[src/trunk]: src Save the entropy seed daily in /etc/security.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src Save the entropy seed daily in /etc/security.
From: riastradh <riastradh%NetBSD.org@localhost>
Date: Mon, 08 Nov 2021 10:13:56 +0000

details:   https://anonhg.NetBSD.org/src/rev/0df96ee96ca3
branches:  trunk
changeset: 1005389:0df96ee96ca3
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri Dec 06 14:43:29 2019 +0000

description:
Save the entropy seed daily in /etc/security.

diffstat:

 etc/defaults/security.conf     |   4 +++-
 etc/security                   |   9 ++++++++-
 share/man/man5/security.conf.5 |  13 ++++++++++++-
 3 files changed, 23 insertions(+), 3 deletions(-)

diffs (67 lines):

diff -r ebf2d87204bc -r 0df96ee96ca3 etc/defaults/security.conf
--- a/etc/defaults/security.conf        Fri Dec 06 14:43:18 2019 +0000
+++ b/etc/defaults/security.conf        Fri Dec 06 14:43:29 2019 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: security.conf,v 1.26 2013/11/06 19:37:05 spz Exp $
+#      $NetBSD: security.conf,v 1.27 2019/12/06 14:43:29 riastradh Exp $
 #
 # /etc/defaults/security.conf --
 #      default configuration of /etc/security.conf
@@ -46,3 +46,5 @@
 check_passwd_permit_nonalpha=NO
 max_loginlen=16
 max_grouplen=16
+
+random_file=/var/db/entropy-file
diff -r ebf2d87204bc -r 0df96ee96ca3 etc/security
--- a/etc/security      Fri Dec 06 14:43:18 2019 +0000
+++ b/etc/security      Fri Dec 06 14:43:29 2019 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#      $NetBSD: security,v 1.125 2019/09/18 22:27:55 uwe Exp $
+#      $NetBSD: security,v 1.126 2019/12/06 14:43:30 riastradh Exp $
 #      from: @(#)security      8.1 (Berkeley) 6/9/93
 #
 
@@ -1049,6 +1049,13 @@
        CHANGELIST="$CHANGEFILES $CHANGELIST"
 fi
 
+# Save entropy to ${random_file} if defined, like
+# /etc/rc.d/random_seed.
+#
+if [ -n "${random_file:-}" ]; then
+       rndctl -S "$random_file"
+fi
+
 # Special case backups, including the master password file and
 # ssh private host keys. The normal backup mechanisms for
 # $check_changelist (see below) also print out the actual file
diff -r ebf2d87204bc -r 0df96ee96ca3 share/man/man5/security.conf.5
--- a/share/man/man5/security.conf.5    Fri Dec 06 14:43:18 2019 +0000
+++ b/share/man/man5/security.conf.5    Fri Dec 06 14:43:29 2019 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: security.conf.5,v 1.40 2013/11/06 19:37:06 spz Exp $
+.\"    $NetBSD: security.conf.5,v 1.41 2019/12/06 14:43:30 riastradh Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -282,6 +282,17 @@
 and
 .Sy check_changelist
 instead of just keeping a current copy and a backup copy.
+.It Sy random_file
+Name of the entropy seed file used at boot.
+Default is
+.Pa /var/db/entropy-file
+as used by
+.Pa /etc/rc.d/random_seed .
+Set
+.Sy random_file
+to empty to disable saving a seed every time
+.Pa /etc/security
+runs.
 .El
 .Sh FILES
 .Bl -tag -width /etc/defaults/security.conf -compact

Prev by Date: [src/trunk]: src/sbin/rndctl Teach `rndctl -L' to update the seed file, not j...
Next by Date: [src/trunk]: src/sys/dev/dm dm: Don't ignore dm_target_alloc() argument
Previous by Thread: [src/trunk]: src/sbin/rndctl Teach `rndctl -L' to update the seed file, not j...
Next by Thread: [src/trunk]: src/sys/dev/dm dm: Don't ignore dm_target_alloc() argument
Indexes:

Home | Main Index | Thread Index | Old Index