Fri Dec 6 14:43:30 2019 UTC ()
Save the entropy seed daily in /etc/security.
(riastradh)
diff -r1.125 -r1.126 src/etc/security
diff -r1.26 -r1.27 src/etc/defaults/security.conf
diff -r1.40 -r1.41 src/share/man/man5/security.conf.5
--- src/etc/security 2019/09/18 22:27:55 1.125
+++ src/etc/security 2019/12/06 14:43:30 1.126
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $NetBSD: security,v 1.125 2019/09/18 22:27:55 uwe Exp $
+# $NetBSD: security,v 1.126 2019/12/06 14:43:30 riastradh Exp $
# from: @(#)security 8.1 (Berkeley) 6/9/93
#
@@ -1047,6 +1047,13 @@
esac
done >> $CHANGEFILES
CHANGELIST="$CHANGEFILES $CHANGELIST"
+fi
+
+# Save entropy to ${random_file} if defined, like
+# /etc/rc.d/random_seed.
+#
+if [ -n "${random_file:-}" ]; then
+ rndctl -S "$random_file"
fi
# Special case backups, including the master password file and
--- src/etc/defaults/security.conf 2013/11/06 19:37:05 1.26
+++ src/etc/defaults/security.conf 2019/12/06 14:43:29 1.27
@@ -1,4 +1,4 @@
-# $NetBSD: security.conf,v 1.26 2013/11/06 19:37:05 spz Exp $
+# $NetBSD: security.conf,v 1.27 2019/12/06 14:43:29 riastradh Exp $
#
# /etc/defaults/security.conf --
# default configuration of /etc/security.conf
@@ -46,3 +46,5 @@
check_passwd_permit_nonalpha=NO
max_loginlen=16
max_grouplen=16
+
+random_file=/var/db/entropy-file
--- src/share/man/man5/security.conf.5 2013/11/06 19:37:06 1.40
+++ src/share/man/man5/security.conf.5 2019/12/06 14:43:30 1.41
@@ -1,4 +1,4 @@
-.\" $NetBSD: security.conf.5,v 1.40 2013/11/06 19:37:06 spz Exp $
+.\" $NetBSD: security.conf.5,v 1.41 2019/12/06 14:43:30 riastradh Exp $
.\"
.\" Copyright (c) 1996 Matthew R. Green
.\" All rights reserved.
@@ -282,6 +282,17 @@
and
.Sy check_changelist
instead of just keeping a current copy and a backup copy.
+.It Sy random_file
+Name of the entropy seed file used at boot.
+Default is
+.Pa /var/db/entropy-file
+as used by
+.Pa /etc/rc.d/random_seed .
+Set
+.Sy random_file
+to empty to disable saving a seed every time
+.Pa /etc/security
+runs.
.El
.Sh FILES
.Bl -tag -width /etc/defaults/security.conf -compact