1 1.1 tls #!/bin/sh 2 1.1 tls # 3 1.15 martin # $NetBSD: random_seed,v 1.15 2020/09/08 12:52:18 martin Exp $ 4 1.1 tls # 5 1.1 tls 6 1.1 tls # PROVIDE: random_seed 7 1.15 martin # REQUIRE: CRITLOCALMOUNTED 8 1.1 tls # BEFORE: securelevel 9 1.3 apb # BEFORE: bootconf 10 1.1 tls # KEYWORD: shutdown 11 1.3 apb # 12 1.3 apb # The "BEFORE: securelevel" is a real dependency, in that 13 1.3 apb # this script won't work if run after the securelevel is changed. 14 1.3 apb # 15 1.3 apb # The "BEFORE: bootconf" is intended to cause this to 16 1.4 apb # be the first script that runs after mountcritlocal. 17 1.1 tls 18 1.1 tls $_rc_subr_loaded . /etc/rc.subr 19 1.1 tls 20 1.1 tls name="random_seed" 21 1.1 tls rcvar=$name 22 1.1 tls start_cmd="random_load" 23 1.1 tls stop_cmd="random_save" 24 1.1 tls 25 1.6 christos random_file="${random_file:-/var/db/entropy-file}" 26 1.6 christos 27 1.6 christos message() 28 1.6 christos { 29 1.6 christos echo "${name}: ${random_file}: $@" 1>&2 30 1.6 christos } 31 1.6 christos 32 1.1 tls fs_safe() 33 1.1 tls { 34 1.10 riastrad # Consider the root file system safe always. 35 1.10 riastrad df -P "$1" | (while read dev total used avail cap mountpoint; do 36 1.10 riastrad case $mountpoint in 37 1.10 riastrad 'Mounted on') continue;; 38 1.10 riastrad /) exit 0;; 39 1.10 riastrad *) exit 1;; 40 1.10 riastrad esac 41 1.10 riastrad done) && return 0 42 1.10 riastrad 43 1.10 riastrad # Otherwise, consider local file systems safe and non-local 44 1.10 riastrad # file systems unsafe. 45 1.10 riastrad case $(df -l "$1") in 46 1.10 riastrad *Warning:*) 47 1.10 riastrad return 1 48 1.1 tls ;; 49 1.6 christos *) 50 1.10 riastrad return 0 51 1.1 tls ;; 52 1.6 christos esac 53 1.1 tls } 54 1.1 tls 55 1.1 tls random_load() 56 1.1 tls { 57 1.10 riastrad local flags= 58 1.10 riastrad 59 1.6 christos if [ ! -f "${random_file}" ]; then 60 1.13 riastrad message "Not present; creating" 61 1.13 riastrad random_save 62 1.6 christos return 63 1.6 christos fi 64 1.1 tls 65 1.11 riastrad if ! fs_safe "${random_file}"; then 66 1.12 riastrad message "Unsafe file system" 67 1.10 riastrad flags=-i 68 1.6 christos fi 69 1.1 tls 70 1.6 christos set -- $(ls -ldn "${random_file}") 71 1.6 christos st_mode="$1" # should be "-rw-------" 72 1.6 christos st_uid="$3" # should be "0" for root 73 1.6 christos 74 1.6 christos # The file must be owned by root, 75 1.6 christos if [ "$st_uid" != "0" ]; then 76 1.6 christos message "Bad owner ${st_uid}" 77 1.10 riastrad flags=-i 78 1.6 christos fi 79 1.6 christos # and root read/write only. 80 1.6 christos if [ "$st_mode" != "-rw-------" ]; then 81 1.6 christos message "Bad mode ${st_mode}" 82 1.10 riastrad flags=-i 83 1.6 christos fi 84 1.1 tls 85 1.10 riastrad if rndctl $flags -L "${random_file}"; then 86 1.6 christos echo "Loaded entropy from ${random_file}." 87 1.1 tls fi 88 1.1 tls } 89 1.1 tls 90 1.1 tls random_save() 91 1.1 tls { 92 1.6 christos oum="$(umask)" 93 1.1 tls umask 077 94 1.1 tls 95 1.4 apb if rndctl -S "${random_file}"; then 96 1.6 christos echo "Saved entropy to ${random_file}." 97 1.1 tls fi 98 1.6 christos umask "${oum}" 99 1.1 tls } 100 1.1 tls 101 1.1 tls 102 1.6 christos load_rc_config "${name}" 103 1.1 tls run_rc_command "$1" 104
Indexes created Sun Sep 28 07:09:56 GMT 2025