Created attachment 249054 [details] Patch While entropy_file is already being disable during the preparation of the image, entropy_boot_file remains enabled, giving the above mentioned error/warning. The proposed solution is to disable it as well, see patch attached.
Created attachment 249541 [details] Patch There is a similar variable in /boot/defaults/loader.conf, which is now also disabled - including the boot-time setting of `hostuuid`, since it needs to wait until /cfg is mounted during a later stage.
Created attachment 254993 [details] Overlayed /etc/rc.d/random While that is one alternative, it might also need setting entropy_dir="NO", to disable caching entropy via cron. There are a few systems where I definitely need the entropy file, and have a patch similar to the one attached. For some reason, I do not like my patch. I guess my main fear is the wear it can exert on some devices, but I'm sharing it here, just in case it could work for your use case.
Created attachment 255014 [details] nanoBSD: disable entropy caching and early hostuuid (In reply to Jose Luis Duran from comment #2) Thanks for the pointer, I added it to the patch to be consistent - /var/db/entropy is empty at boot time, anyways. No need for cron to save anything. I'm not sure about the exact boot order here, but maybe it is possible to use some external drive for the entropy to mitigate the wear?
(In reply to embhd from comment #3) Yes! RANDOM_PURE_TPM and EFIRNG come to mind, but I haven't tested either of them lately. I'll try to set up a lab over the weekend to test this, as well as other NanoBSD-related bugs. I've moved on to building NanoBSD-like images using Poudriere directly, so bear with me. At any rate, I wouldn't hold my breath on this PR. Thank you!
Created attachment 255015 [details] nanoBSD: disable entropy caching and early hostuuid
After some local testing, I'm trying to sell it: https://reviews.freebsd.org/D47502
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e5579f98c02ff64b0c305f6731c3557ba69c2d25 commit e5579f98c02ff64b0c305f6731c3557ba69c2d25 Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2024-11-08 18:13:48 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2024-11-16 06:55:57 +0000 nanobsd: Avoid read-only file system warnings The default setting of some loader or rc variables generate warnings because the file system is read-only: Set the following options to avoid printing these warnings: /boot/defaults/loader.conf: - hostuuid_load="NO" to disable loading /etc/hostid early at boot time - entropy_cache_load="NO" to disable loading cached entropy at boot time - kern.random.initial_seeding.disable_bypass_warnings="1" to disable logging a warning if the 'bypass_before_seeding' knob is enabled (enabled by default) and a request is submitted prior to initial seeding /etc/defaults/rc.conf: - kldxref_enable="NO" to disable building linker.hints files with kldxref(8) - entropy_boot_file="NO" to disable very early (used at early boot-time) entropy caching through reboots - entropy_dir="NO" to disable caching entropy via cron While here, move rc.conf options before sourcing vendor.conf, so they can be overridden. PR: 277601 Reviewed by: imp Approved by: emaste (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D47502 tools/tools/nanobsd/defaults.sh | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=6df2857eaa53d640d9bc729135f95179948cc9df commit 6df2857eaa53d640d9bc729135f95179948cc9df Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2024-11-08 18:13:48 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2024-12-16 15:11:39 +0000 nanobsd: Avoid read-only file system warnings The default setting of some loader or rc variables generate warnings because the file system is read-only: Set the following options to avoid printing these warnings: /boot/defaults/loader.conf: - hostuuid_load="NO" to disable loading /etc/hostid early at boot time - entropy_cache_load="NO" to disable loading cached entropy at boot time - kern.random.initial_seeding.disable_bypass_warnings="1" to disable logging a warning if the 'bypass_before_seeding' knob is enabled (enabled by default) and a request is submitted prior to initial seeding /etc/defaults/rc.conf: - kldxref_enable="NO" to disable building linker.hints files with kldxref(8) - entropy_boot_file="NO" to disable very early (used at early boot-time) entropy caching through reboots - entropy_dir="NO" to disable caching entropy via cron While here, move rc.conf options before sourcing vendor.conf, so they can be overridden. PR: 277601 Reviewed by: imp Approved by: emaste (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D47502 (cherry picked from commit e5579f98c02ff64b0c305f6731c3557ba69c2d25) tools/tools/nanobsd/defaults.sh | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=a641dd41fcafade204d6b8dabcf235c32eacc70b commit a641dd41fcafade204d6b8dabcf235c32eacc70b Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2024-11-08 18:13:48 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2024-12-16 15:13:19 +0000 nanobsd: Avoid read-only file system warnings The default setting of some loader or rc variables generate warnings because the file system is read-only: Set the following options to avoid printing these warnings: /boot/defaults/loader.conf: - hostuuid_load="NO" to disable loading /etc/hostid early at boot time - entropy_cache_load="NO" to disable loading cached entropy at boot time - kern.random.initial_seeding.disable_bypass_warnings="1" to disable logging a warning if the 'bypass_before_seeding' knob is enabled (enabled by default) and a request is submitted prior to initial seeding /etc/defaults/rc.conf: - kldxref_enable="NO" to disable building linker.hints files with kldxref(8) - entropy_boot_file="NO" to disable very early (used at early boot-time) entropy caching through reboots - entropy_dir="NO" to disable caching entropy via cron While here, move rc.conf options before sourcing vendor.conf, so they can be overridden. PR: 277601 Reviewed by: imp Approved by: emaste (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D47502 (cherry picked from commit e5579f98c02ff64b0c305f6731c3557ba69c2d25) tools/tools/nanobsd/defaults.sh | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-)