Alan Barrett <apb%cequrux.com@localhost> writes: > On Wed, 09 Apr 2014, Thor Lancelot Simon wrote: >>Modified Files: >> src/distrib/utils/sysinst [tls-earlyentropy]: util.c >> >>Log Message: >>Try to persistently gather some entropy at install time, to give the >>fresh system a better chance of not doing awful things like generating >>guessable SSH host keys. >> >>Handles both systems with /var on / and /var on its own filesystem. Tries >>to preserve old saved entropy when upgrading. > > I see that you chose to use /etc/entropy-file when > /var/db/entropy-file is not on the root file system. > > Some other locations that I would consider include: > > /stand/ -- the entropy file may be used by the boot > loader before a kernel is running, so that fits, > but it's not a "program", so that doesn't fit the > description in hier(7). > > /libdata/ -- the entropy file is a non-executable file > that is required at boot time, which seems to match > the description in hier(7) perfectly. All of this feels awkward. Basically it belongs in var, so I wonder about having a /rootvar or something in the root fs in the case when /var is not, and then /rootvar/db/entropy-file
Attachment:
pgpMNVVJDePZC.pgp
Description: PGP signature