Re: cprng sysctl: WARNING pseudorandom rekeying.

[Iain Hibbert <plunky%rya-online.net@localhost>]

On Fri, 9 Nov 2012, Thor Lancelot Simon wrote:

> On Sat, Nov 10, 2012 at 12:39:59AM +0700, Robert Elz wrote:
> >
> > How?
> >
> > And if that's something that is supposed to be enabled, why does the
> > default install not just enable it?
>
> Did you install by upgrading?  If so, I think what you've run into is
> that your boot loader configuration has the old default entries (or
> whatever changes you made to them) and not the new defaults.

I tried updating the "boot.cfg" bootloader configuration file as you
suggested, but the system fails to boot as the rndseed command is unknown;
what else is required to be updated, is it the on-disk bootblocks or just
the second stage /boot object?

I have done the usual "build.sh release", "build.sh install=/",
"postinstall" and "etcupdate"

(and src/UPDATING should mention this issue)

> If your system has few sources of entropy, and you don't have
> your bootblocks configured to load saved entropy, it is likely
> that the kernel will need to consume entropy for something
> before the rc scripts run and have a chance to load in the
> saved entropy from userspace.

what does the kernel "likely" need entropy for, before the rc scripts run?

> We do need to find a way to ensure that upgrades result in boot.conf
> files which will automatically load entropy if possible.

postinstall(8) is the usual way to handle this sort of thing..

regards,
iain