CVS commit: src/usr.sbin/sysinst

Fri, 08 Oct 2021 09:00:03 -0700 

Module Name:    src
Committed By:   martin
Date:           Fri Oct  8 15:59:56 UTC 2021

Modified Files:
        src/usr.sbin/sysinst: Makefile.inc configmenu.c defs.h install.c
            menus.entropy msg.entropy.de msg.entropy.en msg.entropy.es
            msg.entropy.fr msg.entropy.pl util.c

Log Message:
Re-enable the entropy handling code in sysinst (only visible on machines
that do not have full entropy), but move it to the config menu
instead of enforcing it as mandatory step.

This menu is shown at the end of the setup, or if explicitly invoked
from the main menu.

Some of the input options are complex but useful in some situations
and code to support them is tiny. Most users will use the manual input
(first + default option) but some might prefer to connect a USB TRNG
or have easy setups to transfer entropy from another machine (while
copy & paste on a serial console sometimes is tricky).


To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/usr.sbin/sysinst/Makefile.inc
cvs rdiff -u -r1.12 -r1.13 src/usr.sbin/sysinst/configmenu.c
cvs rdiff -u -r1.74 -r1.75 src/usr.sbin/sysinst/defs.h
cvs rdiff -u -r1.20 -r1.21 src/usr.sbin/sysinst/install.c
cvs rdiff -u -r1.1 -r1.2 src/usr.sbin/sysinst/menus.entropy
cvs rdiff -u -r1.2 -r1.3 src/usr.sbin/sysinst/msg.entropy.de \
    src/usr.sbin/sysinst/msg.entropy.en src/usr.sbin/sysinst/msg.entropy.es \
    src/usr.sbin/sysinst/msg.entropy.fr src/usr.sbin/sysinst/msg.entropy.pl
cvs rdiff -u -r1.61 -r1.62 src/usr.sbin/sysinst/util.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/sysinst/Makefile.inc
diff -u src/usr.sbin/sysinst/Makefile.inc:1.43 src/usr.sbin/sysinst/Makefile.inc:1.44
--- src/usr.sbin/sysinst/Makefile.inc:1.43	Sun Sep 26 15:52:40 2021
+++ src/usr.sbin/sysinst/Makefile.inc	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.43 2021/09/26 15:52:40 maya Exp $
+#	$NetBSD: Makefile.inc,v 1.44 2021/10/08 15:59:55 martin Exp $
 #
 # Makefile for sysinst
 
@@ -47,7 +47,7 @@ SRCS+=	mbr.c
 CPPFLAGS+=	-DNO_CLONES
 .endif
 
-.if ${CHECK_ENTROPY:Uno} != "no"
+.if ${CHECK_ENTROPY:Uyes} != "no"
 MENUS_MI+=	menus.entropy
 CPPFLAGS+=	-DCHECK_ENTROPY=1
 .endif
@@ -209,7 +209,7 @@ msgtouch: ${DISTRIBVERDEP}
 MSG_MD+=	msg.pm.${SYSINSTLANG}
 .endif
 
-.if ${CHECK_ENTROPY:Uno} != "no"
+.if ${CHECK_ENTROPY:Uyes} != "no"
 MSG_MD+=	msg.entropy.${SYSINSTLANG}
 .endif
 

Index: src/usr.sbin/sysinst/configmenu.c
diff -u src/usr.sbin/sysinst/configmenu.c:1.12 src/usr.sbin/sysinst/configmenu.c:1.13
--- src/usr.sbin/sysinst/configmenu.c:1.12	Sun Jan 31 22:45:46 2021
+++ src/usr.sbin/sysinst/configmenu.c	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: configmenu.c,v 1.12 2021/01/31 22:45:46 rillig Exp $ */
+/* $NetBSD: configmenu.c,v 1.13 2021/10/08 15:59:55 martin Exp $ */
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -45,6 +45,7 @@ static int set_timezone_menu(struct menu
 static int set_root_shell(struct menudesc *, void *);
 static int change_root_password(struct menudesc *, void *);
 static int add_new_user(struct menudesc *, void *);
+static int add_entropy(struct menudesc *, void *);
 static int set_binpkg(struct menudesc *, void *);
 static int set_pkgsrc(struct menudesc *, void *);
 static void config_list_init(void);
@@ -74,6 +75,7 @@ enum {
 	CONFIGOPT_LVM,
 	CONFIGOPT_RAIDFRAME,
 	CONFIGOPT_ADDUSER,
+	CONFIGOPT_ADD_ENTROPY,
 	CONFIGOPT_LAST
 };
 
@@ -102,6 +104,9 @@ configinfo config_list[] = {
 	{MSG_enable_lvm, CONFIGOPT_LVM, "lvm", toggle_rcvar, NULL},
 	{MSG_enable_raid, CONFIGOPT_RAIDFRAME, "raidframe", toggle_rcvar, NULL},
 	{MSG_add_a_user, CONFIGOPT_ADDUSER, NULL, add_new_user, ""},
+#if CHECK_ENTROPY
+	{MSG_Configure_entropy, CONFIGOPT_ADD_ENTROPY, NULL, add_entropy, ""},
+#endif
 	{NULL,		CONFIGOPT_LAST,	NULL, NULL, NULL}
 };
 
@@ -180,6 +185,10 @@ init_config_menu(configinfo *conf, menu_
 		opt = conf->opt;
 		if (opt == CONFIGOPT_LAST)
 			break;
+#if CHECK_ENTROPY
+		if (opt == CONFIGOPT_ADD_ENTROPY && entropy_needed() == 0)
+			continue;
+#endif
 		*ce = conf;
 		memset(me, 0, sizeof(*me));
 		me->opt_action = conf->action;
@@ -247,6 +256,15 @@ check_root_password(void)
 	return rval;
 }
 
+#if CHECK_ENTROPY
+static int
+add_entropy(struct menudesc *menu, void *arg)
+{
+	do_add_entropy();
+	return 0;
+}
+#endif
+
 static int
 add_new_user(struct menudesc *menu, void *arg)
 {

Index: src/usr.sbin/sysinst/defs.h
diff -u src/usr.sbin/sysinst/defs.h:1.74 src/usr.sbin/sysinst/defs.h:1.75
--- src/usr.sbin/sysinst/defs.h:1.74	Sun Sep 26 15:52:40 2021
+++ src/usr.sbin/sysinst/defs.h	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: defs.h,v 1.74 2021/09/26 15:52:40 maya Exp $	*/
+/*	$NetBSD: defs.h,v 1.75 2021/10/08 15:59:55 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -632,6 +632,10 @@ extern char dist_tgz_postfix[SSTRSIZE];
 /* needed prototypes */
 void set_menu_numopts(int, int);
 void remove_color_options(void);
+#ifdef CHECK_ENTROPY
+bool do_add_entropy(void);
+size_t entropy_needed(void);
+#endif
 void remove_raid_options(void);
 void remove_lvm_options(void);
 void remove_cgd_options(void);
@@ -892,7 +896,6 @@ bool	install_desc_from_parts(struct inst
 	    struct disk_partitions*);
 void	free_install_desc(struct install_partition_desc*);
 bool	may_swap_if_not_sdmmc(const char*);
-bool	do_check_entropy(void);
 
 /* from target.c */
 #if defined(DEBUG)  ||	defined(DEBUG_ROOT)

Index: src/usr.sbin/sysinst/install.c
diff -u src/usr.sbin/sysinst/install.c:1.20 src/usr.sbin/sysinst/install.c:1.21
--- src/usr.sbin/sysinst/install.c:1.20	Wed Nov  4 14:29:40 2020
+++ src/usr.sbin/sysinst/install.c	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: install.c,v 1.20 2020/11/04 14:29:40 martin Exp $	*/
+/*	$NetBSD: install.c,v 1.21 2021/10/08 15:59:55 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -168,13 +168,6 @@ do_install(void)
 		return;
 #endif
 
-#ifdef CHECK_ENTROPY
-	if (!do_check_entropy()) {
-		hit_enter_to_continue(MSG_abort_installation, NULL);
-		return;
-	}
-#endif
-
 	memset(&install, 0, sizeof install);
 
 	/* Create and mount partitions */

Index: src/usr.sbin/sysinst/menus.entropy
diff -u src/usr.sbin/sysinst/menus.entropy:1.1 src/usr.sbin/sysinst/menus.entropy:1.2
--- src/usr.sbin/sysinst/menus.entropy:1.1	Wed Nov  4 14:29:40 2020
+++ src/usr.sbin/sysinst/menus.entropy	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: menus.entropy,v 1.1 2020/11/04 14:29:40 martin Exp $	*/
+/*	$NetBSD: menus.entropy,v 1.2 2021/10/08 15:59:55 martin Exp $	*/
 
 /*-
  * Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
 
 /* arg is an int*, returning a magic value for the selected menu option */
 menu not_enough_entropy, title MSG_not_enough_entropy, y=-1, no box, clear,
-    exit, exitstring MSG_abort_installation;
+    exit, exitstring MSG_continue_without_entropy;
 	option MSG_entropy_add_manually, exit,
 	    action { *((int*)arg) = 1; };
 	option MSG_entropy_download_seed, exit,

Index: src/usr.sbin/sysinst/msg.entropy.de
diff -u src/usr.sbin/sysinst/msg.entropy.de:1.2 src/usr.sbin/sysinst/msg.entropy.de:1.3
--- src/usr.sbin/sysinst/msg.entropy.de:1.2	Fri Nov  6 12:23:10 2020
+++ src/usr.sbin/sysinst/msg.entropy.de	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.de,v 1.2 2020/11/06 12:23:10 martin Exp $  */
+/*      $NetBSD: msg.entropy.de,v 1.3 2021/10/08 15:59:55 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+message Configure_entropy	{Entropie konfigurieren}
+
+message continue_without_entropy	{Weiter ohne Entropy}
+
 message not_enough_entropy
 {Dieses System scheint nicht über einen Pseudo-Zufallszahlengenerator
 zu verfügen. Für das Erzeugen von kryptografisch sicheren Schlüsseldateien
@@ -39,7 +43,7 @@ Falls Sie einen USB Zufallsgenerator bes
 jetzt und wählen dann die Option "Erneut testen".}
 
 message entropy_add_manually		{Manuelle Zufallseingabe}
-message entropy_download_raw		{Zufallsdaten laden}
+message entropy_download_raw		{Rohe binäre Zufallsdaten laden}
 message	entropy_download_seed		{NetBSD Entropie-Datei laden}
 message entropy_retry			{Erneut testen}
 
Index: src/usr.sbin/sysinst/msg.entropy.en
diff -u src/usr.sbin/sysinst/msg.entropy.en:1.2 src/usr.sbin/sysinst/msg.entropy.en:1.3
--- src/usr.sbin/sysinst/msg.entropy.en:1.2	Fri Nov  6 12:23:10 2020
+++ src/usr.sbin/sysinst/msg.entropy.en	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $  */
+/*      $NetBSD: msg.entropy.en,v 1.3 2021/10/08 15:59:55 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+message Configure_entropy	{Set up entropy}
+
+message continue_without_entropy	{Continue without entropy}
+
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@ If you own a USB random number device, c
 the "Re-test" option.}
 
 message entropy_add_manually		{Manual input of random data}
-message entropy_download_raw		{Load random data}
+message entropy_download_raw		{Load raw binary random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 
Index: src/usr.sbin/sysinst/msg.entropy.es
diff -u src/usr.sbin/sysinst/msg.entropy.es:1.2 src/usr.sbin/sysinst/msg.entropy.es:1.3
--- src/usr.sbin/sysinst/msg.entropy.es:1.2	Fri Nov  6 12:23:10 2020
+++ src/usr.sbin/sysinst/msg.entropy.es	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.es,v 1.2 2020/11/06 12:23:10 martin Exp $  */
+/*      $NetBSD: msg.entropy.es,v 1.3 2021/10/08 15:59:55 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+message Configure_entropy	{Set up entropy}
+
+message continue_without_entropy	{Continue without entropy}
+
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@ If you own a USB random number device, c
 the "Re-test" option.}
 
 message entropy_add_manually		{Manual input of random data}
-message entropy_download_raw		{Load random data}
+message entropy_download_raw		{Load raw binary random random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 
Index: src/usr.sbin/sysinst/msg.entropy.fr
diff -u src/usr.sbin/sysinst/msg.entropy.fr:1.2 src/usr.sbin/sysinst/msg.entropy.fr:1.3
--- src/usr.sbin/sysinst/msg.entropy.fr:1.2	Fri Nov  6 12:23:10 2020
+++ src/usr.sbin/sysinst/msg.entropy.fr	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.fr,v 1.2 2020/11/06 12:23:10 martin Exp $  */
+/*      $NetBSD: msg.entropy.fr,v 1.3 2021/10/08 15:59:55 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+message Configure_entropy	{Set up entropy}
+
+message continue_without_entropy	{Continue without entropy}
+
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@ If you own a USB random number device, c
 the "Re-test" option.}
 
 message entropy_add_manually		{Manual input of random data}
-message entropy_download_raw		{Load random data}
+message entropy_download_raw		{Load raw binary random random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 
Index: src/usr.sbin/sysinst/msg.entropy.pl
diff -u src/usr.sbin/sysinst/msg.entropy.pl:1.2 src/usr.sbin/sysinst/msg.entropy.pl:1.3
--- src/usr.sbin/sysinst/msg.entropy.pl:1.2	Fri Nov  6 12:23:10 2020
+++ src/usr.sbin/sysinst/msg.entropy.pl	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*      $NetBSD: msg.entropy.pl,v 1.2 2020/11/06 12:23:10 martin Exp $  */
+/*      $NetBSD: msg.entropy.pl,v 1.3 2021/10/08 15:59:55 martin Exp $  */
 
 /*
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -26,6 +26,10 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
+message Configure_entropy	{Set up entropy}
+
+message continue_without_entropy	{Continue without entropy}
+
 message not_enough_entropy
 {This system seems to lack a cryptographically strong pseudo random
 number generator. There is not enough entropy available to create secure
@@ -38,7 +42,7 @@ If you own a USB random number device, c
 the "Re-test" option.}
 
 message entropy_add_manually		{Manual input of random data}
-message entropy_download_raw		{Load random data}
+message entropy_download_raw		{Load raw binary random random data}
 message	entropy_download_seed		{Import a NetBSD entropy file}
 message entropy_retry			{Re-test}
 

Index: src/usr.sbin/sysinst/util.c
diff -u src/usr.sbin/sysinst/util.c:1.61 src/usr.sbin/sysinst/util.c:1.62
--- src/usr.sbin/sysinst/util.c:1.61	Sun Sep 26 15:52:40 2021
+++ src/usr.sbin/sysinst/util.c	Fri Oct  8 15:59:55 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: util.c,v 1.61 2021/09/26 15:52:40 maya Exp $	*/
+/*	$NetBSD: util.c,v 1.62 2021/10/08 15:59:55 martin Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -1122,7 +1122,7 @@ char entropy_file[PATH_MAX];
 /*
  * Are we short of entropy?
  */
-static size_t
+size_t
 entropy_needed(void)
 {
 	int needed;
@@ -1154,9 +1154,10 @@ static void
 entropy_add_manual(void)
 {
 	SHA256_CTX ctx;
-	char buf[256], line[25];
-	size_t line_no, l;
+	char buf[256];
 	uint8_t digest[SHA256_DIGEST_LENGTH];
+	size_t l;
+	int txt_y, maxy, init_y;
 	bool ok = false;
 
 	msg_display(MSG_entropy_enter_manual1);
@@ -1166,18 +1167,34 @@ entropy_add_manual(void)
 	msg_display_add(MSG_entropy_enter_manual3);
 	msg_printf("\n\n");
 	SHA256_Init(&ctx);
-	line_no = 1;
+	txt_y = getcury(mainwin);
+	maxy = getmaxy(mainwin);
+	init_y = txt_y;
+
+	echo();
 	do {
-		sprintf(line, "%zu", line_no);
-		msg_prompt_win(line, -1, 15, 0, 0, "", buf, sizeof(buf));
+		txt_y++;
+		if (txt_y >= maxy) {
+			txt_y = init_y;
+			wmove(mainwin, txt_y, 0);
+			wclrtobot(mainwin);
+		} else {
+			wmove(mainwin, txt_y, 0);
+		}
+		msg_fmt_table_add(0, "> ");
+		mvwgetnstr(mainwin, txt_y, 2, buf, sizeof buf);
 		l = strlen(buf);
 		if (l > 0)
 			SHA256_Update(&ctx, (const uint8_t*)buf, l);
-		line_no++;
-	} while(buf[0] != 0);
+	} while(l > 0);
+	noecho();
 	ok = ctx.bitcount >= 256;
 	SHA256_Final(digest, &ctx);
 
+	wmove(mainwin, init_y, 0);
+	wclrtobot(mainwin);
+	wrefresh(mainwin);
+
 	if (ok)
 		entropy_write_to_kernel(digest, sizeof digest);
 	else
@@ -1332,13 +1349,10 @@ entropy_add_seed(void)
  * return true if we have enough entropy
  */
 bool
-do_check_entropy(void)
+do_add_entropy(void)
 {
 	int rv;
 
-	if (entropy_needed() == 0)
-		return true;
-
 	for (;;) {
 		if (entropy_needed() == 0)
 			return true;
@@ -1516,14 +1530,7 @@ get_and_unpack_sets(int update, msg setu
 	if (set_status[SET_BASE] & SET_INSTALLED)
 		run_makedev();
 
-	if (update) {
-#ifdef CHECK_ENTROPY
-		if (!do_check_entropy()) {
-			hit_enter_to_continue(NULL, MSG_abortupgr);
-			return 1;
-		}
-#endif
-	} else {
+	if (!update) {
 		struct stat sb1, sb2;
 
 		if (stat(target_expand("/"), &sb1) == 0

Reply via email to