Make default installations a bit more secure:
- push a bit harder for setup of a root password - simplify/clarify manual entropy setup - visit the entropy setup (on machines where it is needed) on the default path through sysinst
This commit is contained in:
parent
4a6459a8d1
commit
18183f70fd
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: configmenu.c,v 1.14 2021/10/09 09:06:28 martin Exp $ */
|
||||
/* $NetBSD: configmenu.c,v 1.15 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2012 The NetBSD Foundation, Inc.
|
||||
|
@ -291,6 +291,14 @@ add_new_user(struct menudesc *menu, void *arg)
|
|||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
root_pw_setup(void)
|
||||
{
|
||||
msg_display(MSG_force_rootpw);
|
||||
run_program(RUN_DISPLAY | RUN_PROGRESS | RUN_CHROOT | RUN_STDSCR,
|
||||
"passwd -l root");
|
||||
}
|
||||
|
||||
static int
|
||||
change_root_password(struct menudesc *menu, void *arg)
|
||||
{
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: defs.h,v 1.80 2022/02/10 16:11:41 martin Exp $ */
|
||||
/* $NetBSD: defs.h,v 1.81 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -108,6 +108,7 @@ const char *getfslabelname(uint, uint);
|
|||
#define RUN_PROGRESS 0x0080 /* Output is just progess test */
|
||||
#define RUN_NO_CLEAR 0x0100 /* Leave program output after error */
|
||||
#define RUN_XFER_DIR 0x0200 /* cd to xfer_dir in child */
|
||||
#define RUN_STDSCR 0x0400 /* run program in standard screen */
|
||||
|
||||
/* for bsddisklabel.c */
|
||||
enum layout_type {
|
||||
|
@ -1004,6 +1005,7 @@ void save_kb_encoding(void);
|
|||
|
||||
/* from configmenu.c */
|
||||
void do_configmenu(struct install_partition_desc*);
|
||||
void root_pw_setup(void);
|
||||
|
||||
/* from checkrc.c */
|
||||
int check_rcvar(const char *);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: install.c,v 1.22 2022/01/29 16:01:16 martin Exp $ */
|
||||
/* $NetBSD: install.c,v 1.23 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -233,6 +233,10 @@ do_install(void)
|
|||
if (md_post_extract(&install, false) != 0)
|
||||
goto error;
|
||||
|
||||
root_pw_setup();
|
||||
#if CHECK_ENTROPY
|
||||
do_add_entropy();
|
||||
#endif
|
||||
do_configmenu(&install);
|
||||
|
||||
sanity_check();
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.entropy.de,v 1.4 2021/10/11 17:23:28 rillig Exp $ */
|
||||
/* $NetBSD: msg.entropy.de,v 1.5 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2020 The NetBSD Foundation, Inc.
|
||||
|
@ -28,27 +28,29 @@
|
|||
|
||||
message Configure_entropy {Entropie konfigurieren}
|
||||
|
||||
message continue_without_entropy {Weiter ohne Entropie}
|
||||
message continue_without_entropy {Jetzt nicht - weiter!}
|
||||
|
||||
message not_enough_entropy
|
||||
{Dieses System scheint nicht über einen Pseudo-Zufallszahlengenerator
|
||||
zu verfügen. Für das Erzeugen von kryptografisch sicheren Schlüsseldateien
|
||||
(z.B. ssh host keys) ist nicht genug Entropie verfügbar.
|
||||
{Dieses System verfügt momentan nicht über genug Entropie um kryptografisch
|
||||
starke Zufallszahlen zu generieren.
|
||||
|
||||
Am einfachsten generieren Sie Zufallsdaten auf einem anderen Computer
|
||||
und laden sie in dieser Installation. Alternativ können Sie auch
|
||||
manuell Zufallsdaten eingeben.
|
||||
Falls Sie diese Installation produktiv verwenden möchten und z.B.
|
||||
ssh host keys generieren werden, empfehlen wir dringend die
|
||||
Entropie-Konfiguration zu vervollständigen!
|
||||
|
||||
Falls Sie einen USB-Zufallsgenerator besitzen, verbinden Sie diesen
|
||||
Sie können Zufallszahlen von einem anderen Computer verwenden oder
|
||||
manuell zufällige Zeichen eingeben.
|
||||
|
||||
Falls Sie einen USB-Zufallsgenerator haben, verbinden Sie diesen
|
||||
jetzt und wählen dann die Option "Erneut testen".}
|
||||
|
||||
message entropy_add_manually {Manuelle Zufallseingabe}
|
||||
message entropy_add_manually {Zufallsdaten manuell eingeben}
|
||||
message entropy_download_raw {Rohe binäre Zufallsdaten laden}
|
||||
message entropy_download_seed {NetBSD-Entropie-Datei laden}
|
||||
message entropy_retry {Erneut testen}
|
||||
|
||||
message entropy_enter_manual1
|
||||
{Geben Sie bitte mehrere Zeilen zufällige Zeichen ein,
|
||||
{Geben Sie bitte zufällige Zeichen ein,
|
||||
in denen genug Entropie enthalten sein sollte, die 256 Münzwürfen,
|
||||
100 Würfen mit einem sechsseitigen Würfel oder 64 zufälligen hexadezimalen
|
||||
Zeichen entspricht.}
|
||||
|
@ -60,11 +62,9 @@ folgenden Befehls (auf einem System, dessen Entropie Sie vertrauen)
|
|||
verwenden:}
|
||||
|
||||
message entropy_enter_manual3
|
||||
{Benutzen Sie nicht die gleiche Eingabe für mehrere Installationen.
|
||||
Beenden Sie die Eingabe mit einer leeren Zeile.}
|
||||
|
||||
message entropy_manual_not_enough
|
||||
{Sie haben nicht genug Zeichen eingegeben!}
|
||||
{Sie können eine Zeile mit beliebiger Länge eingeben. Wenn die
|
||||
Eingabe nicht mindestens 256 zufällige Bits enthält, ist
|
||||
das installierte System eventuell nicht sicher.}
|
||||
|
||||
message entropy_select_file
|
||||
{Wählen Sie, auf welche Art Sie die Zufallsdaten auf diesen Computer
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.entropy.en,v 1.3 2021/10/08 15:59:55 martin Exp $ */
|
||||
/* $NetBSD: msg.entropy.en,v 1.4 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2020 The NetBSD Foundation, Inc.
|
||||
|
@ -28,26 +28,30 @@
|
|||
|
||||
message Configure_entropy {Set up entropy}
|
||||
|
||||
message continue_without_entropy {Continue without entropy}
|
||||
message continue_without_entropy {Not now, continue!}
|
||||
|
||||
message not_enough_entropy
|
||||
{This system seems to lack a cryptographically strong pseudo random
|
||||
number generator. There is not enough entropy available to create secure
|
||||
keys (e.g. ssh host keys).
|
||||
|
||||
|
||||
If you plan to use this installation for production work and will
|
||||
for example have ssh host keys generated, we strongly advise to complete
|
||||
the entropy setup now!
|
||||
|
||||
You may use random data generated on another computer and load it
|
||||
here, or you could enter random characters manually.
|
||||
|
||||
If you own a USB random number device, connect it now and select
|
||||
If you have a USB random number device, connect it now and select
|
||||
the "Re-test" option.}
|
||||
|
||||
message entropy_add_manually {Manual input of random data}
|
||||
message entropy_add_manually {Manually input random characters}
|
||||
message entropy_download_raw {Load raw binary random data}
|
||||
message entropy_download_seed {Import a NetBSD entropy file}
|
||||
message entropy_retry {Re-test}
|
||||
|
||||
message entropy_enter_manual1
|
||||
{Enter random characters.}
|
||||
{Enter one line of random characters.}
|
||||
|
||||
message entropy_enter_manual2
|
||||
{They should contain at last 256 bits of randomness, as in 256 coin
|
||||
|
@ -57,11 +61,9 @@ installer) the output from running the following command on another
|
|||
machine whose randomness you trust:}
|
||||
|
||||
message entropy_enter_manual3
|
||||
{Do not use the same data for multiple installations.
|
||||
Terminate the input with an empty line.}
|
||||
|
||||
message entropy_manual_not_enough
|
||||
{You did not enter enough characters!}
|
||||
{A line of any length and content will be accepted and assumed to
|
||||
contain at least 256 bits of randomness. If it actually contains
|
||||
less, the installed system may not be secure.}
|
||||
|
||||
message entropy_select_file
|
||||
{Please select how you want to transfer the random data file
|
||||
|
@ -125,4 +127,3 @@ message entropy_path_and_file
|
|||
message entropy_localfs
|
||||
{Enter the unmounted local device and directory on that device where
|
||||
the random data is located.}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.entropy.es,v 1.4 2021/10/08 22:07:11 nia Exp $ */
|
||||
/* $NetBSD: msg.entropy.es,v 1.5 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2020 The NetBSD Foundation, Inc.
|
||||
|
@ -28,26 +28,30 @@
|
|||
|
||||
message Configure_entropy {Set up entropy}
|
||||
|
||||
message continue_without_entropy {Continue without entropy}
|
||||
message continue_without_entropy {Not now, continue!}
|
||||
|
||||
message not_enough_entropy
|
||||
{This system seems to lack a cryptographically strong pseudo random
|
||||
number generator. There is not enough entropy available to create secure
|
||||
keys (e.g. ssh host keys).
|
||||
|
||||
|
||||
If you plan to use this installation for production work and will
|
||||
for example have ssh host keys generated, we strongly advise to complete
|
||||
the entropy setup now!
|
||||
|
||||
You may use random data generated on another computer and load it
|
||||
here, or you could enter random characters manually.
|
||||
|
||||
If you own a USB random number device, connect it now and select
|
||||
If you have a USB random number device, connect it now and select
|
||||
the "Re-test" option.}
|
||||
|
||||
message entropy_add_manually {Manual input of random data}
|
||||
message entropy_add_manually {Manually input random characters}
|
||||
message entropy_download_raw {Load raw binary random data}
|
||||
message entropy_download_seed {Import a NetBSD entropy file}
|
||||
message entropy_retry {Re-test}
|
||||
|
||||
message entropy_enter_manual1
|
||||
{Enter random characters.}
|
||||
{Enter one line of random characters.}
|
||||
|
||||
message entropy_enter_manual2
|
||||
{They should contain at last 256 bits of randomness, as in 256 coin
|
||||
|
@ -57,11 +61,9 @@ installer) the output from running the following command on another
|
|||
machine whose randomness you trust:}
|
||||
|
||||
message entropy_enter_manual3
|
||||
{Do not use the same data for multiple installations.
|
||||
Terminate the input with an empty line.}
|
||||
|
||||
message entropy_manual_not_enough
|
||||
{You did not enter enough characters!}
|
||||
{A line of any length and content will be accepted and assumed to
|
||||
contain at least 256 bits of randomness. If it actually contains
|
||||
less, the installed system may not be secure.}
|
||||
|
||||
message entropy_select_file
|
||||
{Please select how you want to transfer the random data file
|
||||
|
@ -80,7 +82,7 @@ message entropy_add_nfs
|
|||
{Load from a NFS share}
|
||||
|
||||
message entropy_add_local
|
||||
{Laod from a local file system (e.g. a USB device)}
|
||||
{Load from a local file system (e.g. a USB device)}
|
||||
|
||||
message entropy_file
|
||||
{Path/file}
|
||||
|
@ -125,4 +127,3 @@ message entropy_path_and_file
|
|||
message entropy_localfs
|
||||
{Enter the unmounted local device and directory on that device where
|
||||
the random data is located.}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.entropy.fr,v 1.4 2021/10/08 22:07:11 nia Exp $ */
|
||||
/* $NetBSD: msg.entropy.fr,v 1.5 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2020 The NetBSD Foundation, Inc.
|
||||
|
@ -28,26 +28,30 @@
|
|||
|
||||
message Configure_entropy {Set up entropy}
|
||||
|
||||
message continue_without_entropy {Continue without entropy}
|
||||
message continue_without_entropy {Not now, continue!}
|
||||
|
||||
message not_enough_entropy
|
||||
{This system seems to lack a cryptographically strong pseudo random
|
||||
number generator. There is not enough entropy available to create secure
|
||||
keys (e.g. ssh host keys).
|
||||
|
||||
|
||||
If you plan to use this installation for production work and will
|
||||
for example have ssh host keys generated, we strongly advise to complete
|
||||
the entropy setup now!
|
||||
|
||||
You may use random data generated on another computer and load it
|
||||
here, or you could enter random characters manually.
|
||||
|
||||
If you own a USB random number device, connect it now and select
|
||||
If you have a USB random number device, connect it now and select
|
||||
the "Re-test" option.}
|
||||
|
||||
message entropy_add_manually {Manual input of random data}
|
||||
message entropy_add_manually {Manually input random characters}
|
||||
message entropy_download_raw {Load raw binary random data}
|
||||
message entropy_download_seed {Import a NetBSD entropy file}
|
||||
message entropy_retry {Re-test}
|
||||
|
||||
message entropy_enter_manual1
|
||||
{Enter random characters.}
|
||||
{Enter one line of random characters.}
|
||||
|
||||
message entropy_enter_manual2
|
||||
{They should contain at last 256 bits of randomness, as in 256 coin
|
||||
|
@ -57,11 +61,9 @@ installer) the output from running the following command on another
|
|||
machine whose randomness you trust:}
|
||||
|
||||
message entropy_enter_manual3
|
||||
{Do not use the same data for multiple installations.
|
||||
Terminate the input with an empty line.}
|
||||
|
||||
message entropy_manual_not_enough
|
||||
{You did not enter enough characters!}
|
||||
{A line of any length and content will be accepted and assumed to
|
||||
contain at least 256 bits of randomness. If it actually contains
|
||||
less, the installed system may not be secure.}
|
||||
|
||||
message entropy_select_file
|
||||
{Please select how you want to transfer the random data file
|
||||
|
@ -125,4 +127,3 @@ message entropy_path_and_file
|
|||
message entropy_localfs
|
||||
{Enter the unmounted local device and directory on that device where
|
||||
the random data is located.}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.entropy.pl,v 1.4 2021/10/08 22:07:11 nia Exp $ */
|
||||
/* $NetBSD: msg.entropy.pl,v 1.5 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2020 The NetBSD Foundation, Inc.
|
||||
|
@ -28,26 +28,30 @@
|
|||
|
||||
message Configure_entropy {Set up entropy}
|
||||
|
||||
message continue_without_entropy {Continue without entropy}
|
||||
message continue_without_entropy {Not now, continue!}
|
||||
|
||||
message not_enough_entropy
|
||||
{This system seems to lack a cryptographically strong pseudo random
|
||||
number generator. There is not enough entropy available to create secure
|
||||
keys (e.g. ssh host keys).
|
||||
|
||||
|
||||
If you plan to use this installation for production work and will
|
||||
for example have ssh host keys generated, we strongly advise to complete
|
||||
the entropy setup now!
|
||||
|
||||
You may use random data generated on another computer and load it
|
||||
here, or you could enter random characters manually.
|
||||
|
||||
If you own a USB random number device, connect it now and select
|
||||
If you have a USB random number device, connect it now and select
|
||||
the "Re-test" option.}
|
||||
|
||||
message entropy_add_manually {Manual input of random data}
|
||||
message entropy_add_manually {Manually input random characters}
|
||||
message entropy_download_raw {Load raw binary random data}
|
||||
message entropy_download_seed {Import a NetBSD entropy file}
|
||||
message entropy_retry {Re-test}
|
||||
|
||||
message entropy_enter_manual1
|
||||
{Enter random characters.}
|
||||
{Enter one line of random characters.}
|
||||
|
||||
message entropy_enter_manual2
|
||||
{They should contain at last 256 bits of randomness, as in 256 coin
|
||||
|
@ -57,11 +61,9 @@ installer) the output from running the following command on another
|
|||
machine whose randomness you trust:}
|
||||
|
||||
message entropy_enter_manual3
|
||||
{Do not use the same data for multiple installations.
|
||||
Terminate the input with an empty line.}
|
||||
|
||||
message entropy_manual_not_enough
|
||||
{You did not enter enough characters!}
|
||||
{A line of any length and content will be accepted and assumed to
|
||||
contain at least 256 bits of randomness. If it actually contains
|
||||
less, the installed system may not be secure.}
|
||||
|
||||
message entropy_select_file
|
||||
{Please select how you want to transfer the random data file
|
||||
|
@ -125,4 +127,3 @@ message entropy_path_and_file
|
|||
message entropy_localfs
|
||||
{Enter the unmounted local device and directory on that device where
|
||||
the random data is located.}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.mi.de,v 1.35 2022/01/10 12:17:48 nia Exp $ */
|
||||
/* $NetBSD: msg.mi.de,v 1.36 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -1034,6 +1034,13 @@ message rootpw
|
|||
{Das Rootpasswort für das neu installierte System wurde noch nicht gesetzt
|
||||
und ist somit leer. Möchten Sie jetzt ein Rootpasswort für das System setzen?}
|
||||
|
||||
message force_rootpw
|
||||
{Das Rootpasswort für das neu installierte System wurde noch nicht gesetzt.
|
||||
Geben Sie es jetzt ein.
|
||||
|
||||
Falls Sie kein Rootpasswort setzen möchten, geben Sie ein leeres
|
||||
Passwort ein.}
|
||||
|
||||
message rootsh
|
||||
{Sie können jetzt die Standardshell für Benutzer "root" auswählen.
|
||||
Die Vorgabe dafür ist /bin/sh, aber vielleicht bevorzugen Sie eine andere
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.mi.en,v 1.37 2022/01/10 12:17:48 nia Exp $ */
|
||||
/* $NetBSD: msg.mi.en,v 1.38 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -966,6 +966,12 @@ message rootpw
|
|||
{The root password of the newly installed system has not yet been initialized,
|
||||
and is thus empty. Do you want to set a root password for the system now?}
|
||||
|
||||
message force_rootpw
|
||||
{The root password of the newly installed system has not yet been
|
||||
initialized.
|
||||
|
||||
If you do not want to set a password, enter an empty line.}
|
||||
|
||||
message rootsh
|
||||
{You can now select which shell to use for the root user. The default is
|
||||
/bin/sh, but you may prefer another one.}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.mi.es,v 1.31 2022/01/10 12:17:48 nia Exp $ */
|
||||
/* $NetBSD: msg.mi.es,v 1.32 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -993,6 +993,12 @@ message rootpw
|
|||
y por tanto está vacía. ¿Quiere establecer ahora una contraseña de root para
|
||||
el sistema?}
|
||||
|
||||
message force_rootpw
|
||||
{The root password of the newly installed system has not yet been
|
||||
initialized.
|
||||
|
||||
If you do not want to set a password, enter an empty line.}
|
||||
|
||||
message rootsh
|
||||
{Ahora puede seleccionar que shell quiere usar para el usuario root. Por
|
||||
omisión es /bin/sh, pero podría preferir otra.}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.mi.fr,v 1.36 2022/01/10 12:17:48 nia Exp $ */
|
||||
/* $NetBSD: msg.mi.fr,v 1.37 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -1045,6 +1045,12 @@ Nous vous recommandons de sp
|
|||
Le souhaitez-vous ?
|
||||
}
|
||||
|
||||
message force_rootpw
|
||||
{The root password of the newly installed system has not yet been
|
||||
initialized.
|
||||
|
||||
If you do not want to set a password, enter an empty line.}
|
||||
|
||||
message rootsh
|
||||
{
|
||||
Spécifiez le shell par défaut qui sera utilisé par l'utilisateur "root".
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: msg.mi.pl,v 1.37 2022/01/10 12:17:48 nia Exp $ */
|
||||
/* $NetBSD: msg.mi.pl,v 1.38 2022/04/21 17:30:15 martin Exp $ */
|
||||
/* Based on english version: */
|
||||
/* NetBSD: msg.mi.pl,v 1.36 2004/04/17 18:55:35 atatat Exp */
|
||||
|
||||
|
@ -963,6 +963,12 @@ message rootpw
|
|||
{Haslo root'a w nowo zainstalowanym systemie nie zostalo jeszcze ustawione,
|
||||
i dlatego jest puste. Czy chcesz teraz ustawic haslo dla root'a?}
|
||||
|
||||
message force_rootpw
|
||||
{The root password of the newly installed system has not yet been
|
||||
initialized.
|
||||
|
||||
If you do not want to set a password, enter an empty line.}
|
||||
|
||||
message rootsh
|
||||
{Mozesz teraz wybrac, ktorej powloki ma uzywac uzytkownik root. Domyslnie
|
||||
jest to /bin/sh, ale moze preferujesz inna.}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: run.c,v 1.14 2021/08/03 13:34:04 martin Exp $ */
|
||||
/* $NetBSD: run.c,v 1.15 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -655,14 +655,19 @@ run_program(int flags, const char *cmd, ...)
|
|||
win.ws_col = 80;
|
||||
|
||||
if ((flags & RUN_DISPLAY) != 0) {
|
||||
if (flags & RUN_FULLSCREEN) {
|
||||
if (flags & RUN_STDSCR) {
|
||||
actionwin = stdscr;
|
||||
wmove(stdscr, msg_row()+2, 0);
|
||||
wrefresh(stdscr);
|
||||
} else if (flags & RUN_FULLSCREEN) {
|
||||
wclear(stdscr);
|
||||
clearok(stdscr, 1);
|
||||
touchwin(stdscr);
|
||||
refresh();
|
||||
actionwin = stdscr;
|
||||
} else
|
||||
} else {
|
||||
actionwin = show_cmd(scmd, &win);
|
||||
}
|
||||
} else
|
||||
win.ws_row -= 4;
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: upgrade.c,v 1.19 2022/01/29 16:01:16 martin Exp $ */
|
||||
/* $NetBSD: upgrade.c,v 1.20 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -125,6 +125,10 @@ do_upgrade(void)
|
|||
merge_X("/usr/X11R6");
|
||||
merge_X("/usr/X11R7");
|
||||
|
||||
#if CHECK_ENTROPY
|
||||
do_add_entropy();
|
||||
#endif
|
||||
|
||||
sanity_check();
|
||||
|
||||
free_install:
|
||||
|
@ -223,6 +227,10 @@ do_reinstall_sets()
|
|||
if (get_and_unpack_sets(0, NULL, MSG_unpackcomplete, MSG_abortunpack) != 0)
|
||||
goto free_install;
|
||||
|
||||
#if CHECK_ENTROPY
|
||||
do_add_entropy();
|
||||
#endif
|
||||
|
||||
sanity_check();
|
||||
|
||||
free_install:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: util.c,v 1.65 2022/04/14 15:48:31 martin Exp $ */
|
||||
/* $NetBSD: util.c,v 1.66 2022/04/21 17:30:15 martin Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 1997 Piermont Information Systems Inc.
|
||||
|
@ -1158,48 +1158,32 @@ entropy_add_manual(void)
|
|||
uint8_t digest[SHA256_DIGEST_LENGTH];
|
||||
static const char prompt[] = "> ";
|
||||
size_t l;
|
||||
int txt_y, maxy, init_y;
|
||||
bool ok = false;
|
||||
int txt_y;
|
||||
|
||||
msg_display(MSG_entropy_enter_manual1);
|
||||
msg_printf("\n\n");
|
||||
msg_display_add(MSG_entropy_enter_manual2);
|
||||
msg_printf("\n\n dd if=/dev/random bs=32 count=16 | openssl base64\n\n");
|
||||
msg_printf("\n\n dd if=/dev/random bs=32 count=1 | openssl base64\n\n");
|
||||
msg_display_add(MSG_entropy_enter_manual3);
|
||||
msg_printf("\n\n");
|
||||
SHA256_Init(&ctx);
|
||||
txt_y = getcury(mainwin);
|
||||
maxy = getmaxy(mainwin);
|
||||
init_y = txt_y;
|
||||
txt_y = getcury(mainwin)+1;
|
||||
|
||||
echo();
|
||||
do {
|
||||
txt_y++;
|
||||
if (txt_y >= maxy) {
|
||||
txt_y = init_y;
|
||||
wmove(mainwin, txt_y, 0);
|
||||
wclrtobot(mainwin);
|
||||
} else {
|
||||
wmove(mainwin, txt_y, 0);
|
||||
}
|
||||
msg_fmt_table_add(prompt, prompt);
|
||||
mvwgetnstr(mainwin, txt_y, 2, buf, sizeof buf);
|
||||
l = strlen(buf);
|
||||
if (l > 0)
|
||||
SHA256_Update(&ctx, (const uint8_t*)buf, l);
|
||||
} while(l > 0);
|
||||
wmove(mainwin, txt_y, 0);
|
||||
msg_fmt_table_add(prompt, prompt);
|
||||
mvwgetnstr(mainwin, txt_y, 2, buf, sizeof buf);
|
||||
l = strlen(buf);
|
||||
if (l > 0)
|
||||
SHA256_Update(&ctx, (const uint8_t*)buf, l);
|
||||
noecho();
|
||||
ok = ctx.bitcount >= 256;
|
||||
SHA256_Final(digest, &ctx);
|
||||
|
||||
wmove(mainwin, init_y, 0);
|
||||
wmove(mainwin, txt_y-1, 0);
|
||||
wclrtobot(mainwin);
|
||||
wrefresh(mainwin);
|
||||
|
||||
if (ok)
|
||||
entropy_write_to_kernel(digest, sizeof digest);
|
||||
else
|
||||
hit_enter_to_continue(NULL, MSG_entropy_manual_not_enough);
|
||||
entropy_write_to_kernel(digest, sizeof digest);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue