Comment 5 for bug 1098299

I strongly agree with the main idea here:
    "entropy pool should be seeded earlier in boot process"

Here are some numbers that quantify the magnitude
of the problem:
                                        prior
        startup script #bits
        (mountall) 18816
        (mounted-run) 21888
        (sshd server) 35616
        (network-interface : lo) 55968
        (network-interface : eth0) 68832
        (urandom) 79168

For details on what these numbers mean, see
  http://www.av8n.com/computer/htm/secure-random.htm#sec-discuss

Steve Langasek (vorlon) wrote on 2013-05-17:

> I think we do want to translate /etc/init.d/urandom to an upstart job

Agreed! That will help a lot.

> not sure at present how to write it correctly

It's not hard. A very specific suggestion for how it might be done can
be found here:
  http://www.av8n.com/cgit/cgit.cgi/init-urandom/

1) Add init/urandom.conf
2) Add init/urandom-save.conf
3) Remove all references to init.d/urandom from rc?.d/
4) Optionally add a factor of "urandom" to the startup conditions
   in init/ssh.conf. This will make init.ssh.conf correspond more
   closely to the old sysvinit init.d/ssh

This (a) ports the urandom stuff to upstart, (b) initializes the PRNG
much earlier, and (c) does a better job of refreshing the stored
seed.

I am under no illusions that this initializes the PRNG early enough
in absolute terms ... but it is very very much earlier in relative
terms. It is a big step in the right direction.

In any case, porting it to upstart also improves things in a number
of ways.

Let me know if you have questions.