CVS commit: [tls-earlyentropy] src/distrib/utils/sysinst

Tue, 08 Apr 2014 20:54:40 -0700 

Module Name:    src
Committed By:   tls
Date:           Wed Apr  9 03:54:17 UTC 2014

Modified Files:
        src/distrib/utils/sysinst [tls-earlyentropy]: util.c

Log Message:
Try to persistently gather some entropy at install time, to give the
fresh system a better chance of not doing awful things like generating
guessable SSH host keys.

Handles both systems with /var on / and /var on its own filesystem.  Tries
to preserve old saved entropy when upgrading.


To generate a diff of this commit:
cvs rdiff -u -r1.184 -r1.184.2.1 src/distrib/utils/sysinst/util.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/distrib/utils/sysinst/util.c
diff -u src/distrib/utils/sysinst/util.c:1.184 src/distrib/utils/sysinst/util.c:1.184.2.1
--- src/distrib/utils/sysinst/util.c:1.184	Sat Dec  7 19:42:36 2013
+++ src/distrib/utils/sysinst/util.c	Wed Apr  9 03:54:17 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: util.c,v 1.184 2013/12/07 19:42:36 martin Exp $	*/
+/*	$NetBSD: util.c,v 1.184.2.1 2014/04/09 03:54:17 tls Exp $	*/
 
 /*
  * Copyright 1997 Piermont Information Systems Inc.
@@ -1091,6 +1091,10 @@ get_and_unpack_sets(int update, msg setu
 		}
 		run_program(RUN_DISPLAY | RUN_CHROOT,
 			"/usr/sbin/postinstall -s /.sysinst -d / fix");
+
+		/* Don't discard the system's old entropy if any */
+		run_program(RUN_CHROOT | RUN_SILENT,
+			    "/etc/rc.d/random_seed start");
 	}
 
 	/* Configure the system */
@@ -1098,7 +1102,24 @@ get_and_unpack_sets(int update, msg setu
 		run_makedev();
 
 	if (!update) {
-		/* Save keybard type */
+		struct stat sb1, sb2;
+
+		stat(target_expand("/"), &sb1);
+		stat(target_expand("/var"), &sb2);
+
+		if (sb1.st_dev != sb2.st_dev) {
+			add_rc_conf("random_file=/etc/entropy-file\n");
+			if (target_file_exists_p("/boot.cfg")) {
+				run_program(RUN_CHROOT|RUN_FATAL,
+					    "sh -c 'sed -e s./var/db/./etc/. "
+					    "< /boot.cfg "
+					    "> /tmp/boot.cfg.tmp'");
+				mv_within_target_or_die("/tmp/boot.cfg.tmp",
+							"/boot.cfg");
+			}
+		}
+
+		/* Save keyboard type */
 		save_kb_encoding();
 
 		/* Other configuration. */
@@ -1108,6 +1129,9 @@ get_and_unpack_sets(int update, msg setu
 	/* Mounted dist dir? */
 	umount_mnt2();
 
+	/* Save entropy -- on some systems it's ~all we'll ever get */
+	run_program(RUN_DISPLAY | RUN_CHROOT | RUN_FATAL | RUN_PROGRESS,
+		    "/etc/rc.d/random_seed stop");
 	/* Install/Upgrade complete ... reboot or exit to script */
 	msg_display(success_msg);
 	process_menu(MENU_ok, NULL);

Reply via email to