Make default installations a bit more secure:

- push a bit harder for setup of a root password
 - simplify/clarify manual entropy setup
 - visit the entropy setup (on machines where it is needed) on the
   default path through sysinst

usr.sbin/sysinst/configmenu.c

@@ -1,4 +1,4 @@
-/* $NetBSD: configmenu.c,v 1.14 2021/10/09 09:06:28 martin Exp $ */
+/* $NetBSD: configmenu.c,v 1.15 2022/04/21 17:30:15 martin Exp $ */
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -291,6 +291,14 @@ add_new_user(struct menudesc *menu, void *arg)
 	return 0;
 }
 
+void
+root_pw_setup(void)
+{
+	msg_display(MSG_force_rootpw);
+	run_program(RUN_DISPLAY | RUN_PROGRESS | RUN_CHROOT | RUN_STDSCR,
+	    "passwd -l root");
+}
+
 static int
 change_root_password(struct menudesc *menu, void *arg)
 {

usr.sbin/sysinst/defs.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: defs.h,v 1.80 2022/02/10 16:11:41 martin Exp $	*/
+/*	$NetBSD: defs.h,v 1.81 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -108,6 +108,7 @@ const char *getfslabelname(uint, uint);
 #define RUN_PROGRESS	0x0080		/* Output is just progess test */
 #define RUN_NO_CLEAR	0x0100		/* Leave program output after error */
 #define RUN_XFER_DIR	0x0200		/* cd to xfer_dir in child */
+#define	RUN_STDSCR	0x0400		/* run program in standard screen */
 
 /* for bsddisklabel.c */
 enum layout_type {
@@ -1004,6 +1005,7 @@ void	save_kb_encoding(void);
 
 /* from configmenu.c */
 void	do_configmenu(struct install_partition_desc*);
+void	root_pw_setup(void);
 
 /* from checkrc.c */
 int	check_rcvar(const char *);

usr.sbin/sysinst/install.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: install.c,v 1.22 2022/01/29 16:01:16 martin Exp $	*/
+/*	$NetBSD: install.c,v 1.23 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -233,6 +233,10 @@ do_install(void)
 	if (md_post_extract(&install, false) != 0)
 		goto error;
 
+	root_pw_setup();
+#if CHECK_ENTROPY
+	do_add_entropy();
+#endif
 	do_configmenu(&install);
 
 	sanity_check();

usr.sbin/sysinst/msg.entropy.de

@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.de,v 1.4 2021/10/11 17:23:28 rillig Exp $  */
+/*      $NetBSD: msg.entropy.de,v 1.5 2022/04/21 17:30:15 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -28,27 +28,29 @@
 
 message Configure_entropy	{Entropie konfigurieren}
 
-message continue_without_entropy	{Weiter ohne Entropie}
+message continue_without_entropy	{Jetzt nicht - weiter!}
 
 message not_enough_entropy
-{Dieses System scheint nicht über einen Pseudo-Zufallszahlengenerator
-zu verfügen. Für das Erzeugen von kryptografisch sicheren Schlüsseldateien
-(z.B. ssh host keys) ist nicht genug Entropie verfügbar. 
+{Dieses System verfügt momentan nicht über genug Entropie um kryptografisch
+starke Zufallszahlen zu generieren. 
  
-Am einfachsten generieren Sie Zufallsdaten auf einem anderen Computer
-und laden sie in dieser Installation. Alternativ können Sie auch
-manuell Zufallsdaten eingeben. 
+Falls Sie diese Installation produktiv verwenden möchten und z.B.
+ssh host keys generieren werden, empfehlen wir dringend die
+Entropie-Konfiguration zu vervollständigen! 
  
-Falls Sie einen USB-Zufallsgenerator besitzen, verbinden Sie diesen
+Sie können Zufallszahlen von einem anderen Computer verwenden oder
+manuell zufällige Zeichen eingeben. 
+ 
+Falls Sie einen USB-Zufallsgenerator haben, verbinden Sie diesen
 jetzt und wählen dann die Option "Erneut testen".}
 
-message entropy_add_manually		{Manuelle Zufallseingabe}
+message entropy_add_manually		{Zufallsdaten manuell eingeben}
 message entropy_download_raw		{Rohe binäre Zufallsdaten laden}
 message	entropy_download_seed		{NetBSD-Entropie-Datei laden}
 message entropy_retry			{Erneut testen}
 
 message entropy_enter_manual1
-{Geben Sie bitte mehrere Zeilen zufällige Zeichen ein,
+{Geben Sie bitte zufällige Zeichen ein,
 in denen genug Entropie enthalten sein sollte, die 256 Münzwürfen,
 100 Würfen mit einem sechsseitigen Würfel oder 64 zufälligen hexadezimalen
 Zeichen entspricht.}
@@ -60,11 +62,9 @@ folgenden Befehls (auf einem System, dessen Entropie Sie vertrauen)
 verwenden:}
 
 message entropy_enter_manual3
-{Benutzen Sie nicht die gleiche Eingabe für mehrere Installationen. 
-Beenden Sie die Eingabe mit einer leeren Zeile.}
-
-message entropy_manual_not_enough
-{Sie haben nicht genug Zeichen eingegeben!}
+{Sie können eine Zeile mit beliebiger Länge eingeben. Wenn die
+Eingabe nicht mindestens 256 zufällige Bits enthält, ist
+das installierte System eventuell nicht sicher.}
 
 message entropy_select_file
 {Wählen Sie, auf welche Art Sie die Zufallsdaten auf diesen Computer

usr.sbin/sysinst/msg.entropy.en

@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.en,v 1.3 2021/10/08 15:59:55 martin Exp $  */
+/*      $NetBSD: msg.entropy.en,v 1.4 2022/04/21 17:30:15 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -28,26 +28,30 @@
 
 message Configure_entropy	{Set up entropy}
 
-message continue_without_entropy	{Continue without entropy}
+message continue_without_entropy	{Not now, continue!}
 
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
 keys (e.g. ssh host keys). 
-
+ 
+If you plan to use this installation for production work and will
+for example have ssh host keys generated, we strongly advise to complete
+the entropy setup now! 
+ 
 You may use random data generated on another computer and load it
 here, or you could enter random characters manually. 
  
-If you own a USB random number device, connect it now and select
+If you have a USB random number device, connect it now and select
 the "Re-test" option.}
 
-message entropy_add_manually		{Manual input of random data}
+message entropy_add_manually		{Manually input random characters}
 message entropy_download_raw		{Load raw binary random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 
 message entropy_enter_manual1
-{Enter random characters.}
+{Enter one line of random characters.}
 
 message entropy_enter_manual2
 {They should contain at last 256 bits of randomness, as in 256 coin
@@ -57,11 +61,9 @@ installer) the output from running the following command on another
 machine whose randomness you trust:}
 
 message entropy_enter_manual3
-{Do not use the same data for multiple installations. 
-Terminate the input with an empty line.}
-
-message entropy_manual_not_enough
-{You did not enter enough characters!}
+{A line of any length and content will be accepted and assumed to
+contain at least 256 bits of randomness.  If it actually contains
+less, the installed system may not be secure.}
 
 message entropy_select_file
 {Please select how you want to transfer the random data file
@@ -125,4 +127,3 @@ message entropy_path_and_file
 message entropy_localfs
 {Enter the unmounted local device and directory on that device where
 the random data is located.}
-

usr.sbin/sysinst/msg.entropy.es

@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.es,v 1.4 2021/10/08 22:07:11 nia Exp $  */
+/*      $NetBSD: msg.entropy.es,v 1.5 2022/04/21 17:30:15 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -28,26 +28,30 @@
 
 message Configure_entropy	{Set up entropy}
 
-message continue_without_entropy	{Continue without entropy}
+message continue_without_entropy	{Not now, continue!}
 
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
 keys (e.g. ssh host keys). 
-
+ 
+If you plan to use this installation for production work and will
+for example have ssh host keys generated, we strongly advise to complete
+the entropy setup now! 
+ 
 You may use random data generated on another computer and load it
 here, or you could enter random characters manually. 
  
-If you own a USB random number device, connect it now and select
+If you have a USB random number device, connect it now and select
 the "Re-test" option.}
 
-message entropy_add_manually		{Manual input of random data}
+message entropy_add_manually		{Manually input random characters}
 message entropy_download_raw		{Load raw binary random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 
 message entropy_enter_manual1
-{Enter random characters.}
+{Enter one line of random characters.}
 
 message entropy_enter_manual2
 {They should contain at last 256 bits of randomness, as in 256 coin
@@ -57,11 +61,9 @@ installer) the output from running the following command on another
 machine whose randomness you trust:}
 
 message entropy_enter_manual3
-{Do not use the same data for multiple installations. 
-Terminate the input with an empty line.}
-
-message entropy_manual_not_enough
-{You did not enter enough characters!}
+{A line of any length and content will be accepted and assumed to
+contain at least 256 bits of randomness.  If it actually contains
+less, the installed system may not be secure.}
 
 message entropy_select_file
 {Please select how you want to transfer the random data file
@@ -80,7 +82,7 @@ message entropy_add_nfs
 {Load from a NFS share}
 
 message entropy_add_local
-{Laod from a local file system (e.g. a USB device)}
+{Load from a local file system (e.g. a USB device)}
 
 message entropy_file
 {Path/file}
@@ -125,4 +127,3 @@ message entropy_path_and_file
 message entropy_localfs
 {Enter the unmounted local device and directory on that device where
 the random data is located.}
-

usr.sbin/sysinst/msg.entropy.fr

@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.fr,v 1.4 2021/10/08 22:07:11 nia Exp $  */
+/*      $NetBSD: msg.entropy.fr,v 1.5 2022/04/21 17:30:15 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -28,26 +28,30 @@
 
 message Configure_entropy	{Set up entropy}
 
-message continue_without_entropy	{Continue without entropy}
+message continue_without_entropy	{Not now, continue!}
 
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
 keys (e.g. ssh host keys). 
-
+ 
+If you plan to use this installation for production work and will
+for example have ssh host keys generated, we strongly advise to complete
+the entropy setup now! 
+ 
 You may use random data generated on another computer and load it
 here, or you could enter random characters manually. 
  
-If you own a USB random number device, connect it now and select
+If you have a USB random number device, connect it now and select
 the "Re-test" option.}
 
-message entropy_add_manually		{Manual input of random data}
+message entropy_add_manually		{Manually input random characters}
 message entropy_download_raw		{Load raw binary random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 
 message entropy_enter_manual1
-{Enter random characters.}
+{Enter one line of random characters.}
 
 message entropy_enter_manual2
 {They should contain at last 256 bits of randomness, as in 256 coin
@@ -57,11 +61,9 @@ installer) the output from running the following command on another
 machine whose randomness you trust:}
 
 message entropy_enter_manual3
-{Do not use the same data for multiple installations. 
-Terminate the input with an empty line.}
-
-message entropy_manual_not_enough
-{You did not enter enough characters!}
+{A line of any length and content will be accepted and assumed to
+contain at least 256 bits of randomness.  If it actually contains
+less, the installed system may not be secure.}
 
 message entropy_select_file
 {Please select how you want to transfer the random data file
@@ -125,4 +127,3 @@ message entropy_path_and_file
 message entropy_localfs
 {Enter the unmounted local device and directory on that device where
 the random data is located.}
-

usr.sbin/sysinst/msg.entropy.pl

@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.pl,v 1.4 2021/10/08 22:07:11 nia Exp $  */
+/*      $NetBSD: msg.entropy.pl,v 1.5 2022/04/21 17:30:15 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -28,26 +28,30 @@
 
 message Configure_entropy	{Set up entropy}
 
-message continue_without_entropy	{Continue without entropy}
+message continue_without_entropy	{Not now, continue!}
 
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
 keys (e.g. ssh host keys). 
-
+ 
+If you plan to use this installation for production work and will
+for example have ssh host keys generated, we strongly advise to complete
+the entropy setup now! 
+ 
 You may use random data generated on another computer and load it
 here, or you could enter random characters manually. 
  
-If you own a USB random number device, connect it now and select
+If you have a USB random number device, connect it now and select
 the "Re-test" option.}
 
-message entropy_add_manually		{Manual input of random data}
+message entropy_add_manually		{Manually input random characters}
 message entropy_download_raw		{Load raw binary random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 
 message entropy_enter_manual1
-{Enter random characters.}
+{Enter one line of random characters.}
 
 message entropy_enter_manual2
 {They should contain at last 256 bits of randomness, as in 256 coin
@@ -57,11 +61,9 @@ installer) the output from running the following command on another
 machine whose randomness you trust:}
 
 message entropy_enter_manual3
-{Do not use the same data for multiple installations. 
-Terminate the input with an empty line.}
-
-message entropy_manual_not_enough
-{You did not enter enough characters!}
+{A line of any length and content will be accepted and assumed to
+contain at least 256 bits of randomness.  If it actually contains
+less, the installed system may not be secure.}
 
 message entropy_select_file
 {Please select how you want to transfer the random data file
@@ -125,4 +127,3 @@ message entropy_path_and_file
 message entropy_localfs
 {Enter the unmounted local device and directory on that device where
 the random data is located.}
-

usr.sbin/sysinst/msg.mi.de

@@ -1,4 +1,4 @@
-/*	$NetBSD: msg.mi.de,v 1.35 2022/01/10 12:17:48 nia Exp $	*/
+/*	$NetBSD: msg.mi.de,v 1.36 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -1034,6 +1034,13 @@ message rootpw
 {Das Rootpasswort für das neu installierte System wurde noch nicht gesetzt
 und ist somit leer. Möchten Sie jetzt ein Rootpasswort für das System setzen?}
 
+message force_rootpw
+{Das Rootpasswort für das neu installierte System wurde noch nicht gesetzt.
+Geben Sie es jetzt ein. 
+ 
+Falls Sie kein Rootpasswort setzen möchten, geben Sie ein leeres
+Passwort ein.}
+
 message rootsh
 {Sie können jetzt die Standardshell für Benutzer "root" auswählen.
 Die Vorgabe dafür ist /bin/sh, aber vielleicht bevorzugen Sie eine andere

usr.sbin/sysinst/msg.mi.en

@@ -1,4 +1,4 @@
-/*	$NetBSD: msg.mi.en,v 1.37 2022/01/10 12:17:48 nia Exp $	*/
+/*	$NetBSD: msg.mi.en,v 1.38 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -966,6 +966,12 @@ message rootpw
 {The root password of the newly installed system has not yet been initialized,
 and is thus empty.  Do you want to set a root password for the system now?}
 
+message force_rootpw
+{The root password of the newly installed system has not yet been
+initialized. 
+ 
+If you do not want to set a password, enter an empty line.}
+
 message rootsh
 {You can now select which shell to use for the root user.  The default is
 /bin/sh, but you may prefer another one.}

usr.sbin/sysinst/msg.mi.es

@@ -1,4 +1,4 @@
-/*	$NetBSD: msg.mi.es,v 1.31 2022/01/10 12:17:48 nia Exp $	*/
+/*	$NetBSD: msg.mi.es,v 1.32 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -993,6 +993,12 @@ message rootpw
 y por tanto está vacía.  ¿Quiere establecer ahora una contraseña de root para
 el sistema?}
 
+message force_rootpw
+{The root password of the newly installed system has not yet been
+initialized. 
+ 
+If you do not want to set a password, enter an empty line.}
+
 message rootsh
 {Ahora puede seleccionar que shell quiere usar para el usuario root.  Por
 omisión es /bin/sh, pero podría preferir otra.}

usr.sbin/sysinst/msg.mi.fr

@@ -1,4 +1,4 @@
-/*	$NetBSD: msg.mi.fr,v 1.36 2022/01/10 12:17:48 nia Exp $	*/
+/*	$NetBSD: msg.mi.fr,v 1.37 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -1045,6 +1045,12 @@ Nous vous recommandons de sp
 Le souhaitez-vous ?
 }
 
+message force_rootpw
+{The root password of the newly installed system has not yet been
+initialized. 
+ 
+If you do not want to set a password, enter an empty line.}
+
 message rootsh
 {
 Spécifiez le shell par défaut qui sera utilisé par l'utilisateur "root".

usr.sbin/sysinst/msg.mi.pl

@@ -1,4 +1,4 @@
-/*	$NetBSD: msg.mi.pl,v 1.37 2022/01/10 12:17:48 nia Exp $	*/
+/*	$NetBSD: msg.mi.pl,v 1.38 2022/04/21 17:30:15 martin Exp $	*/
 /*	Based on english version: */
 /*	NetBSD: msg.mi.pl,v 1.36 2004/04/17 18:55:35 atatat Exp       */
 
@@ -963,6 +963,12 @@ message rootpw
 {Haslo root'a w nowo zainstalowanym systemie nie zostalo jeszcze ustawione,
 i dlatego jest puste. Czy chcesz teraz ustawic haslo dla root'a?}
 
+message force_rootpw
+{The root password of the newly installed system has not yet been
+initialized. 
+ 
+If you do not want to set a password, enter an empty line.}
+
 message rootsh
 {Mozesz teraz wybrac, ktorej powloki ma uzywac uzytkownik root. Domyslnie
 jest to /bin/sh, ale moze preferujesz inna.}

usr.sbin/sysinst/run.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: run.c,v 1.14 2021/08/03 13:34:04 martin Exp $	*/
+/*	$NetBSD: run.c,v 1.15 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -655,14 +655,19 @@ run_program(int flags, const char *cmd, ...)
 		win.ws_col = 80;
 
 	if ((flags & RUN_DISPLAY) != 0) {
-		if (flags & RUN_FULLSCREEN) {
+		if (flags & RUN_STDSCR) {
+			actionwin = stdscr;
+			wmove(stdscr, msg_row()+2, 0);
+			wrefresh(stdscr);
+		} else if (flags & RUN_FULLSCREEN) {
 			wclear(stdscr);
 			clearok(stdscr, 1);
 			touchwin(stdscr);
 			refresh();
 			actionwin = stdscr;
-		} else
+		} else {
 			actionwin = show_cmd(scmd, &win);
+		}
 	} else
 		win.ws_row -= 4;
 

usr.sbin/sysinst/upgrade.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: upgrade.c,v 1.19 2022/01/29 16:01:16 martin Exp $	*/
+/*	$NetBSD: upgrade.c,v 1.20 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -125,6 +125,10 @@ do_upgrade(void)
 	merge_X("/usr/X11R6");
 	merge_X("/usr/X11R7");
 
+#if CHECK_ENTROPY
+	do_add_entropy();
+#endif
+
 	sanity_check();
 
 free_install:
@@ -223,6 +227,10 @@ do_reinstall_sets()
 	if (get_and_unpack_sets(0, NULL, MSG_unpackcomplete, MSG_abortunpack) != 0)
 		goto free_install;
 
+#if CHECK_ENTROPY
+	do_add_entropy();
+#endif
+
 	sanity_check();
 
 free_install:

usr.sbin/sysinst/util.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: util.c,v 1.65 2022/04/14 15:48:31 martin Exp $	*/
+/*	$NetBSD: util.c,v 1.66 2022/04/21 17:30:15 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -1158,48 +1158,32 @@ entropy_add_manual(void)
 	uint8_t digest[SHA256_DIGEST_LENGTH];
 	static const char prompt[] = "> ";
 	size_t l;
-	int txt_y, maxy, init_y;
-	bool ok = false;
+	int txt_y;
 
 	msg_display(MSG_entropy_enter_manual1);
 	msg_printf("\n\n");
 	msg_display_add(MSG_entropy_enter_manual2);
-	msg_printf("\n\n   dd if=/dev/random bs=32 count=16 | openssl base64\n\n");
+	msg_printf("\n\n   dd if=/dev/random bs=32 count=1 | openssl base64\n\n");
 	msg_display_add(MSG_entropy_enter_manual3);
 	msg_printf("\n\n");
 	SHA256_Init(&ctx);
-	txt_y = getcury(mainwin);
-	maxy = getmaxy(mainwin);
-	init_y = txt_y;
+	txt_y = getcury(mainwin)+1;
 
 	echo();
-	do {
-		txt_y++;
-		if (txt_y >= maxy) {
-			txt_y = init_y;
-			wmove(mainwin, txt_y, 0);
-			wclrtobot(mainwin);
-		} else {
-			wmove(mainwin, txt_y, 0);
-		}
-		msg_fmt_table_add(prompt, prompt);
-		mvwgetnstr(mainwin, txt_y, 2, buf, sizeof buf);
-		l = strlen(buf);
-		if (l > 0)
-			SHA256_Update(&ctx, (const uint8_t*)buf, l);
-	} while(l > 0);
+	wmove(mainwin, txt_y, 0);
+	msg_fmt_table_add(prompt, prompt);
+	mvwgetnstr(mainwin, txt_y, 2, buf, sizeof buf);
+	l = strlen(buf);
+	if (l > 0)
+		SHA256_Update(&ctx, (const uint8_t*)buf, l);
 	noecho();
-	ok = ctx.bitcount >= 256;
 	SHA256_Final(digest, &ctx);
 
-	wmove(mainwin, init_y, 0);
+	wmove(mainwin, txt_y-1, 0);
 	wclrtobot(mainwin);
 	wrefresh(mainwin);
 
-	if (ok)
-		entropy_write_to_kernel(digest, sizeof digest);
-	else
-		hit_enter_to_continue(NULL, MSG_entropy_manual_not_enough);
+	entropy_write_to_kernel(digest, sizeof digest);
 }
 
 /*