it at boot time closer to the way we want it to be in the final version.
* Move the default directory to /var/db/entropy
* Run the entropy saving cron job every 11 minutes. This seems
to be a better default, although still bikeshed material.
* Feed /dev/random some cheesy "entropy" from various commands
and files before the disks are mounted. This gives /dev/random
a better chance of running without blocking early.
* Move the reseeding with previously stored entropy to the point
immediately after the disks are mounted.
* Make the harvesting script a little safer in regards to the
possibility of accidentally overwriting something other
than a regular file.
it can be used to reseed at boot time. This will greatly increase
the chances that there will be sufficient entropy available at
boot time to prevent long delays.
For /etc/rc, remove the vmstat and iostat runs from the attempt
to provide some cheesy randomness if the files fail, since
those programs are dynamically linked, and ldd seems to want
some randomness to do its magic.
Guidance and parameters for this project were provided by
Mark Murray, based on the requirements of the Yarrow
algorithm. Some helpful suggestions for implementation
(including the tip about iostat and vmstat) were provided
by Sheldon Hearn. All blame for problems or mistakes is
mine of course.
Apply a more consistent style to the echo statements in /etc/ scripts.
* Put quotes around each line
* Single quotes for lines with no variable interpolation
* Double quotes if there is
* Capitalize each word that begins a line
* Make echo -n 'Doing foo:' ... echo '.' more of a standard
Also:
* Use rm -f on /var/run/dev.db so if it's not there (devfs) it doesn't error
* Shorten the ldconfig messages so that the default fits on one line
* Test whether /var/msgs/bounds is a link before overwriting it
* Generally futz around with whitespace
convinced myself that it's better then what we have, but still
not perfect.
/etc/rc : Attempt to seed /dev/random with multiple backoffs.
/etc/rc.shutdown : Attempt to write the entropy_file.
In debugging the above changes, I've run into some
inconsistancies... rc.shutdown is run via 'init 6', but
does not appear to be run via '/sbin/reboot'. Thus, this
set of changes improves life depending on the mechanism
used to shut the system down.
Submitted by: Doug Barton <DougB@gorean.org>
Approved by: markm
which really wasn't such a hot idea in retrospect.
If the random device isn't available, it probably isn't wanted.
If it's wanted, it should be enabled in loader.conf.
the output for the linux_enable and svr4_enable stuff "floating
in the middle of nowhere".
Give them their own section, called "additional ABI support".
kernel modules for ibcs2_enable and svr4_enable.
Don't rely on a shell script to do the neglibly less simple
job of loading a kernel module and running one command for
linux_enable.
These shell scripts are going away.
it lives in /usr/bin. Instead, locate files manually.
Note, only *files* under /var/spool/lock are now deleted rather
than everything that's not a directory. I think this is more
correct, but if anyone disagrees please feel free to change it.
Problem pointed out by: bde
time, and this is used to reseed the random number generator at
boot time.
NOTE - this has no hope of working if you halt(); you need to
execute rc.shutdown to get the entropy stash.
scripts may use to source safely overrides in ${rc_conf_files}
files.
This protects users who insist on the bad practice of copying
/etc/defaults/rc.conf to /etc/rc.conf from a recursive loop
that exhausts available file descriptors.
Several people have expressed interest in breaking this function
out into its own shell script. Anyone who wants to embark on
such an undertaking would do well to study the attributed PR.
PR: 17595
Reported by: adrian
Submitted by: Doug Barton <Doug@gorean.org>
Initial version created by, and kindly much tested by:
bmah@CA.Sandia.GOV (Bruce A. Mah)
Approved by: jkh
Reviewed by: bmah@CA.Sandia.GOV (Bruce A. Mah),
Ollivier Robert <roberto@keltia.freenix.fr>
Obtained from: KAME project
Changes are:
- rpc.umntall is called at the right places now in /etc/rc*
- rpc.umntall timeout has been lowered from two days (too high) to one
- verbose messages in rpc.umntall have been clarified
- kill double entries in /var/db/mounttab when rpc.umntall is invoked
- ${early_nfs_mounts} has been removed from /etc/rc
- patched mount(8) -p to print different pass/dump values for ufs filesystems.
(last patch recieved from dan <bugg@bugg.strangled.net>)
Submitted by: Martin Blapp <mbr@imp.ch>, dan <bugg@bugg.strangled.net>
The current offical Sendmail Inc. version uses /var/mail/ and when we upgrade
our repository to that version, we will get the change. It is best to make
the path change in 4.0-R (which may not have the latest Sendmail Inc. version,
than to change in mid-4.x stream when we may upgrade.
Ok'ed by: Peter (quite a while ago)
rundown script 'reboot' or 'single'. ISO support (which never
worked) has been removed from mount_nfs. mount_nfs and umount
now use mounttab, which allows umntall to work properly. The
rc scripts now call umntall as appropriate.
Submitted by: Martin Blapp <mb@imp.ch>
daemons started. Move log_in_vain option there. It is needed to avoid
lot of connections to port 80 logged on production WWW server prior
Apache started from /usr/local/etc/rc.d
...
recover vi
msgs/bounds
update MOTD
rc.{arch}
rc.devfs
rc.local
$local.startup
securelevel
The motive behind this is to delay rc.{arch} as long as possible,
as it loads the screensaver, which kills the splash screen.
But at the same time, it can't be done after rc.devfs, as
that might depend on arch specific actions. rc.local and local.startup
also should come after these, and securelevel must be last of all.
this is no longer the right way to start Vinum unless you are doing some
kind of maintenance, and that's not the sort of thing that would go into
rc.conf.
