etc/rc.d/random_seed

1.1Stls#!/bin/sh
1.1Stls#
1.1Stls# $NetBSD: random_seed,v 1.1 2011/11/23 10:47:48 tls Exp $
1.1Stls#
1.1Stls
1.1Stls# PROVIDE: random_seed
1.1Stls# REQUIRE: mountcritlocal
1.1Stls# BEFORE: securelevel
1.1Stls# KEYWORD: shutdown
1.1Stls
1.1Stls$_rc_subr_loaded . /etc/rc.subr
1.1Stls
1.1Stlsname="random_seed"
1.1Stlsrcvar=$name
1.1Stlsstart_cmd="random_load"
1.1Stlsstop_cmd="random_save"
1.1Stls
1.1Stlsrandom_file=${random_file:-/var/db/entropy-file}
1.1Stls
1.1Stlsfs_safe()
1.1Stls{
1.1Stls	#
1.1Stls	# Enforce that the file's on a local filesystem.
1.1Stls	# Include only the types we can actually write.
1.1Stls	#
1.1Stls	fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}')
1.1Stls	case $fstype in
1.1Stls	    ffs)
1.1Stls		return 0
1.1Stls		;;
1.1Stls	    lfs)
1.1Stls		return 0
1.1Stls		;;
1.1Stls	    ext2fs)
1.1Stls		return 0;
1.1Stls		;;
1.1Stls	    msdosfs)
1.1Stls		return 0;
1.1Stls		;;
1.1Stls	    v7fs)
1.1Stls		return 0;
1.1Stls		;;
1.1Stls	 esac
1.1Stls	 return 1
1.1Stls}
1.1Stls
1.1Stlsrandom_load()
1.1Stls{
1.1Stls	if [ -f $random_file ]; then
1.1Stls
1.1Stls		if ! fs_safe $(dirname ${random_file}); then
1.1Stls			return 1
1.1Stls		fi
1.1Stls
1.1Stls		eval $(stat -s ${random_file})
1.1Stls
1.1Stls		# The file must be owned by root,
1.1Stls		if [ "$st_uid" != "0" ]; then
1.1Stls			return 1
1.1Stls		fi
1.1Stls		# and root read/write only.
1.1Stls		if [ "$(echo $st_mode | tail -c4)" != "600" ]; then
1.1Stls			return 1
1.1Stls		fi
1.1Stls
1.1Stls		if rndctl -L ${random_file}; then
1.1Stls			echo "Loaded entropy from disk."
1.1Stls		fi
1.1Stls
1.1Stls	fi
1.1Stls}
1.1Stls
1.1Stlsrandom_save()
1.1Stls{
1.1Stls	oum=$(umask)
1.1Stls	umask 077
1.1Stls
1.1Stls	rm -Pf ${random_file}
1.1Stls
1.1Stls	if ! fs_safe $(dirname ${random_file}); then
1.1Stls		return 1
1.1Stls	fi
1.1Stls
1.1Stls	if rndctl -S ${random_file}; then
1.1Stls		echo "Saved entropy to disk."
1.1Stls	fi
1.1Stls}
1.1Stls
1.1Stls
1.1Stlsload_rc_config $name
1.1Stlsrun_rc_command "$1"