Add (experimental) entropy input support:

Early during new installs or after upgrades we check if entropy is
available. If not (no hardware random number generator available)
we inform the user and ask them to fix it.
This commit is contained in:
martin 2020-11-04 14:29:40 +00:00
parent b1a049293e
commit 043e812b52
24 changed files with 1146 additions and 85 deletions

View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile.inc,v 1.36 2020/10/30 18:47:38 martin Exp $
# $NetBSD: Makefile.inc,v 1.37 2020/11/04 14:29:40 martin Exp $
#
# Makefile for sysinst
@ -47,6 +47,11 @@ SRCS+= mbr.c
CPPFLAGS+= -DNO_CLONES
.endif
.if ${CHECK_ENTROPY:Uyes} != "no"
MENUS_MI+= menus.entropy
CPPFLAGS+= -DCHECK_ENTROPY=1
.endif
MSG_MD?= msg.md.${SYSINSTLANG}
MENUS_MD?= menus.md.${SYSINSTLANG}
@ -197,7 +202,11 @@ msgtouch: ${DISTRIBVERDEP}
touch ${.TARGET}
.if !defined(NOPARTMAN)
MSG_MD+= msg.pm.${SYSINSTLANG}
MSG_MD+= msg.pm.${SYSINSTLANG}
.endif
.if ${CHECK_ENTROPY:Uyes} != "no"
MSG_MD+= msg.entropy.${SYSINSTLANG}
.endif
msg.def: msg.mi.${SYSINSTLANG} ${MSG_MD} msgtouch

View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.4 2019/06/12 06:20:18 martin Exp $
# $NetBSD: Makefile,v 1.5 2020/11/04 14:29:40 martin Exp $
#
# Makefile for atari
#
@ -9,6 +9,7 @@ LANGUAGES= en de
CPPFLAGS+= -DSUPPORT_8_3_SOURCE_FILESYSTEM
.ifdef SMALLPROG
CHECK_ENTROPY= no # do not check entropy/offer adding
NOPARTMAN= yes
NO_GPT= yes
.endif

View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.3 2019/11/13 18:58:09 martin Exp $
# $NetBSD: Makefile,v 1.4 2020/11/04 14:29:40 martin Exp $
#
# Makefile for ews4800mips
#
@ -6,6 +6,7 @@
LANGUAGES= # no translations
.ifdef SMALLPROG
CHECK_ENTROPY= no # do not check entropy/offer adding
NOPARTMAN= yes
NO_GPT= yes
NO_MBR= yes

View File

@ -1,4 +1,4 @@
/* $NetBSD: defs.h,v 1.68 2020/10/30 18:47:38 martin Exp $ */
/* $NetBSD: defs.h,v 1.69 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -41,6 +41,7 @@
#include <sys/queue.h>
#include <sys/types.h>
#include <sys/disk.h>
#include <limits.h>
#include <uuid.h>
const char *getfslabelname(uint, uint);
@ -604,6 +605,7 @@ extern struct ftpinfo ftp, pkg, pkgsrc;
extern int (*fetch_fn)(const char *);
extern char nfs_host[STRSIZE];
extern char nfs_dir[STRSIZE];
extern char entropy_file[PATH_MAX];
extern char cdrom_dev[SSTRSIZE]; /* Typically "cd0a" */
extern char fd_dev[SSTRSIZE]; /* Typically "/dev/fd0a" */
@ -888,6 +890,7 @@ bool install_desc_from_parts(struct install_partition_desc *,
struct disk_partitions*);
void free_install_desc(struct install_partition_desc*);
bool may_swap_if_not_sdmmc(const char*);
bool do_check_entropy(void);
/* from target.c */
#if defined(DEBUG) || defined(DEBUG_ROOT)

View File

@ -1,4 +1,4 @@
/* $NetBSD: install.c,v 1.19 2020/10/14 13:20:27 martin Exp $ */
/* $NetBSD: install.c,v 1.20 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -168,6 +168,13 @@ do_install(void)
return;
#endif
#ifdef CHECK_ENTROPY
if (!do_check_entropy()) {
hit_enter_to_continue(MSG_abort_installation, NULL);
return;
}
#endif
memset(&install, 0, sizeof install);
/* Create and mount partitions */

View File

@ -0,0 +1,131 @@
/* $NetBSD: menus.entropy,v 1.1 2020/11/04 14:29:40 martin Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by David Laight.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* Menu system definitions -- entropy setup */
/* arg is an int*, returning a magic value for the selected menu option */
menu not_enough_entropy, title MSG_not_enough_entropy, y=-1, no box, clear,
exit, exitstring MSG_abort_installation;
option MSG_entropy_add_manually, exit,
action { *((int*)arg) = 1; };
option MSG_entropy_download_seed, exit,
action { *((int*)arg) = 2; };
option MSG_entropy_download_raw, exit,
action { *((int*)arg) = 3; };
option MSG_entropy_retry, exit,
action { *((int*)arg) = 4; };
/* arg is an int*, returning a magic value for the selected menu option */
menu entropy_select_file, title MSG_entropy_select_file, y=-5, box,
exit, exitstring MSG_cancel;
option MSG_entropy_add_download_http, exit,
action { *((int*)arg) = 1; };
option MSG_entropy_add_download_ftp, exit,
action { *((int*)arg) = 2; };
option MSG_entropy_add_nfs, exit,
action { *((int*)arg) = 3; };
option MSG_entropy_add_local, exit,
action { *((int*)arg) = 4; };
/* arg is an int*, set to SET_RETRY when the menu is aborted */
menu entropy_nfssource, y=-5, x=0, w=70, no box, no clear,
exitstring MSG_load_entropy;
option {src_legend(menu, MSG_Host, nfs_host);},
action { src_prompt(MSG_Host, nfs_host, sizeof nfs_host); };
option {src_legend(menu, MSG_Base_dir, nfs_dir);},
action { src_prompt(MSG_Base_dir, nfs_dir, sizeof nfs_dir); };
option {src_legend(menu, MSG_entropy_file, entropy_file);},
action { src_prompt(MSG_set_entropy_file, entropy_file, sizeof entropy_file); };
option MSG_cancel, exit,
action { *((int*)arg) = SET_RETRY; };
/* arg is an arg_rv*, pointing to a struct ftpinfo and a return value */
menu entropy_ftpsource, y=-4, x=0, w=70, no box, no clear,
exitstring MSG_download_entropy;
option {src_legend(menu, MSG_Host,
((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer_host[
((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer]);},
action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
src_prompt(MSG_Host, fpi->xfer_host[fpi->xfer],
sizeof fpi->xfer_host[fpi->xfer]); };
option {src_legend(menu, MSG_entropy_path_and_file, entropy_file);},
action { src_prompt(MSG_entropy_path_and_file,
entropy_file, sizeof entropy_file); };
option {src_legend(menu, MSG_User,
((struct ftpinfo*)((arg_rv*)arg)->arg)->user);},
action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
src_prompt(MSG_User, fpi->user, sizeof fpi->user);
fpi->pass[0] = 0;
};
option {src_legend(menu, MSG_Password,
strcmp(((struct ftpinfo*)((arg_rv*)arg)->arg)->user,
"ftp") == 0 ||
((struct ftpinfo*)((arg_rv*)arg)->arg)->pass[0] == 0
? ((struct ftpinfo*)((arg_rv*)arg)->arg)->pass
: msg_string(MSG_hidden));},
action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
if (strcmp(fpi->user, "ftp") == 0)
src_prompt(MSG_email, fpi->pass, sizeof fpi->pass);
else {
msg_prompt_noecho(MSG_Password, "",
fpi->pass, sizeof fpi->pass);
}
};
option {src_legend(menu, MSG_Proxy,
((struct ftpinfo*)((arg_rv*)arg)->arg)->proxy);},
action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg;
src_prompt(MSG_Proxy, fpi->proxy, sizeof fpi->proxy);
if (strcmp(fpi->proxy, "") == 0) {
unsetenv("ftp_proxy");
unsetenv("http_proxy");
} else {
setenv("ftp_proxy", fpi->proxy, 1);
setenv("http_proxy", fpi->proxy, 1);
}
};
option MSG_cancel, exit, action { ((arg_rv*)arg)->rv = SET_RETRY; };
/* arg is an int*, set to SET_RETRY when the menu is aborted */
menu entropy_localfs, y=-4, x=0, w=70, no box, no clear,
exitstring MSG_load_entropy;
display action { msg_display(MSG_entropy_localfs); };
option {src_legend(menu, MSG_Device, localfs_dev);},
action { src_prompt(MSG_dev, localfs_dev, sizeof localfs_dev);};
option {src_legend(menu, MSG_File_system, localfs_fs);},
action { src_prompt(MSG_filesys, localfs_fs, sizeof localfs_fs); };
option {src_legend(menu, MSG_entropy_path_and_file, entropy_file);},
action { src_prompt(MSG_entropy_path_and_file, entropy_file, sizeof entropy_file);};
option MSG_cancel, exit, action { *((int*)arg) = SET_RETRY; };

View File

@ -1,4 +1,4 @@
/* $NetBSD: menus.mi,v 1.23 2020/10/27 15:28:01 martin Exp $ */
/* $NetBSD: menus.mi,v 1.24 2020/11/04 14:29:40 martin Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -661,5 +661,3 @@ menu reedit, title MSG_reeditpart, y=-10;
action {((arg_rep_int*)arg)->rv = 2;};
option MSG_abort_installation, exit,
action {((arg_rep_int*)arg)->rv = 0;};

View File

@ -0,0 +1,128 @@
/* $NetBSD: msg.entropy.de,v 1.1 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 2018 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY PIERMONT INFORMATION SYSTEMS INC. ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL PIERMONT INFORMATION SYSTEMS INC. BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*
*/
message not_enough_entropy
{Dieses System scheint nicht über einen Pseudo-Zufallszahlengenerator
zu verfügen. Für das Erzeugen von kryptografisch sicheren Schlüsseldateien
(z.B. ssh host keys) ist nicht genug Entropie verfügbar.
Am einfachsten generieren Sie Zufallsdaten auf einem anderen Computer
und laden sie in dieser Installation. Alternativ können Sie auch
manuell Zufallsdaten eingeben.
Falls Sie einen USB Zufallsgenerator besitzen, verbinden Sie diesen
jetzt und wählen dann die Option "Erneut testen".}
message entropy_add_manually {Manuelle Zufallseingabe}
message entropy_download_raw {Zufallsdaten laden}
message entropy_download_seed {NetBSD Entropie-Datei laden}
message entropy_retry {Erneut testen}
message entropy_enter_manual1
{Geben Sie bitte mehrere Zeilen zufällige Zeichen ein,
in denen genug Entropie enthalten sein sollte, die 256 Münzwürfen,
100 Würfen mit einem sechsseitigen Würfel oder 64 zufälligen hexadezimalen
Zeichen entspricht.}
message entropy_enter_manual2
{Falls Sie Daten von einem anderen System per Kopieren & Einfügen in dieses
Installationsprogramm übertragen können, können Sie die Ausgabe des
folgenden Kommandos (auf einem System dessen Entropie Sie vertrauen)
verwenden:}
message entropy_enter_manual3
{Benutzen Sie nicht die gleiche Eingabe für mehrere Installationen.
Beenden Sie die Eingabe mit einer leeren Zeile.}
message entropy_manual_not_enough
{Sie haben nicht genug Zeichen eingegeben!}
message entropy_select_file
{Wählen Sie auf welche Art Sie die Zufallsdaten auf diesen Computer
übertragen wollen:}
message entropy_add_download_ftp
{Download per ftp}
message entropy_add_download_http
{Download per http}
message entropy_add_nfs
{Von einer NFS Freigabe laden}
message download_entropy
{Download starten}
message entropy_add_local
{Von einem lokalen Dateisystem laden (z.B. USB)}
message entropy_file
{Pfad/Datei}
message load_entropy
{Zufallsdatei laden}
message set_entropy_file
{Pfad der Zuffalsdatei}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_nfs
{Wählen Sie Server, Freigabe und Dateipfad von dem die $0 geladen werden kann.}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_download
{Da derzeit auf diesem System nicht genug Entropie vorhanden ist, sind alle
kryptographischen Operation durch replay-Attacken angreifbar.
Verwenden Sie nur lokale vertrauenswürdige Netzwerke.}
message entropy_data
{Binärdatei mit Zuffallsdaten}
message entropy_data_hdr
{Auf einem System mit kryptographisch starkem Zufallszahlengenerator
können Sie zufällige Binärdaten z.B. so erzeugen:}
message entropy_seed
{NetBSD entropy Datei}
message entropy_seed_hdr
{Auf einem NetBSD System mit kryptographisch starkem Zufallszahlengenerator
können Sie einen Entropie-Schnappschuss folgendermaßen erstellen:}
message entropy_path_and_file
{Pfad und Dateiname}
message entropy_localfs
{Geben Sie das noch nicht gemountete lokale Gerät und dessen entsprechendes
Verzeichnis an, in dem die Zufallsdatei zu finden ist.}

View File

@ -0,0 +1,125 @@
/* $NetBSD: msg.entropy.en,v 1.1 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 2018 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY PIERMONT INFORMATION SYSTEMS INC. ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL PIERMONT INFORMATION SYSTEMS INC. BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*
*/
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
keys (e.g. ssh host keys).
You may use random data generated on another computer and load it
here, or you could enter random characters manually.
If you own a USB random number device, connect it now and select
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
message entropy_download_raw {Load random data}
message entropy_download_seed {Import a NetBSD entropy file}
message entropy_retry {Re-test}
message entropy_enter_manual1
{Enter random characters.}
message entropy_enter_manual2
{They should contain at last 256 bits of randomness, as in 256 coin
tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
(if you are able to copy & paste output from another machine into this
installer) the output from running the following command on another
machine whose randomness you trust:}
message entropy_enter_manual3
{Do not use the same data for multiple installations.
Terminate the input with an empty line.}
message entropy_manual_not_enough
{You did not enter enough characters!}
message entropy_select_file
{Please select how you want to transfer the random data file
to this machine:}
message entropy_add_download_ftp
{Download via ftp}
message entropy_add_download_http
{Download via http}
message download_entropy
{Start download}
message entropy_add_nfs
{Load from a NFS share}
message entropy_add_local
{Load from a local file system (e.g. a USB device)}
message entropy_file
{Path/file}
message load_entropy
{Load random data}
message set_entropy_file
{Random data file path}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_nfs
{Select a server, a share and the file path to load the $0.}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_download
{Since not enough entropy is available on this system, all crytographic
operations are suspect to replay attacks.
Please only use trustworthy local networks.}
message entropy_data
{random data binary file}
message entropy_data_hdr
{On a system with cryptographically strong pseudo random number generator
you can create a file with random binary data like this:}
message entropy_seed
{NetBSD entropy seed file}
message entropy_seed_hdr
{On a NetBSD system with cryptographically strong pseudo random number
generator you can create an entropy snapshot like this:}
message entropy_path_and_file
{Path and filename}
message entropy_localfs
{Enter the unmounted local device and directory on that device where
the random data is located.}

View File

@ -0,0 +1,125 @@
/* $NetBSD: msg.entropy.es,v 1.1 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 2018 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY PIERMONT INFORMATION SYSTEMS INC. ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL PIERMONT INFORMATION SYSTEMS INC. BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*
*/
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
keys (e.g. ssh host keys).
You may use random data generated on another computer and load it
here, or you could enter random characters manually.
If you own a USB random number device, connect it now and select
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
message entropy_download_raw {Load random data}
message entropy_download_seed {Import a NetBSD entropy file}
message entropy_retry {Re-test}
message entropy_enter_manual1
{Enter random characters.}
message entropy_enter_manual2
{They should contain at last 256 bits of randomness, as in 256 coin
tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
(if you are able to copy & paste output from another machine into this
installer) the output from running the following command on another
machine whose randomness you trust:}
message entropy_enter_manual3
{Do not use the same data for multiple installations.
Terminate the input with an empty line.}
message entropy_manual_not_enough
{You did not enter enough characters!}
message entropy_select_file
{Please select how you want to transfer the random data file
to this machine:}
message entropy_add_download_ftp
{Download via ftp}
message entropy_add_download_http
{Download via http}
message download_entropy
{Start download}
message entropy_add_nfs
{Load from a NFS share}
message entropy_add_local
{Laod from a local file system (e.g. a USB device)}
message entropy_file
{Path/file}
message load_entropy
{Load random data}
message set_entropy_file
{Random data file path}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_nfs
{Select a server, a share and the file path to load the $0.}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_download
{Since not enough entropy is available on this system, all crytographic
operations are suspect to replay attacks.
Please only use trustworthy local networks.}
message entropy_data
{random data binary file}
message entropy_data_hdr
{On a system with cryptographically strong pseudo random number generator
you can create a file with random binary data like this:}
message entropy_seed
{NetBSD entropy seed file}
message entropy_seed_hdr
{On a NetBSD system with cryptographically strong pseudo random number
generator you can create an entropy snapshot like this:}
message entropy_path_and_file
{Path and filename}
message entropy_localfs
{Enter the unmounted local device and directory on that device where
the random data is located.}

View File

@ -0,0 +1,125 @@
/* $NetBSD: msg.entropy.fr,v 1.1 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 2018 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY PIERMONT INFORMATION SYSTEMS INC. ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL PIERMONT INFORMATION SYSTEMS INC. BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*
*/
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
keys (e.g. ssh host keys).
You may use random data generated on another computer and load it
here, or you could enter random characters manually.
If you own a USB random number device, connect it now and select
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
message entropy_download_raw {Load random data}
message entropy_download_seed {Import a NetBSD entropy file}
message entropy_retry {Re-test}
message entropy_enter_manual1
{Enter random characters.}
message entropy_enter_manual2
{They should contain at last 256 bits of randomness, as in 256 coin
tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
(if you are able to copy & paste output from another machine into this
installer) the output from running the following command on another
machine whose randomness you trust:}
message entropy_enter_manual3
{Do not use the same data for multiple installations.
Terminate the input with an empty line.}
message entropy_manual_not_enough
{You did not enter enough characters!}
message entropy_select_file
{Please select how you want to transfer the random data file
to this machine:}
message entropy_add_download_ftp
{Download via ftp}
message entropy_add_download_http
{Download via http}
message download_entropy
{Start download}
message entropy_add_nfs
{Load from a NFS share}
message entropy_add_local
{Load from a local file system (e.g. a USB device)}
message entropy_file
{Path/file}
message load_entropy
{Load random data}
message set_entropy_file
{Random data file path}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_nfs
{Select a server, a share and the file path to load the $0.}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_download
{Since not enough entropy is available on this system, all crytographic
operations are suspect to replay attacks.
Please only use trustworthy local networks.}
message entropy_data
{random data binary file}
message entropy_data_hdr
{On a system with cryptographically strong pseudo random number generator
you can create a file with random binary data like this:}
message entropy_seed
{NetBSD entropy seed file}
message entropy_seed_hdr
{On a NetBSD system with cryptographically strong pseudo random number
generator you can create an entropy snapshot like this:}
message entropy_path_and_file
{Path and filename}
message entropy_localfs
{Enter the unmounted local device and directory on that device where
the random data is located.}

View File

@ -0,0 +1,125 @@
/* $NetBSD: msg.entropy.pl,v 1.1 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 2018 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY PIERMONT INFORMATION SYSTEMS INC. ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL PIERMONT INFORMATION SYSTEMS INC. BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*
*/
message not_enough_entropy
{This system seems to lack a cryptographically strong pseudo random
number generator. There is not enough entropy available to create secure
keys (e.g. ssh host keys).
You may use random data generated on another computer and load it
here, or you could enter random characters manually.
If you own a USB random number device, connect it now and select
the "Re-test" option.}
message entropy_add_manually {Manual input of random data}
message entropy_download_raw {Load random data}
message entropy_download_seed {Import a NetBSD entropy file}
message entropy_retry {Re-test}
message entropy_enter_manual1
{Enter random characters.}
message entropy_enter_manual2
{They should contain at last 256 bits of randomness, as in 256 coin
tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or
(if you are able to copy & paste output from another machine into this
installer) the output from running the following command on another
machine whose randomness you trust:}
message entropy_enter_manual3
{Do not use the same data for multiple installations.
Terminate the input with an empty line.}
message entropy_manual_not_enough
{You did not enter enough characters!}
message entropy_select_file
{Please select how you want to transfer the random data file
to this machine:}
message entropy_add_download_ftp
{Download via ftp}
message entropy_add_download_http
{Download via http}
message download_entropy
{Start download}
message entropy_add_nfs
{Load from a NFS share}
message entropy_add_local
{Load from a local file system (e.g. a USB device)}
message entropy_file
{Path/file}
message load_entropy
{Load random data}
message set_entropy_file
{Random data file path}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_nfs
{Select a server, a share and the file path to load the $0.}
/* Called with: Example
* $0 = content of file NetBSD entropy seed file
*/
message entropy_via_download
{Since not enough entropy is available on this system, all crytographic
operations are suspect to replay attacks.
Please only use trustworthy local networks.}
message entropy_data
{random data binary file}
message entropy_data_hdr
{On a system with cryptographically strong pseudo random number generator
you can create a file with random binary data like this:}
message entropy_seed
{NetBSD entropy seed file}
message entropy_seed_hdr
{On a NetBSD system with cryptographically strong pseudo random number
generator you can create an entropy snapshot like this:}
message entropy_path_and_file
{Path and filename}
message entropy_localfs
{Enter the unmounted local device and directory on that device where
the random data is located.}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.mi.de,v 1.26 2020/10/27 15:28:01 martin Exp $ */
/* $NetBSD: msg.mi.de,v 1.27 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -1247,21 +1247,10 @@ message pkgin_failed
{Die Installation von pkgin ist fehlgeschlagen, evtl. weil keine Binärpakete
vorhanden sind. Bitte den Pfad der Pakete überprüfen und noch einmal versuchen.}
message failed {Fehlgeschlagen}
message notsupported {Operation wird nicht unterstützt!}
message askfsmountadv {Mountpoint oder 'raid' oder 'cgd' oder 'lvm'?}
message partman {Erweiterte Partitionierung}
message edit_parts {Partitionen bearbeiten}
message editpart {Partitionen bearbeiten}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Als RAID Komponente formatieren}
message fmtaslvm {Als LVM-PV formatieren}
message encrypt {Verschlüsseln (CGD)}
message setbootable {Boot-Flag}
message erase {Safe Erase}
message undo {Rückgängigmachen von Änderungen}
message unconfig {Dekonfigurieren}
message edit {Bearbeiten}
message doumount {Force-umount}
message fremove {ENTFERNEN}
message remove {Entfernen}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.mi.en,v 1.34 2020/10/27 15:28:01 martin Exp $ */
/* $NetBSD: msg.mi.en,v 1.35 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -1176,21 +1176,9 @@ message pkgin_failed
exist. Please check the package path and try again.}
message failed {Failed}
message notsupported {Operation not supported!}
message askfsmountadv {Mountpoint (or 'raid', 'cgd', 'lvm')?}
message partman {Extended partitioning}
message edit_parts {Edit partitions}
message editpart {Edit partitions}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Format as RAID}
message fmtaslvm {Format as LVM PV}
message encrypt {Encrypt (CGD)}
message setbootable {Bootable flag}
message erase {Safe erase}
message undo {Undo changes}
message unconfig {Unconfigure}
message edit {Edit}
message doumount {Force umount}
message fremove {REMOVE}
message remove {Remove}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.mi.es,v 1.28 2020/10/27 15:28:01 martin Exp $ */
/* $NetBSD: msg.mi.es,v 1.29 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -1227,21 +1227,9 @@ paquetes binarios. Por favor verifique el camino a los paquetes y
reinténtelo de nuevo.}
message failed {Error}
message notsupported {Operación no admitida!}
message askfsmountadv {Punto de montaje o 'raid' o 'CGD' o 'lvm'?}
message partman {Partición extendida}
message edit_parts {Editar particiones}
message editpart {Editar particiones}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Formato como RAID}
message fmtaslvm {Formato como LVM PV}
message encrypt {Cifrar (CGD)}
message setbootable {La bandera de arranque}
message erase {Borrado seguro}
message undo {Deshacer los cambios}
message unconfig {Desconfigurar}
message edit {Editar}
message doumount {Fuerza umount}
message fremove {QUITAR}
message remove {Quitar}
@ -1535,4 +1523,3 @@ message clone_target_hdr
message clone_target_disp {cloned partition(s)}
message clone_src_done
{Source selection OK, proceed to target selection}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.mi.fr,v 1.33 2020/10/27 15:28:01 martin Exp $ */
/* $NetBSD: msg.mi.fr,v 1.34 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -1266,21 +1266,9 @@ n'existe pas. V
message failed {Échoué}
message notsupported {Le fonctionnement n'est pas pris en charge!}
message askfsmountadv {Point de montage ou de 'raid' ou 'cgd' ou 'lvm'?}
message partman {Partitionnement étendu}
message edit_parts {Modifier les partitions}
message editpart {Modifier les partitions}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Format en RAID}
message fmtaslvm {Format de LVM PV}
message encrypt {Crypter (CGD)}
message setbootable {Drapeau d'amorçage}
message erase {Fonction d'effacement sécurisé}
message undo {Annuler les changements}
message unconfig {Annulation de la configuration}
message edit {Éditer}
message doumount {Groupe umount}
message fremove {ENLEVER}
message remove {Supprimer}
@ -1566,4 +1554,3 @@ message clone_target_hdr
message clone_target_disp {cloned partition(s)}
message clone_src_done
{Source selection OK, proceed to target selection}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.mi.pl,v 1.34 2020/10/27 15:28:01 martin Exp $ */
/* $NetBSD: msg.mi.pl,v 1.35 2020/11/04 14:29:40 martin Exp $ */
/* Based on english version: */
/* NetBSD: msg.mi.pl,v 1.36 2004/04/17 18:55:35 atatat Exp */
@ -1176,21 +1176,9 @@ pakietow binarnych.
Sprawdz sciezke pakietow i sprobuj ponownie.}
message failed {Nie powiodlo sie}
message notsupported {Operacja nie jest obslugiwana!}
message askfsmountadv {Punkt montowania (lub "raid", "cgd" albo "lvm")?}
message partman {Partycje rozszerzone}
message edit_parts {Edytuj partycje}
message editpart {Edytuj partycje}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Formatuj jako RAID}
message fmtaslvm {Formatuj jak LVM PV}
message encrypt {Szyfrowanie (CGD)}
message setbootable {Rozruchowy}
message erase {Bezpieczne kasowanie}
message undo {Cofanie zmian}
message unconfig {Cofnij konfiguracje}
message edit {Edytuj}
message doumount {Wymus odmontowanie}
message fremove {USUN}
message remove {Usun}
@ -1472,4 +1460,3 @@ message clone_target_hdr
message clone_target_disp {cloned partition(s)}
message clone_src_done
{Source selection OK, proceed to target selection}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.pm.de,v 1.2 2020/01/09 13:22:30 martin Exp $ */
/* $NetBSD: msg.pm.de,v 1.3 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -151,3 +151,17 @@ message lvmlv_mirrors_ask {Spiegel?}
message lvmlv_regsiz_ask {MirrorLogRegionSize?}
message lvmlv_readahsect_ask {ReadAheadSectors?}
message lvmlv_stripes_ask {Stripes?}
message notsupported {Operation wird nicht unterstützt!}
message edit_parts {Partitionen bearbeiten}
message encrypt {Verschlüsseln (CGD)}
message erase {Safe Erase}
message undo {Rückgängigmachen von Änderungen}
message unconfig {Dekonfigurieren}
message edit {Bearbeiten}
message doumount {Force-umount}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Als RAID Komponente formatieren}
message fmtaslvm {Als LVM-PV formatieren}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.pm.en,v 1.2 2020/01/09 13:22:30 martin Exp $ */
/* $NetBSD: msg.pm.en,v 1.3 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -153,3 +153,16 @@ message lvmlv_regsiz_ask {MirrorLogRegionSize?}
message lvmlv_readahsect_ask {ReadAheadSectors?}
message lvmlv_stripes_ask {Stripes?}
message notsupported {Operation not supported!}
message edit_parts {Edit partitions}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Format as RAID}
message fmtaslvm {Format as LVM PV}
message encrypt {Encrypt (CGD)}
message setbootable {Bootable flag}
message erase {Safe erase}
message undo {Undo changes}
message unconfig {Unconfigure}
message edit {Edit}
message doumount {Force umount}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.pm.es,v 1.2 2020/01/09 13:22:30 martin Exp $ */
/* $NetBSD: msg.pm.es,v 1.3 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -152,3 +152,16 @@ message lvmlv_regsiz_ask {MirrorLogRegionSize?}
message lvmlv_readahsect_ask {ReadAheadSectors?}
message lvmlv_stripes_ask {Rayas?}
message notsupported {Operación no admitida!}
message edit_parts {Editar particiones}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Formato como RAID}
message fmtaslvm {Formato como LVM PV}
message encrypt {Cifrar (CGD)}
message setbootable {La bandera de arranque}
message erase {Borrado seguro}
message undo {Deshacer los cambios}
message unconfig {Desconfigurar}
message edit {Editar}
message doumount {Fuerza umount}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.pm.fr,v 1.2 2020/01/09 13:22:30 martin Exp $ */
/* $NetBSD: msg.pm.fr,v 1.3 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -152,3 +152,16 @@ message lvmlv_regsiz_ask {MirrorLogRegionSize?}
message lvmlv_readahsect_ask {ReadAheadSectors?}
message lvmlv_stripes_ask {Stripes?}
message notsupported {Le fonctionnement n'est pas pris en charge!}
message edit_parts {Modifier les partitions}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Format en RAID}
message fmtaslvm {Format de LVM PV}
message encrypt {Crypter (CGD)}
message setbootable {Drapeau d'amorçage}
message erase {Fonction d'effacement sécurisé}
message undo {Annuler les changements}
message unconfig {Annulation de la configuration}
message edit {Éditer}
message doumount {Groupe umount}

View File

@ -1,4 +1,4 @@
/* $NetBSD: msg.pm.pl,v 1.2 2020/01/09 13:22:30 martin Exp $ */
/* $NetBSD: msg.pm.pl,v 1.3 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -152,3 +152,16 @@ message lvmlv_regsiz_ask {MirrorLogRegionSize?}
message lvmlv_readahsect_ask {ReadAheadSectors?}
message lvmlv_stripes_ask {Stripes?}
message notsupported {Operacja nie jest obslugiwana!}
message edit_parts {Edytuj partycje}
message switch_parts {Switch partitioning scheme}
message fmtasraid {Formatuj jako RAID}
message fmtaslvm {Formatuj jak LVM PV}
message encrypt {Szyfrowanie (CGD)}
message setbootable {Rozruchowy}
message erase {Bezpieczne kasowanie}
message undo {Cofanie zmian}
message unconfig {Cofnij konfiguracje}
message edit {Edytuj}
message doumount {Wymus odmontowanie}

View File

@ -1,4 +1,4 @@
/* $NetBSD: upgrade.c,v 1.16 2020/02/06 19:50:04 martin Exp $ */
/* $NetBSD: upgrade.c,v 1.17 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -104,7 +104,6 @@ do_upgrade(void)
#endif
/* Do any md updating of the file systems ... e.g. bootblocks,
copy file systems ... */
/* XXX pass install here too */
if (!md_update(&install))
goto free_install;

View File

@ -1,4 +1,4 @@
/* $NetBSD: util.c,v 1.53 2020/10/30 18:47:38 martin Exp $ */
/* $NetBSD: util.c,v 1.54 2020/11/04 14:29:40 martin Exp $ */
/*
* Copyright 1997 Piermont Information Systems Inc.
@ -62,6 +62,10 @@
#ifdef MD_MAY_SWAP_TO
#include <sys/drvctlio.h>
#endif
#ifdef CHECK_ENTROPY
#include <sha2.h>
#include <paths.h>
#endif
#define MAX_CD_DEVS 256 /* how many cd drives do we expect to attach */
#define ISO_BLKSIZE ISO_DEFAULT_BLOCK_SIZE
@ -1107,6 +1111,271 @@ get_set_distinfo(int opt)
return NULL;
}
#ifdef CHECK_ENTROPY
char entropy_file[PATH_MAX];
/*
* Are we short of entropy?
*/
static size_t
entropy_needed(void)
{
int needed;
size_t len;
len = sizeof(needed);
if (sysctlbyname("kern.entropy.needed", &needed, &len, NULL, 0))
return 0;
if (needed < 0)
return 0;
return needed;
}
static void
entropy_write_to_kernel(const uint8_t *data, size_t len)
{
int fd;
fd = open(_PATH_RANDOM, O_RDWR, 0);
if (fd >= 0) {
write(fd, data, len);
close(fd);
}
}
static void
entropy_add_manual(void)
{
SHA256_CTX ctx;
char buf[256], line[25];
size_t line_no, l;
uint8_t digest[SHA256_DIGEST_LENGTH];
bool ok = false;
msg_display(MSG_entropy_enter_manual1);
msg_printf("\n\n");
msg_display_add(MSG_entropy_enter_manual2);
msg_printf("\n\n dd if=/dev/random bs=32 count=16 | openssl base64\n\n");
msg_display_add(MSG_entropy_enter_manual3);
msg_printf("\n\n");
SHA256_Init(&ctx);
line_no = 1;
do {
sprintf(line, "%zu", line_no);
msg_prompt_win(line, -1, 15, 0, 0, "", buf, sizeof(buf));
l = strlen(buf);
if (l > 0)
SHA256_Update(&ctx, (const uint8_t*)buf, l);
line_no++;
} while(buf[0] != 0);
ok = ctx.bitcount >= 256;
SHA256_Final(digest, &ctx);
if (ok)
entropy_write_to_kernel(digest, sizeof digest);
else
hit_enter_to_continue(NULL, MSG_entropy_manual_not_enough);
}
/*
* Get a file by some means and return a (potentioally only
* temporary valid) path to the local copy.
* If mountpt is non empty, the caller should unmount that
* directory after processing the file.
* Return success if the file is available, or failure if
* the user canelled the request or network transfer failed.
*/
static bool
entropy_get_file(bool use_netbsd_seed, char *path)
{
static struct ftpinfo server = { .user = "ftp" };
char url[STRSIZE], tmpf[PATH_MAX], mountpt[PATH_MAX], *fn;
const char *ftp_opt;
arg_rv arg;
int rv = 0;
const char *file_desc = msg_string(use_netbsd_seed ?
MSG_entropy_seed : MSG_entropy_data);
char *dir;
path[0] = 0;
mountpt[0] = 0;
strcpy(tmpf, "/tmp/entr.XXXXXX");
fn = mktemp(tmpf);
if (fn == NULL)
return false;
msg_display(use_netbsd_seed ?
MSG_entropy_seed_hdr : MSG_entropy_data_hdr);
msg_printf("\n\n %s\n\n",
use_netbsd_seed ?
"rndctl -S /tmp/entropy-file" :
"dd if=/dev/random bs=32 count=1 of=/tmp/random.tmp");
strcpy(entropy_file, use_netbsd_seed ?
"entropy-file" : "random.tmp");
process_menu(MENU_entropy_select_file, &rv);
switch (rv) {
case 1:
case 2:
#ifndef DEBUG
if (!network_up)
config_network();
#endif
server.xfer = rv == 1 ? XFER_HTTP : XFER_FTP;
arg.arg = &server;
arg.rv = -1;
msg_display_add_subst(MSG_entropy_via_download, 1, file_desc);
msg_printf("\n\n");
process_menu(MENU_entropy_ftpsource, &arg);
if (arg.rv == SET_RETRY)
return false;
make_url(url, &server, entropy_file);
if (server.xfer == XFER_FTP &&
strcmp("ftp", server.user) == 0 && server.pass[0] == 0) {
/* do anon ftp */
ftp_opt = "-a ";
} else {
ftp_opt = "";
}
rv = run_program(RUN_DISPLAY | RUN_PROGRESS,
"/usr/bin/ftp %s -o %s %s",
ftp_opt, fn, url);
strcpy(path, fn);
return rv == 0;
case 3:
#ifndef DEBUG
if (!network_up)
config_network();
#endif
rv = -1;
msg_display_add_subst(MSG_entropy_via_nfs, 1, file_desc);
msg_printf("\n\n");
process_menu(MENU_entropy_nfssource, &rv);
if (rv == SET_RETRY)
return false;
if (nfs_host[0] != 0 && nfs_dir[0] != 0 &&
entropy_file[0] != 0) {
strcpy(mountpt, "/tmp/ent-mnt.XXXXXX");
dir = mkdtemp(mountpt);
if (dir == NULL)
return false;
sprintf(path, "%s/%s", mountpt, entropy_file);
if (run_program(RUN_SILENT,
"mount -t nfs -r %s:/%s %s",
nfs_host, nfs_dir, mountpt) == 0) {
run_program(RUN_SILENT,
"cp %s %s", path, fn);
run_program(RUN_SILENT,
"umount %s", mountpt);
rmdir(mountpt);
strcpy(path, fn);
}
}
break;
case 4:
rv = -1;
/* Get device, filesystem, and filepath */
process_menu (MENU_entropy_localfs, &rv);
if (rv == SET_RETRY)
return false;
if (localfs_dev[0] != 0 && localfs_fs[0] != 0 &&
entropy_file[0] != 0) {
strcpy(mountpt, "/tmp/ent-mnt.XXXXXX");
dir = mkdtemp(mountpt);
if (dir == NULL)
return false;
sprintf(path, "%s/%s", mountpt, entropy_file);
if (run_program(RUN_SILENT,
"mount -t %s -r /dev/%s %s",
localfs_fs, localfs_dev, mountpt) == 0) {
run_program(RUN_SILENT,
"cp %s %s", path, fn);
run_program(RUN_SILENT,
"umount %s", mountpt);
rmdir(mountpt);
strcpy(path, fn);
}
}
break;
}
return path[0] != 0;
}
static void
entropy_add_bin_file(void)
{
char fname[PATH_MAX];
if (!entropy_get_file(false, fname))
return;
if (access(fname, R_OK) == 0)
run_program(RUN_SILENT, "dd if=%s of=" _PATH_RANDOM,
fname);
}
static void
entropy_add_seed(void)
{
char fname[PATH_MAX];
if (!entropy_get_file(true, fname))
return;
if (access(fname, R_OK) == 0)
run_program(RUN_SILENT, "rndctl -L %s", fname);
}
/*
* return true if we have enough entropy
*/
bool
do_check_entropy(void)
{
int rv;
if (entropy_needed() == 0)
return true;
for (;;) {
if (entropy_needed() == 0)
return true;
msg_clear();
rv = 0;
process_menu(MENU_not_enough_entropy, &rv);
switch (rv) {
case 0:
return false;
case 1:
entropy_add_manual();
break;
case 2:
entropy_add_seed();
break;
case 3:
entropy_add_bin_file();
break;
default:
/*
* retry after small delay to give a new USB device
* a chance to attach and do deliver some
* entropy
*/
msg_display(".");
for (size_t i = 0; i < 10; i++) {
if (entropy_needed() == 0)
return true;
sleep(1);
msg_display_add(".");
}
}
}
}
#endif
/*
* Get and unpack the distribution.
@ -1246,7 +1515,14 @@ get_and_unpack_sets(int update, msg setupdone_msg, msg success_msg, msg failure_
if (set_status[SET_BASE] & SET_INSTALLED)
run_makedev();
if (!update) {
if (update) {
#ifdef CHECK_ENTROPY
if (!do_check_entropy()) {
hit_enter_to_continue(NULL, MSG_abortupgr);
return 1;
}
#endif
} else {
struct stat sb1, sb2;
if (stat(target_expand("/"), &sb1) == 0
@ -1280,6 +1556,10 @@ get_and_unpack_sets(int update, msg setupdone_msg, msg success_msg, msg failure_
/* Mounted dist dir? */
umount_mnt2();
#ifdef CHECK_ENTROPY
entropy_loaded |= entropy_needed() == 0;
#endif
/* Save entropy -- on some systems it's ~all we'll ever get */
if (!update || entropy_loaded)
run_program(RUN_SILENT | RUN_CHROOT | RUN_ERROR_OK,