Re: cprng sysctl: WARNING pseudorandom rekeying.

[Iain Hibbert <plunky%rya-online.net@localhost>]

On Wed, 14 Nov 2012, Iain Hibbert wrote:

> On Mon, 12 Nov 2012, Iain Hibbert wrote:
>
> > On Fri, 9 Nov 2012, Thor Lancelot Simon wrote:
> >
> > > On Sat, Nov 10, 2012 at 12:39:59AM +0700, Robert Elz wrote:
> > > >
> > > > How?
> > > >
> > > > And if that's something that is supposed to be enabled, why does the
> > > > default install not just enable it?
> > >
> > > Did you install by upgrading?  If so, I think what you've run into is
> > > that your boot loader configuration has the old default entries (or
> > > whatever changes you made to them) and not the new defaults.
> >
> > I tried updating the "boot.cfg" bootloader configuration file as you
> > suggested, but the system fails to boot as the rndseed command is unknown;
> > what else is required to be updated, is it the on-disk bootblocks or just
> > the second stage /boot object?
>
> So, I updated the second stage /boot file, changed my boot.cfg to include
> the rndseed command as found in src/etc/etc.i386/boot.cfg
>
>    menu=Boot normally:rndseed /root/entropy-file;boot netbsd
>
> and changed my /etc/rc.conf to use the random_file as above
>
>    random_file=/root/entropy-file
>
> I verified that this works ("stop" creates the file, "start" removes it)
>
> and rebooted, but it still produces warning messages (the "sysctl" one
> during dev_mkdb, and the "kernel" one during fetchmail)
>
> ..so what is not working?

my kernel is based on MONOLITHIC, so "no options MODULAR" is present..
this means, I think, that because the random seed loader is
piggybacked into the module system then although the bootloader loads the
random seed file just fine, it never gets processed..

I note though, that the /etc/rc.d/random_seed file still says

  Loaded entropy from disk.

during the boot process (it shows up in /var/run/rc.log, and the entropy
file is removed) so I wonder why I still get warning messages?

regards,
iain