[src/tls-earlyentropy]: src/distrib/utils/sysinst Try to persistently gather ...

[tls <tls%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9de9086e9ed5
branches:  tls-earlyentropy
changeset: 795273:9de9086e9ed5
user:      tls <tls%NetBSD.org@localhost>
date:      Wed Apr 09 03:54:17 2014 +0000

description:
Try to persistently gather some entropy at install time, to give the
fresh system a better chance of not doing awful things like generating
guessable SSH host keys.

Handles both systems with /var on / and /var on its own filesystem.  Tries
to preserve old saved entropy when upgrading.

diffstat:

 distrib/utils/sysinst/util.c |  28 ++++++++++++++++++++++++++--
 1 files changed, 26 insertions(+), 2 deletions(-)

diffs (56 lines):

diff -r 7231926e44a0 -r 9de9086e9ed5 distrib/utils/sysinst/util.c
--- a/distrib/utils/sysinst/util.c      Wed Apr 09 03:41:30 2014 +0000
+++ b/distrib/utils/sysinst/util.c      Wed Apr 09 03:54:17 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: util.c,v 1.184 2013/12/07 19:42:36 martin Exp $        */
+/*     $NetBSD: util.c,v 1.184.2.1 2014/04/09 03:54:17 tls Exp $       */
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -1091,6 +1091,10 @@
                }
                run_program(RUN_DISPLAY | RUN_CHROOT,
                        "/usr/sbin/postinstall -s /.sysinst -d / fix");
+
+               /* Don't discard the system's old entropy if any */
+               run_program(RUN_CHROOT | RUN_SILENT,
+                           "/etc/rc.d/random_seed start");
        }
 
        /* Configure the system */
@@ -1098,7 +1102,24 @@
                run_makedev();
 
        if (!update) {
-               /* Save keybard type */
+               struct stat sb1, sb2;
+
+               stat(target_expand("/"), &sb1);
+               stat(target_expand("/var"), &sb2);
+
+               if (sb1.st_dev != sb2.st_dev) {
+                       add_rc_conf("random_file=/etc/entropy-file\n");
+                       if (target_file_exists_p("/boot.cfg")) {
+                               run_program(RUN_CHROOT|RUN_FATAL,
+                                           "sh -c 'sed -e s./var/db/./etc/. "
+                                           "< /boot.cfg "
+                                           "> /tmp/boot.cfg.tmp'");
+                               mv_within_target_or_die("/tmp/boot.cfg.tmp",
+                                                       "/boot.cfg");
+                       }
+               }
+
+               /* Save keyboard type */
                save_kb_encoding();
 
                /* Other configuration. */
@@ -1108,6 +1129,9 @@
        /* Mounted dist dir? */
        umount_mnt2();
 
+       /* Save entropy -- on some systems it's ~all we'll ever get */
+       run_program(RUN_DISPLAY | RUN_CHROOT | RUN_FATAL | RUN_PROGRESS,
+                   "/etc/rc.d/random_seed stop");
        /* Install/Upgrade complete ... reboot or exit to script */
        msg_display(success_msg);
        process_menu(MENU_ok, NULL);