Skip to content

Commit

Permalink
feat(internal): Pass 10 CSPRNG random bytes
Browse files Browse the repository at this point in the history
Depends-on: unikraft/unikraft#1496

Signed-off-by: Cezar Craciunoiu <[email protected]>
  • Loading branch information
craciunoiuc committed Sep 24, 2024
1 parent b768d75 commit 1429fe9
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 0 deletions.
12 changes: 12 additions & 0 deletions internal/cli/kraft/run/runner_kraftfile_runtime.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"os"
"strings"

"github.com/klauspost/cpuid"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

machineapi "kraftkit.sh/api/machine/v1alpha1"
Expand All @@ -24,6 +25,7 @@ import (
"kraftkit.sh/tui/selection"
"kraftkit.sh/unikraft/app"
ukarch "kraftkit.sh/unikraft/arch"
"kraftkit.sh/unikraft/export/v0/ukrandom"
"kraftkit.sh/unikraft/target"
)

Expand Down Expand Up @@ -358,6 +360,16 @@ func (runner *runnerKraftfileRuntime) Prepare(ctx context.Context, opts *RunOpti
machine.Spec.ApplicationArgs = runtime.Command()
}

var kernelArgs []string
if !runtime.KConfig().AllNoOrUnset(
"CONFIG_LIBUKRANDOM",
"CONFIG_LIBUKRANDOM_CMDLINE_INIT",
) && !(cpuid.CPU.Rdrand() && cpuid.CPU.Rdseed()) {
kernelArgs = append(kernelArgs, ukrandom.ParamRandomSeed.WithValue(ukrandom.NewRandomSeed()).String())
}

machine.Spec.KernelArgs = kernelArgs

// If automounting is enabled, and an initramfs is provided, set it as a
// volume if a initram has been provided.
if runtime.KConfig().AnyYes(
Expand Down
11 changes: 11 additions & 0 deletions internal/cli/kraft/run/runner_kraftfile_unikraft.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,14 @@ import (
"slices"
"strings"

"github.com/klauspost/cpuid"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

machineapi "kraftkit.sh/api/machine/v1alpha1"
volumeapi "kraftkit.sh/api/volume/v1alpha1"
"kraftkit.sh/config"
"kraftkit.sh/unikraft/app"
"kraftkit.sh/unikraft/export/v0/ukrandom"
"kraftkit.sh/unikraft/target"
)

Expand Down Expand Up @@ -151,6 +153,11 @@ func (runner *runnerKraftfileUnikraft) Prepare(ctx context.Context, opts *RunOpt
"CONFIG_LIBVFSCORE_AUTOMOUNT_CI_EINITRD",
)

noRandom := t.KConfig().AllNoOrUnset(
"CONFIG_LIBUKRANDOM",
"CONFIG_LIBUKRANDOM_CMDLINE_INIT",
) && !(cpuid.CPU.Rdrand() && cpuid.CPU.Rdseed())

if runner.project.Rootfs() != "" && opts.Rootfs == "" && noEmbedded {
opts.Rootfs = runner.project.Rootfs()
}
Expand Down Expand Up @@ -184,6 +191,10 @@ func (runner *runnerKraftfileUnikraft) Prepare(ctx context.Context, opts *RunOpt
appArgs = append(appArgs, arg)
}

if !noRandom {
kernelArgs = append(kernelArgs, ukrandom.ParamRandomSeed.WithValue(ukrandom.NewRandomSeed()).String())
}

machine.Spec.KernelArgs = kernelArgs
machine.Spec.ApplicationArgs = appArgs

Expand Down
12 changes: 12 additions & 0 deletions internal/cli/kraft/run/runner_package.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,10 @@ import (
"kraftkit.sh/tui/processtree"
"kraftkit.sh/tui/selection"
"kraftkit.sh/unikraft"
"kraftkit.sh/unikraft/export/v0/ukrandom"
"kraftkit.sh/unikraft/target"

"github.com/klauspost/cpuid"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)

Expand Down Expand Up @@ -338,6 +340,16 @@ func (runner *runnerPackage) Prepare(ctx context.Context, opts *RunOptions, mach
})
}

var kernelArgs []string
if !targ.KConfig().AllNoOrUnset(
"CONFIG_LIBUKRANDOM",
"CONFIG_LIBUKRANDOM_CMDLINE_INIT",
) && !(cpuid.CPU.Rdrand() && cpuid.CPU.Rdseed()) {
kernelArgs = append(kernelArgs, ukrandom.ParamRandomSeed.WithValue(ukrandom.NewRandomSeed()).String())
}

machine.Spec.KernelArgs = kernelArgs

switch v := selected.Metadata().(type) {
case *ocispec.Image:
if machine.Spec.Env == nil {
Expand Down

0 comments on commit 1429fe9

Please sign in to comment.