Date: Sun, 15 Oct 2000 14:26:53 -0700 From: Doug Barton <DougB@gorean.org> To: Manfred Antar <null@pozo.com> Cc: current@freebsd.org, Mark Murray <markm@freebsd.org> Subject: Re: Entropy file problem Message-ID: <39EA211D.2F2695AF@gorean.org> References: <5.0.0.25.2.20001015133002.00a598e8@pozo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------00D4ABFBD295D2E6CA04765A
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Manfred Antar wrote:
>
> When setting entropy_file="/var/db/entropy" in rc.conf
> This error happens:
> No entropy file, trying other sources
> After a few minutes the machine continues booting
> /var is mounted on a separate partition from /
Try the attached patch. It's been approved in concept by Mark Murray,
and is waiting for a committer to pick it up while Mark travels to
BSDcon.
Doug
--
"The dead cannot be seduced."
- Kai, "Lexx"
Do YOU Yahoo!?
--------------00D4ABFBD295D2E6CA04765A
Content-Type: text/plain; charset=us-ascii;
name="entropy.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="entropy.diff"
Index: rc
===================================================================
RCS file: /usr/ncvs/src/etc/rc,v
retrieving revision 1.234
diff -u -r1.234 rc
--- rc 2000/10/14 12:56:08 1.234
+++ rc 2000/10/15 08:07:00
@@ -69,26 +69,19 @@
. /etc/rc.conf
fi
-# Recover some entropy so the rebooting /dev/random can reseed
+
+# First pass at entropy recovery so the rebooting /dev/random can reseed.
#
case ${entropy_file} in
[Nn][Oo] | '')
;;
*)
if [ -w /dev/random ]; then
- if [ -f ${entropy_file} -a -r ${entropy_file} ]; then
- echo "Reading entropy file"
+ if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \
+ -s "${entropy_file}" ]; then
+ echo "Using ${entropy_file} as an entropy file"
cat ${entropy_file} > /dev/random 2> /dev/random
- rm -f ${entropy_file}
- else
- echo "No entropy file, trying other sources"
- # XXX temporary until we can get the entropy
- # harvesting rate up
- # Entropy below is not great, but better than nothing.
- (ps -gauxwww; iostat; vmstat; dmesg) > /dev/random 2> /dev/random
- ( for i in /etc /var/run ; do
- cd $i ; ls -al ; cat *
- done ) > /dev/random 2> /dev/random
+ entropy_reseeded=yes
fi
fi
;;
@@ -182,6 +175,45 @@
if [ -n "${diskless_mount}" -a -r "${diskless_mount}" ]; then
sh ${diskless_mount}
fi
+
+# Second attempt at reseeding, if needed.
+#
+case ${entropy_reseeded} in
+yes)
+ ;;
+*)
+ case ${entropy_file} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ if [ -w /dev/random ]; then
+ if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \
+ -s "${entropy_file}" ]; then
+ echo "Using ${entropy_file} as an entropy file"
+ cat ${entropy_file} > /dev/random 2> /dev/random
+ elif [ "${entropy_file}" != /var/db/entropy -a \
+ -f /var/db/entropy -a -r /var/db/entropy -a \
+ -s /var/db/entropy ]; then
+ echo "Using /var/db/entropy as an entropy file"
+ cat /var/db/entropy > /dev/random 2> /dev/random
+ else
+ echo "Can't use ${entropy_file} as an entropy file, trying other sources"
+ # XXX temporary until we can get the entropy
+ # harvesting rate up
+ # Entropy below is not great, but better than nothing.
+ (ps -gauxwww; iostat; vmstat; sysctl -a; dmesg) > /dev/random 2> /dev/random
+ ( for i in /etc /var/run ; do
+ cd $i ; ls -al ; cat *
+ done ) > /dev/random 2> /dev/random
+ fi
+ fi
+ ;;
+ esac
+ ;;
+esac
+
+# Remove these to prevent problems on future reboots
+rm -f "${entropy_file}" /var/db/entropy
adjkerntz -i
Index: rc.shutdown
===================================================================
RCS file: /usr/ncvs/src/etc/rc.shutdown,v
retrieving revision 1.12
diff -u -r1.12 rc.shutdown
--- rc.shutdown 2000/10/08 19:18:24 1.12
+++ rc.shutdown 2000/10/15 07:05:14
@@ -62,9 +62,25 @@
rm -f ${entropy_file}
oumask=`umask`
umask 077
- touch ${entropy_file} && \
- dd if=/dev/random of=${entropy_file} \
+ if touch ${entropy_file} ; then
+ entropy_file_confirmed="${entropy_file}"
+ else
+ # Try this as a reasonable alternative for read-only
+ # roots, diskless workstations, etc.
+ rm -f /var/db/entropy
+ if touch /var/db/entropy ; then
+ entropy_file_confirmed=/var/db/entropy
+ fi
+ fi
+ case ${entropy_file_confirmed} in
+ '')
+ echo "ERROR: entropy file write failed"
+ ;;
+ *)
+ dd if=/dev/random of=${entropy_file_confirmed} \
bs=4096 count=1 2> /dev/null
+ ;;
+ esac
umask ${oumask}
;;
esac
Index: defaults/rc.conf
===================================================================
RCS file: /usr/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.80
diff -u -r1.80 rc.conf
--- defaults/rc.conf 2000/10/06 12:24:45 1.80
+++ defaults/rc.conf 2000/10/15 04:08:07
@@ -313,8 +313,8 @@
update_motd="YES" # update version info in /etc/motd (or NO)
start_vinum="" # set to YES to start vinum
unaligned_print="YES" # print unaligned access warnings on the alpha (or NO).
-entropy_file="/var/db/entropy"
- # Set to NO to disable caching entropy through reboots
+entropy_file="/entropy" # Set to NO to disable caching entropy through reboots.
+ # /var/db/entropy is preferred if / is not available.
##############################################################
### Define source_rc_confs, the mechanism used by /etc/rc.* ##
--------------00D4ABFBD295D2E6CA04765A--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39EA211D.2F2695AF>