* Add etc/rc.d/rndctl script, based on work by Brian A. Seklecki. This

allows you to invoke rndctl(8) during the boot.
* Add rndctl=NO and rndctl_flags="" to /etc/defaults/rc.conf.
* Document rndctl and rndctl_flags variables in rc.conf(5).

etc/defaults/rc.conf

@@ -1,4 +1,4 @@
-#	$NetBSD: rc.conf,v 1.98 2008/12/20 13:20:58 isaki Exp $
+#	$NetBSD: rc.conf,v 1.99 2009/01/04 12:10:30 apb Exp $
 #
 # /etc/defaults/rc.conf --
 #	default configuration of /etc/rc.conf
@@ -110,6 +110,7 @@ newsyslog=NO		newsyslog_flags=""	# trim log files
 quota=YES					# check and enable quotas
 ldconfig=YES					# rebuild a.out ldconfig cache
 sysdb=YES					# build system databases
+rndctl=NO		rndctl_flags=""		# configure rndctl(8)
 
 # cope with other OSes using the real time clock at localtime on this
 # machine (by adjusting kern.rtc_offset at boot)

etc/rc.d/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.72 2008/12/20 13:20:58 isaki Exp $
+# $NetBSD: Makefile,v 1.73 2009/01/04 12:10:30 apb Exp $
 
 .include <bsd.own.mk>
 
@@ -24,8 +24,8 @@ CONFIGFILES=\
 		named ndbootd network newsyslog nfsd nfslocking ntpd ntpdate \
 		perusertmp pf pf_boot pflogd postfix powerd ppp pwcheck \
 		quota \
-		racoon rpcbind raidframe raidframeparity rarpd rbootd root \
+		racoon rpcbind raidframe raidframeparity rarpd rbootd rndctl \
-		route6d routed rtadvd rtclocaltime rtsold rwho \
+		root route6d routed rtadvd rtclocaltime rtsold rwho \
 		savecore screenblank sdpd securelevel sshd \
 		staticroute swap1 swap2 sysctl sysdb syslogd \
 		timed tpctl ttys \

etc/rc.d/rndctl

@@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# $NetBSD: rndctl,v 1.1 2009/01/04 12:10:30 apb Exp $
+#
+
+# PROVIDE: rndctl
+# BEFORE: disks ike ipsec sshd
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="rndctl"
+rcvar=$name
+command="/sbin/${name}"
+
+start_cmd="rndctl_startcmd"
+
+rndctl_startcmd()
+{
+	# $rndctl_flags can contain multiple semicolon-separated
+	# segments in which each segment contains optional flags
+	# followed by one or more device or type names.  If none of the
+	# -c/-C/-e/-E flags is specified, then "-c -e" is used.  If
+	# neither of the -d/-t flags is specified, then "-d" is used.
+	#
+	# For example, given
+	#	rndctl_flags="wd0 wd1; -t tty; -c -t net"
+	# we will perform the following commands:
+	#	rndctl -c -e -d wd0
+	#	rndctl -c -e -d wd1
+	#	rndctl -c -e -t tty
+	#	rndctl -c -t net
+
+	local args arg flags
+
+	# Split $rndctl_flags on semicolons
+	oIFS="$IFS"
+	IFS=';'
+	set -- $rndctl_flags
+	IFS="$oIFS"
+	# The outer "for args" loop cycles once per semicolon-separated
+	# segment; the inner "for arg" loop cycles once per word in a
+	# segment.
+	for args in "$@"; do
+		#echo >&2 "${name} DEBUG: Parsing segment: $args";
+		flags=''
+		for arg in ${args}; do
+			case "${arg}" in
+				-*)
+					flags="${flags} ${arg}"
+					;;
+				*)
+					# We have a device or type name.
+					# If none of -c/-C/-e/-E flags was
+					# specified, add "-c -e".  If neither
+					# of -d/-t was specified, add "-d".
+					# Then perform the command with the
+					# specified device or type name.
+					#
+					case "${flags}" in
+					*[cCeE]*) ;;
+					*)	flags="${flags} -c -e" ;;
+					esac
+					case "${flags}" in
+					*[dt]*) ;;
+					*)	flags="${flags} -d" ;;
+					esac
+					#echo >&2 "${name} DEBUG: running:" \
+					#    "$command $flags $arg"
+					$command ${flags} ${arg}
+					;;
+			esac
+		done
+	done
+}
+
+load_rc_config $name
+run_rc_command "$1"

share/man/man5/rc.conf.5

@@ -1,4 +1,4 @@
-.\"	$NetBSD: rc.conf.5,v 1.126 2008/12/20 17:17:05 wiz Exp $
+.\"	$NetBSD: rc.conf.5,v 1.127 2009/01/04 12:10:30 apb Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -26,7 +26,7 @@
 .\"
 .\" Copyright (c) 1997 Curt J. Sampson
 .\" Copyright (c) 1997 Michael W. Long
-.\" Copyright (c) 1998-2002 The NetBSD Foundation, Inc.
+.\" Copyright (c) 1998-2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This document is derived from works contributed to The NetBSD Foundation
@@ -55,7 +55,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd December 20, 2008
+.Dd January 4, 2009
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -342,6 +342,55 @@ can be used to override the default location of the
 .Dq real
 temporary directories,
 .Dq Pa /private/tmp .
+.It Sy rndctl
+.Sq YES
+or
+.Sq NO .
+Runs the
+.Xr rndctl 8
+utility one or more times according to the specification in
+.Sy rndctl_flags .
+.Pp
+If
+.Sy rndctl_flags
+does not contain a semicolon
+.Pq Ql \&;
+then it is expected to contain zero or more flags,
+followed by one or more device or type names.
+The
+.Xr rndctl 8
+command will be executed once for each device or type name.
+If the specified flags do not include any of
+.Fl c , C , e ,
+or
+.Fl E ,
+then the flags
+.Fl c
+and
+.Fl e
+are added, to specify that entropy from the relevant device or type
+should be both collected and estimated.
+If the specified flags do not include either of
+.Fl d
+or
+.Fl t ,
+then the flag
+.Fl d
+is added, to specify that the non-flag arguments are device names,
+not type names.
+.Pp
+.Sy rndctl_flags
+may contain multiple semicolon-separated segments, in which each
+segment contains flags and device or type names as described above.
+This allows different flags to be associated with different
+device or type names.
+For example, given
+.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" ,
+the following commands will be executed:
+.Li "rndctl -c -e -d wd0" ;
+.Li "rndctl -c -e -d wd1" ;
+.Li "rndctl -c -e -t tty" ;
+.Li "rndctl -c -t net" .
 .It Sy savecore
 .Sq YES
 or