mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-15 10:17:20 +00:00
7417198fcf
random script ran before filesystems were mounted, which is no longer the case. In random_start(), immediately delete each file that is fed into /dev/random, and recreate the default entropy file immediately after reading and deleting it. The logic used in random_stop() to determine which file to write to should probably be factored out and used here as well.
114 lines
2.0 KiB
Bash
Executable File
114 lines
2.0 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: random
|
|
# REQUIRE: FILESYSTEMS
|
|
# BEFORE: netif
|
|
# KEYWORD: nojail shutdown
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="random"
|
|
start_cmd="random_start"
|
|
stop_cmd="random_stop"
|
|
|
|
extra_commands="saveseed"
|
|
saveseed_cmd="${name}_stop"
|
|
|
|
save_dev_random()
|
|
{
|
|
for f ; do
|
|
if :>>"$f" ; then
|
|
debug "saving entropy to $f"
|
|
dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
|
|
fi
|
|
done
|
|
}
|
|
|
|
feed_dev_random()
|
|
{
|
|
for f ; do
|
|
if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
|
|
if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
|
|
debug "entropy read from $f"
|
|
rm -f "$f"
|
|
fi
|
|
fi
|
|
done
|
|
}
|
|
|
|
random_start()
|
|
{
|
|
echo -n 'Feeding entropy:'
|
|
|
|
if [ ! -w /dev/random ] ; then
|
|
warn "/dev/random is not writeable"
|
|
return 1
|
|
fi
|
|
|
|
# Reseed /dev/random with previously stored entropy.
|
|
case ${entropy_dir:=/var/db/entropy} in
|
|
[Nn][Oo])
|
|
;;
|
|
*)
|
|
if [ -d "${entropy_dir}" ] ; then
|
|
feed_dev_random "${entropy_dir}"/*
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
case ${entropy_file:=/entropy} in
|
|
[Nn][Oo] | '')
|
|
;;
|
|
*)
|
|
feed_dev_random "${entropy_file}" /var/db/entropy-file
|
|
save_dev_random "${entropy_file}"
|
|
;;
|
|
esac
|
|
|
|
echo '.'
|
|
}
|
|
|
|
random_stop()
|
|
{
|
|
# Write some entropy so when the machine reboots /dev/random
|
|
# can be reseeded
|
|
#
|
|
case ${entropy_file:=/entropy} in
|
|
[Nn][Oo] | '')
|
|
;;
|
|
*)
|
|
echo -n 'Writing entropy file:'
|
|
rm -f ${entropy_file} 2> /dev/null
|
|
oumask=`umask`
|
|
umask 077
|
|
if touch ${entropy_file} 2> /dev/null; then
|
|
entropy_file_confirmed="${entropy_file}"
|
|
else
|
|
# Try this as a reasonable alternative for read-only
|
|
# roots, diskless workstations, etc.
|
|
rm -f /var/db/entropy-file 2> /dev/null
|
|
if touch /var/db/entropy-file 2> /dev/null; then
|
|
entropy_file_confirmed=/var/db/entropy-file
|
|
fi
|
|
fi
|
|
case ${entropy_file_confirmed} in
|
|
'')
|
|
warn 'write failed (read-only fs?)'
|
|
;;
|
|
*)
|
|
dd if=/dev/random of=${entropy_file_confirmed} \
|
|
bs=4096 count=1 2> /dev/null
|
|
echo '.'
|
|
;;
|
|
esac
|
|
umask ${oumask}
|
|
;;
|
|
esac
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|