Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst

Alan Barrett <> writes:

> On Wed, 09 Apr 2014, Thor Lancelot Simon wrote:
>>Modified Files:
>>      src/distrib/utils/sysinst [tls-earlyentropy]: util.c
>>Log Message:
>>Try to persistently gather some entropy at install time, to give the
>>fresh system a better chance of not doing awful things like generating
>>guessable SSH host keys.
>>Handles both systems with /var on / and /var on its own filesystem.  Tries
>>to preserve old saved entropy when upgrading.
> I see that you chose to use /etc/entropy-file when
> /var/db/entropy-file is not on the root file system.
> Some other locations that I would consider include:
>    /stand/ -- the entropy file may be used by the boot
>       loader before a kernel is running, so that fits,
>       but it's not a "program", so that doesn't fit the
>       description in hier(7).
>    /libdata/ -- the entropy file is a non-executable file
>       that is required at boot time, which seems to match
>       the description in hier(7) perfectly.

All of this feels awkward.  Basically  it belongs in var, so I wonder
about having a /rootvar or something in the root fs in the case when
/var is not, and then /rootvar/db/entropy-file

Attachment: pgpMNVVJDePZC.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index