Don't install havege on VMs

This commit is contained in:
Bob Mottram 2017-07-10 10:08:56 +01:00
parent beb4a88bd2
commit 79dcd6ac15
3 changed files with 18 additions and 5 deletions

View File

@ -1410,7 +1410,11 @@ rm $rootdir/usr/sbin/policy-rc.d
# Set up HRNG for systems known to have one
# Otherwise install haveged
if [[ "$MACHINE" != "beaglebone"* ]]; then
# With some VMs, the hardware cycles counter is emulated and deterministic,
# and thus predictible, so havege should not be used
if [[ "$MACHINE" != "qemu"* ]]; then
chroot $rootdir apt-get -yq install haveged
fi
else
chroot $rootdir apt-get -yq install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools

View File

@ -157,7 +157,11 @@ function random_number_generator {
install_onerng
;;
*)
# With some VMs, the hardware cycles counter is emulated and deterministic,
# and thus predictible, so havege should not be used
if [[ "$ARCHITECTURE" != "qemu"* ]]; then
apt-get -yq install haveged
fi
;;
esac

View File

@ -230,9 +230,14 @@ function initial_setup {
apt-get -yq install avahi-discover avahi-autoipd iptables dnsutils net-tools
apt-get -yq install network-manager iputils-ping libnss-mdns libnss-myhostname
apt-get -yq install libnss-gw-name nano man ntp locales locales-all debconf
apt-get -yq install wireless-tools wpasupplicant usbutils zsh
apt-get -yq install pinentry-curses eatmydata iotop bc hostapd haveged
apt-get -yq install cpulimit screen
apt-get -yq install wireless-tools wpasupplicant usbutils zsh cpulimit screen
apt-get -yq install pinentry-curses eatmydata iotop bc hostapd
# With some VMs, the hardware cycles counter is emulated and deterministic,
# and thus predictible, so havege should not be used
if [[ $ARCHITECTURE != 'qemu'* ]]; then
apt-get -yq install haveged
fi
if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'i386' ]]; then
apt-get -yq install grub2 lvm2 initramfs-tools