diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 19:43:11 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 19:43:11 +0000 |
| commit | fc22b3d6507c6745911b9dfcc68f1e665ae13dbc (patch) | |
| tree | ce1e3bce06471410239a6f41282e328770aa404a /upstream/debian-bookworm/man8/systemd-random-seed.service.8 | |
| parent | Initial commit. (diff) | |
| download | manpages-l10n-fc22b3d6507c6745911b9dfcc68f1e665ae13dbc.tar.xz manpages-l10n-fc22b3d6507c6745911b9dfcc68f1e665ae13dbc.zip | |
Adding upstream version 4.22.0.upstream/4.22.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'upstream/debian-bookworm/man8/systemd-random-seed.service.8')
| -rw-r--r-- | upstream/debian-bookworm/man8/systemd-random-seed.service.8 | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/upstream/debian-bookworm/man8/systemd-random-seed.service.8 b/upstream/debian-bookworm/man8/systemd-random-seed.service.8 new file mode 100644 index 00000000..cd367048 --- /dev/null +++ b/upstream/debian-bookworm/man8/systemd-random-seed.service.8 @@ -0,0 +1,84 @@ +'\" t +.TH "SYSTEMD\-RANDOM\-SEED\&.SERVICE" "8" "" "systemd 254" "systemd-random-seed.service" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +systemd-random-seed.service, systemd-random-seed \- Load and save the OS system random seed at boot and shutdown +.SH "SYNOPSIS" +.PP +systemd\-random\-seed\&.service +.PP +/lib/systemd/systemd\-random\-seed +.SH "DESCRIPTION" +.PP +systemd\-random\-seed\&.service +is a service that loads an on\-disk random seed into the kernel entropy pool during boot and saves it at shutdown\&. See +\fBrandom\fR(4) +for details\&. By default, no entropy is credited when the random seed is written into the kernel entropy pool, but this may be changed with +\fI$SYSTEMD_RANDOM_SEED_CREDIT\fR, see below\&. On disk the random seed is stored in +/var/lib/systemd/random\-seed\&. +.PP +Note that this service runs relatively late during the early boot phase, i\&.e\&. generally after the initrd phase has finished and the +/var/ +file system has been mounted\&. Many system services require entropy much earlier than this \(em this service is hence of limited use for complex system\&. It is recommended to use a boot loader that can pass an initial random seed to the kernel to ensure that entropy is available from earliest boot on, for example +\fBsystemd-boot\fR(7), with its +\fBbootctl random\-seed\fR +functionality\&. +.PP +When loading the random seed from disk, the file is immediately updated with a new seed retrieved from the kernel, in order to ensure no two boots operate with the same random seed\&. This new seed is retrieved synchronously from the kernel, which means the service will not complete start\-up until the random pool is fully initialized\&. On entropy\-starved systems this may take a while\&. This functionality is intended to be used as synchronization point for ordering services that require an initialized entropy pool to function securely (i\&.e\&. services that access +/dev/urandom +without any further precautions)\&. +.PP +Care should be taken when creating OS images that are replicated to multiple systems: if the random seed file is included unmodified each system will initialize its entropy pool with the same data, and thus \(em if otherwise entropy\-starved \(em generate the same or at least guessable random seed streams\&. As a safety precaution crediting entropy is thus disabled by default\&. It is recommended to remove the random seed from OS images intended for replication on multiple systems, in which case it is safe to enable entropy crediting, see below\&. Also see +\m[blue]\fBSafely Building Images\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +See +\m[blue]\fBRandom Seeds\fR\m[]\&\s-2\u[2]\d\s+2 +for further information\&. +.SH "ENVIRONMENT" +.PP +\fI$SYSTEMD_RANDOM_SEED_CREDIT\fR +.RS 4 +By default, +systemd\-random\-seed\&.service +does not credit any entropy when loading the random seed\&. With this option this behaviour may be changed: it either takes a boolean parameter or the special string +"force"\&. Defaults to false, in which case no entropy is credited\&. If true, entropy is credited if the random seed file and system state pass various superficial concisistency checks\&. If set to +"force" +entropy is credited, regardless of these checks, as long as the random seed file exists\&. +.RE +.SH "SEE ALSO" +.PP +\fBsystemd\fR(1), +\fBrandom\fR(4), +\fBsystemd-boot\fR(7), +\fBsystemd-stub\fR(7), +\fBbootctl\fR(4), +\fBsystemd-boot-random-seed.service\fR(8) +.SH "NOTES" +.IP " 1." 4 +Safely Building Images +.RS 4 +\%https://systemd.io/BUILDING_IMAGES +.RE +.IP " 2." 4 +Random Seeds +.RS 4 +\%https://systemd.io/RANDOM_SEEDS +.RE |