1 1.1 tls #!/bin/sh 2 1.1 tls # 3 1.9 riastrad # $NetBSD: random_seed,v 1.9 2020/05/01 15:52:38 riastradh Exp $ 4 1.1 tls # 5 1.1 tls 6 1.1 tls # PROVIDE: random_seed 7 1.1 tls # REQUIRE: mountcritlocal 8 1.1 tls # BEFORE: securelevel 9 1.3 apb # BEFORE: bootconf 10 1.1 tls # KEYWORD: shutdown 11 1.3 apb # 12 1.3 apb # The "BEFORE: securelevel" is a real dependency, in that 13 1.3 apb # this script won't work if run after the securelevel is changed. 14 1.3 apb # 15 1.3 apb # The "BEFORE: bootconf" is intended to cause this to 16 1.4 apb # be the first script that runs after mountcritlocal. 17 1.1 tls 18 1.1 tls $_rc_subr_loaded . /etc/rc.subr 19 1.1 tls 20 1.1 tls name="random_seed" 21 1.1 tls rcvar=$name 22 1.1 tls start_cmd="random_load" 23 1.1 tls stop_cmd="random_save" 24 1.1 tls 25 1.6 christos random_file="${random_file:-/var/db/entropy-file}" 26 1.6 christos 27 1.6 christos message() 28 1.6 christos { 29 1.6 christos echo "${name}: ${random_file}: $@" 1>&2 30 1.6 christos } 31 1.6 christos 32 1.6 christos getfstype() { 33 1.6 christos df -G "$1" | while read line; do 34 1.6 christos set -- $line 35 1.6 christos if [ "$2" = "fstype" ]; then 36 1.6 christos echo "$1" 37 1.6 christos return 38 1.6 christos fi 39 1.6 christos done 40 1.6 christos } 41 1.1 tls 42 1.1 tls fs_safe() 43 1.1 tls { 44 1.1 tls # 45 1.7 wiz # Enforce that the file's on a local file system. 46 1.1 tls # Include only the types we can actually write. 47 1.1 tls # 48 1.6 christos fstype="$(getfstype "$1")" 49 1.6 christos case "${fstype}" in 50 1.8 riastrad ffs|lfs|ext2fs|msdos|v7fs|zfs) 51 1.1 tls return 0 52 1.1 tls ;; 53 1.6 christos *) 54 1.7 wiz message "Bad file system type ${fstype}" 55 1.6 christos return 1 56 1.1 tls ;; 57 1.6 christos esac 58 1.1 tls } 59 1.1 tls 60 1.1 tls random_load() 61 1.1 tls { 62 1.6 christos if [ ! -f "${random_file}" ]; then 63 1.6 christos message "Not present" 64 1.6 christos return 65 1.6 christos fi 66 1.1 tls 67 1.6 christos if ! fs_safe "$(dirname "${random_file}")"; then 68 1.6 christos return 1 69 1.6 christos fi 70 1.1 tls 71 1.6 christos set -- $(ls -ldn "${random_file}") 72 1.6 christos st_mode="$1" # should be "-rw-------" 73 1.6 christos st_uid="$3" # should be "0" for root 74 1.6 christos 75 1.6 christos # The file must be owned by root, 76 1.6 christos if [ "$st_uid" != "0" ]; then 77 1.6 christos message "Bad owner ${st_uid}" 78 1.6 christos return 1 79 1.6 christos fi 80 1.6 christos # and root read/write only. 81 1.6 christos if [ "$st_mode" != "-rw-------" ]; then 82 1.6 christos message "Bad mode ${st_mode}" 83 1.6 christos return 1 84 1.6 christos fi 85 1.1 tls 86 1.6 christos if rndctl -L "${random_file}"; then 87 1.6 christos echo "Loaded entropy from ${random_file}." 88 1.1 tls fi 89 1.1 tls } 90 1.1 tls 91 1.1 tls random_save() 92 1.1 tls { 93 1.6 christos oum="$(umask)" 94 1.1 tls umask 077 95 1.1 tls 96 1.5 apb if ! fs_safe "$(dirname "${random_file}")"; then 97 1.6 christos umask "${oum}" 98 1.1 tls return 1 99 1.1 tls fi 100 1.1 tls 101 1.4 apb if rndctl -S "${random_file}"; then 102 1.6 christos echo "Saved entropy to ${random_file}." 103 1.1 tls fi 104 1.6 christos umask "${oum}" 105 1.1 tls } 106 1.1 tls 107 1.1 tls 108 1.6 christos load_rc_config "${name}" 109 1.1 tls run_rc_command "$1" 110