random_seed revision 1.12
1 1.1 tls #!/bin/sh 2 1.1 tls # 3 1.12 riastrad # $NetBSD: random_seed,v 1.12 2020/05/07 20:00:38 riastradh Exp $ 4 1.1 tls # 5 1.1 tls 6 1.1 tls # PROVIDE: random_seed 7 1.1 tls # REQUIRE: mountcritlocal 8 1.1 tls # BEFORE: securelevel 9 1.3 apb # BEFORE: bootconf 10 1.1 tls # KEYWORD: shutdown 11 1.3 apb # 12 1.3 apb # The "BEFORE: securelevel" is a real dependency, in that 13 1.3 apb # this script won't work if run after the securelevel is changed. 14 1.3 apb # 15 1.3 apb # The "BEFORE: bootconf" is intended to cause this to 16 1.4 apb # be the first script that runs after mountcritlocal. 17 1.1 tls 18 1.1 tls $_rc_subr_loaded . /etc/rc.subr 19 1.1 tls 20 1.1 tls name="random_seed" 21 1.1 tls rcvar=$name 22 1.1 tls start_cmd="random_load" 23 1.1 tls stop_cmd="random_save" 24 1.1 tls 25 1.6 christos random_file="${random_file:-/var/db/entropy-file}" 26 1.6 christos 27 1.6 christos message() 28 1.6 christos { 29 1.6 christos echo "${name}: ${random_file}: $@" 1>&2 30 1.6 christos } 31 1.6 christos 32 1.1 tls fs_safe() 33 1.1 tls { 34 1.10 riastrad # Consider the root file system safe always. 35 1.10 riastrad df -P "$1" | (while read dev total used avail cap mountpoint; do 36 1.10 riastrad case $mountpoint in 37 1.10 riastrad 'Mounted on') continue;; 38 1.10 riastrad /) exit 0;; 39 1.10 riastrad *) exit 1;; 40 1.10 riastrad esac 41 1.10 riastrad done) && return 0 42 1.10 riastrad 43 1.10 riastrad # Otherwise, consider local file systems safe and non-local 44 1.10 riastrad # file systems unsafe. 45 1.10 riastrad case $(df -l "$1") in 46 1.10 riastrad *Warning:*) 47 1.10 riastrad return 1 48 1.1 tls ;; 49 1.6 christos *) 50 1.10 riastrad return 0 51 1.1 tls ;; 52 1.6 christos esac 53 1.1 tls } 54 1.1 tls 55 1.1 tls random_load() 56 1.1 tls { 57 1.10 riastrad local flags= 58 1.10 riastrad 59 1.6 christos if [ ! -f "${random_file}" ]; then 60 1.6 christos message "Not present" 61 1.6 christos return 62 1.6 christos fi 63 1.1 tls 64 1.11 riastrad if ! fs_safe "${random_file}"; then 65 1.12 riastrad message "Unsafe file system" 66 1.10 riastrad flags=-i 67 1.6 christos fi 68 1.1 tls 69 1.6 christos set -- $(ls -ldn "${random_file}") 70 1.6 christos st_mode="$1" # should be "-rw-------" 71 1.6 christos st_uid="$3" # should be "0" for root 72 1.6 christos 73 1.6 christos # The file must be owned by root, 74 1.6 christos if [ "$st_uid" != "0" ]; then 75 1.6 christos message "Bad owner ${st_uid}" 76 1.10 riastrad flags=-i 77 1.6 christos fi 78 1.6 christos # and root read/write only. 79 1.6 christos if [ "$st_mode" != "-rw-------" ]; then 80 1.6 christos message "Bad mode ${st_mode}" 81 1.10 riastrad flags=-i 82 1.6 christos fi 83 1.1 tls 84 1.10 riastrad if rndctl $flags -L "${random_file}"; then 85 1.6 christos echo "Loaded entropy from ${random_file}." 86 1.1 tls fi 87 1.1 tls } 88 1.1 tls 89 1.1 tls random_save() 90 1.1 tls { 91 1.6 christos oum="$(umask)" 92 1.1 tls umask 077 93 1.1 tls 94 1.4 apb if rndctl -S "${random_file}"; then 95 1.6 christos echo "Saved entropy to ${random_file}." 96 1.1 tls fi 97 1.6 christos umask "${oum}" 98 1.1 tls } 99 1.1 tls 100 1.1 tls 101 1.6 christos load_rc_config "${name}" 102 1.1 tls run_rc_command "$1" 103
Indexes created Thu Oct 02 10:09:58 GMT 2025