On Sun, Oct 12, 2025 at 07:40:48PM -0400, Greg Troxel wrote: > Steve Rikli <[email protected]> writes: > > > It's worth noting that sysinst creates a working entropy config during > > initial install, as you'd hope. E.g. if / and /var/ are separate > > filesystems, sysinst creates /boot.cfg with these rndseeds: > > > > menu=Boot normally:rndseed /etc/entropy-file;boot > > menu=Boot single user:rndseed /etc/entropy-file;boot -s > > > > and /etc/rc.conf gets this setting: > > > > random_file=/etc/entropy-file > > > > this is functional and requires no manual changes, so that's good. But > > again it doesn't match security.conf(5) documentation or the > > /etc/defaults/{security,rc}.conf contents, and will result in a separate > > /var/db/entropy-file being created by /etc/security. > > Which is harmless to create, but pointless as it is not read ob boot.
Yeah. Also contributes to the technical mess you mentioned, wastes a tiny bit of diskspace, and presumably a few compute cycles now and then to re-create the file etc. Mostly it's just pointless, as you say. > >> The location of the file should be defined in one place, and rc.conf > >> is the right place. > > > > I tend to agree. Given sysinst behavior, I'm inclined to suggest moving > > this line: > > > > random_file=/var/db/entropy-file > > > > from /etc/defaults/security.conf into /etc/defaults/rc.conf , and > > similarly moving the security.conf(5) entry for "random_file" into the > > rc.conf(5) man page. /etc/security would need updating in that case, > > to define the new method for determining $random_file location. > > Agreed, except I think it should just call /etc/rc.d/random_seed. Ah, I hadn't considered that. After briefly looking at FreeBSD's cron for regular entropy regeneration, I wondered if perhaps that duty needs to be part of NetBSD /etc/security script at all. I suppose it's a convenient place for it, since it's already part of the daily cron. > I suspect given the lack of other cranky comments, we're in a "patches > welcome" state. I was thinking I'd give it another day or so and then put in a PR, at least as a placeholder to capture and summarize this thread. Is that worthwhile? In previous PR's I described and/or cut-pasted problems and suggested fixes in the gnats form/email, and good things often happened after that. :-) While I've submitted a few PR's in the past, I've never contributed code, diffs, patches, etc. to NetBSD. Frankly it's even been a while since I used build.sh or pkgsrc -- I've been almost entirely using binary updates since I returned to running a few NetBSD systems. In short, I'm not a developer. But for areas like this, which are more like systems config and scripts than kernels and libs and such, I might be able to help a little. Is there a getting started primer in the wiki or the Guide? I searched a bit but not thoroughly; so e.g. I don't really know where to start for something like "generate diffs and make a patch for these config files and man pages, and here's how/where to submit them". Pointers welcomed. Cheers, sr.
