From 750cd5e9853820afecca4bf3741422b0e1c23e0b Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Mon, 17 Jun 2024 15:03:17 -0400
Subject: [PATCH] replace urandom with random

These both use the same CSPRNG on modern kernels, but random waits for
CSPRNG initialization instead of only attempting to initialize it.
---
 deploy-initial                   | 2 +-
 nginx-rotate-session-ticket-keys | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy-initial b/deploy-initial
index caacd2a..ab38982 100755
--- a/deploy-initial
+++ b/deploy-initial
@@ -50,7 +50,7 @@ rm ssh/sshd_config.tmp
 ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer plocate-updatedb.timer systemd-networkd.service sshd.service unbound.service"
 ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service"
 
-ssh $remote "dd if=/dev/urandom of=/mnt/swapfile bs=1M count=$swap status=progress"
+ssh $remote "dd if=/dev/random of=/mnt/swapfile bs=1M count=$swap status=progress"
 
 password=$(head -c32 <(tr -dc A-Za-z0-9 </dev/random))
 echo password: $password
diff --git a/nginx-rotate-session-ticket-keys b/nginx-rotate-session-ticket-keys
index 58fbada..4798316 100755
--- a/nginx-rotate-session-ticket-keys
+++ b/nginx-rotate-session-ticket-keys
@@ -9,7 +9,7 @@ cd /etc/nginx/session-ticket-keys
 rsync -I 2.key 1.key
 rsync -I 3.key 2.key
 rsync -I 4.key 3.key
-head -c 80 </dev/urandom >new.key
+head -c 80 </dev/random >new.key
 rsync -I new.key 4.key
 rm new.key
 nginx -s reload