diff options
Diffstat (limited to 'UPDATING')
| -rw-r--r-- | UPDATING | 54 |
1 files changed, 38 insertions, 16 deletions
@@ -36,23 +36,45 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW: 20141231 entry below for information about prerequisites and upgrading, if you are not already using 3.5.0 or higher. -20150616: - /etc/make.conf now included earlier. - sys.mk now includes /etc/make.conf and {local,src}.sys.mk earlier - than previously. - This makes it simple to interpose external toolchains etc. - However it may cause problems for users who have things like:: - - INSTALL+= something - - in /etc/make.conf, since INSTALL is not yet defined. - A safe fix for that is to have:: +20150630: + The default kernel entropy-processing algorithm is now + Fortuna, replacing Yarrow. + + Assuming you have 'device random' in your kernel config + file, the configurations allow a kernel option to override + this default. You may choose *ONE* of: + + options RANDOM_YARROW # Legacy /dev/random algorithm. + options RANDOM_DUMMY # Blocking-only driver. + + If you have neither, you get Fortuna. For most people, + read no further, Fortuna will give a /dev/random that works + like it always used to, and the difference will be irrelevant. + + If you remove 'device random', you get *NO* kernel-processed + entopy at all. This may be acceptable to folks building + embedded systems, but has complications. Carry on reading, + and it is assumed you know what you need. + + *PLEASE* read random(4) and random(9) if you are in the + habit of tweeking kernel configs, and/or if you are a member + of the embedded community, wanting specific and not-usual + behaviour from your security subsystems. + + NOTE!! If you use RANDOM_DUMMY and/or have no 'device + random', you will NOT have a functioning /dev/random, and + many cryptographic features will not work, including SSH. + You may also find strange behaviour from the random(3) set + of library functions, in particular sranddev(3), srandomdev(3) + and arc4random(3). The reason for this is that the KERN_ARND + sysctl only returns entropy if it thinks it has some to + share, and with RANDOM_DUMMY or no 'device random' this + will never happen. + +20150623: + An additional fix for the issue described in the 20150614 sendmail + entry below has been been committed in revision 284717. - INSTALL?= install - INSTALL+= something - - which is equivalent to previous behavior. - 20150616: FreeBSD's old make (fmake) has been removed from the system. It is available as the devel/fmake port or via pkg install fmake. |
