CVS commit: src

Fri, 30 Jun 2023 14:44:20 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Fri Jun 30 21:44:09 UTC 2023

Modified Files:
        src/etc/defaults: rc.conf
        src/share/man/man5: rc.conf.5

Log Message:
rc.conf(5): Set entropy=wait by default.

We no longer block indefinitely -- if nothing else, the hardclock
timer should yield enough samples to unblock /dev/random on all but
the most severely deterministic machines -- so it should be generally
safe for availability to set entropy=wait.

This doesn't guarantee that HWRNG/seed has been provided before you
run ssh-keygen or call getentropy(3) in a user application, but it
does raise the security above netbsd<=9.

PR security/55659
PR lib/56905

XXX pullup-10


To generate a diff of this commit:
cvs rdiff -u -r1.163 -r1.164 src/etc/defaults/rc.conf
cvs rdiff -u -r1.192 -r1.193 src/share/man/man5/rc.conf.5

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/etc/defaults/rc.conf
diff -u src/etc/defaults/rc.conf:1.163 src/etc/defaults/rc.conf:1.164
--- src/etc/defaults/rc.conf:1.163	Fri Feb  3 13:53:40 2023
+++ src/etc/defaults/rc.conf	Fri Jun 30 21:44:09 2023
@@ -1,4 +1,4 @@
-#	$NetBSD: rc.conf,v 1.163 2023/02/03 13:53:40 mlelstv Exp $
+#	$NetBSD: rc.conf,v 1.164 2023/06/30 21:44:09 riastradh Exp $
 #
 # /etc/defaults/rc.conf --
 #	default configuration of /etc/rc.conf
@@ -388,9 +388,10 @@ veriexec_flags="-k"
 random_seed=YES
 
 # Set to `check' to abort multi-user boot if not enough entropy, or
-# `wait' to wait until enough entropy.
+# `wait' to wait until enough entropy, or `' (empty) to boot without
+# waitingor checking.
 #
-entropy=""
+entropy="wait"
 
 # Creating / updating of man page index on boot
 makemandb=YES

Index: src/share/man/man5/rc.conf.5
diff -u src/share/man/man5/rc.conf.5:1.192 src/share/man/man5/rc.conf.5:1.193
--- src/share/man/man5/rc.conf.5:1.192	Sun Feb 20 14:43:39 2022
+++ src/share/man/man5/rc.conf.5	Fri Jun 30 21:44:09 2023
@@ -1,4 +1,4 @@
-.\"	$NetBSD: rc.conf.5,v 1.192 2022/02/20 14:43:39 alnsn Exp $
+.\"	$NetBSD: rc.conf.5,v 1.193 2023/06/30 21:44:09 riastradh Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -454,11 +454,13 @@ from the output of
 Passes
 .Sy dmesg_flags .
 .It Sy entropy
-A string,
-.Sq Li check
+A string, either
+.Sq Li check ,
+.Sq Li wait ,
 or
-.Sq Li wait .
-If set, then during boot-up, after
+.Sq Li ""
+(empty).
+If set and nonempty, then during boot-up, after
 .Sy random_seed
 and
 .Sy rndctl ,

Reply via email to