src/libexec/save-entropy, branch release/11.1.0

Add META_MODE support.

2015-06-13T19:20:56+00:00

Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp

Remove NO_OBJ

2015-06-11T04:22:17+00:00

For meta mode we will want objdirs.

Differential Revision:	D2748
Reviewed by:	brooks imp

dirdeps.mk now sets DEP_RELDIR

2015-06-08T23:35:17+00:00

Merge from head@274682

2014-11-19T01:07:58+00:00

This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random.

2014-10-30T21:21:53+00:00

This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.

The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.

The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.

Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.

My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.

My Nomex pants are on. Let the feedback commence!

Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by: so(des)

Merge head from 7/28

2014-08-19T06:50:54+00:00

Don't save entropy inside jails.

2014-07-22T06:40:27+00:00

As of r126744, we no longer feed the entropy device in jails upon
start, and collecting them is no longer useful.

PR:		conf/126744
Submitted by:	Eugene Grosbein  (with minor changes)
MFC after:	1 week
Approved by:	so (des)

We do want objdir

2013-10-13T00:27:34+00:00

New dependencies

2013-10-13T00:22:44+00:00

1. Use install -d to create the entropy_dir if missing so that we can do it

2012-09-04T16:00:51+00:00

   all in one command, with no permissions race.
2. Simplify the rotation logic by cd'ing into the directory, with a test
   to make sure that it succeeds.
3. Remove any files numbered higher than entropy_save_num. This helps when
   the user reduces the number, and may be useful for other purposes down
   the road.
4. Simplify the rotation logic by first testing the common case (it's a
   regular file) then testing if something else exists with the same name
   using elif. Also switch from using jot to simpler countdown format.
5. Fix logger lines and error messages to be more consistent, and wrap the
   code more consistently in the 80 column range. The "not a regular file"
   error message was mistakenly wrapped entirely in "quotes" which caused
   logger to include line-wrapping whitespace. Change that to wrap only
   the variables in quotes, which is both consistent and works better.
6. Update copyright to reflect the fact that changes were made this year.

Parts of 2-4 were taken from etc/periodic/daily/310.accounting