Home | History | Annotate | Line # | Download | only in rc.d
random_seed revision 1.4 
      1  1.1   tls #!/bin/sh
      2  1.1   tls #
      3  1.4   apb # $NetBSD: random_seed,v 1.4 2012/12/14 18:42:25 apb Exp $
      4  1.1   tls #
      5  1.1   tls 
      6  1.1   tls # PROVIDE: random_seed
      7  1.1   tls # REQUIRE: mountcritlocal
      8  1.1   tls # BEFORE: securelevel
      9  1.3   apb # BEFORE: bootconf
     10  1.1   tls # KEYWORD: shutdown
     11  1.3   apb #
     12  1.3   apb # The "BEFORE: securelevel" is a real dependency, in that
     13  1.3   apb # this script won't work if run after the securelevel is changed.
     14  1.3   apb #
     15  1.3   apb # The "BEFORE: bootconf" is intended to cause this to
     16  1.4   apb # be the first script that runs after mountcritlocal.
     17  1.1   tls 
     18  1.1   tls $_rc_subr_loaded . /etc/rc.subr
     19  1.1   tls 
     20  1.1   tls name="random_seed"
     21  1.1   tls rcvar=$name
     22  1.1   tls start_cmd="random_load"
     23  1.1   tls stop_cmd="random_save"
     24  1.1   tls 
     25  1.1   tls random_file=${random_file:-/var/db/entropy-file}
     26  1.1   tls 
     27  1.1   tls fs_safe()
     28  1.1   tls {
     29  1.1   tls 	#
     30  1.1   tls 	# Enforce that the file's on a local filesystem.
     31  1.1   tls 	# Include only the types we can actually write.
     32  1.1   tls 	#
     33  1.4   apb 	fstype=$(df -G "$1" |
     34  1.4   apb 		while read line ; do
     35  1.4   apb 		    set -- $line
     36  1.4   apb 		    if [ "$2" = "fstype" ]; then echo "$1" ; break ; fi
     37  1.4   apb 		done )
     38  1.1   tls 	case $fstype in
     39  1.1   tls 	    ffs)
     40  1.1   tls 		return 0
     41  1.1   tls 		;;
     42  1.1   tls 	    lfs)
     43  1.1   tls 		return 0
     44  1.1   tls 		;;
     45  1.1   tls 	    ext2fs)
     46  1.1   tls 		return 0;
     47  1.1   tls 		;;
     48  1.2  hans 	    msdos)
     49  1.1   tls 		return 0;
     50  1.1   tls 		;;
     51  1.1   tls 	    v7fs)
     52  1.1   tls 		return 0;
     53  1.1   tls 		;;
     54  1.1   tls 	 esac
     55  1.1   tls 	 return 1
     56  1.1   tls }
     57  1.1   tls 
     58  1.1   tls random_load()
     59  1.1   tls {
     60  1.1   tls 	if [ -f $random_file ]; then
     61  1.1   tls 
     62  1.4   apb 		if ! fs_safe "${random_file}"; then
     63  1.1   tls 			return 1
     64  1.1   tls 		fi
     65  1.1   tls 
     66  1.4   apb 		set -- $(ls -ldn "${random_file}")
     67  1.4   apb 		st_mode="$1" # should be "-rw-------"
     68  1.4   apb 		st_uid="$3"  # should be "0" for root
     69  1.1   tls 
     70  1.1   tls 		# The file must be owned by root,
     71  1.1   tls 		if [ "$st_uid" != "0" ]; then
     72  1.1   tls 			return 1
     73  1.1   tls 		fi
     74  1.1   tls 		# and root read/write only.
     75  1.4   apb 		if [ "$st_mode" != "-rw-------" ]; then
     76  1.1   tls 			return 1
     77  1.1   tls 		fi
     78  1.1   tls 
     79  1.4   apb 		if rndctl -L "${random_file}"; then
     80  1.1   tls 			echo "Loaded entropy from disk."
     81  1.1   tls 		fi
     82  1.1   tls 		
     83  1.1   tls 	fi
     84  1.1   tls }
     85  1.1   tls 
     86  1.1   tls random_save()
     87  1.1   tls {
     88  1.1   tls 	oum=$(umask)
     89  1.1   tls 	umask 077
     90  1.1   tls 
     91  1.4   apb 	rm -Pf "${random_file}"
     92  1.1   tls 
     93  1.4   apb 	if ! fs_safe "${random_file}"; then
     94  1.1   tls 		return 1
     95  1.1   tls 	fi
     96  1.1   tls 
     97  1.4   apb 	if rndctl -S "${random_file}"; then
     98  1.1   tls 		echo "Saved entropy to disk."
     99  1.1   tls 	fi
    100  1.1   tls }
    101  1.1   tls 
    102  1.1   tls 
    103  1.1   tls load_rc_config $name
    104  1.1   tls run_rc_command "$1"
    105