Re: CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst
From: Alan Barrett <apb%cequrux.com@localhost>
Date: Fri, 11 Apr 2014 08:47:25 +0200

On Wed, 09 Apr 2014, Thor Lancelot Simon wrote:

Modified Files:
        src/distrib/utils/sysinst [tls-earlyentropy]: util.c

Log Message:
Try to persistently gather some entropy at install time, to give the
fresh system a better chance of not doing awful things like generating
guessable SSH host keys.

Handles both systems with /var on / and /var on its own filesystem.  Tries
to preserve old saved entropy when upgrading.

I see that you chose to use /etc/entropy-file when/var/db/entropy-file is not on the root file system.


Some other locations that I would consider include:

   /stand/ -- the entropy file may be used by the boot
      loader before a kernel is running, so that fits,
      but it's not a "program", so that doesn't fit the
      description in hier(7).

   /libdata/ -- the entropy file is a non-executable file
      that is required at boot time, which seems to match
      the description in hier(7) perfectly.

--apb (Alan Barrett)

Follow-Ups:
- Re: CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst
  - From: Greg Troxel

Prev by Date: Re: CVS commit: src/sys/dev/ic
Next by Date: Re: CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst
Previous by Thread: Re: CVS commit: src/share/mk
Next by Thread: Re: CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst
Indexes:

Home | Main Index | Thread Index | Old Index