CVS commit: src

Fri, 06 Dec 2019 06:44:29 -0800 

Module Name:    src
Committed By:   riastradh
Date:           Fri Dec  6 14:43:30 UTC 2019

Modified Files:
        src/etc: security
        src/etc/defaults: security.conf
        src/share/man/man5: security.conf.5

Log Message:
Save the entropy seed daily in /etc/security.


To generate a diff of this commit:
cvs rdiff -u -r1.125 -r1.126 src/etc/security
cvs rdiff -u -r1.26 -r1.27 src/etc/defaults/security.conf
cvs rdiff -u -r1.40 -r1.41 src/share/man/man5/security.conf.5

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/etc/security
diff -u src/etc/security:1.125 src/etc/security:1.126
--- src/etc/security:1.125	Wed Sep 18 22:27:55 2019
+++ src/etc/security	Fri Dec  6 14:43:30 2019
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$NetBSD: security,v 1.125 2019/09/18 22:27:55 uwe Exp $
+#	$NetBSD: security,v 1.126 2019/12/06 14:43:30 riastradh Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -1049,6 +1049,13 @@ if checkyesno check_changelist ; then
 	CHANGELIST="$CHANGEFILES $CHANGELIST"
 fi
 
+# Save entropy to ${random_file} if defined, like
+# /etc/rc.d/random_seed.
+#
+if [ -n "${random_file:-}" ]; then
+	rndctl -S "$random_file"
+fi
+
 # Special case backups, including the master password file and
 # ssh private host keys. The normal backup mechanisms for
 # $check_changelist (see below) also print out the actual file

Index: src/etc/defaults/security.conf
diff -u src/etc/defaults/security.conf:1.26 src/etc/defaults/security.conf:1.27
--- src/etc/defaults/security.conf:1.26	Wed Nov  6 19:37:05 2013
+++ src/etc/defaults/security.conf	Fri Dec  6 14:43:29 2019
@@ -1,4 +1,4 @@
-#	$NetBSD: security.conf,v 1.26 2013/11/06 19:37:05 spz Exp $
+#	$NetBSD: security.conf,v 1.27 2019/12/06 14:43:29 riastradh Exp $
 #
 # /etc/defaults/security.conf --
 #	default configuration of /etc/security.conf
@@ -46,3 +46,5 @@ check_passwd_permit_star=NO
 check_passwd_permit_nonalpha=NO
 max_loginlen=16
 max_grouplen=16
+
+random_file=/var/db/entropy-file

Index: src/share/man/man5/security.conf.5
diff -u src/share/man/man5/security.conf.5:1.40 src/share/man/man5/security.conf.5:1.41
--- src/share/man/man5/security.conf.5:1.40	Wed Nov  6 19:37:06 2013
+++ src/share/man/man5/security.conf.5	Fri Dec  6 14:43:30 2019
@@ -1,4 +1,4 @@
-.\"	$NetBSD: security.conf.5,v 1.40 2013/11/06 19:37:06 spz Exp $
+.\"	$NetBSD: security.conf.5,v 1.41 2019/12/06 14:43:30 riastradh Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -282,6 +282,17 @@ for maintaining backup copies of files n
 and
 .Sy check_changelist
 instead of just keeping a current copy and a backup copy.
+.It Sy random_file
+Name of the entropy seed file used at boot.
+Default is
+.Pa /var/db/entropy-file
+as used by
+.Pa /etc/rc.d/random_seed .
+Set
+.Sy random_file
+to empty to disable saving a seed every time
+.Pa /etc/security
+runs.
 .El
 .Sh FILES
 .Bl -tag -width /etc/defaults/security.conf -compact

Reply via email to