From owner-cvs-all Sat Jan 13 23:54:28 2001 Delivered-To: cvs-all@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id 74E3337B400; Sat, 13 Jan 2001 23:54:00 -0800 (PST) Received: from FreeBSD.org (Studded@master [10.0.0.2]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id XAA57770; Sat, 13 Jan 2001 23:53:59 -0800 (PST) (envelope-from DougB@FreeBSD.org) Message-ID: <3A615B17.39E1E474@FreeBSD.org> Date: Sat, 13 Jan 2001 23:53:59 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc crontab rc src/etc/defaults rc.confsrc/etc/mtree BSD.root.dist BSD.var.dist src/libexec/save-entropysave-entropy.sh References: <200101140718.f0E7IWR21377@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Welcome to round 2. :) A number of changes have been made, and various helpful suggestions have been incorporated. The previous attempt to store the entropy gathered by the periodic harvester on the root partition and use it to help the reseed at boot effort has been abandoned. Instead, I've moved it to the point after the disks are mounted which will be its permanent home. We're still discussing the fate of the file that's written out at shutdown. My inclination is to keep it, although when the new disk/network device harvesters are in it will likely be removed from the pre-disk mount part of rc, and the default file path will be $entropy_dir/shutdown. The reasons for keeping it include greater potential for having some good random bits to use for reseed, and to give the admin a more fine-grained solution. You could easily disable the periodic harvesting but leave the shutdown version in place, for example. Since the "cheesy" entropy that was previously a fallback option for entropy_file read failures is now included at the beginning of rc, that code in its more permanent location (after the disks are mounted) has been dramatically simplified. As stated, the 11 minute period for the harvesting is still extremely bike shed'able, however I really don't want to wade into it any further. The operation of writing out the file generates so little load that I've never noticed it on my home workstation which has been running it for days at the 3 minute period. I could understand how someone running a super heavily loaded system might want to disable it, especially for a long running machine. However, someone in this position already has things that need to be tweaked, so I think this is a safe default. So, let the games begin. :) Doug Barton wrote: > > dougb 2001/01/13 23:18:32 PST > > Modified files: > etc crontab rc > etc/defaults rc.conf > etc/mtree BSD.root.dist BSD.var.dist > libexec/save-entropy save-entropy.sh > Log: > Move the process of storing entropy from /dev/random and reseeding with > it at boot time closer to the way we want it to be in the final version. > > * Move the default directory to /var/db/entropy > * Run the entropy saving cron job every 11 minutes. This seems > to be a better default, although still bikeshed material. > * Feed /dev/random some cheesy "entropy" from various commands > and files before the disks are mounted. This gives /dev/random > a better chance of running without blocking early. > * Move the reseeding with previously stored entropy to the point > immediately after the disks are mounted. > * Make the harvesting script a little safer in regards to the > possibility of accidentally overwriting something other > than a regular file. > > Revision Changes Path > 1.29 +4 -4 src/etc/crontab > 1.248 +34 -55 src/etc/rc > 1.85 +2 -2 src/etc/defaults/rc.conf > 1.49 +0 -4 src/etc/mtree/BSD.root.dist > 1.44 +5 -1 src/etc/mtree/BSD.var.dist > 1.2 +21 -11 src/libexec/save-entropy/save-entropy.sh > > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/crontab.diff?&r1=1.28&r2=1.29&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/rc.diff?&r1=1.247&r2=1.248&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/defaults/rc.conf.diff?&r1=1.84&r2=1.85&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/mtree/BSD.root.dist.diff?&r1=1.48&r2=1.49&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/etc/mtree/BSD.var.dist.diff?&r1=1.43&r2=1.44&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/libexec/save-entropy/save-entropy.sh.diff?&r1=1.1&r2=1.2&f=h -- "The most difficult thing in the world is to know how to do a thing and to watch someone else do it wrong without comment." -- Theodore H. White Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message