Re: where to set/override entropy $random_file location?

[Steve Rikli <sr%genyosha.net@localhost>]

On Sat, Oct 18, 2025 at 12:15:57PM -0700, Steve Rikli wrote:
> On Tue, Oct 14, 2025 at 09:34:28AM -0400, Greg Troxel wrote:
> > Steve Rikli <sr%genyosha.net@localhost> writes:
> > > ...
> > > I was thinking I'd give it another day or so and then put in a PR, at
> > > least as a placeholder to capture and summarize this thread. Is that
> > > worthwhile?
> > 
> > Yes, but the more you can have patches the more likely it is someone
> > will deal with it.
> 
> OK, I finally got some time to submit the PR:
>   https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=59709
> ...
> > This way you can test your changes, as while this isn't super hard it is
> > very likely that anyone would get it not 100% right the first time.

After submitted my diffs and letting the test VM run for a few days, one
difference is the "daily insecurity output" email from cron now reports:

  Saved entropy to /var/db/entropy-file.

...which is expected when comparing code. I.e. previously /etc/security
also simply ran 'rndctl -S "$random_file"' directly, with no output.

Whereas the new /etc/security code calls /etc/rc.d/random_seed and that
script does the same 'rndctl' and also echos the above message.

Aside from that the behavior of saving entropy file is the same.

I like the idea of /etc/security calling /etc/rc.d/random_seed instead
of running duplicate code, but if the new line in daily security report
is objectionable, some additional work to random_seed script is likely
needed.

Cheers,
sr.