forked from lavabit/robox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
randomness.sh
62 lines (52 loc) · 1.99 KB
/
randomness.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash -eux
retry() {
local COUNT=1
local DELAY=0
local RESULT=0
while [[ "${COUNT}" -le 10 ]]; do
[[ "${RESULT}" -ne 0 ]] && {
[ "`which tput 2> /dev/null`" != "" ] && [ -n "$TERM" ] && tput setaf 1
echo -e "\n${*} failed... retrying ${COUNT} of 10.\n" >&2
[ "`which tput 2> /dev/null`" != "" ] && [ -n "$TERM" ] && tput sgr0
}
"${@}" && { RESULT=0 && break; } || RESULT="${?}"
COUNT="$((COUNT + 1))"
# Increase the delay with each iteration.
DELAY="$((DELAY + 10))"
sleep $DELAY
done
[[ "${COUNT}" -gt 10 ]] && {
[ "`which tput 2> /dev/null`" != "" ] && [ -n "$TERM" ] && tput setaf 1
echo -e "\nThe command failed 10 times.\n" >&2
[ "`which tput 2> /dev/null`" != "" ] && [ -n "$TERM" ] && tput sgr0
}
return "${RESULT}"
}
# Install haveged, which should improve the entropy pool performance
# inside a virtual machines, but be careful, it doesn't end up running
# on systems which aren't virtualized. The patch command is included
# to ensure its use below doesn't cause an error.
retry yum --assumeyes install haveged patch
# Enable and start the daemons.
systemctl enable haveged
systemctl start haveged
# Improve the kernel entropy performance.
printf "kernel.random.read_wakeup_threshold = 64\n" >> /etc/sysctl.d/50-random.conf
printf "kernel.random.write_wakeup_threshold = 3072\n" >> /etc/sysctl.d/50-random.conf
chcon "system_u:object_r:etc_t:s0" /etc/sysctl.d/50-random.conf
# If the haveged daemon is installed, this patch will speed it up even more.
if [ -f /usr/lib/systemd/system/haveged.service ]; then
patch /usr/lib/systemd/system/haveged.service <<-EOF
diff --git a/haveged.service b/haveged.service
index 2b79f3f..bbf037d 100644
--- a/haveged.service
+++ b/haveged.service
@@ -4,7 +4,7 @@ Documentation=man:haveged(8) http://www.issihosts.com/haveged/
[Service]
Type=simple
-ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
+ExecStart=/usr/sbin/haveged -w 3072 -v 1 --Foreground
SuccessExitStatus=143
[Install]
EOF
fi