tech-install archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[PATCH] Simplify installer entropy text, narrow number of options down to a single good one
Before: 4 menu (too many) options, a lot of technical text.
After: a single window that describes an option that is good in all
circumstances, text with less terminology (still a lot...):
-----------------------------------------------------------------------
Couldn't find a hardware random number generator, or a big enough seed.
We can still provide secure random numbers if a small random seed is
provided.
Supply input to be used as a random seed:
[ SINGLE INPUT FIELD ]
-----------------------------------------------------------------------
While here, make the default option in the first menu to be "yes". If
you opened the installer and click install, you probably want to
continue.
Index: Makefile.inc
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/Makefile.inc,v
retrieving revision 1.37
diff -u -r1.37 Makefile.inc
--- Makefile.inc 4 Nov 2020 14:29:40 -0000 1.37
+++ Makefile.inc 13 Nov 2020 00:12:33 -0000
@@ -48,7 +48,6 @@
.endif
.if ${CHECK_ENTROPY:Uyes} != "no"
-MENUS_MI+= menus.entropy
CPPFLAGS+= -DCHECK_ENTROPY=1
.endif
Index: install.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/install.c,v
retrieving revision 1.20
diff -u -r1.20 install.c
--- install.c 4 Nov 2020 14:29:40 -0000 1.20
+++ install.c 13 Nov 2020 00:12:33 -0000
@@ -164,7 +164,7 @@
#ifndef DEBUG
msg_display(MSG_installusure);
- if (!ask_noyes(NULL))
+ if (!ask_yesno(NULL))
return;
#endif
Index: menus.entropy
===================================================================
RCS file: menus.entropy
diff -N menus.entropy
--- menus.entropy 4 Nov 2020 14:29:40 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,131 +0,0 @@
-/* $NetBSD: menus.entropy,v 1.1 2020/11/04 14:29:40 martin Exp $ */
-
-/*-
- * Copyright (c) 2003 The NetBSD Foundation, Inc.
- * All rights reserved.
- *
- * This code is derived from software contributed to The NetBSD Foundation
- * by David Laight.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Menu system definitions -- entropy setup */
-
-/* arg is an int*, returning a magic value for the selected menu option */
-menu not_enough_entropy, title MSG_not_enough_entropy, y=-1, no box, clear,
- exit, exitstring MSG_abort_installation;
- option MSG_entropy_add_manually, exit,
- action { *((int*)arg) = 1; };
- option MSG_entropy_download_seed, exit,
- action { *((int*)arg) = 2; };
- option MSG_entropy_download_raw, exit,
- action { *((int*)arg) = 3; };
- option MSG_entropy_retry, exit,
- action { *((int*)arg) = 4; };
-
-
-/* arg is an int*, returning a magic value for the selected menu option */
-menu entropy_select_file, title MSG_entropy_select_file, y=-5, box,
- exit, exitstring MSG_cancel;
- option MSG_entropy_add_download_http, exit,
- action { *((int*)arg) = 1; };
- option MSG_entropy_add_download_ftp, exit,
- action { *((int*)arg) = 2; };
- option MSG_entropy_add_nfs, exit,
- action { *((int*)arg) = 3; };
- option MSG_entropy_add_local, exit,
- action { *((int*)arg) = 4; };
-
-
-/* arg is an int*, set to SET_RETRY when the menu is aborted */
-menu entropy_nfssource, y=-5, x=0, w=70, no box, no clear,
- exitstring MSG_load_entropy;
- option {src_legend(menu, MSG_Host, nfs_host);},
- action { src_prompt(MSG_Host, nfs_host, sizeof nfs_host); };
- option {src_legend(menu, MSG_Base_dir, nfs_dir);},
- action { src_prompt(MSG_Base_dir, nfs_dir, sizeof nfs_dir); };
- option {src_legend(menu, MSG_entropy_file, entropy_file);},
- action { src_prompt(MSG_set_entropy_file, entropy_file, sizeof entropy_file); };
- option MSG_cancel, exit,
- action { *((int*)arg) = SET_RETRY; };
-
-
-/* arg is an arg_rv*, pointing to a struct ftpinfo and a return value */
-menu entropy_ftpsource, y=-4, x=0, w=70, no box, no clear,
- exitstring MSG_download_entropy;
- option {src_legend(menu, MSG_Host,
- ((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer_host[
- ((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer]);},
- action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
- src_prompt(MSG_Host, fpi->xfer_host[fpi->xfer],
- sizeof fpi->xfer_host[fpi->xfer]); };
- option {src_legend(menu, MSG_entropy_path_and_file, entropy_file);},
- action { src_prompt(MSG_entropy_path_and_file,
- entropy_file, sizeof entropy_file); };
- option {src_legend(menu, MSG_User,
- ((struct ftpinfo*)((arg_rv*)arg)->arg)->user);},
- action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
- src_prompt(MSG_User, fpi->user, sizeof fpi->user);
- fpi->pass[0] = 0;
- };
- option {src_legend(menu, MSG_Password,
- strcmp(((struct ftpinfo*)((arg_rv*)arg)->arg)->user,
- "ftp") == 0 ||
- ((struct ftpinfo*)((arg_rv*)arg)->arg)->pass[0] == 0
- ? ((struct ftpinfo*)((arg_rv*)arg)->arg)->pass
- : msg_string(MSG_hidden));},
- action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
- if (strcmp(fpi->user, "ftp") == 0)
- src_prompt(MSG_email, fpi->pass, sizeof fpi->pass);
- else {
- msg_prompt_noecho(MSG_Password, "",
- fpi->pass, sizeof fpi->pass);
- }
- };
- option {src_legend(menu, MSG_Proxy,
- ((struct ftpinfo*)((arg_rv*)arg)->arg)->proxy);},
- action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
- src_prompt(MSG_Proxy, fpi->proxy, sizeof fpi->proxy);
- if (strcmp(fpi->proxy, "") == 0) {
- unsetenv("ftp_proxy");
- unsetenv("http_proxy");
- } else {
- setenv("ftp_proxy", fpi->proxy, 1);
- setenv("http_proxy", fpi->proxy, 1);
- }
- };
- option MSG_cancel, exit, action { ((arg_rv*)arg)->rv = SET_RETRY; };
-
-
-/* arg is an int*, set to SET_RETRY when the menu is aborted */
-menu entropy_localfs, y=-4, x=0, w=70, no box, no clear,
- exitstring MSG_load_entropy;
- display action { msg_display(MSG_entropy_localfs); };
- option {src_legend(menu, MSG_Device, localfs_dev);},
- action { src_prompt(MSG_dev, localfs_dev, sizeof localfs_dev);};
- option {src_legend(menu, MSG_File_system, localfs_fs);},
- action { src_prompt(MSG_filesys, localfs_fs, sizeof localfs_fs); };
- option {src_legend(menu, MSG_entropy_path_and_file, entropy_file);},
- action { src_prompt(MSG_entropy_path_and_file, entropy_file, sizeof entropy_file);};
- option MSG_cancel, exit, action { *((int*)arg) = SET_RETRY; };
-
Index: msg.entropy.de
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.de,v
retrieving revision 1.2
diff -u -r1.2 msg.entropy.de
--- msg.entropy.de 6 Nov 2020 12:23:10 -0000 1.2
+++ msg.entropy.de 13 Nov 2020 00:12:33 -0000
@@ -26,102 +26,13 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-message not_enough_entropy
-{Dieses System scheint nicht �ber einen Pseudo-Zufallszahlengenerator
-zu verf�gen. F�r das Erzeugen von kryptografisch sicheren Schl�sseldateien
-(z.B. ssh host keys) ist nicht genug Entropie verf�gbar.
-
-Am einfachsten generieren Sie Zufallsdaten auf einem anderen Computer
-und laden sie in dieser Installation. Alternativ k�nnen Sie auch
-manuell Zufallsdaten eingeben.
-
-Falls Sie einen USB Zufallsgenerator besitzen, verbinden Sie diesen
-jetzt und w�hlen dann die Option "Erneut testen".}
-
-message entropy_add_manually {Manuelle Zufallseingabe}
-message entropy_download_raw {Zufallsdaten laden}
-message entropy_download_seed {NetBSD Entropie-Datei laden}
-message entropy_retry {Erneut testen}
-
message entropy_enter_manual1
-{Geben Sie bitte mehrere Zeilen zuf�llige Zeichen ein,
-in denen genug Entropie enthalten sein sollte, die 256 M�nzw�rfen,
-100 W�rfen mit einem sechsseitigen W�rfel oder 64 zuf�lligen hexadezimalen
-Zeichen entspricht.}
+{Couldn't find a hardware random number generator, or a big enough seed.
+We can still provide secure random numbers if a small random seed is
+provided.}
message entropy_enter_manual2
-{Falls Sie Daten von einem anderen System per Kopieren & Einf�gen in dieses
-Installationsprogramm �bertragen k�nnen, k�nnen Sie die Ausgabe des
-folgenden Kommandos (auf einem System dessen Entropie Sie vertrauen)
-verwenden:}
+{Supply input to be used as a random seed:}
-message entropy_enter_manual3
-{Benutzen Sie nicht die gleiche Eingabe f�r mehrere Installationen.
-Beenden Sie die Eingabe mit einer leeren Zeile.}
-
message entropy_manual_not_enough
{Sie haben nicht genug Zeichen eingegeben!}
-
-message entropy_select_file
-{W�hlen Sie auf welche Art Sie die Zufallsdaten auf diesen Computer
-�bertragen wollen:}
-
-message entropy_add_download_ftp
-{Download per ftp}
-
-message entropy_add_download_http
-{Download per http}
-
-message entropy_add_nfs
-{Von einer NFS Freigabe laden}
-
-message download_entropy
-{Download starten}
-
-message entropy_add_local
-{Von einem lokalen Dateisystem laden (z.B. USB)}
-
-message entropy_file
-{Pfad/Datei}
-
-message load_entropy
-{Zufallsdatei laden}
-
-message set_entropy_file
-{Pfad der Zuffalsdatei}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_nfs
-{W�hlen Sie Server, Freigabe und Dateipfad von dem die $0 geladen werden kann.}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_download
-{Da derzeit auf diesem System nicht genug Entropie vorhanden ist, sind alle
-kryptographischen Operation durch replay-Attacken angreifbar.
-Verwenden Sie nur lokale vertrauensw�rdige Netzwerke.}
-
-message entropy_data
-{Bin�rdatei mit Zuffallsdaten}
-
-message entropy_data_hdr
-{Auf einem System mit kryptographisch starkem Zufallszahlengenerator
-k�nnen Sie zuf�llige Bin�rdaten z.B. so erzeugen:}
-
-message entropy_seed
-{NetBSD entropy Datei}
-
-message entropy_seed_hdr
-{Auf einem NetBSD System mit kryptographisch starkem Zufallszahlengenerator
-k�nnen Sie einen Entropie-Schnappschuss folgenderma�en erstellen:}
-
-message entropy_path_and_file
-{Pfad und Dateiname}
-
-message entropy_localfs
-{Geben Sie das noch nicht gemountete lokale Ger�t und dessen entsprechendes
-Verzeichnis an, in dem die Zufallsdatei zu finden ist.}
-
Index: msg.entropy.en
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.en,v
retrieving revision 1.2
diff -u -r1.2 msg.entropy.en
--- msg.entropy.en 6 Nov 2020 12:23:10 -0000 1.2
+++ msg.entropy.en 13 Nov 2020 00:12:33 -0000
@@ -26,99 +26,13 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-message not_enough_entropy
-{This system seems to lack a cryptographically strong pseudo random
-number generator. There is not enough entropy available to create secure
-keys (e.g. ssh host keys).
-
-You may use random data generated on another computer and load it
-here, or you could enter random characters manually.
-
-If you own a USB random number device, connect it now and select
-the "Re-test" option.}
-
-message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
-message entropy_download_seed {Import a NetBSD entropy file}
-message entropy_retry {Re-test}
-
message entropy_enter_manual1
-{Enter random characters.}
+{Couldn't find a hardware random number generator, or a big enough seed.
+We can still provide secure random numbers if a small random seed is
+provided.}
message entropy_enter_manual2
-{They should contain at last 256 bits of randomness, as in 256 coin
-tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
-(if you are able to copy & paste output from another machine into this
-installer) the output from running the following command on another
-machine whose randomness you trust:}
-
-message entropy_enter_manual3
-{Do not use the same data for multiple installations.
-Terminate the input with an empty line.}
+{Supply input to be used as a random seed:}
message entropy_manual_not_enough
{You did not enter enough characters!}
-
-message entropy_select_file
-{Please select how you want to transfer the random data file
-to this machine:}
-
-message entropy_add_download_ftp
-{Download via ftp}
-
-message entropy_add_download_http
-{Download via http}
-
-message download_entropy
-{Start download}
-
-message entropy_add_nfs
-{Load from a NFS share}
-
-message entropy_add_local
-{Load from a local file system (e.g. a USB device)}
-
-message entropy_file
-{Path/file}
-
-message load_entropy
-{Load random data}
-
-message set_entropy_file
-{Random data file path}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_nfs
-{Select a server, a share and the file path to load the $0.}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_download
-{Since not enough entropy is available on this system, all crytographic
-operations are suspect to replay attacks.
-Please only use trustworthy local networks.}
-
-message entropy_data
-{random data binary file}
-
-message entropy_data_hdr
-{On a system with cryptographically strong pseudo random number generator
-you can create a file with random binary data like this:}
-
-message entropy_seed
-{NetBSD entropy seed file}
-
-message entropy_seed_hdr
-{On a NetBSD system with cryptographically strong pseudo random number
-generator you can create an entropy snapshot like this:}
-
-message entropy_path_and_file
-{Path and filename}
-
-message entropy_localfs
-{Enter the unmounted local device and directory on that device where
-the random data is located.}
-
Index: msg.entropy.es
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.es,v
retrieving revision 1.2
diff -u -r1.2 msg.entropy.es
--- msg.entropy.es 6 Nov 2020 12:23:10 -0000 1.2
+++ msg.entropy.es 13 Nov 2020 00:12:33 -0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.es,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,99 +26,13 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-message not_enough_entropy
-{This system seems to lack a cryptographically strong pseudo random
-number generator. There is not enough entropy available to create secure
-keys (e.g. ssh host keys).
-
-You may use random data generated on another computer and load it
-here, or you could enter random characters manually.
-
-If you own a USB random number device, connect it now and select
-the "Re-test" option.}
-
-message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
-message entropy_download_seed {Import a NetBSD entropy file}
-message entropy_retry {Re-test}
-
message entropy_enter_manual1
-{Enter random characters.}
+{Couldn't find a hardware random number generator, or a big enough seed.
+We can still provide secure random numbers if a small random seed is
+provided.}
message entropy_enter_manual2
-{They should contain at last 256 bits of randomness, as in 256 coin
-tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
-(if you are able to copy & paste output from another machine into this
-installer) the output from running the following command on another
-machine whose randomness you trust:}
-
-message entropy_enter_manual3
-{Do not use the same data for multiple installations.
-Terminate the input with an empty line.}
+{Supply input to be used as a random seed:}
message entropy_manual_not_enough
{You did not enter enough characters!}
-
-message entropy_select_file
-{Please select how you want to transfer the random data file
-to this machine:}
-
-message entropy_add_download_ftp
-{Download via ftp}
-
-message entropy_add_download_http
-{Download via http}
-
-message download_entropy
-{Start download}
-
-message entropy_add_nfs
-{Load from a NFS share}
-
-message entropy_add_local
-{Laod from a local file system (e.g. a USB device)}
-
-message entropy_file
-{Path/file}
-
-message load_entropy
-{Load random data}
-
-message set_entropy_file
-{Random data file path}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_nfs
-{Select a server, a share and the file path to load the $0.}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_download
-{Since not enough entropy is available on this system, all crytographic
-operations are suspect to replay attacks.
-Please only use trustworthy local networks.}
-
-message entropy_data
-{random data binary file}
-
-message entropy_data_hdr
-{On a system with cryptographically strong pseudo random number generator
-you can create a file with random binary data like this:}
-
-message entropy_seed
-{NetBSD entropy seed file}
-
-message entropy_seed_hdr
-{On a NetBSD system with cryptographically strong pseudo random number
-generator you can create an entropy snapshot like this:}
-
-message entropy_path_and_file
-{Path and filename}
-
-message entropy_localfs
-{Enter the unmounted local device and directory on that device where
-the random data is located.}
-
Index: msg.entropy.fr
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.fr,v
retrieving revision 1.2
diff -u -r1.2 msg.entropy.fr
--- msg.entropy.fr 6 Nov 2020 12:23:10 -0000 1.2
+++ msg.entropy.fr 13 Nov 2020 00:12:33 -0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.fr,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,99 +26,13 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-message not_enough_entropy
-{This system seems to lack a cryptographically strong pseudo random
-number generator. There is not enough entropy available to create secure
-keys (e.g. ssh host keys).
-
-You may use random data generated on another computer and load it
-here, or you could enter random characters manually.
-
-If you own a USB random number device, connect it now and select
-the "Re-test" option.}
-
-message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
-message entropy_download_seed {Import a NetBSD entropy file}
-message entropy_retry {Re-test}
-
message entropy_enter_manual1
-{Enter random characters.}
+{Couldn't find a hardware random number generator, or a big enough seed.
+We can still provide secure random numbers if a small random seed is
+provided.}
message entropy_enter_manual2
-{They should contain at last 256 bits of randomness, as in 256 coin
-tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
-(if you are able to copy & paste output from another machine into this
-installer) the output from running the following command on another
-machine whose randomness you trust:}
-
-message entropy_enter_manual3
-{Do not use the same data for multiple installations.
-Terminate the input with an empty line.}
+{Supply input to be used as a random seed:}
message entropy_manual_not_enough
{You did not enter enough characters!}
-
-message entropy_select_file
-{Please select how you want to transfer the random data file
-to this machine:}
-
-message entropy_add_download_ftp
-{Download via ftp}
-
-message entropy_add_download_http
-{Download via http}
-
-message download_entropy
-{Start download}
-
-message entropy_add_nfs
-{Load from a NFS share}
-
-message entropy_add_local
-{Load from a local file system (e.g. a USB device)}
-
-message entropy_file
-{Path/file}
-
-message load_entropy
-{Load random data}
-
-message set_entropy_file
-{Random data file path}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_nfs
-{Select a server, a share and the file path to load the $0.}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_download
-{Since not enough entropy is available on this system, all crytographic
-operations are suspect to replay attacks.
-Please only use trustworthy local networks.}
-
-message entropy_data
-{random data binary file}
-
-message entropy_data_hdr
-{On a system with cryptographically strong pseudo random number generator
-you can create a file with random binary data like this:}
-
-message entropy_seed
-{NetBSD entropy seed file}
-
-message entropy_seed_hdr
-{On a NetBSD system with cryptographically strong pseudo random number
-generator you can create an entropy snapshot like this:}
-
-message entropy_path_and_file
-{Path and filename}
-
-message entropy_localfs
-{Enter the unmounted local device and directory on that device where
-the random data is located.}
-
Index: msg.entropy.pl
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.pl,v
retrieving revision 1.2
diff -u -r1.2 msg.entropy.pl
--- msg.entropy.pl 6 Nov 2020 12:23:10 -0000 1.2
+++ msg.entropy.pl 13 Nov 2020 00:12:33 -0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msg.entropy.pl,v 1.2 2020/11/06 12:23:10 martin Exp $ */
+/* $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $ */
/*
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,99 +26,13 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-message not_enough_entropy
-{This system seems to lack a cryptographically strong pseudo random
-number generator. There is not enough entropy available to create secure
-keys (e.g. ssh host keys).
-
-You may use random data generated on another computer and load it
-here, or you could enter random characters manually.
-
-If you own a USB random number device, connect it now and select
-the "Re-test" option.}
-
-message entropy_add_manually {Manual input of random data}
-message entropy_download_raw {Load random data}
-message entropy_download_seed {Import a NetBSD entropy file}
-message entropy_retry {Re-test}
-
message entropy_enter_manual1
-{Enter random characters.}
+{Couldn't find a hardware random number generator, or a big enough seed.
+We can still provide secure random numbers if a small random seed is
+provided.}
message entropy_enter_manual2
-{They should contain at last 256 bits of randomness, as in 256 coin
-tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
-(if you are able to copy & paste output from another machine into this
-installer) the output from running the following command on another
-machine whose randomness you trust:}
-
-message entropy_enter_manual3
-{Do not use the same data for multiple installations.
-Terminate the input with an empty line.}
+{Supply input to be used as a random seed:}
message entropy_manual_not_enough
{You did not enter enough characters!}
-
-message entropy_select_file
-{Please select how you want to transfer the random data file
-to this machine:}
-
-message entropy_add_download_ftp
-{Download via ftp}
-
-message entropy_add_download_http
-{Download via http}
-
-message download_entropy
-{Start download}
-
-message entropy_add_nfs
-{Load from a NFS share}
-
-message entropy_add_local
-{Load from a local file system (e.g. a USB device)}
-
-message entropy_file
-{Path/file}
-
-message load_entropy
-{Load random data}
-
-message set_entropy_file
-{Random data file path}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_nfs
-{Select a server, a share and the file path to load the $0.}
-
-/* Called with: Example
- * $0 = content of file NetBSD entropy seed file
- */
-message entropy_via_download
-{Since not enough entropy is available on this system, all crytographic
-operations are suspect to replay attacks.
-Please only use trustworthy local networks.}
-
-message entropy_data
-{random data binary file}
-
-message entropy_data_hdr
-{On a system with cryptographically strong pseudo random number generator
-you can create a file with random binary data like this:}
-
-message entropy_seed
-{NetBSD entropy seed file}
-
-message entropy_seed_hdr
-{On a NetBSD system with cryptographically strong pseudo random number
-generator you can create an entropy snapshot like this:}
-
-message entropy_path_and_file
-{Path and filename}
-
-message entropy_localfs
-{Enter the unmounted local device and directory on that device where
-the random data is located.}
-
Index: util.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/sysinst/util.c,v
retrieving revision 1.56
diff -u -r1.56 util.c
--- util.c 10 Nov 2020 09:14:01 -0000 1.56
+++ util.c 13 Nov 2020 00:12:34 -0000
@@ -1158,8 +1158,6 @@
msg_display(MSG_entropy_enter_manual1);
msg_printf("\n\n");
msg_display_add(MSG_entropy_enter_manual2);
- msg_printf("\n\n dd if=/dev/random bs=32 count=16 | openssl base64\n\n");
- msg_display_add(MSG_entropy_enter_manual3);
msg_printf("\n\n");
SHA256_Init(&ctx);
line_no = 1;
@@ -1181,193 +1179,16 @@
}
/*
- * Get a file by some means and return a (potentially only
- * temporary valid) path to the local copy.
- * If mountpt is nonempty, the caller should unmount that
- * directory after processing the file.
- * Return success if the file is available, or failure if
- * the user cancelled the request or network transfer failed.
- */
-static bool
-entropy_get_file(bool use_netbsd_seed, char *path)
-{
- static struct ftpinfo server = { .user = "ftp" };
- char url[STRSIZE], tmpf[PATH_MAX], mountpt[PATH_MAX];
- const char *ftp_opt;
- arg_rv arg;
- int rv = 0;
- const char *file_desc = msg_string(use_netbsd_seed ?
- MSG_entropy_seed : MSG_entropy_data);
- char *dir;
-
- path[0] = 0;
- mountpt[0] = 0;
-
- sprintf(tmpf, "/tmp/entr.%06x", getpid());
-
- msg_display(use_netbsd_seed ?
- MSG_entropy_seed_hdr : MSG_entropy_data_hdr);
- msg_printf("\n\n %s\n\n",
- use_netbsd_seed ?
- "rndctl -S /tmp/entropy-file" :
- "dd if=/dev/random bs=32 count=1 of=/tmp/random.tmp");
- strcpy(entropy_file, use_netbsd_seed ?
- "entropy-file" : "random.tmp");
- process_menu(MENU_entropy_select_file, &rv);
- switch (rv) {
- case 1:
- case 2:
-#ifndef DEBUG
- if (!network_up)
- config_network();
-#endif
- server.xfer = rv == 1 ? XFER_HTTP : XFER_FTP;
- arg.arg = &server;
- arg.rv = -1;
- msg_display_add_subst(MSG_entropy_via_download, 1, file_desc);
- msg_printf("\n\n");
- process_menu(MENU_entropy_ftpsource, &arg);
- if (arg.rv == SET_RETRY)
- return false;
- make_url(url, &server, entropy_file);
- if (server.xfer == XFER_FTP &&
- strcmp("ftp", server.user) == 0 && server.pass[0] == 0) {
- /* do anon ftp */
- ftp_opt = "-a ";
- } else {
- ftp_opt = "";
- }
- rv = run_program(RUN_DISPLAY | RUN_PROGRESS,
- "/usr/bin/ftp %s -o %s %s",
- ftp_opt, tmpf, url);
- strcpy(path, tmpf);
- return rv == 0;
- case 3:
-#ifndef DEBUG
- if (!network_up)
- config_network();
-#endif
- rv = -1;
- msg_display_add_subst(MSG_entropy_via_nfs, 1, file_desc);
- msg_printf("\n\n");
- process_menu(MENU_entropy_nfssource, &rv);
- if (rv == SET_RETRY)
- return false;
- if (nfs_host[0] != 0 && nfs_dir[0] != 0 &&
- entropy_file[0] != 0) {
- strcpy(mountpt, "/tmp/ent-mnt.XXXXXX");
- dir = mkdtemp(mountpt);
- if (dir == NULL)
- return false;
- sprintf(path, "%s/%s", mountpt, entropy_file);
- if (run_program(RUN_SILENT,
- "mount -t nfs -r %s:/%s %s",
- nfs_host, nfs_dir, mountpt) == 0) {
- run_program(RUN_SILENT,
- "cp %s %s", path, tmpf);
- run_program(RUN_SILENT,
- "umount %s", mountpt);
- rmdir(mountpt);
- strcpy(path, tmpf);
- }
- }
- break;
- case 4:
- rv = -1;
- /* Get device, filesystem, and filepath */
- process_menu (MENU_entropy_localfs, &rv);
- if (rv == SET_RETRY)
- return false;
- if (localfs_dev[0] != 0 && localfs_fs[0] != 0 &&
- entropy_file[0] != 0) {
- strcpy(mountpt, "/tmp/ent-mnt.XXXXXX");
- dir = mkdtemp(mountpt);
- if (dir == NULL)
- return false;
- sprintf(path, "%s/%s", mountpt, entropy_file);
- if (run_program(RUN_SILENT,
- "mount -t %s -r /dev/%s %s",
- localfs_fs, localfs_dev, mountpt) == 0) {
- run_program(RUN_SILENT,
- "cp %s %s", path, tmpf);
- run_program(RUN_SILENT,
- "umount %s", mountpt);
- rmdir(mountpt);
- strcpy(path, tmpf);
- }
- }
- break;
- }
- return path[0] != 0;
-}
-
-static void
-entropy_add_bin_file(void)
-{
- char fname[PATH_MAX];
-
- if (!entropy_get_file(false, fname))
- return;
- if (access(fname, R_OK) == 0)
- run_program(RUN_SILENT, "dd if=%s of=" _PATH_RANDOM,
- fname);
-}
-
-static void
-entropy_add_seed(void)
-{
- char fname[PATH_MAX];
-
- if (!entropy_get_file(true, fname))
- return;
- if (access(fname, R_OK) == 0)
- run_program(RUN_SILENT, "rndctl -L %s", fname);
-}
-
-/*
* return true if we have enough entropy
*/
bool
do_check_entropy(void)
{
- int rv;
-
- if (entropy_needed() == 0)
- return true;
-
for (;;) {
if (entropy_needed() == 0)
return true;
- msg_clear();
- rv = 0;
- process_menu(MENU_not_enough_entropy, &rv);
- switch (rv) {
- case 0:
- return false;
- case 1:
- entropy_add_manual();
- break;
- case 2:
- entropy_add_seed();
- break;
- case 3:
- entropy_add_bin_file();
- break;
- default:
- /*
- * retry after small delay to give a new USB device
- * a chance to attach and do deliver some
- * entropy
- */
- msg_display(".");
- for (size_t i = 0; i < 10; i++) {
- if (entropy_needed() == 0)
- return true;
- sleep(1);
- msg_display_add(".");
- }
- }
+ entropy_add_manual();
}
}
#endif
Home |
Main Index |
Thread Index |
Old Index