Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst

On Wed, 09 Apr 2014, Thor Lancelot Simon wrote:
Modified Files:
        src/distrib/utils/sysinst [tls-earlyentropy]: util.c

Log Message:
Try to persistently gather some entropy at install time, to give the
fresh system a better chance of not doing awful things like generating
guessable SSH host keys.

Handles both systems with /var on / and /var on its own filesystem.  Tries
to preserve old saved entropy when upgrading.

I see that you chose to use /etc/entropy-file when /var/db/entropy-file is not on the root file system.

Some other locations that I would consider include:

   /stand/ -- the entropy file may be used by the boot
      loader before a kernel is running, so that fits,
      but it's not a "program", so that doesn't fit the
      description in hier(7).

   /libdata/ -- the entropy file is a non-executable file
      that is required at boot time, which seems to match
      the description in hier(7) perfectly.

--apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index