From dfc23ba54be5ca51d500fea6ed51341b580c45dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Fri, 11 Oct 2013 20:21:44 +0000
Subject: [PATCH] After installation, dump 4096 bytes from /dev/random to
 /entropy in the newly installed system.  This should greatly increase the
 amount of entropy available when SSH host keys are generated during first
 boot.

Reviewed by:    markm, nathanw
Approved by:	re (gjb)
---
 usr.sbin/bsdinstall/bsdinstall.8     |  6 +++++-
 usr.sbin/bsdinstall/scripts/Makefile |  6 +++---
 usr.sbin/bsdinstall/scripts/auto     |  3 +++
 usr.sbin/bsdinstall/scripts/entropy  | 29 ++++++++++++++++++++++++++++
 usr.sbin/bsdinstall/scripts/jail     |  2 ++
 usr.sbin/bsdinstall/scripts/script   |  1 +
 6 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 usr.sbin/bsdinstall/scripts/entropy

diff --git a/usr.sbin/bsdinstall/bsdinstall.8 b/usr.sbin/bsdinstall/bsdinstall.8
index 095062f7a2a..5b9cbde9220 100644
--- a/usr.sbin/bsdinstall/bsdinstall.8
+++ b/usr.sbin/bsdinstall/bsdinstall.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 21, 2013
+.Dd October 6, 2013
 .Dt BSDINSTALL 8
 .Os
 .Sh NAME
@@ -60,6 +60,10 @@ targets.
 .Bl -tag -width ".Cm jail Ar destination"
 .It Cm auto
 Run the standard interactive installation, including disk partitioning.
+.It Cm entropy
+Reads a small amount of data from
+.Pa /dev/random
+and stores it in a file in the new system's root directory.
 .It Cm jail Ar destination
 Sets up a new chroot system at
 .Pa destination ,
diff --git a/usr.sbin/bsdinstall/scripts/Makefile b/usr.sbin/bsdinstall/scripts/Makefile
index bcfafc04838..8429e370662 100644
--- a/usr.sbin/bsdinstall/scripts/Makefile
+++ b/usr.sbin/bsdinstall/scripts/Makefile
@@ -1,8 +1,8 @@
 # $FreeBSD$
 
-SCRIPTS= auto adduser checksum config docsinstall hostname jail keymap \
-	 mirrorselect mount netconfig netconfig_ipv4 netconfig_ipv6 rootpass \
-	 script services time umount wlanconfig
+SCRIPTS= auto adduser checksum config docsinstall entropy hostname jail \
+	 keymap mirrorselect mount netconfig netconfig_ipv4 netconfig_ipv6 \
+	 rootpass script services time umount wlanconfig
 BINDIR= /usr/libexec/bsdinstall
 
 NO_MAN=	true
diff --git a/usr.sbin/bsdinstall/scripts/auto b/usr.sbin/bsdinstall/scripts/auto
index fe4e0412bb0..a609e06666a 100755
--- a/usr.sbin/bsdinstall/scripts/auto
+++ b/usr.sbin/bsdinstall/scripts/auto
@@ -222,5 +222,8 @@ if [ $? -eq 0 ]; then
 	chroot "$BSDINSTALL_CHROOT" /bin/sh 2>&1
 fi
 
+bsdinstall entropy
+bsdinstall umount
+
 echo "Installation Completed at $(date)" >> $BSDINSTALL_LOG
 
diff --git a/usr.sbin/bsdinstall/scripts/entropy b/usr.sbin/bsdinstall/scripts/entropy
new file mode 100644
index 00000000000..add6f30da3b
--- /dev/null
+++ b/usr.sbin/bsdinstall/scripts/entropy
@@ -0,0 +1,29 @@
+#!/bin/sh
+#-
+# Copyright (c) 2013 Dag-Erling Smørgrav
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+
+dd if=/dev/random of=$BSDINSTALL_CHROOT/entropy bs=4096 count=1
diff --git a/usr.sbin/bsdinstall/scripts/jail b/usr.sbin/bsdinstall/scripts/jail
index 78fd4c89454..af7a00efa02 100755
--- a/usr.sbin/bsdinstall/scripts/jail
+++ b/usr.sbin/bsdinstall/scripts/jail
@@ -110,5 +110,7 @@ bsdinstall config  || error
 cp /etc/resolv.conf $1/etc
 cp /etc/localtime $1/etc
 
+bsdinstall entropy
+
 echo "Installation Completed at $(date)" >> $BSDINSTALL_LOG
 
diff --git a/usr.sbin/bsdinstall/scripts/script b/usr.sbin/bsdinstall/scripts/script
index 58ae6e973cd..244f3455f25 100755
--- a/usr.sbin/bsdinstall/scripts/script
+++ b/usr.sbin/bsdinstall/scripts/script
@@ -83,6 +83,7 @@ if [ -f /tmp/bsdinstall-installscript-ab ]; then
 	rm $BSDINSTALL_CHROOT/tmp/installscript
 fi
 
+bsdinstall entropy
 bsdinstall umount
 
 echo "Installation Completed at $(date)" >> $BSDINSTALL_LOG