The bootloader will now load the /boot/random.seed file if it exists, in
which case the kernel will use it as the initial kernel entropy. The kernel
warns if no random seed was loaded, unless the --no-random-seed option was
given. This option is used for live environments that inherently have no
prior secret state. The kernel initializes its entropy pool from the random
seed as of the first things, so randomness is available very early on.
init(8) will emit a fresh /boot/random.seed file on boot to avoid the same
entropy being used twice. init(8) also writes out /boot/random.seed on
system shutdown where the system has the most entropy. init(8) will warn if
writing the file fails, except if /boot is a real-only filesystem, and
keeping such state is impossible. The system administrator is then
responsible for ensuring the bootloader somehow passes a fresh random seed
on the next boot.
/boot/random.seed must be owned by the root user and root group and must
have file permissions 600 to avoid unprivileged users can read it. The file
is passed to the kernel by the bootloader as a multiboot module with the
command line --random-seed.
If no random seed is loaded, the kernel attempts a poor quality fallback
where it seeds the kernel arc4random(3) continuously with the current time.
The timing variance may provide some effective entropy. There is no real
kernel entropy gathering yet. The read of the CMOS real time clock is moved
to an early point in the kernel boot, so the current time is available as
fallback entropy.
The kernel access of the random seed module is supposed to be infallible
and happens before the kernel log is set up, but there is not yet a failsafe
API for mapping single pages in the early kernel.
sysupgrade(8) creates /boot/random.seed if it's absent as a temporary
compatibility measure for people upgrading from the 1.0 release. The GRUB
port will need to be upgraded with support for /boot/random.seed in the
10_sortix script. Installation with manual bootloader configuration will
need to load the random seed with the --random-seed command line. With GRUB,
this can be done with: module /boot/random.seed --random-seed
The chain-merge target now invokes the /sysmerge init(8) with the merge
target, which now mounts the mountpoints. This change allows having a /boot
partition for the purpose of sysupgrade(8).
execl(3) and its variants use a sentinel to terminate the variadic
argument list, in the form of a null pointer constant of type pointer to
char. POSIX mandates that NULL is a null pointer constant of type
pointer to void, which is not of an equivalent type to that required by
execl(3) and its variants, resulting in undefined behaviour.
This commit casts all such instances of NULL to pointer to char type.
For consistency, it also adds const-qualification to any such instances
which had already been casted, and were not const-qualified.
Add short options for most long options. Rename the -i option to -H, but
support -i for compatibility until the next release cycle, where -i will
become the short option of --identifier. Rename --include to --headers
and support --include until the next release cycle.
Add carray(1) manual page which makes --help unnecessary, and remove
--version as it surely matches your local Sortix version.
Jonas 'Sortie' Termansen
Daniel Roskams
Ralph Holmes
rocketpenguin1
Nicholas De Nova