random_seed revision 1.4 
11.1Stls#!/bin/sh
21.1Stls#
31.4Sapb# $NetBSD: random_seed,v 1.4 2012/12/14 18:42:25 apb Exp $
41.1Stls#
51.1Stls
61.1Stls# PROVIDE: random_seed
71.1Stls# REQUIRE: mountcritlocal
81.1Stls# BEFORE: securelevel
91.3Sapb# BEFORE: bootconf
101.1Stls# KEYWORD: shutdown
111.3Sapb#
121.3Sapb# The "BEFORE: securelevel" is a real dependency, in that
131.3Sapb# this script won't work if run after the securelevel is changed.
141.3Sapb#
151.3Sapb# The "BEFORE: bootconf" is intended to cause this to
161.4Sapb# be the first script that runs after mountcritlocal.
171.1Stls
181.1Stls$_rc_subr_loaded . /etc/rc.subr
191.1Stls
201.1Stlsname="random_seed"
211.1Stlsrcvar=$name
221.1Stlsstart_cmd="random_load"
231.1Stlsstop_cmd="random_save"
241.1Stls
251.1Stlsrandom_file=${random_file:-/var/db/entropy-file}
261.1Stls
271.1Stlsfs_safe()
281.1Stls{
291.1Stls	#
301.1Stls	# Enforce that the file's on a local filesystem.
311.1Stls	# Include only the types we can actually write.
321.1Stls	#
331.4Sapb	fstype=$(df -G "$1" |
341.4Sapb		while read line ; do
351.4Sapb		    set -- $line
361.4Sapb		    if [ "$2" = "fstype" ]; then echo "$1" ; break ; fi
371.4Sapb		done )
381.1Stls	case $fstype in
391.1Stls	    ffs)
401.1Stls		return 0
411.1Stls		;;
421.1Stls	    lfs)
431.1Stls		return 0
441.1Stls		;;
451.1Stls	    ext2fs)
461.1Stls		return 0;
471.1Stls		;;
481.2Shans	    msdos)
491.1Stls		return 0;
501.1Stls		;;
511.1Stls	    v7fs)
521.1Stls		return 0;
531.1Stls		;;
541.1Stls	 esac
551.1Stls	 return 1
561.1Stls}
571.1Stls
581.1Stlsrandom_load()
591.1Stls{
601.1Stls	if [ -f $random_file ]; then
611.1Stls
621.4Sapb		if ! fs_safe "${random_file}"; then
631.1Stls			return 1
641.1Stls		fi
651.1Stls
661.4Sapb		set -- $(ls -ldn "${random_file}")
671.4Sapb		st_mode="$1" # should be "-rw-------"
681.4Sapb		st_uid="$3"  # should be "0" for root
691.1Stls
701.1Stls		# The file must be owned by root,
711.1Stls		if [ "$st_uid" != "0" ]; then
721.1Stls			return 1
731.1Stls		fi
741.1Stls		# and root read/write only.
751.4Sapb		if [ "$st_mode" != "-rw-------" ]; then
761.1Stls			return 1
771.1Stls		fi
781.1Stls
791.4Sapb		if rndctl -L "${random_file}"; then
801.1Stls			echo "Loaded entropy from disk."
811.1Stls		fi
821.1Stls		
831.1Stls	fi
841.1Stls}
851.1Stls
861.1Stlsrandom_save()
871.1Stls{
881.1Stls	oum=$(umask)
891.1Stls	umask 077
901.1Stls
911.4Sapb	rm -Pf "${random_file}"
921.1Stls
931.4Sapb	if ! fs_safe "${random_file}"; then
941.1Stls		return 1
951.1Stls	fi
961.1Stls
971.4Sapb	if rndctl -S "${random_file}"; then
981.1Stls		echo "Saved entropy to disk."
991.1Stls	fi
1001.1Stls}
1011.1Stls
1021.1Stls
1031.1Stlsload_rc_config $name
1041.1Stlsrun_rc_command "$1"
105