On Sat, Oct 18, 2025 at 12:15:57PM -0700, Steve Rikli wrote: > On Tue, Oct 14, 2025 at 09:34:28AM -0400, Greg Troxel wrote: > > Steve Rikli <[email protected]> writes: > > > ... > > > I was thinking I'd give it another day or so and then put in a PR, at > > > least as a placeholder to capture and summarize this thread. Is that > > > worthwhile? > > > > Yes, but the more you can have patches the more likely it is someone > > will deal with it. > > OK, I finally got some time to submit the PR: > https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=59709 > ... > > This way you can test your changes, as while this isn't super hard it is > > very likely that anyone would get it not 100% right the first time.
After submitted my diffs and letting the test VM run for a few days, one difference is the "daily insecurity output" email from cron now reports: Saved entropy to /var/db/entropy-file. ...which is expected when comparing code. I.e. previously /etc/security also simply ran 'rndctl -S "$random_file"' directly, with no output. Whereas the new /etc/security code calls /etc/rc.d/random_seed and that script does the same 'rndctl' and also echos the above message. Aside from that the behavior of saving entropy file is the same. I like the idea of /etc/security calling /etc/rc.d/random_seed instead of running duplicate code, but if the new line in daily security report is objectionable, some additional work to random_seed script is likely needed. Cheers, sr.
