Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/share/man Clarify that `entropy' may be left unset in rc.conf.



details:   https://anonhg.NetBSD.org/src/rev/c3240eeb322c
branches:  trunk
changeset: 979856:c3240eeb322c
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri Jan 15 15:17:08 2021 +0000

description:
Clarify that `entropy' may be left unset in rc.conf.

diffstat:

 share/man/man5/rc.conf.5 |   9 ++++++++-
 share/man/man7/entropy.7 |  26 +++++++++++++++++---------
 2 files changed, 25 insertions(+), 10 deletions(-)

diffs (68 lines):

diff -r 27cf4cf6962e -r c3240eeb322c share/man/man5/rc.conf.5
--- a/share/man/man5/rc.conf.5  Fri Jan 15 14:07:15 2021 +0000
+++ b/share/man/man5/rc.conf.5  Fri Jan 15 15:17:08 2021 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: rc.conf.5,v 1.188 2021/01/10 23:24:26 riastradh Exp $
+.\"    $NetBSD: rc.conf.5,v 1.189 2021/01/15 15:17:08 riastradh Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -468,6 +468,13 @@
 may cause the system to hang indefinitely at boot if it has neither a
 random seed nor any hardware random number generators \(em use with
 care.
+.Pp
+If unset, the system may come to multiuser without entropy, which is
+unsafe to use on the internet; it is the operator's responsibility to
+heed warnings from the kernel and the daily
+.Xr security.conf 5
+report to remedy the problem \(em see
+.Xr entropy 7 .
 .It Sy envsys
 Boolean value.
 Sets preferences for the environmental systems framework,
diff -r 27cf4cf6962e -r c3240eeb322c share/man/man7/entropy.7
--- a/share/man/man7/entropy.7  Fri Jan 15 14:07:15 2021 +0000
+++ b/share/man/man7/entropy.7  Fri Jan 15 15:17:08 2021 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: entropy.7,v 1.2 2021/01/13 05:21:34 riastradh Exp $
+.\"    $NetBSD: entropy.7,v 1.3 2021/01/15 15:17:09 riastradh Exp $
 .\"
 .\" Copyright (c) 2021 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -114,19 +114,27 @@
 enough for security:
 .Bl -bullet
 .It
-Setting
+.Nx
+issues warnings on the console if there's not enough entropy when
+programs need it; see
+.Xr rnd 4 .
+.It
+The daily security report includes an alert if there's not enough
+entropy; see
+.Xr security.conf 5 .
+.It
+The operator can set
 .Sq Li entropy=check
 in
 .Xr rc.conf 5
-makes
+so that
 .Nx
-refuse to boot to multiuser unless there is enough entropy, or
+will refuse to boot to multiuser unless there is enough entropy, or set
 .Sq Li entropy=wait
-makes it wait for entropy before booting to multiuser (with the caveat
-that it may cause boot to hang forever).
-.It
-The daily security script sends an alert if there is not enough entropy
-.Pq see Xr security.conf 5 .
+so that
+.Nx
+will wait for entropy before booting to multiuser (with the caveat that
+it may cause boot to hang forever).
 .El
 .Pp
 Since it is difficult to confidently model the unpredictability of most



Home | Main Index | Thread Index | Old Index