[BACK]Return to random_seed CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / etc / rc.d

File: [cvs.NetBSD.org] / src / etc / rc.d / random_seed (download)

Revision 1.1, Wed Nov 23 10:47:48 2011 UTC (12 years, 4 months ago) by tls
Branch: MAIN
CVS Tags: yamt-pagecache-base5, yamt-pagecache-base4, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus
Branch point for: yamt-pagecache


Load entropy at system boot (only works at securelevel < 1); save
at system shutdown.  Disable with random_seed=NO in rc.conf if desired.

Goes to some trouble to never load or save to network filesystems.

Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.

#!/bin/sh
#
# $NetBSD: random_seed,v 1.1 2011/11/23 10:47:48 tls Exp $
#

# PROVIDE: random_seed
# REQUIRE: mountcritlocal
# BEFORE: securelevel
# KEYWORD: shutdown

$_rc_subr_loaded . /etc/rc.subr

name="random_seed"
rcvar=$name
start_cmd="random_load"
stop_cmd="random_save"

random_file=${random_file:-/var/db/entropy-file}

fs_safe()
{
	#
	# Enforce that the file's on a local filesystem.
	# Include only the types we can actually write.
	#
	fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}')
	case $fstype in
	    ffs)
		return 0
		;;
	    lfs)
		return 0
		;;
	    ext2fs)
		return 0;
		;;
	    msdosfs)
		return 0;
		;;
	    v7fs)
		return 0;
		;;
	 esac
	 return 1
}

random_load()
{
	if [ -f $random_file ]; then

		if ! fs_safe $(dirname ${random_file}); then
			return 1
		fi

		eval $(stat -s ${random_file})

		# The file must be owned by root,
		if [ "$st_uid" != "0" ]; then
			return 1
		fi
		# and root read/write only.
		if [ "$(echo $st_mode | tail -c4)" != "600" ]; then
			return 1
		fi

		if rndctl -L ${random_file}; then
			echo "Loaded entropy from disk."
		fi
		
	fi
}

random_save()
{
	oum=$(umask)
	umask 077

	rm -Pf ${random_file}

	if ! fs_safe $(dirname ${random_file}); then
		return 1
	fi

	if rndctl -S ${random_file}; then
		echo "Saved entropy to disk."
	fi
}


load_rc_config $name
run_rc_command "$1"