Package: calamares Version: 3.2.4-3 Severity: important Tags: security X-Debbugs-CC: debian-live@lists.debian.org Calamares does not create a random seed in the location used by either the urandom init script from the initscripts package nor the systemd equivalent systemd-random-seed service. Calamares copies the contents of the squashfs image (which has no random seed file) rather than copying the live system (which has a random seed file), consequently on first boot of Calamares installed systems there is no random seed file so the amount of entropy available is lower. /var/lib/urandom/random-seed /var/lib/systemd/random-seed I think Calamares needs to fix this by writing two different random seeds to these two locations. This means that when switching init systems you get a new random seed that has never been used before, but which was generated during the install. I'm not sure if the locations should be configured by the package calamares-settings-debian or hardcoded upstream or something else. This is the code that the Debian installer uses to save a random seed: # If possible, save a random seed so that the installed system has better # entropy on first boot. Based on /etc/init.d/urandom in initscripts. if [ -c /dev/urandom ] && [ -d /target/var/lib/urandom ]; then if ! POOLBYTES=$(( ($(cat /proc/sys/kernel/random/poolsize 2>/dev/null) + 7) / 8 )); then POOLBYTES=512 fi umask 077 dd if=/dev/urandom of=/target/var/lib/urandom/random-seed \ bs="$POOLBYTES" count=1 >/dev/null 2>&1 fi I think this issue should get fixed in unstable and stable too. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part