CVS log for src/etc/rc.d/random_seed
![[BACK]](/icons/back.gif)
Up to [cvs.NetBSD.org] / src / etc / rc.d
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.15: download - view: text, markup, annotated - select for diffs
Tue Sep 8 12:52:18 2020 UTC (4 years, 6 months ago) by martin
Branches: MAIN
CVS tags: perseant-exfatfs-base-20240630,
perseant-exfatfs-base,
perseant-exfatfs,
netbsd-10-base,
netbsd-10-1-RELEASE,
netbsd-10-0-RELEASE,
netbsd-10-0-RC6,
netbsd-10-0-RC5,
netbsd-10-0-RC4,
netbsd-10-0-RC3,
netbsd-10-0-RC2,
netbsd-10-0-RC1,
netbsd-10,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x,
HEAD
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -2
lines
Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision
on case insensitive file systems
Revision 1.14: download - view: text, markup, annotated - select for diffs
Wed Jul 22 16:50:41 2020 UTC (4 years, 8 months ago) by martin
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -2
lines
Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:
# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL
This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.
Revision 1.13: download - view: text, markup, annotated - select for diffs
Thu May 7 20:01:04 2020 UTC (4 years, 10 months ago) by riastradh
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +3 -2
lines
If no random seed file exists on boot, create one.
rndctl -S triggers entropy consolidation, so whatever we gathered
during kernel startup -- interrupt timings, autoconf timings, &c. --
will be incorporated into the seed and into subsequent data read from
/dev/urandom, just like if rndctl -L had run at this boot, and the
seed will carry them into the next boot too.
But it still avoids frequently consolidating entropy on any regular
schedule, in order to continue to mitigate iterative-guessing
attacks.
Revision 1.12: download - view: text, markup, annotated - select for diffs
Thu May 7 20:00:38 2020 UTC (4 years, 10 months ago) by riastradh
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -2
lines
Omit needless verbiage in error message.
Revision 1.11: download - view: text, markup, annotated - select for diffs
Thu May 7 18:15:29 2020 UTC (4 years, 10 months ago) by riastradh
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +3 -2
lines
Pass full pathname to df, and print warning message on failure.
No need to extract dirname; `df -P /var/db/entropy-file' and `df -l
/var/db/entropy-file' work just fine.
Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed May 6 18:49:26 2020 UTC (4 years, 10 months ago) by riastradh
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +22 -30
lines
Tweak logic to decide whether a medium is safe for an rndseed.
- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
Revision 1.7.26.2: download - view: text, markup, annotated - select for diffs
Sat May 2 16:24:11 2020 UTC (4 years, 10 months ago) by martin
Branches: netbsd-9
CVS tags: netbsd-9-4-RELEASE,
netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE
Diff to: previous 1.7.26.1: preferred, colored; branchpoint 1.7: preferred, colored; next MAIN 1.8: preferred, colored
Changes since revision 1.7.26.1: +1 -3
lines
Pull up following revision(s) (requested by riastradh in ticket #882):
etc/rc.d/random_seed: revision 1.9
Don't delete the random seed before issuing `rndctl -S'.
`rndctl -S' can replace the file just fine, and deleting it ahead of
time adds a window during which we can lose the seed altogether if
the system is interrupted by a crash or power outage.
XXX pullup
Revision 1.9: download - view: text, markup, annotated - select for diffs
Fri May 1 15:52:38 2020 UTC (4 years, 10 months ago) by riastradh
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +1 -3
lines
Don't delete the random seed before issuing `rndctl -S'.
`rndctl -S' can replace the file just fine, and deleting it ahead of
time adds a window during which we can lose the seed altogether if
the system is interrupted by a crash or power outage.
XXX pullup
Revision 1.7.24.1: download - view: text, markup, annotated - select for diffs
Wed Apr 8 14:03:58 2020 UTC (4 years, 11 months ago) by martin
Branches: phil-wifi
Diff to: previous 1.7: preferred, colored; next MAIN 1.8: preferred, colored
Changes since revision 1.7: +2 -2
lines
Merge changes from current as of 20200406
Revision 1.7.26.1: download - view: text, markup, annotated - select for diffs
Sun Mar 1 11:53:09 2020 UTC (5 years ago) by martin
Branches: netbsd-9
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -2
lines
Pull up following revision(s) (requested by riastradh in ticket #743):
etc/rc.d/random_seed: revision 1.8
Allow random seed on zfs.
Revision 1.8: download - view: text, markup, annotated - select for diffs
Sun Feb 23 08:53:14 2020 UTC (5 years, 1 month ago) by riastradh
Branches: MAIN
CVS tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
is-mlppp-base,
is-mlppp
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -2
lines
Allow random seed on zfs.
Revision 1.2.2.3: download - view: text, markup, annotated - select for diffs
Tue Aug 19 23:45:51 2014 UTC (10 years, 7 months ago) by tls
Branches: tls-maxphys
Diff to: previous 1.2.2.2: preferred, colored; branchpoint 1.2: preferred, colored; next MAIN 1.3: preferred, colored
Changes since revision 1.2.2.2: +3 -3
lines
Rebase to HEAD as of a few days ago.
Revision 1.6.8.1: download - view: text, markup, annotated - select for diffs
Sun Aug 10 06:49:24 2014 UTC (10 years, 7 months ago) by tls
Branches: tls-earlyentropy
Diff to: previous 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6: +3 -3
lines
Rebase.
Revision 1.7: download - view: text, markup, annotated - select for diffs
Tue Jul 22 17:11:09 2014 UTC (10 years, 8 months ago) by wiz
Branches: MAIN
CVS tags: tls-maxphys-base,
tls-earlyentropy-base,
prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-base,
phil-wifi-20191119,
phil-wifi-20190609,
pgoyette-localcount-base,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-localcount-20170107,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
pgoyette-localcount,
pgoyette-compat-merge-20190127,
pgoyette-compat-base,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
pgoyette-compat,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
netbsd-9-base,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
netbsd-8-base,
netbsd-8-3-RELEASE,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-8,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0,
netbsd-7,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
localcount-20160914,
bouyer-socketcan-base1,
bouyer-socketcan-base,
bouyer-socketcan
Branch point for: phil-wifi,
netbsd-9
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +3 -3
lines
'file system' for consistency with documentation (instead of 'filesystem').
Revision 1.2.2.2: download - view: text, markup, annotated - select for diffs
Mon Feb 25 00:24:52 2013 UTC (12 years, 1 month ago) by tls
Branches: tls-maxphys
Diff to: previous 1.2.2.1: preferred, colored; branchpoint 1.2: preferred, colored
Changes since revision 1.2.2.1: +56 -43
lines
resync with head
Revision 1.1.4.5: download - view: text, markup, annotated - select for diffs
Wed Jan 23 00:04:31 2013 UTC (12 years, 2 months ago) by yamt
Branches: yamt-pagecache
CVS tags: yamt-pagecache-tag8
Diff to: previous 1.1.4.4: preferred, colored; branchpoint 1.1: preferred, colored; next MAIN 1.2: preferred, colored
Changes since revision 1.1.4.4: +56 -43
lines
sync with head
Revision 1.1.4.4: download - view: text, markup, annotated - select for diffs
Wed Jan 16 05:26:14 2013 UTC (12 years, 2 months ago) by yamt
Branches: yamt-pagecache
Diff to: previous 1.1.4.3: preferred, colored; branchpoint 1.1: preferred, colored
Changes since revision 1.1.4.3: +8 -1
lines
sync with (a bit old) head
Revision 1.6: download - view: text, markup, annotated - select for diffs
Sat Dec 29 22:15:07 2012 UTC (12 years, 2 months ago) by christos
Branches: MAIN
CVS tags: yamt-pagecache-base9,
yamt-pagecache-base8,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
khorben-n900,
agc-symver-base,
agc-symver
Branch point for: tls-earlyentropy
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +52 -45
lines
better messages, more quoting.
Revision 1.5: download - view: text, markup, annotated - select for diffs
Mon Dec 17 18:20:50 2012 UTC (12 years, 3 months ago) by apb
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +3 -3
lines
Reinstate the dirname invocations that were recently removed from
rc.d/random_seed. The new dirname shell function provided by rc.subr
will be used, so it should work before the /usr file system is mounted.
This should fix a problem in which the fs_safe shell function failed when
passed the name of a file that did not exist.
Revision 1.4: download - view: text, markup, annotated - select for diffs
Fri Dec 14 18:42:25 2012 UTC (12 years, 3 months ago) by apb
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +16 -10
lines
Avoid using programs from /usr/bin. This should fix PR 47326.
- no need for "dirname", because "df -G" can take a file name directly.
- replace use of "awk" with a shell while read loop.
- replace use of "stat -s" with "ls -ldn".
- no need for "tail" now that the use of "stat" has changed.
While here, also add some shell quotes and improve the grammar in a comment.
Revision 1.2.2.1: download - view: text, markup, annotated - select for diffs
Tue Nov 20 02:57:56 2012 UTC (12 years, 4 months ago) by tls
Branches: tls-maxphys
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +8 -1
lines
Resync to 2012-11-19 00:00:00 UTC
Revision 1.3: download - view: text, markup, annotated - select for diffs
Sat Nov 10 15:10:22 2012 UTC (12 years, 4 months ago) by apb
Branches: MAIN
CVS tags: yamt-pagecache-base7
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +8 -1
lines
Cause /etc/rc.d/random_seed to be the first script to run
after mountcritlocal. Everything else that runs after
mountcritlocal depends directly or indirectly on bootconf, so
making random_seed run before bootconf has the desired result.
Revision 1.1.4.3: download - view: text, markup, annotated - select for diffs
Tue Oct 30 18:49:10 2012 UTC (12 years, 4 months ago) by yamt
Branches: yamt-pagecache
Diff to: previous 1.1.4.2: preferred, colored; branchpoint 1.1: preferred, colored
Changes since revision 1.1.4.2: +2 -2
lines
sync with head
Revision 1.2: download - view: text, markup, annotated - select for diffs
Sun Jul 8 14:25:49 2012 UTC (12 years, 8 months ago) by hans
Branches: MAIN
CVS tags: yamt-pagecache-base6
Branch point for: tls-maxphys
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -2
lines
It's msdos, not msdosfs.
Revision 1.1.4.2: download - view: text, markup, annotated - select for diffs
Tue Apr 17 00:02:59 2012 UTC (12 years, 11 months ago) by yamt
Branches: yamt-pagecache
Diff to: previous 1.1.4.1: preferred, colored; branchpoint 1.1: preferred, colored
Changes since revision 1.1.4.1: +91 -0
lines
sync with head
Revision 1.1.4.1
Wed Nov 23 10:47:48 2011 UTC (13 years, 4 months ago) by yamt
Branches: yamt-pagecache
FILE REMOVED
Changes since revision 1.1: +0 -91
lines
file random_seed was added on branch yamt-pagecache on 2012-04-17 00:02:59 +0000
Revision 1.1: download - view: text, markup, annotated - select for diffs
Wed Nov 23 10:47:48 2011 UTC (13 years, 4 months ago) by tls
Branches: MAIN
CVS tags: yamt-pagecache-base5,
yamt-pagecache-base4,
netbsd-6-base,
netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-1,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
netbsd-6-0,
netbsd-6,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus
Branch point for: yamt-pagecache
Load entropy at system boot (only works at securelevel < 1); save
at system shutdown. Disable with random_seed=NO in rc.conf if desired.
Goes to some trouble to never load or save to network filesystems.
Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.
CVSweb <webmaster@jp.NetBSD.org>