src/etc/rc.d/random_seed - view

Return to random_seed CVS log

Up to [cvs.NetBSD.org] / src / etc / rc.d

File: [cvs.NetBSD.org] / src / etc / rc.d / random_seed (download)

Revision 1.7, Tue Jul 22 17:11:09 2014 UTC (9 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: tls-maxphys-base, tls-earlyentropy-base, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, phil-wifi-base, phil-wifi-20191119, phil-wifi-20190609, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, pgoyette-compat-merge-20190127, pgoyette-compat-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, pgoyette-compat, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-9-base, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-8-base, netbsd-8-2-RELEASE, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1, netbsd-8, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, matt-nb8-mediatek-base, matt-nb8-mediatek, localcount-20160914, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan
Branch point for: phil-wifi, netbsd-9
Changes since 1.6: +3 -3 lines

'file system' for consistency with documentation (instead of 'filesystem').

#!/bin/sh
#
# $NetBSD: random_seed,v 1.7 2014/07/22 17:11:09 wiz Exp $
#

# PROVIDE: random_seed
# REQUIRE: mountcritlocal
# BEFORE: securelevel
# BEFORE: bootconf
# KEYWORD: shutdown
#
# The "BEFORE: securelevel" is a real dependency, in that
# this script won't work if run after the securelevel is changed.
#
# The "BEFORE: bootconf" is intended to cause this to
# be the first script that runs after mountcritlocal.

$_rc_subr_loaded . /etc/rc.subr

name="random_seed"
rcvar=$name
start_cmd="random_load"
stop_cmd="random_save"

random_file="${random_file:-/var/db/entropy-file}"

message()
{
	echo "${name}: ${random_file}: $@" 1>&2
}

getfstype() {
	df -G "$1" | while read line; do
		set -- $line
		if [ "$2" = "fstype" ]; then
			echo "$1"
			return
		fi
	done
}

fs_safe()
{
	#
	# Enforce that the file's on a local file system.
	# Include only the types we can actually write.
	#
	fstype="$(getfstype "$1")"
	case "${fstype}" in
	ffs|lfs|ext2fs|msdos|v7fs)
		return 0
		;;
	*)
		message "Bad file system type ${fstype}"
		return 1
		;;
	esac
}

random_load()
{
	if [ ! -f "${random_file}" ]; then
		message "Not present"
		return
	fi

	if ! fs_safe "$(dirname "${random_file}")"; then
		return 1
	fi

	set -- $(ls -ldn "${random_file}")
	st_mode="$1" # should be "-rw-------"
	st_uid="$3"  # should be "0" for root

	# The file must be owned by root,
	if [ "$st_uid" != "0" ]; then
		message "Bad owner ${st_uid}"
		return 1
	fi
	# and root read/write only.
	if [ "$st_mode" != "-rw-------" ]; then
		message "Bad mode ${st_mode}"
		return 1
	fi

	if rndctl -L "${random_file}"; then
		echo "Loaded entropy from ${random_file}."
	fi
}

random_save()
{
	oum="$(umask)"
	umask 077

	rm -Pf "${random_file}"

	if ! fs_safe "$(dirname "${random_file}")"; then
		umask "${oum}"
		return 1
	fi

	if rndctl -S "${random_file}"; then
		echo "Saved entropy to ${random_file}."
	fi
	umask "${oum}"
}


load_rc_config "${name}"
run_rc_command "$1"