[BACK]Return to Makefile CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

File: [cvs.NetBSD.org] / src / share / man / man7 / Makefile (download)

Revision 1.36, Sun Jan 10 23:24:26 2021 UTC (3 years, 2 months ago) by riastradh
Branch: MAIN
CVS Tags: netbsd-10-base, netbsd-10-0-RC1, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Branch point for: netbsd-10
Changes since 1.35: +5 -3 lines

Various entropy integration improvements.

- New /etc/security check for entropy in daily security report.

- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
  check for entropy at boot -- in rc.conf, you can:

  . set `entropy=check' to halt multiuser boot and enter single-user
    mode if not enough entropy

  . set `entropy=wait' to make multiuser boot wait until enough entropy

  Default is to always boot without waiting -- and rely on other
  channels like security report to alert the operator if there's a
  problem.

- New man page entropy(7) discussing the higher-level concepts and
  system integration with cross-references.

- New paragraph in afterboot(8) about entropy citing entropy(7) for
  more details.

This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.

I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
  users who have power to affect the entropy estimate (maybe it is,
  just haven't decided).
- We only have a mechanism for changing once at boot; the message would
  remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
  conditionally from boot to boot.

#	$NetBSD: Makefile,v 1.36 2021/01/10 23:24:26 riastradh Exp $
#	@(#)Makefile	8.1 (Berkeley) 6/5/93

.include <bsd.init.mk>

# missing: eqnchar.7 man.7 ms.7 term.7

MAN=	ascii.7 c.7 entropy.7 environ.7 glob.7 groups.7 hier.7 hostname.7 \
	intro.7 \
	kernel_sanitizers.7 mailaddr.7 module.7 nls.7 operator.7 orders.7 \
	pkgsrc.7 release.7 \
	rfc6056.7 security.7 script.7 setuid.7 signal.7 src.7 sticky.7 \
	symlink.7 sysctl.7 tests.7 users.7

CLEANFILES=	tests.7
.if ${MKKYUA} != "no"
tests.7: tests.kyua.7
	rm -f ${.TARGET} && cp ${.ALLSRC} ${.TARGET}
.else
tests.7: tests.atf.7
	rm -f ${.TARGET} && cp ${.ALLSRC} ${.TARGET}
.endif

MLINKS+=c.7 c78.7 \
	c.7 c89.7 \
	c.7 c90.7 \
	c.7 c99.7 \
	entropy.7 random.7

.include <bsd.man.mk>