Re: the entropy bug, and device timeouts (was: Note: two files changed and hashes/signatures updated for NetBSD 8.1)

[Martin Husemann <martin%duskware.de@localhost>]

On Wed, Jan 26, 2022 at 10:56:53PM -0800, Greg A. Woods wrote:
> Well, if you have a hardware RNG, or my patches, then that'll do
> something, but otherwise it's just useless noise and misdirection.

This is not true. Once there is enough entropy gathered (or the system
has been told the administrator considers it good enough), everything is
fine and basically the same state as before the changes you want to back
out (at least from a userland perspective).

Doing that is easy, see entropy(7).

Some types of usage will show differences to the state before, like:

  - cloning a disk image for a VM and not adding entropy to the clone
  - booting with read-only media only (like from CD/DVD) and not configuring
    a way for the system to have /var/db persist between reboots

Both of those were wrong/unclear/unsafe before and now fail more obviously.
Both can be fixed/dealt with in various ways (for VMs e.g. by postprocessing
the image after cloning and before first boot, or even better by
configuring the host to provide viornd(4)).

But repeating myself: for all normal/typical uses the fix is a one-time
manual addition and "blessing" of the entropy state following the
recipes given in entropy(7). On affected machines the installer
offers to do this (in the last page where e.g. users may be added).

Martin