Add -l option to corosync-keygen.

This option (-l or --less-secure) causes corosync-keygen to read from /dev/urandom instead of /dev/random to ensure that no input is required from the user. It may be useful when this command is used from a script. Signed-off-by: Russell Bryant <russell@russellbryant.net> Reviewed-by: Steven Dake <sdake@redhat.com>
2025-08-03 01:12:39 +00:00 · 2011-03-05 10:02:25 -06:00 · 2011-03-05 10:02:25 -06:00 · 1be0c3bdc6
commit 1be0c3bdc6
parent 7471c88346
2 changed files with 52 additions and 7 deletions
--- a/man/corosync-keygen.8
+++ b/man/corosync-keygen.8
@ -35,7 +35,7 @@
 .SH NAME
 corosync-keygen \- Generate an authentication key for Corosync.
 .SH SYNOPSIS
-.B "corosync-keygen"
+.B "corosync-keygen [\-l]"
 .SH DESCRIPTION

 If you want to configure corosync to use cryptographic techniques to ensure authenticity
@ -62,7 +62,13 @@ If a message "Invalid digest" appears from the corosync executive, the keys
 are not consistent between processors.
 .PP
 .B Note: corosync-keygen
-will ask for user input to assist in generating entropy.
+will ask for user input to assist in generating entropy unless the -l option is used.
+.SH OPTIONS
+.TP
+.B -l
+Use a less secure random data source that will not require user input to help generate
+.br
+entropy.  This may be useful when this utility is used from a script.
 .SH EXAMPLES
 .TP
 Generate the key.
--- a/tools/corosync-keygen.c
+++ b/tools/corosync-keygen.c
@ -39,6 +39,7 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <errno.h>
+#include <getopt.h>
 #include <sys/types.h>
 #include <sys/stat.h>

@ -46,12 +47,45 @@

 #define KEYFILE COROSYSCONFDIR "/authkey"

-int main (void) {
+static const char usage[] =
+	"Usage: corosync-keygen [-l]\n"
+	"     -l / --less-secure -  Use a less secure random number source\n"
+	"            (/dev/urandom) that is guaranteed not to require user\n"
+	"            input for entropy.  This can be used when this\n"
+	"            application is used from a script.\n";
+
+
+int main (int argc, char *argv[])
+{
 	int authkey_fd;
 	int random_fd;
 	unsigned char key[128];
 	ssize_t res;
 	ssize_t bytes_read;
+	int c;
+	int option_index;
+	int less_secure = 0;
+	static struct option long_options[] = {
+		{ "less-secure", no_argument, NULL, 'l' },
+		{ "help",        no_argument, NULL, 'h' },
+		{ 0,             0,           NULL, 0   },
+	};
+
+	while ((c = getopt_long (argc, argv, "lh",
+			long_options, &option_index)) != -1) {
+		switch (c) {
+		case 'l':
+			less_secure = 1;
+			break;
+		case 'h':
+			printf ("%s\n", usage);
+			exit(0);
+			break;
+		default:
+			printf ("Error parsing command line options.\n");
+			exit (1);
+		}
+	}

 	printf ("Corosync Cluster Engine Authentication key generator.\n");
 	if (geteuid() != 0) {
@ -65,11 +99,16 @@ int main (void) {
 		}
 	}

-	printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned long)(sizeof (key) * 8));
-	printf ("Press keys on your keyboard to generate entropy.\n");
-	random_fd = open ("/dev/random", O_RDONLY);
+	if (less_secure) {
+		random_fd = open ("/dev/urandom", O_RDONLY);
+	} else {
+		printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned long)(sizeof (key) * 8));
+		printf ("Press keys on your keyboard to generate entropy.\n");
+		random_fd = open ("/dev/random", O_RDONLY);
+	}
+
 	if (random_fd == -1) {
-		perror ("Is /dev/random present? Opening /dev/random");
+		perror ("Failed to open random source\n");
 		exit (errno);
 	}