Re: CVS commit: src/usr.sbin/sysinst/arch

[Joerg Sonnenberger <joerg%bec.de@localhost>]

Am Fri, Jun 17, 2022 at 11:31:29PM +0900 schrieb Izumi Tsutsui:
> > > Modified Files:
> > > 	src/usr.sbin/sysinst/arch/atari: Makefile
> > > 	src/usr.sbin/sysinst/arch/hp300: Makefile
> > > 	src/usr.sbin/sysinst/arch/luna68k: Makefile
> > > 	src/usr.sbin/sysinst/arch/news68k: Makefile
> > > 	src/usr.sbin/sysinst/arch/newsmips: Makefile
> > > 	src/usr.sbin/sysinst/arch/x68k: Makefile
> > > 
> > > Log Message:
> > > Pull SMALLPROG stuff to disable unnecessary partitioning methods etc.
> > 
> > I'm a bit concerned about the CHECK_ENTROPY part. This has a good chance
> > of resulting in a inferior user experience, so is that really worth
> > saving a few bytes?
> 
> - ramdiskbin with CHECK_ENTROPY requires extra 7000 bytes, at least on
>   m68k, so poor tier-II ports that have size restrictions on install media
>   or use slow floppies rather prefer smaller binaries

Hm. It shouldn't be anywhere as heavy. Can you check where that size
comes from? 1KB I can understand, but 7KB feels too large and something
is going wrong. E.g. it could be pulling in more SHA2 code that hasn't
been used before and there might be cheaper options in terms of code
size.

> - CHECK_ENTROPY has been added after netbsd-9 was branched so I guess
>   ordinary release users won't notice differences

We have known issues with the entropy handling on netbsd-9 and this
option is supposed to fix many of those.

> - if you would like to discuss about pros and cons without numbers,
>   maybe it would be worth to try installation on various emulators
>   and describe actual experiences

The problem is that incorrectly initialised RNG can result in hard to
debug hangs or an insecure operating state. Both are are bad and not
just cosmetical issues. Given that none of the ancient ports are ever
likely to see a hardware RNG, they are directly affected.

Joerg