NetBSD Problem Report #57254

From www@netbsd.org  Thu Mar  2 20:00:26 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id BE0751A9239
	for <gnats-bugs@gnats.NetBSD.org>; Thu,  2 Mar 2023 20:00:26 +0000 (UTC)
Message-Id: <20230302200025.30E341A923C@mollari.NetBSD.org>
Date: Thu,  2 Mar 2023 20:00:25 +0000 (UTC)
From: lloyd@must-have-coffee.gen.nz
Reply-To: lloyd@must-have-coffee.gen.nz
To: gnats-bugs@NetBSD.org
Subject: Enhancement to NetBSD /etc/rc.d/entropy
X-Send-Pr-Version: www-1.0

>Number:         57254
>Category:       bin
>Synopsis:       Enhancement to NetBSD /etc/rc.d/entropy
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 02 20:05:00 +0000 2023
>Last-Modified:  Fri Apr 07 19:30:02 +0000 2023
>Originator:     Lloyd Parkes
>Release:        10.0_BETA
>Organization:
Must Have Coffee
>Environment:
NetBSD ceph4.must-have-coffee.gen.nz 10.0_BETA NetBSD 10.0_BETA (GENERIC) #2: Wed Dec 21 12:02:20 NZDT 2022  lloyd@ceph4.must-have-coffee.gen.nz:/home/lloyd/NetBSD/objdir/sys/arch/amd64/compile/GENERIC amd64

>Description:
I like the work that has been done to the entropy system and I especially like usability improvements that have been made since I first saw the new entropy system. I can see one (rare) way that NetBSD users might find themselves without entropy and this minor enhancement to /etc/rc.d/entropy should catch it.

It would be good if this enhancement was applied to current and the 10 branch.

I have labelled this serious/medium because entropy makes some people angry and not because I think a lot of people will benefit from this enhancement directly.
>How-To-Repeat:
I have a habit of building new ways to build NetBSD images every few years and it occurred to me that people using custom images will bypass the entropy checks in the installer.

Someone installing an image that doesn't take care of the lack of entropy on older hardware will encounter unexpected application hangs, particularly in Python.
>Fix:
The patch at https://gist.github.com/lparkes/b082088e36c06c6dc0b27309431cf1bf alters to default behaviour of /etc/rc.d/entropy so that it complains loudly without interrupting multiuser boot.

The general behaviour of NetBSD is not changed, but now the sysadmin has messages in their logs telling them that something is wrong. /etc/rc.d/entropy with this patch will output an error message to the console and exit with status 1. This will cause /etc/rc.d/entropy to be listed as a failed service in /run/rc.log and on the console after the system has finished booting.

I don't know about other people who build images, but I always check the console and/or /run/rc.log when booting a new image.

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: Taylor R Campbell <riastradh@NetBSD.org>
Subject: Re: bin/57254: make missing entropy complain more verbosly
Date: Thu, 6 Apr 2023 17:10:48 +0200

 I like the idea and the patch.

 Martin

From: Taylor R Campbell <riastradh@NetBSD.org>
To: Martin Husemann <martin@duskware.de>
Cc: gnats-bugs@NetBSD.org
Subject: Re: bin/57254: make missing entropy complain more verbosly
Date: Fri, 7 Apr 2023 11:17:43 +0000

 Confused, how is this different from setting entropy=check?

From: Lloyd Parkes <lloyd@must-have-coffee.gen.nz>
To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: bin/57254: make missing entropy complain more verbosly
Date: Sat, 8 Apr 2023 07:29:07 +1200

 On 7/04/23 23:20, Taylor R Campbell wrote:
 >
 >   Confused, how is this different from setting entropy=check?
 >   

 Setting entropy=check will halt multi-user boot, this will not. Instead 
 an error is logged in the same way as, say, Postfix being unable to 
 start because the hostname or DNS isn't configure correctly.

 My initial use case was for people building custom NetBSD images. When I 
 do test my custom images, I boot them and then check /var/run/rc.log to 
 see which services have failed because that provides a nice succinct 
 list of problems that I need to fix.

 Cheers,
 Lloyd

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.