Module Name: src Committed By: riastradh Date: Fri Dec 6 14:43:30 UTC 2019
Modified Files: src/etc: security src/etc/defaults: security.conf src/share/man/man5: security.conf.5 Log Message: Save the entropy seed daily in /etc/security. To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.126 src/etc/security cvs rdiff -u -r1.26 -r1.27 src/etc/defaults/security.conf cvs rdiff -u -r1.40 -r1.41 src/share/man/man5/security.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/etc/security diff -u src/etc/security:1.125 src/etc/security:1.126 --- src/etc/security:1.125 Wed Sep 18 22:27:55 2019 +++ src/etc/security Fri Dec 6 14:43:30 2019 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $NetBSD: security,v 1.125 2019/09/18 22:27:55 uwe Exp $ +# $NetBSD: security,v 1.126 2019/12/06 14:43:30 riastradh Exp $ # from: @(#)security 8.1 (Berkeley) 6/9/93 # @@ -1049,6 +1049,13 @@ if checkyesno check_changelist ; then CHANGELIST="$CHANGEFILES $CHANGELIST" fi +# Save entropy to ${random_file} if defined, like +# /etc/rc.d/random_seed. +# +if [ -n "${random_file:-}" ]; then + rndctl -S "$random_file" +fi + # Special case backups, including the master password file and # ssh private host keys. The normal backup mechanisms for # $check_changelist (see below) also print out the actual file Index: src/etc/defaults/security.conf diff -u src/etc/defaults/security.conf:1.26 src/etc/defaults/security.conf:1.27 --- src/etc/defaults/security.conf:1.26 Wed Nov 6 19:37:05 2013 +++ src/etc/defaults/security.conf Fri Dec 6 14:43:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: security.conf,v 1.26 2013/11/06 19:37:05 spz Exp $ +# $NetBSD: security.conf,v 1.27 2019/12/06 14:43:29 riastradh Exp $ # # /etc/defaults/security.conf -- # default configuration of /etc/security.conf @@ -46,3 +46,5 @@ check_passwd_permit_star=NO check_passwd_permit_nonalpha=NO max_loginlen=16 max_grouplen=16 + +random_file=/var/db/entropy-file Index: src/share/man/man5/security.conf.5 diff -u src/share/man/man5/security.conf.5:1.40 src/share/man/man5/security.conf.5:1.41 --- src/share/man/man5/security.conf.5:1.40 Wed Nov 6 19:37:06 2013 +++ src/share/man/man5/security.conf.5 Fri Dec 6 14:43:30 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: security.conf.5,v 1.40 2013/11/06 19:37:06 spz Exp $ +.\" $NetBSD: security.conf.5,v 1.41 2019/12/06 14:43:30 riastradh Exp $ .\" .\" Copyright (c) 1996 Matthew R. Green .\" All rights reserved. @@ -282,6 +282,17 @@ for maintaining backup copies of files n and .Sy check_changelist instead of just keeping a current copy and a backup copy. +.It Sy random_file +Name of the entropy seed file used at boot. +Default is +.Pa /var/db/entropy-file +as used by +.Pa /etc/rc.d/random_seed . +Set +.Sy random_file +to empty to disable saving a seed every time +.Pa /etc/security +runs. .El .Sh FILES .Bl -tag -width /etc/defaults/security.conf -compact