Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/distrib
History
riastradh cba96d16f7 Various entropy integration improvements. 
- New /etc/security check for entropy in daily security report.

- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
  check for entropy at boot -- in rc.conf, you can:

  . set `entropy=check' to halt multiuser boot and enter single-user
    mode if not enough entropy

  . set `entropy=wait' to make multiuser boot wait until enough entropy

  Default is to always boot without waiting -- and rely on other
  channels like security report to alert the operator if there's a
  problem.

- New man page entropy(7) discussing the higher-level concepts and
  system integration with cross-references.

- New paragraph in afterboot(8) about entropy citing entropy(7) for
  more details.

This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.

I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
  users who have power to affect the entropy estimate (maybe it is,
  just haven't decided).
- We only have a mechanism for changing once at boot; the message would
  remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
  conditionally from boot to boot.
 		2021-01-10 23:24:25 +00:00
..
acorn32
alpha
amd64
amiga Use proper release version strings ("9.1" rather than "91") in banners. 2020-12-05 18:52:06 +00:00
arc
atari
bebox
cats
cdrom
cobalt
common
dreamcast Try to shrink ramdiskbin binary. 2020-11-28 05:16:06 +00:00
emips
evbarm Correctly support aarch64eb and earmv7hfeb in a similar manner to 2020-11-16 11:38:29 +00:00
evbmips
evbppc Bump ramdisk size slightly 2020-11-06 18:36:20 +00:00
evbsh3
ews4800mips
hp300 Use proper release version strings ("9.1" rather than "91") in banners. 2020-12-05 18:52:06 +00:00
hpcarm
hpcmips
hpcsh
hppa
i386
ia64
ibmnws
landisk
luna68k
mac68k Use proper release version strings ("9.1" rather than "91") in banners. 2020-12-05 18:52:06 +00:00
macppc
miniroot Fetch files via ftp using auto-fetching with URL per each binary set. 2020-12-12 05:23:21 +00:00
mipsco
mvme68k Use proper release version strings ("9.1" rather than "91") in banners. 2020-12-05 18:52:06 +00:00
mvmeppc
news68k
newsmips
notes Add A1659A CRX framebuffer to "Supported hardware" list. 2020-12-23 17:57:17 +00:00
ofppc
playstation2
pmax
prep
riscv
rs6000
sandpoint
sets Various entropy integration improvements. 2021-01-10 23:24:25 +00:00
sgimips
shark
sparc
sparc64
sun2 Use proper release version strings ("9.1" rather than "91") in banners. 2020-12-05 18:52:06 +00:00
sun3 Use proper release version strings ("9.1" rather than "91") in banners. 2020-12-05 18:52:06 +00:00
syspkg Reintroduce the support of MKCATPAGES 2020-11-10 21:47:40 +00:00
utils Fix fallout from mkimage rev 1.76. 2020-12-23 10:35:18 +00:00
vax
x68k
zaurus
Makefile
Makefile.inc