random_seed revision 1.3 
11.1Stls#!/bin/sh
21.1Stls#
31.3Sapb# $NetBSD: random_seed,v 1.3 2012/11/10 15:10:22 apb Exp $
41.1Stls#
51.1Stls
61.1Stls# PROVIDE: random_seed
71.1Stls# REQUIRE: mountcritlocal
81.1Stls# BEFORE: securelevel
91.3Sapb# BEFORE: bootconf
101.1Stls# KEYWORD: shutdown
111.3Sapb#
121.3Sapb# The "BEFORE: securelevel" is a real dependency, in that
131.3Sapb# this script won't work if run after the securelevel is changed.
141.3Sapb#
151.3Sapb# The "BEFORE: bootconf" is intended to cause this to
161.3Sapb# be the first script to runs after mountcritlocal.
171.1Stls
181.1Stls$_rc_subr_loaded . /etc/rc.subr
191.1Stls
201.1Stlsname="random_seed"
211.1Stlsrcvar=$name
221.1Stlsstart_cmd="random_load"
231.1Stlsstop_cmd="random_save"
241.1Stls
251.1Stlsrandom_file=${random_file:-/var/db/entropy-file}
261.1Stls
271.1Stlsfs_safe()
281.1Stls{
291.1Stls	#
301.1Stls	# Enforce that the file's on a local filesystem.
311.1Stls	# Include only the types we can actually write.
321.1Stls	#
331.1Stls	fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}')
341.1Stls	case $fstype in
351.1Stls	    ffs)
361.1Stls		return 0
371.1Stls		;;
381.1Stls	    lfs)
391.1Stls		return 0
401.1Stls		;;
411.1Stls	    ext2fs)
421.1Stls		return 0;
431.1Stls		;;
441.2Shans	    msdos)
451.1Stls		return 0;
461.1Stls		;;
471.1Stls	    v7fs)
481.1Stls		return 0;
491.1Stls		;;
501.1Stls	 esac
511.1Stls	 return 1
521.1Stls}
531.1Stls
541.1Stlsrandom_load()
551.1Stls{
561.1Stls	if [ -f $random_file ]; then
571.1Stls
581.1Stls		if ! fs_safe $(dirname ${random_file}); then
591.1Stls			return 1
601.1Stls		fi
611.1Stls
621.1Stls		eval $(stat -s ${random_file})
631.1Stls
641.1Stls		# The file must be owned by root,
651.1Stls		if [ "$st_uid" != "0" ]; then
661.1Stls			return 1
671.1Stls		fi
681.1Stls		# and root read/write only.
691.1Stls		if [ "$(echo $st_mode | tail -c4)" != "600" ]; then
701.1Stls			return 1
711.1Stls		fi
721.1Stls
731.1Stls		if rndctl -L ${random_file}; then
741.1Stls			echo "Loaded entropy from disk."
751.1Stls		fi
761.1Stls		
771.1Stls	fi
781.1Stls}
791.1Stls
801.1Stlsrandom_save()
811.1Stls{
821.1Stls	oum=$(umask)
831.1Stls	umask 077
841.1Stls
851.1Stls	rm -Pf ${random_file}
861.1Stls
871.1Stls	if ! fs_safe $(dirname ${random_file}); then
881.1Stls		return 1
891.1Stls	fi
901.1Stls
911.1Stls	if rndctl -S ${random_file}; then
921.1Stls		echo "Saved entropy to disk."
931.1Stls	fi
941.1Stls}
951.1Stls
961.1Stls
971.1Stlsload_rc_config $name
981.1Stlsrun_rc_command "$1"
99