Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4cb64fe02b
NetBSD/etc/rc.d/random_seed
tls 4924aa205a Load entropy at system boot (only works at securelevel < 1); save 
at system shutdown.  Disable with random_seed=NO in rc.conf if desired.

Goes to some trouble to never load or save to network filesystems.

Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.
2011-11-23 10:47:48 +00:00

92 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# $NetBSD: random_seed,v 1.1 2011/11/23 10:47:48 tls Exp $
#
# PROVIDE: random_seed
# REQUIRE: mountcritlocal
# BEFORE: securelevel
# KEYWORD: shutdown
$_rc_subr_loaded . /etc/rc.subr
name="random_seed"
rcvar=$name
start_cmd="random_load"
stop_cmd="random_save"
random_file=${random_file:-/var/db/entropy-file}
fs_safe()
{
#
# Enforce that the file's on a local filesystem.
# Include only the types we can actually write.
#
fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}')
case $fstype in
ffs)
return 0
;;
lfs)
return 0
;;
ext2fs)
return 0;
;;
msdosfs)
return 0;
;;
v7fs)
return 0;
;;
esac
return 1
}
random_load()
{
if [ -f $random_file ]; then
if ! fs_safe $(dirname ${random_file}); then
return 1
fi
eval $(stat -s ${random_file})
# The file must be owned by root,
if [ "$st_uid" != "0" ]; then
return 1
fi
# and root read/write only.
if [ "$(echo $st_mode | tail -c4)" != "600" ]; then
return 1
fi
if rndctl -L ${random_file}; then
echo "Loaded entropy from disk."
fi
fi
}
random_save()
{
oum=$(umask)
umask 077
rm -Pf ${random_file}
if ! fs_safe $(dirname ${random_file}); then
return 1
fi
if rndctl -S ${random_file}; then
echo "Saved entropy to disk."
fi
}
load_rc_config $name
run_rc_command "$1"
Reference in New Issue View Git Blame Copy Permalink