random_seed revision 1.10
1 1.1 tls #!/bin/sh 2 1.1 tls # 3 1.10 riastrad # $NetBSD: random_seed,v 1.10 2020/05/06 18:49:26 riastradh Exp $ 4 1.1 tls # 5 1.1 tls 6 1.1 tls # PROVIDE: random_seed 7 1.1 tls # REQUIRE: mountcritlocal 8 1.1 tls # BEFORE: securelevel 9 1.3 apb # BEFORE: bootconf 10 1.1 tls # KEYWORD: shutdown 11 1.3 apb # 12 1.3 apb # The "BEFORE: securelevel" is a real dependency, in that 13 1.3 apb # this script won't work if run after the securelevel is changed. 14 1.3 apb # 15 1.3 apb # The "BEFORE: bootconf" is intended to cause this to 16 1.4 apb # be the first script that runs after mountcritlocal. 17 1.1 tls 18 1.1 tls $_rc_subr_loaded . /etc/rc.subr 19 1.1 tls 20 1.1 tls name="random_seed" 21 1.1 tls rcvar=$name 22 1.1 tls start_cmd="random_load" 23 1.1 tls stop_cmd="random_save" 24 1.1 tls 25 1.6 christos random_file="${random_file:-/var/db/entropy-file}" 26 1.6 christos 27 1.6 christos message() 28 1.6 christos { 29 1.6 christos echo "${name}: ${random_file}: $@" 1>&2 30 1.6 christos } 31 1.6 christos 32 1.1 tls fs_safe() 33 1.1 tls { 34 1.10 riastrad # Consider the root file system safe always. 35 1.10 riastrad df -P "$1" | (while read dev total used avail cap mountpoint; do 36 1.10 riastrad case $mountpoint in 37 1.10 riastrad 'Mounted on') continue;; 38 1.10 riastrad /) exit 0;; 39 1.10 riastrad *) exit 1;; 40 1.10 riastrad esac 41 1.10 riastrad done) && return 0 42 1.10 riastrad 43 1.10 riastrad # Otherwise, consider local file systems safe and non-local 44 1.10 riastrad # file systems unsafe. 45 1.10 riastrad case $(df -l "$1") in 46 1.10 riastrad *Warning:*) 47 1.10 riastrad return 1 48 1.1 tls ;; 49 1.6 christos *) 50 1.10 riastrad return 0 51 1.1 tls ;; 52 1.6 christos esac 53 1.1 tls } 54 1.1 tls 55 1.1 tls random_load() 56 1.1 tls { 57 1.10 riastrad local flags= 58 1.10 riastrad 59 1.6 christos if [ ! -f "${random_file}" ]; then 60 1.6 christos message "Not present" 61 1.6 christos return 62 1.6 christos fi 63 1.1 tls 64 1.6 christos if ! fs_safe "$(dirname "${random_file}")"; then 65 1.10 riastrad flags=-i 66 1.6 christos fi 67 1.1 tls 68 1.6 christos set -- $(ls -ldn "${random_file}") 69 1.6 christos st_mode="$1" # should be "-rw-------" 70 1.6 christos st_uid="$3" # should be "0" for root 71 1.6 christos 72 1.6 christos # The file must be owned by root, 73 1.6 christos if [ "$st_uid" != "0" ]; then 74 1.6 christos message "Bad owner ${st_uid}" 75 1.10 riastrad flags=-i 76 1.6 christos fi 77 1.6 christos # and root read/write only. 78 1.6 christos if [ "$st_mode" != "-rw-------" ]; then 79 1.6 christos message "Bad mode ${st_mode}" 80 1.10 riastrad flags=-i 81 1.6 christos fi 82 1.1 tls 83 1.10 riastrad if rndctl $flags -L "${random_file}"; then 84 1.6 christos echo "Loaded entropy from ${random_file}." 85 1.1 tls fi 86 1.1 tls } 87 1.1 tls 88 1.1 tls random_save() 89 1.1 tls { 90 1.6 christos oum="$(umask)" 91 1.1 tls umask 077 92 1.1 tls 93 1.4 apb if rndctl -S "${random_file}"; then 94 1.6 christos echo "Saved entropy to ${random_file}." 95 1.1 tls fi 96 1.6 christos umask "${oum}" 97 1.1 tls } 98 1.1 tls 99 1.1 tls 100 1.6 christos load_rc_config "${name}" 101 1.1 tls run_rc_command "$1" 102
Indexes created Wed Oct 01 19:09:53 GMT 2025