# boost low-entropy
haveged -w 1024 -F > /dev/null 2>&1 &
local haveged_pid=$!
echo $haveged_pid > $CONFDIR/haveged.pid
wait $haveged_pid
fi
fi
sleep 2
done
}
NETWORKMANAGER_CONF=/etc/NetworkManager/NetworkManager.conf NETWORKMANAGER_CONF=/etc/NetworkManager/NetworkManager.conf
NM_OLDER_VERSION=1 NM_OLDER_VERSION=1
@ -422,6 +447,7 @@ NEW_MACADDR=
DAEMONIZE=0 DAEMONIZE=0
LIST_RUNNING=0 LIST_RUNNING=0
STOP_ID= STOP_ID=
NO_HAVEGED=0
CONFDIR= CONFDIR=
WIFI_IFACE= WIFI_IFACE=
@ -434,10 +460,15 @@ OLD_MACADDR=
IP_ADDRS= IP_ADDRS=
ROUTE_ADDRS= ROUTE_ADDRS=
HAVEGED_WATCHDOG_PID=
_cleanup() { _cleanup() {
trap "" SIGINT trap "" SIGINT
trap "" SIGUSR1 trap "" SIGUSR1
# kill haveged_watchdog
[[ -n "$HAVEGED_WATCHDOG_PID" ]] && kill $HAVEGED_WATCHDOG_PID
# exiting # exiting
for x in $CONFDIR/*.pid; do for x in $CONFDIR/*.pid; do
# even if the $CONFDIR is empty, the for loop will assign # even if the $CONFDIR is empty, the for loop will assign
@ -574,7 +605,7 @@ trap "clean_exit" SIGINT
trap "clean_exit" SIGUSR1 trap "clean_exit" SIGUSR1
ARGS=( "$@" ) ARGS=( "$@" )
GETOPT_ARGS=$(getopt -o hc:w:g:dnm: -l "help","hidden","ieee80211n","ht_capab:","driver:","no-virt","fix-unmanaged","country:","freq-band:","mac:","daemon","stop:","list","version" -n $(basename $0) -- "$@") GETOPT_ARGS=$(getopt -o hc:w:g:dnm: -l "help","hidden","ieee80211n","ht_capab:","driver:","no-virt","fix-unmanaged","country:","freq-band:","mac:","daemon","stop:","list","version","no-haveged" -n $(basename $0) -- "$@")
[[ $? -ne 0 ]] && exit 1 [[ $? -ne 0 ]] && exit 1
eval set -- "$GETOPT_ARGS" eval set -- "$GETOPT_ARGS"
@ -671,6 +702,10 @@ while :; do
shift shift
LIST_RUNNING=1 LIST_RUNNING=1
;; ;;
--no-haveged)
shift
NO_HAVEGED=1
;;
--) --)
shift shift
break break
@ -1122,13 +1157,6 @@ else
echo "No Internet sharing" echo "No Internet sharing"
fi fi
# boost low-entropy
if [[ $(cat /proc/sys/kernel/random/entropy_avail) -lt 1000 ]]; then
which haveged > /dev/null 2>&1 && {
haveged -w 1024 -p $CONFDIR/haveged.pid
}
fi
# start dns + dhcp server # start dns + dhcp server
if [[ "$SHARE_METHOD" != "bridge" ]]; then if [[ "$SHARE_METHOD" != "bridge" ]]; then
iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT || die
@ -1144,6 +1172,12 @@ echo "hostapd command-line interface: hostapd_cli -p $CONFDIR/hostapd_ctrl"
trap "clean_exit" SIGINT trap "clean_exit" SIGINT
trap "clean_exit" SIGUSR1 trap "clean_exit" SIGUSR1
if [[ $NO_HAVEGED -eq 0 ]]; then
haveged_watchdog &
HAVEGED_WATCHDOG_PID=$!
fi
# start hostapd
hostapd $CONFDIR/hostapd.conf & hostapd $CONFDIR/hostapd.conf &
HOSTAPD_PID=$! HOSTAPD_PID=$!
echo $HOSTAPD_PID > $CONFDIR/hostapd.pid echo $HOSTAPD_PID > $CONFDIR/hostapd.pid