> On Tue, Apr 16, 2019 at 9:16 AM Ian Lepore <i...@freebsd.org> wrote: > > > On Tue, 2019-04-16 at 07:18 -0600, Warner Losh wrote: > > > On Tue, Apr 16, 2019, 7:04 AM Emmanuel Vadot <m...@bidouilliste.com> > > > wrote: > > > > > > > On Mon, 15 Apr 2019 17:54:56 -0700 > > > > Conrad Meyer <c...@freebsd.org> wrote: > > > > > > > > > On Mon, Apr 15, 2019 at 5:53 PM Conrad Meyer <c...@freebsd.org> > > > > > wrote: > > > > > > E.g., the CI infrastructure for > > > > > > Riscv/Arm is/was generating minimal filesystem images and not > > > > > > populating /boot/entropy. > > > > > > > > > > I should add, I say "is/was" because I have a PR out which may > > > > > address > > > > > the problem: https://github.com/freebsd/freebsd-ci/pull/31 > > > > > > > > > > Best, > > > > > Conrad > > > > > > > > It's not only CI, all release images (memstick, iso) don't have > > > > a /boot/entropy. > > > > Also all arm/arm64 image don't have this file too. > > > > If /boot/entropy is needed and isn't present loader(8) should > > > > gather > > > > some entropy and pass this to the kernel for the first boot. > > > > > > > > > > Maybe we need to bootstrap the entropy file as part of buildworld. > > > I'm not > > > sure if the loader can find enough... > > > > > > > > Isn't a file full of data which is distributed in identical form to > > everyone the exact opposite of entropy? > > > > It's just to bootstrap entropy for installs. The CI stuff doesn't matter if > that's the same since the CI images aren't exposed to the internet in any > way that would make it matter.
Incorrect, the CI artifacts are publically avaliable. I infact have Makefiles that take any given CI build artifact set and create a VM from it, I use this for bisecting failures and other testing. > The normal install would have the same seeds > of entropy, but diverge from there fairly quickly. The stuff that's used > early in the install is the don't care sort of things that won't matter in > the installer (which then creates it's own entropy that's different for > every install). I have concerns here, if I use a distribution with a canned entropy in it to make a file system that is snapshotted, aka frozen in time, that its entropy would be repeatable. This file system is never run through any installer, it is, I believe, how most of the Cloud images are created. > Warner -- Rod Grimes rgri...@freebsd.org _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
