random_seed revision 1.4
1#!/bin/sh 2# 3# $NetBSD: random_seed,v 1.4 2012/12/14 18:42:25 apb Exp $ 4# 5 6# PROVIDE: random_seed 7# REQUIRE: mountcritlocal 8# BEFORE: securelevel 9# BEFORE: bootconf 10# KEYWORD: shutdown 11# 12# The "BEFORE: securelevel" is a real dependency, in that 13# this script won't work if run after the securelevel is changed. 14# 15# The "BEFORE: bootconf" is intended to cause this to 16# be the first script that runs after mountcritlocal. 17 18$_rc_subr_loaded . /etc/rc.subr 19 20name="random_seed" 21rcvar=$name 22start_cmd="random_load" 23stop_cmd="random_save" 24 25random_file=${random_file:-/var/db/entropy-file} 26 27fs_safe() 28{ 29 # 30 # Enforce that the file's on a local filesystem. 31 # Include only the types we can actually write. 32 # 33 fstype=$(df -G "$1" | 34 while read line ; do 35 set -- $line 36 if [ "$2" = "fstype" ]; then echo "$1" ; break ; fi 37 done ) 38 case $fstype in 39 ffs) 40 return 0 41 ;; 42 lfs) 43 return 0 44 ;; 45 ext2fs) 46 return 0; 47 ;; 48 msdos) 49 return 0; 50 ;; 51 v7fs) 52 return 0; 53 ;; 54 esac 55 return 1 56} 57 58random_load() 59{ 60 if [ -f $random_file ]; then 61 62 if ! fs_safe "${random_file}"; then 63 return 1 64 fi 65 66 set -- $(ls -ldn "${random_file}") 67 st_mode="$1" # should be "-rw-------" 68 st_uid="$3" # should be "0" for root 69 70 # The file must be owned by root, 71 if [ "$st_uid" != "0" ]; then 72 return 1 73 fi 74 # and root read/write only. 75 if [ "$st_mode" != "-rw-------" ]; then 76 return 1 77 fi 78 79 if rndctl -L "${random_file}"; then 80 echo "Loaded entropy from disk." 81 fi 82 83 fi 84} 85 86random_save() 87{ 88 oum=$(umask) 89 umask 077 90 91 rm -Pf "${random_file}" 92 93 if ! fs_safe "${random_file}"; then 94 return 1 95 fi 96 97 if rndctl -S "${random_file}"; then 98 echo "Saved entropy to disk." 99 fi 100} 101 102 103load_rc_config $name 104run_rc_command "$1" 105