Page MenuHomeFreeBSD
Files F150648416

D2924.id6496.diff
No OneTemporary
Actions

D2924.id6496.diff
View Options

Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf
+++ etc/defaults/rc.conf
@@ -630,15 +630,16 @@
# in the system booting with securelevel set to 1, as
# init(8) will raise the level when rc(8) completes.
update_motd="YES" # update version info in /etc/motd (or NO)
-entropy_file="/entropy" # Set to NO to disable caching entropy through reboots.
+entropy_boot_file="/boot/entropy" # Set to NO to disable very early
+ # (used at early boot time) entropy caching through reboots.
+entropy_file="/entropy" # Set to NO to disable late (used when going multi-user)
+ # entropy through reboots.
# /var/db/entropy-file is preferred if / is not avail.
entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
entropy_save_sz="4096" # Size of the entropy cache files.
entropy_save_num="8" # Number of entropy cache files to save.
-harvest_interrupt="YES" # Entropy device harvests interrupt randomness
-harvest_ethernet="YES" # Entropy device harvests ethernet randomness
-harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness
-harvest_swi="YES" # Entropy device harvests internal SWI randomness
+harvest_mask="511" # Entropy device harvests all but the very invasive sources.
+ # (See 'sysctl kern.random.harvest' and random(4))
dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot
watchdogd_enable="NO" # Start the software watchdog daemon
watchdogd_flags="" # Flags to watchdogd (if enabled)
Index: etc/rc.d/random
===================================================================
--- etc/rc.d/random
+++ etc/rc.d/random
@@ -41,6 +41,13 @@
random_start()
{
+
+ if [ ${harvest_mask} -gt 0 ]; then
+ echo -n 'Setting up harvesting:'
+ ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
+ ${SYSCTL_N} sysctl -n kern.random.harvest.mask_symbolic
+ fi
+
echo -n 'Feeding entropy:'
if [ ! -w /dev/random ] ; then
@@ -68,6 +75,14 @@
;;
esac
+ case ${entropy_boot_file:=/boot/entropy} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ save_dev_random "${entropy_boot_file}"
+ ;;
+ esac
+
echo '.'
}
@@ -100,7 +115,33 @@
;;
*)
dd if=/dev/random of=${entropy_file_confirmed} \
- bs=4096 count=1 2> /dev/null
+ bs=4096 count=1 2> /dev/null ||
+ warn 'write failed (unwriteable file or full fs?)'
+ echo '.'
+ ;;
+ esac
+ umask ${oumask}
+ ;;
+ esac
+ case ${entropy_boot_file:=/boot/entropy} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ echo -n 'Writing early boot entropy file:'
+ rm -f ${entropy_boot_file} 2> /dev/null
+ oumask=`umask`
+ umask 077
+ if touch ${entropy_boot_file} 2> /dev/null; then
+ entropy_boot_file_confirmed="${entropy_boot_file}"
+ fi
+ case ${entropy_boot_file_confirmed} in
+ '')
+ warn 'write failed (read-only fs?)'
+ ;;
+ *)
+ dd if=/dev/random of=${entropy_boot_file_confirmed} \
+ bs=4096 count=1 2> /dev/null ||
+ warn 'write failed (unwriteable file or full fs?)'
echo '.'
;;
esac
Index: share/man/man5/rc.conf.5
===================================================================
--- share/man/man5/rc.conf.5
+++ share/man/man5/rc.conf.5
@@ -3995,27 +3995,11 @@
.Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
.El
.\" -----------------------------------------------------
-.It Va harvest_interrupt
-.Pq Vt bool
-Set to
-.Dq Li YES
-to use hardware interrupts as an entropy source.
-Refer to
-.Xr random 4
-for more information.
-.It Va harvest_ethernet
-.Pq Vt bool
-Set to
-.Dq Li YES
-to use LAN traffic as an entropy source.
-Refer to
-.Xr random 4
-for more information.
-.It Va harvest_p_to_p
-.Pq Vt bool
-Set to
-.Dq Li YES
-to use serial line traffic as an entropy source.
+.It Va harvest_mask
+.Pq Vt int
+Set to a bit-mask
+representing the entropy sources
+you wish to harvest.
Refer to
.Xr random 4
for more information.
@@ -4025,17 +4009,52 @@
.Dq Li NO
to disable caching entropy via
.Xr cron 8 .
-Otherwise set to the directory used to store entropy files in.
+Otherwise set to the directory
+in which the entropy files are stored.
+To be useful,
+there must be
+a system cron job
+that regularly writes and rotates
+files here.
+All files found
+will be used at boot time.
+The default is
+.Pa /var/db/entropy .
.It Va entropy_file
.Pq Vt str
Set to
.Dq Li NO
to disable caching entropy through reboots.
-Otherwise set to the filename used to store cached entropy through
-reboots.
-This file should be located on the root file system to seed the
-.Xr random 4
-device as early as possible in the boot process.
+Otherwise set to the name
+of a file used to store cached entropy.
+This file should be located
+on a file system that is readable
+before all the volumes specified in
+.Xr fstab 5
+are mounted.
+By default,
+.Pa /entropy
+is used,
+but if
+.Pa /var/db/entropy-file
+is found it will also be used.
+This will be of some use to
+.Xr bsdinstall 8 .
+.It Va entropy_boot_file
+.Pq Vt str
+Set to
+.Dq Li NO
+to disable
+very early caching entropy
+through reboots.
+Otherwise set to the filename
+used to read
+very early reboot cached entropy.
+This file should be located where
+.Xr loader 8
+can read it.
+The default location is
+.Pa /boot/entropy .
.It Va entropy_save_sz
.Pq Vt int
Size of the entropy cache files saved by

File Metadata

Mime Type
text/plain
Expires
Sat, Apr 4, 2:16 AM (8 h, 55 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30792523
Default Alt Text
D2924.id6496.diff (5 KB)

Event Timeline