Module Name: src Committed By: tls Date: Wed Apr 9 03:54:17 UTC 2014
Modified Files: src/distrib/utils/sysinst [tls-earlyentropy]: util.c Log Message: Try to persistently gather some entropy at install time, to give the fresh system a better chance of not doing awful things like generating guessable SSH host keys. Handles both systems with /var on / and /var on its own filesystem. Tries to preserve old saved entropy when upgrading. To generate a diff of this commit: cvs rdiff -u -r1.184 -r1.184.2.1 src/distrib/utils/sysinst/util.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/distrib/utils/sysinst/util.c diff -u src/distrib/utils/sysinst/util.c:1.184 src/distrib/utils/sysinst/util.c:1.184.2.1 --- src/distrib/utils/sysinst/util.c:1.184 Sat Dec 7 19:42:36 2013 +++ src/distrib/utils/sysinst/util.c Wed Apr 9 03:54:17 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: util.c,v 1.184 2013/12/07 19:42:36 martin Exp $ */ +/* $NetBSD: util.c,v 1.184.2.1 2014/04/09 03:54:17 tls Exp $ */ /* * Copyright 1997 Piermont Information Systems Inc. @@ -1091,6 +1091,10 @@ get_and_unpack_sets(int update, msg setu } run_program(RUN_DISPLAY | RUN_CHROOT, "/usr/sbin/postinstall -s /.sysinst -d / fix"); + + /* Don't discard the system's old entropy if any */ + run_program(RUN_CHROOT | RUN_SILENT, + "/etc/rc.d/random_seed start"); } /* Configure the system */ @@ -1098,7 +1102,24 @@ get_and_unpack_sets(int update, msg setu run_makedev(); if (!update) { - /* Save keybard type */ + struct stat sb1, sb2; + + stat(target_expand("/"), &sb1); + stat(target_expand("/var"), &sb2); + + if (sb1.st_dev != sb2.st_dev) { + add_rc_conf("random_file=/etc/entropy-file\n"); + if (target_file_exists_p("/boot.cfg")) { + run_program(RUN_CHROOT|RUN_FATAL, + "sh -c 'sed -e s./var/db/./etc/. " + "< /boot.cfg " + "> /tmp/boot.cfg.tmp'"); + mv_within_target_or_die("/tmp/boot.cfg.tmp", + "/boot.cfg"); + } + } + + /* Save keyboard type */ save_kb_encoding(); /* Other configuration. */ @@ -1108,6 +1129,9 @@ get_and_unpack_sets(int update, msg setu /* Mounted dist dir? */ umount_mnt2(); + /* Save entropy -- on some systems it's ~all we'll ever get */ + run_program(RUN_DISPLAY | RUN_CHROOT | RUN_FATAL | RUN_PROGRESS, + "/etc/rc.d/random_seed stop"); /* Install/Upgrade complete ... reboot or exit to script */ msg_display(success_msg); process_menu(MENU_ok, NULL);