random_seed revision 1.6 
11.1Stls#!/bin/sh
21.1Stls#
31.6Schristos# $NetBSD: random_seed,v 1.6 2012/12/29 22:15:07 christos Exp $
41.1Stls#
51.1Stls
61.1Stls# PROVIDE: random_seed
71.1Stls# REQUIRE: mountcritlocal
81.1Stls# BEFORE: securelevel
91.3Sapb# BEFORE: bootconf
101.1Stls# KEYWORD: shutdown
111.3Sapb#
121.3Sapb# The "BEFORE: securelevel" is a real dependency, in that
131.3Sapb# this script won't work if run after the securelevel is changed.
141.3Sapb#
151.3Sapb# The "BEFORE: bootconf" is intended to cause this to
161.4Sapb# be the first script that runs after mountcritlocal.
171.1Stls
181.1Stls$_rc_subr_loaded . /etc/rc.subr
191.1Stls
201.1Stlsname="random_seed"
211.1Stlsrcvar=$name
221.1Stlsstart_cmd="random_load"
231.1Stlsstop_cmd="random_save"
241.1Stls
251.6Schristosrandom_file="${random_file:-/var/db/entropy-file}"
261.6Schristos
271.6Schristosmessage()
281.6Schristos{
291.6Schristos	echo "${name}: ${random_file}: $@" 1>&2
301.6Schristos}
311.6Schristos
321.6Schristosgetfstype() {
331.6Schristos	df -G "$1" | while read line; do
341.6Schristos		set -- $line
351.6Schristos		if [ "$2" = "fstype" ]; then
361.6Schristos			echo "$1"
371.6Schristos			return
381.6Schristos		fi
391.6Schristos	done
401.6Schristos}
411.1Stls
421.1Stlsfs_safe()
431.1Stls{
441.1Stls	#
451.1Stls	# Enforce that the file's on a local filesystem.
461.1Stls	# Include only the types we can actually write.
471.1Stls	#
481.6Schristos	fstype="$(getfstype "$1")"
491.6Schristos	case "${fstype}" in
501.6Schristos	ffs|lfs|ext2fs|msdos|v7fs)
511.1Stls		return 0
521.1Stls		;;
531.6Schristos	*)
541.6Schristos		message "Bad filesystem type ${fstype}"
551.6Schristos		return 1
561.1Stls		;;
571.6Schristos	esac
581.1Stls}
591.1Stls
601.1Stlsrandom_load()
611.1Stls{
621.6Schristos	if [ ! -f "${random_file}" ]; then
631.6Schristos		message "Not present"
641.6Schristos		return
651.6Schristos	fi
661.1Stls
671.6Schristos	if ! fs_safe "$(dirname "${random_file}")"; then
681.6Schristos		return 1
691.6Schristos	fi
701.1Stls
711.6Schristos	set -- $(ls -ldn "${random_file}")
721.6Schristos	st_mode="$1" # should be "-rw-------"
731.6Schristos	st_uid="$3"  # should be "0" for root
741.6Schristos
751.6Schristos	# The file must be owned by root,
761.6Schristos	if [ "$st_uid" != "0" ]; then
771.6Schristos		message "Bad owner ${st_uid}"
781.6Schristos		return 1
791.6Schristos	fi
801.6Schristos	# and root read/write only.
811.6Schristos	if [ "$st_mode" != "-rw-------" ]; then
821.6Schristos		message "Bad mode ${st_mode}"
831.6Schristos		return 1
841.6Schristos	fi
851.1Stls
861.6Schristos	if rndctl -L "${random_file}"; then
871.6Schristos		echo "Loaded entropy from ${random_file}."
881.1Stls	fi
891.1Stls}
901.1Stls
911.1Stlsrandom_save()
921.1Stls{
931.6Schristos	oum="$(umask)"
941.1Stls	umask 077
951.1Stls
961.4Sapb	rm -Pf "${random_file}"
971.1Stls
981.5Sapb	if ! fs_safe "$(dirname "${random_file}")"; then
991.6Schristos		umask "${oum}"
1001.1Stls		return 1
1011.1Stls	fi
1021.1Stls
1031.4Sapb	if rndctl -S "${random_file}"; then
1041.6Schristos		echo "Saved entropy to ${random_file}."
1051.1Stls	fi
1061.6Schristos	umask "${oum}"
1071.1Stls}
1081.1Stls
1091.1Stls
1101.6Schristosload_rc_config "${name}"
1111.1Stlsrun_rc_command "$1"
112