Date: Tue, 03 Sep 2019 14:07:49 -0000 From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: Warner Losh <imp@bsdimp.com> Cc: Ian Lepore <ian@freebsd.org>, Emmanuel Vadot <manu@bidouilliste.com>, "Conrad E. Meyer" <cem@freebsd.org>, Justin Hibbits <chmeeedalf@gmail.com>, src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys Message-ID: <201904161554.x3GFsCZF095442@gndrsh.dnsmgr.net> In-Reply-To: <CANCZdfrNsBMqKrnqVzTNVNwCcHj5ZYrKhjss_%2Bp6i=rKqwYFNA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, Apr 16, 2019 at 9:16 AM Ian Lepore <ian@freebsd.org> wrote: > > > On Tue, 2019-04-16 at 07:18 -0600, Warner Losh wrote: > > > On Tue, Apr 16, 2019, 7:04 AM Emmanuel Vadot <manu@bidouilliste.com> > > > wrote: > > > > > > > On Mon, 15 Apr 2019 17:54:56 -0700 > > > > Conrad Meyer <cem@freebsd.org> wrote: > > > > > > > > > On Mon, Apr 15, 2019 at 5:53 PM Conrad Meyer <cem@freebsd.org> > > > > > wrote: > > > > > > E.g., the CI infrastructure for > > > > > > Riscv/Arm is/was generating minimal filesystem images and not > > > > > > populating /boot/entropy. > > > > > > > > > > I should add, I say "is/was" because I have a PR out which may > > > > > address > > > > > the problem: https://github.com/freebsd/freebsd-ci/pull/31 > > > > > > > > > > Best, > > > > > Conrad > > > > > > > > It's not only CI, all release images (memstick, iso) don't have > > > > a /boot/entropy. > > > > Also all arm/arm64 image don't have this file too. > > > > If /boot/entropy is needed and isn't present loader(8) should > > > > gather > > > > some entropy and pass this to the kernel for the first boot. > > > > > > > > > > Maybe we need to bootstrap the entropy file as part of buildworld. > > > I'm not > > > sure if the loader can find enough... > > > > > > > > Isn't a file full of data which is distributed in identical form to > > everyone the exact opposite of entropy? > > > > It's just to bootstrap entropy for installs. The CI stuff doesn't matter if > that's the same since the CI images aren't exposed to the internet in any > way that would make it matter. Incorrect, the CI artifacts are publically avaliable. I infact have Makefiles that take any given CI build artifact set and create a VM from it, I use this for bisecting failures and other testing. > The normal install would have the same seeds > of entropy, but diverge from there fairly quickly. The stuff that's used > early in the install is the don't care sort of things that won't matter in > the installer (which then creates it's own entropy that's different for > every install). I have concerns here, if I use a distribution with a canned entropy in it to make a file system that is snapshotted, aka frozen in time, that its entropy would be repeatable. This file system is never run through any installer, it is, I believe, how most of the Cloud images are created. > Warner -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904161554.x3GFsCZF095442>