Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/sysinst Re-enable the entropy handling code in sysi...
details: https://anonhg.NetBSD.org/src/rev/125258c1bf82
branches: trunk
changeset: 988631:125258c1bf82
user: martin <martin%NetBSD.org@localhost>
date: Fri Oct 08 15:59:55 2021 +0000
description:
Re-enable the entropy handling code in sysinst (only visible on machines
that do not have full entropy), but move it to the config menu
instead of enforcing it as mandatory step.
This menu is shown at the end of the setup, or if explicitly invoked
from the main menu.
Some of the input options are complex but useful in some situations
and code to support them is tiny. Most users will use the manual input
(first + default option) but some might prefer to connect a USB TRNG
or have easy setups to transfer entropy from another machine (while
copy & paste on a serial console sometimes is tricky).
diffstat:
usr.sbin/sysinst/Makefile.inc | 6 ++--
usr.sbin/sysinst/configmenu.c | 20 +++++++++++++++-
usr.sbin/sysinst/defs.h | 7 ++++-
usr.sbin/sysinst/install.c | 9 +------
usr.sbin/sysinst/menus.entropy | 4 +-
usr.sbin/sysinst/msg.entropy.de | 8 +++++-
usr.sbin/sysinst/msg.entropy.en | 8 +++++-
usr.sbin/sysinst/msg.entropy.es | 8 +++++-
usr.sbin/sysinst/msg.entropy.fr | 8 +++++-
usr.sbin/sysinst/msg.entropy.pl | 8 +++++-
usr.sbin/sysinst/util.c | 49 +++++++++++++++++++++++-----------------
11 files changed, 88 insertions(+), 47 deletions(-)
diffs (truncated from 405 to 300 lines):
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/Makefile.inc
--- a/usr.sbin/sysinst/Makefile.inc Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/Makefile.inc Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.43 2021/09/26 15:52:40 maya Exp $
+# $NetBSD: Makefile.inc,v 1.44 2021/10/08 15:59:55 martin Exp $
#
# Makefile for sysinst
@@ -47,7 +47,7 @@
CPPFLAGS+= -DNO_CLONES
.endif
-.if ${CHECK_ENTROPY:Uno} != "no"
+.if ${CHECK_ENTROPY:Uyes} != "no"
MENUS_MI+= menus.entropy
CPPFLAGS+= -DCHECK_ENTROPY=1
.endif
@@ -209,7 +209,7 @@
MSG_MD+= msg.pm.${SYSINSTLANG}
.endif
-.if ${CHECK_ENTROPY:Uno} != "no"
+.if ${CHECK_ENTROPY:Uyes} != "no"
MSG_MD+= msg.entropy.${SYSINSTLANG}
.endif
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/configmenu.c
--- a/usr.sbin/sysinst/configmenu.c Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/configmenu.c Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: configmenu.c,v 1.12 2021/01/31 22:45:46 rillig Exp $ */
+/* $NetBSD: configmenu.c,v 1.13 2021/10/08 15:59:55 martin Exp $ */
/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -45,6 +45,7 @@
static int set_root_shell(struct menudesc *, void *);
static int change_root_password(struct menudesc *, void *);
static int add_new_user(struct menudesc *, void *);
+static int add_entropy(struct menudesc *, void *);
static int set_binpkg(struct menudesc *, void *);
static int set_pkgsrc(struct menudesc *, void *);
static void config_list_init(void);
@@ -74,6 +75,7 @@
CONFIGOPT_LVM,
CONFIGOPT_RAIDFRAME,
CONFIGOPT_ADDUSER,
+ CONFIGOPT_ADD_ENTROPY,
CONFIGOPT_LAST
};
@@ -102,6 +104,9 @@
{MSG_enable_lvm, CONFIGOPT_LVM, "lvm", toggle_rcvar, NULL},
{MSG_enable_raid, CONFIGOPT_RAIDFRAME, "raidframe", toggle_rcvar, NULL},
{MSG_add_a_user, CONFIGOPT_ADDUSER, NULL, add_new_user, ""},
+#if CHECK_ENTROPY
+ {MSG_Configure_entropy, CONFIGOPT_ADD_ENTROPY, NULL, add_entropy, ""},
+#endif
{NULL, CONFIGOPT_LAST, NULL, NULL, NULL}
};
@@ -180,6 +185,10 @@
opt = conf->opt;
if (opt == CONFIGOPT_LAST)
break;
+#if CHECK_ENTROPY
+ if (opt == CONFIGOPT_ADD_ENTROPY && entropy_needed() == 0)
+ continue;
+#endif
*ce = conf;
memset(me, 0, sizeof(*me));
me->opt_action = conf->action;
@@ -247,6 +256,15 @@
return rval;
}
+#if CHECK_ENTROPY
+static int
+add_entropy(struct menudesc *menu, void *arg)
+{
+ do_add_entropy();
+ return 0;
+}
+#endif
+
static int
add_new_user(struct menudesc *menu, void *arg)
{
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/defs.h
--- a/usr.sbin/sysinst/defs.h Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/defs.h Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: defs.h,v 1.74 2021/09/26 15:52:40 maya Exp $ */
+/* $NetBSD: defs.h,v 1.75 2021/10/08 15:59:55 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@@ -632,6 +632,10 @@
/* needed prototypes */
void set_menu_numopts(int, int);
void remove_color_options(void);
+#ifdef CHECK_ENTROPY
+bool do_add_entropy(void);
+size_t entropy_needed(void);
+#endif
void remove_raid_options(void);
void remove_lvm_options(void);
void remove_cgd_options(void);
@@ -892,7 +896,6 @@
struct disk_partitions*);
void free_install_desc(struct install_partition_desc*);
bool may_swap_if_not_sdmmc(const char*);
-bool do_check_entropy(void);
/* from target.c */
#if defined(DEBUG) || defined(DEBUG_ROOT)
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/install.c
--- a/usr.sbin/sysinst/install.c Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/install.c Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: install.c,v 1.20 2020/11/04 14:29:40 martin Exp $ */
+/* $NetBSD: install.c,v 1.21 2021/10/08 15:59:55 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@@ -168,13 +168,6 @@
return;
#endif
-#ifdef CHECK_ENTROPY
- if (!do_check_entropy()) {
- hit_enter_to_continue(MSG_abort_installation, NULL);
- return;
- }
-#endif
-
memset(&install, 0, sizeof install);
/* Create and mount partitions */
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/menus.entropy
--- a/usr.sbin/sysinst/menus.entropy Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/menus.entropy Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: menus.entropy,v 1.1 2020/11/04 14:29:40 martin Exp $ */
+/* $NetBSD: menus.entropy,v 1.2 2021/10/08 15:59:55 martin Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
/* arg is an int*, returning a magic value for the selected menu option */
menu not_enough_entropy, title MSG_not_enough_entropy, y=-1, no box, clear,
- exit, exitstring MSG_abort_installation;
+ exit, exitstring MSG_continue_without_entropy;
option MSG_entropy_add_manually, exit,
action { *((int*)arg) = 1; };
option MSG_entropy_download_seed, exit,
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/msg.entropy.de
--- a/usr.sbin/sysinst/msg.entropy.de Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/msg.entropy.de Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.de,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.de,v 1.3 2021/10/08 15:59:55 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+message Configure_entropy {Entropie konfigurieren}
+
+message continue_without_entropy {Weiter ohne Entropy}
+
message not_enough_entropy
{Dieses System scheint nicht über einen Pseudo-Zufallszahlengenerator
zu verfügen. Für das Erzeugen von kryptografisch sicheren Schlüsseldateien
@@ -39,7 +43,7 @@
jetzt und wählen dann die Option "Erneut testen".}
message entropy_add_manually {Manuelle Zufallseingabe}
-message entropy_download_raw {Zufallsdaten laden}
+message entropy_download_raw {Rohe binäre Zufallsdaten laden}
message entropy_download_seed {NetBSD Entropie-Datei laden}
message entropy_retry {Erneut testen}
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/msg.entropy.en
--- a/usr.sbin/sysinst/msg.entropy.en Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/msg.entropy.en Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.en,v 1.3 2021/10/08 15:59:55 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+message Configure_entropy {Set up entropy}
+
+message continue_without_entropy {Continue without entropy}
+
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
+message entropy_download_raw {Load raw binary random data}
message entropy_download_seed {Import a NetBSD entropy file}
message entropy_retry {Re-test}
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/msg.entropy.es
--- a/usr.sbin/sysinst/msg.entropy.es Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/msg.entropy.es Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.es,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.es,v 1.3 2021/10/08 15:59:55 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+message Configure_entropy {Set up entropy}
+
+message continue_without_entropy {Continue without entropy}
+
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
+message entropy_download_raw {Load raw binary random random data}
message entropy_download_seed {Import a NetBSD entropy file}
message entropy_retry {Re-test}
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/msg.entropy.fr
--- a/usr.sbin/sysinst/msg.entropy.fr Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/msg.entropy.fr Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.fr,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.fr,v 1.3 2021/10/08 15:59:55 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+message Configure_entropy {Set up entropy}
+
+message continue_without_entropy {Continue without entropy}
+
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
+message entropy_download_raw {Load raw binary random random data}
message entropy_download_seed {Import a NetBSD entropy file}
message entropy_retry {Re-test}
diff -r b8ceb1d11fa7 -r 125258c1bf82 usr.sbin/sysinst/msg.entropy.pl
--- a/usr.sbin/sysinst/msg.entropy.pl Fri Oct 08 14:45:07 2021 +0000
+++ b/usr.sbin/sysinst/msg.entropy.pl Fri Oct 08 15:59:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.pl,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.pl,v 1.3 2021/10/08 15:59:55 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
+message Configure_entropy {Set up entropy}
+
+message continue_without_entropy {Continue without entropy}
+
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
+message entropy_download_raw {Load raw binary random random data}
Home |
Main Index |
Thread Index |
Old Index