head 1.15; access; symbols netbsd-11-0-RC4:1.15 netbsd-11-0-RC3:1.15 netbsd-11-0-RC2:1.15 netbsd-11-0-RC1:1.15 perseant-exfatfs-base-20250801:1.15 netbsd-11:1.15.0.10 netbsd-11-base:1.15 netbsd-10-1-RELEASE:1.15 perseant-exfatfs-base-20240630:1.15 perseant-exfatfs:1.15.0.8 perseant-exfatfs-base:1.15 netbsd-8-3-RELEASE:1.7 netbsd-9-4-RELEASE:1.7.26.2 netbsd-10-0-RELEASE:1.15 netbsd-10-0-RC6:1.15 netbsd-10-0-RC5:1.15 netbsd-10-0-RC4:1.15 netbsd-10-0-RC3:1.15 netbsd-10-0-RC2:1.15 netbsd-10-0-RC1:1.15 netbsd-10:1.15.0.6 netbsd-10-base:1.15 netbsd-9-3-RELEASE:1.7.26.2 cjep_sun2x-base1:1.15 cjep_sun2x:1.15.0.4 cjep_sun2x-base:1.15 cjep_staticlib_x-base1:1.15 netbsd-9-2-RELEASE:1.7.26.2 cjep_staticlib_x:1.15.0.2 cjep_staticlib_x-base:1.15 netbsd-9-1-RELEASE:1.7.26.2 phil-wifi-20200421:1.8 phil-wifi-20200411:1.8 is-mlppp:1.8.0.2 is-mlppp-base:1.8 phil-wifi-20200406:1.8 netbsd-8-2-RELEASE:1.7 netbsd-9-0-RELEASE:1.7 netbsd-9-0-RC2:1.7 netbsd-9-0-RC1:1.7 phil-wifi-20191119:1.7 netbsd-9:1.7.0.26 netbsd-9-base:1.7 phil-wifi-20190609:1.7 netbsd-8-1-RELEASE:1.7 netbsd-8-1-RC1:1.7 pgoyette-compat-merge-20190127:1.7 pgoyette-compat-20190127:1.7 pgoyette-compat-20190118:1.7 pgoyette-compat-1226:1.7 pgoyette-compat-1126:1.7 pgoyette-compat-1020:1.7 pgoyette-compat-0930:1.7 pgoyette-compat-0906:1.7 netbsd-7-2-RELEASE:1.7 pgoyette-compat-0728:1.7 netbsd-8-0-RELEASE:1.7 phil-wifi:1.7.0.24 phil-wifi-base:1.7 pgoyette-compat-0625:1.7 netbsd-8-0-RC2:1.7 pgoyette-compat-0521:1.7 pgoyette-compat-0502:1.7 pgoyette-compat-0422:1.7 netbsd-8-0-RC1:1.7 pgoyette-compat-0415:1.7 pgoyette-compat-0407:1.7 pgoyette-compat-0330:1.7 pgoyette-compat-0322:1.7 pgoyette-compat-0315:1.7 netbsd-7-1-2-RELEASE:1.7 pgoyette-compat:1.7.0.22 pgoyette-compat-base:1.7 netbsd-7-1-1-RELEASE:1.7 matt-nb8-mediatek:1.7.0.20 matt-nb8-mediatek-base:1.7 perseant-stdc-iso10646:1.7.0.18 perseant-stdc-iso10646-base:1.7 netbsd-8:1.7.0.16 netbsd-8-base:1.7 prg-localcount2-base3:1.7 prg-localcount2-base2:1.7 prg-localcount2-base1:1.7 prg-localcount2:1.7.0.14 prg-localcount2-base:1.7 pgoyette-localcount-20170426:1.7 bouyer-socketcan-base1:1.7 pgoyette-localcount-20170320:1.7 netbsd-7-1:1.7.0.12 netbsd-7-1-RELEASE:1.7 netbsd-7-1-RC2:1.7 netbsd-7-nhusb-base-20170116:1.7 bouyer-socketcan:1.7.0.10 bouyer-socketcan-base:1.7 pgoyette-localcount-20170107:1.7 netbsd-7-1-RC1:1.7 pgoyette-localcount-20161104:1.7 netbsd-7-0-2-RELEASE:1.7 localcount-20160914:1.7 netbsd-7-nhusb:1.7.0.8 netbsd-7-nhusb-base:1.7 pgoyette-localcount-20160806:1.7 pgoyette-localcount-20160726:1.7 pgoyette-localcount:1.7.0.6 pgoyette-localcount-base:1.7 netbsd-7-0-1-RELEASE:1.7 netbsd-7-0:1.7.0.4 netbsd-7-0-RELEASE:1.7 netbsd-7-0-RC3:1.7 netbsd-7-0-RC2:1.7 netbsd-7-0-RC1:1.7 netbsd-6-0-6-RELEASE:1.1 netbsd-6-1-5-RELEASE:1.1 netbsd-7:1.7.0.2 netbsd-7-base:1.7 yamt-pagecache-base9:1.6 yamt-pagecache-tag8:1.1.4.5 netbsd-6-1-4-RELEASE:1.1 netbsd-6-0-5-RELEASE:1.1 tls-earlyentropy:1.6.0.8 tls-earlyentropy-base:1.7 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.6 riastradh-drm2-base3:1.6 netbsd-6-1-3-RELEASE:1.1 netbsd-6-0-4-RELEASE:1.1 netbsd-6-1-2-RELEASE:1.1 netbsd-6-0-3-RELEASE:1.1 netbsd-6-1-1-RELEASE:1.1 riastradh-drm2-base2:1.6 riastradh-drm2-base1:1.6 riastradh-drm2:1.6.0.2 riastradh-drm2-base:1.6 netbsd-6-1:1.1.0.10 netbsd-6-0-2-RELEASE:1.1 netbsd-6-1-RELEASE:1.1 khorben-n900:1.6.0.6 netbsd-6-1-RC4:1.1 netbsd-6-1-RC3:1.1 agc-symver:1.6.0.4 agc-symver-base:1.6 netbsd-6-1-RC2:1.1 netbsd-6-1-RC1:1.1 yamt-pagecache-base8:1.6 netbsd-6-0-1-RELEASE:1.1 yamt-pagecache-base7:1.3 matt-nb6-plus-nbase:1.1 yamt-pagecache-base6:1.2 netbsd-6-0:1.1.0.8 netbsd-6-0-RELEASE:1.1 netbsd-6-0-RC2:1.1 tls-maxphys:1.2.0.2 tls-maxphys-base:1.7 matt-nb6-plus:1.1.0.6 matt-nb6-plus-base:1.1 netbsd-6-0-RC1:1.1 yamt-pagecache-base5:1.1 yamt-pagecache:1.1.0.4 yamt-pagecache-base4:1.1 netbsd-6:1.1.0.2 netbsd-6-base:1.1; locks; strict; comment @# @; 1.15 date 2020.09.08.12.52.18; author martin; state Exp; branches; next 1.14; commitid IL2vGNw0FVFgcfnC; 1.14 date 2020.07.22.16.50.41; author martin; state Exp; branches; next 1.13; commitid ZlFyZCKhX3U036hC; 1.13 date 2020.05.07.20.01.04; author riastradh; state Exp; branches; next 1.12; commitid aLnydgvMeZSyyl7C; 1.12 date 2020.05.07.20.00.38; author riastradh; state Exp; branches; next 1.11; commitid IJSGE0effvnnyl7C; 1.11 date 2020.05.07.18.15.29; author riastradh; state Exp; branches; next 1.10; commitid sEBxlcTx1yBdYk7C; 1.10 date 2020.05.06.18.49.26; author riastradh; state Exp; branches; next 1.9; commitid Jcqqt1pfIVtG9d7C; 1.9 date 2020.05.01.15.52.38; author riastradh; state Exp; branches; next 1.8; commitid GK5emUQwLjz0ny6C; 1.8 date 2020.02.23.08.53.14; author riastradh; state Exp; branches; next 1.7; commitid jgsLxbMPFAdYeMXB; 1.7 date 2014.07.22.17.11.09; author wiz; state Exp; branches 1.7.24.1 1.7.26.1; next 1.6; commitid suHlgoA0OoiICoJx; 1.6 date 2012.12.29.22.15.07; author christos; state Exp; branches 1.6.8.1; next 1.5; 1.5 date 2012.12.17.18.20.50; author apb; state Exp; branches; next 1.4; 1.4 date 2012.12.14.18.42.25; author apb; state Exp; branches; next 1.3; 1.3 date 2012.11.10.15.10.22; author apb; state Exp; branches; next 1.2; 1.2 date 2012.07.08.14.25.49; author hans; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2011.11.23.10.47.48; author tls; state Exp; branches 1.1.4.1; next ; 1.7.24.1 date 2020.04.08.14.03.58; author martin; state Exp; branches; next ; commitid Qli2aW9E74UFuA3C; 1.7.26.1 date 2020.03.01.11.53.09; author martin; state Exp; branches; next 1.7.26.2; commitid r54ygIn7r0vK0HYB; 1.7.26.2 date 2020.05.02.16.24.11; author martin; state Exp; branches; next ; commitid 6LQWuahLX6rawG6C; 1.6.8.1 date 2014.08.10.06.49.24; author tls; state Exp; branches; next ; commitid L6kRv2THETa8AMLx; 1.2.2.1 date 2012.11.20.02.57.56; author tls; state Exp; branches; next 1.2.2.2; 1.2.2.2 date 2013.02.25.00.24.52; author tls; state Exp; branches; next 1.2.2.3; 1.2.2.3 date 2014.08.19.23.45.51; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.1.4.1 date 2011.11.23.10.47.48; author yamt; state dead; branches; next 1.1.4.2; 1.1.4.2 date 2012.04.17.00.02.59; author yamt; state Exp; branches; next 1.1.4.3; 1.1.4.3 date 2012.10.30.18.49.10; author yamt; state Exp; branches; next 1.1.4.4; 1.1.4.4 date 2013.01.16.05.26.14; author yamt; state Exp; branches; next 1.1.4.5; 1.1.4.5 date 2013.01.23.00.04.31; author yamt; state Exp; branches; next ; desc @@ 1.15 log @Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision on case insensitive file systems @ text @#!/bin/sh # # $NetBSD: random_seed,v 1.14 2020/07/22 16:50:41 martin Exp $ # # PROVIDE: random_seed # REQUIRE: CRITLOCALMOUNTED # BEFORE: securelevel # BEFORE: bootconf # KEYWORD: shutdown # # The "BEFORE: securelevel" is a real dependency, in that # this script won't work if run after the securelevel is changed. # # The "BEFORE: bootconf" is intended to cause this to # be the first script that runs after mountcritlocal. $_rc_subr_loaded . /etc/rc.subr name="random_seed" rcvar=$name start_cmd="random_load" stop_cmd="random_save" random_file="${random_file:-/var/db/entropy-file}" message() { echo "${name}: ${random_file}: $@@" 1>&2 } fs_safe() { # Consider the root file system safe always. df -P "$1" | (while read dev total used avail cap mountpoint; do case $mountpoint in 'Mounted on') continue;; /) exit 0;; *) exit 1;; esac done) && return 0 # Otherwise, consider local file systems safe and non-local # file systems unsafe. case $(df -l "$1") in *Warning:*) return 1 ;; *) return 0 ;; esac } random_load() { local flags= if [ ! -f "${random_file}" ]; then message "Not present; creating" random_save return fi if ! fs_safe "${random_file}"; then message "Unsafe file system" flags=-i fi set -- $(ls -ldn "${random_file}") st_mode="$1" # should be "-rw-------" st_uid="$3" # should be "0" for root # The file must be owned by root, if [ "$st_uid" != "0" ]; then message "Bad owner ${st_uid}" flags=-i fi # and root read/write only. if [ "$st_mode" != "-rw-------" ]; then message "Bad mode ${st_mode}" flags=-i fi if rndctl $flags -L "${random_file}"; then echo "Loaded entropy from ${random_file}." fi } random_save() { oum="$(umask)" umask 077 if rndctl -S "${random_file}"; then echo "Saved entropy to ${random_file}." fi umask "${oum}" } load_rc_config "${name}" run_rc_command "$1" @ 1.14 log @Split the local disk availability step into two phases to allow scripts that pre-populate parts of the system (e.g. a tmpfs based /var) an easy place to plug in like: # REQUIRE: mountcritlocal # BEFORE: MOUNTCRITLOCAL This also cleans up the existing special handling a bit by separating it into new scripts. All later scripts now depend on MOUNTCRITLOCAL. Discussed on tech-userlevel some time ago. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.13 2020/05/07 20:01:04 riastradh Exp $ d7 1 a7 1 # REQUIRE: MOUNTCRITLOCAL @ 1.13 log @If no random seed file exists on boot, create one. rndctl -S triggers entropy consolidation, so whatever we gathered during kernel startup -- interrupt timings, autoconf timings, &c. -- will be incorporated into the seed and into subsequent data read from /dev/urandom, just like if rndctl -L had run at this boot, and the seed will carry them into the next boot too. But it still avoids frequently consolidating entropy on any regular schedule, in order to continue to mitigate iterative-guessing attacks. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.12 2020/05/07 20:00:38 riastradh Exp $ d7 1 a7 1 # REQUIRE: mountcritlocal @ 1.12 log @Omit needless verbiage in error message. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.11 2020/05/07 18:15:29 riastradh Exp $ d60 2 a61 1 message "Not present" @ 1.11 log @Pass full pathname to df, and print warning message on failure. No need to extract dirname; `df -P /var/db/entropy-file' and `df -l /var/db/entropy-file' work just fine. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.10 2020/05/06 18:49:26 riastradh Exp $ d65 1 a65 1 message "Unsafe file system for random seed ${random_file}" @ 1.10 log @Tweak logic to decide whether a medium is safe for an rndseed. - Teach rndctl to load the seed, but treat it as zero entropy, if the medium is read-only or if the update fails. - Teach rndctl to accept `-i' flag instructing it to ignore the entropy estimate in the seed. - Teach /etc/rc.d/random_seed to: (a) assume nonlocal file systems are unsafe, and use -i, but (b) assume / is safe, even if it is nonlocal. If the medium is nonwritable, leave it to rndctl to detect that. (Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I already implemented it this way.) Treating nonlocal / as safe is a compromise: it's up to the operator to secure the network for (e.g.) nfs mounts, but that's true whether we're talking entropy or not -- if the adversary has access to the network that you've mounted / from, they can do a lot more damage anyway; this reduces warning fatigue for diskless systems, e.g. test racks. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.9 2020/05/01 15:52:38 riastradh Exp $ d64 2 a65 1 if ! fs_safe "$(dirname "${random_file}")"; then @ 1.9 log @Don't delete the random seed before issuing `rndctl -S'. `rndctl -S' can replace the file just fine, and deleting it ahead of time adds a window during which we can lose the seed altogether if the system is interrupted by a crash or power outage. XXX pullup @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.8 2020/02/23 08:53:14 riastradh Exp $ a31 10 getfstype() { df -G "$1" | while read line; do set -- $line if [ "$2" = "fstype" ]; then echo "$1" return fi done } d34 14 a47 8 # # Enforce that the file's on a local file system. # Include only the types we can actually write. # fstype="$(getfstype "$1")" case "${fstype}" in ffs|lfs|ext2fs|msdos|v7fs|zfs) return 0 d50 1 a50 2 message "Bad file system type ${fstype}" return 1 d57 2 d65 1 a65 1 return 1 d75 1 a75 1 return 1 d80 1 a80 1 return 1 d83 1 a83 1 if rndctl -L "${random_file}"; then a92 5 if ! fs_safe "$(dirname "${random_file}")"; then umask "${oum}" return 1 fi @ 1.8 log @Allow random seed on zfs. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.7 2014/07/22 17:11:09 wiz Exp $ a95 2 rm -Pf "${random_file}" @ 1.7 log @'file system' for consistency with documentation (instead of 'filesystem'). @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.6 2012/12/29 22:15:07 christos Exp $ d50 1 a50 1 ffs|lfs|ext2fs|msdos|v7fs) @ 1.7.24.1 log @Merge changes from current as of 20200406 @ text @d3 1 a3 1 # $NetBSD$ d50 1 a50 1 ffs|lfs|ext2fs|msdos|v7fs|zfs) @ 1.7.26.1 log @Pull up following revision(s) (requested by riastradh in ticket #743): etc/rc.d/random_seed: revision 1.8 Allow random seed on zfs. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.7 2014/07/22 17:11:09 wiz Exp $ d50 1 a50 1 ffs|lfs|ext2fs|msdos|v7fs|zfs) @ 1.7.26.2 log @Pull up following revision(s) (requested by riastradh in ticket #882): etc/rc.d/random_seed: revision 1.9 Don't delete the random seed before issuing `rndctl -S'. `rndctl -S' can replace the file just fine, and deleting it ahead of time adds a window during which we can lose the seed altogether if the system is interrupted by a crash or power outage. XXX pullup @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.7.26.1 2020/03/01 11:53:09 martin Exp $ d96 2 @ 1.6 log @better messages, more quoting. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.2 2012/07/08 14:25:49 hans Exp $ d45 1 a45 1 # Enforce that the file's on a local filesystem. d54 1 a54 1 message "Bad filesystem type ${fstype}" @ 1.6.8.1 log @Rebase. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.7 2014/07/22 17:11:09 wiz Exp $ d45 1 a45 1 # Enforce that the file's on a local file system. d54 1 a54 1 message "Bad file system type ${fstype}" @ 1.5 log @Reinstate the dirname invocations that were recently removed from rc.d/random_seed. The new dirname shell function provided by rc.subr will be used, so it should work before the /usr file system is mounted. This should fix a problem in which the fs_safe shell function failed when passed the name of a file that did not exist. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.4 2012/12/14 18:42:25 apb Exp $ d25 16 a40 1 random_file=${random_file:-/var/db/entropy-file} d48 3 a50 7 fstype=$(df -G "$1" | while read line ; do set -- $line if [ "$2" = "fstype" ]; then echo "$1" ; break ; fi done ) case $fstype in ffs) d53 3 a55 5 lfs) return 0 ;; ext2fs) return 0; d57 1 a57 8 msdos) return 0; ;; v7fs) return 0; ;; esac return 1 d62 4 a65 1 if [ -f $random_file ]; then d67 3 a69 3 if ! fs_safe "$(dirname "${random_file}")"; then return 1 fi d71 14 a84 12 set -- $(ls -ldn "${random_file}") st_mode="$1" # should be "-rw-------" st_uid="$3" # should be "0" for root # The file must be owned by root, if [ "$st_uid" != "0" ]; then return 1 fi # and root read/write only. if [ "$st_mode" != "-rw-------" ]; then return 1 fi d86 2 a87 4 if rndctl -L "${random_file}"; then echo "Loaded entropy from disk." fi d93 1 a93 1 oum=$(umask) d99 1 d104 1 a104 1 echo "Saved entropy to disk." d106 1 d110 1 a110 1 load_rc_config $name @ 1.4 log @Avoid using programs from /usr/bin. This should fix PR 47326. - no need for "dirname", because "df -G" can take a file name directly. - replace use of "awk" with a shell while read loop. - replace use of "stat -s" with "ls -ldn". - no need for "tail" now that the use of "stat" has changed. While here, also add some shell quotes and improve the grammar in a comment. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.4 2012/12/14 18:40:12 apb Exp $ d62 1 a62 1 if ! fs_safe "${random_file}"; then d93 1 a93 1 if ! fs_safe "${random_file}"; then @ 1.3 log @Cause /etc/rc.d/random_seed to be the first script to run after mountcritlocal. Everything else that runs after mountcritlocal depends directly or indirectly on bootconf, so making random_seed run before bootconf has the desired result. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.2 2012/07/08 14:25:49 hans Exp $ d16 1 a16 1 # be the first script to runs after mountcritlocal. d33 5 a37 1 fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}') d62 1 a62 1 if ! fs_safe $(dirname ${random_file}); then d66 3 a68 1 eval $(stat -s ${random_file}) d75 1 a75 1 if [ "$(echo $st_mode | tail -c4)" != "600" ]; then d79 1 a79 1 if rndctl -L ${random_file}; then d91 1 a91 1 rm -Pf ${random_file} d93 1 a93 1 if ! fs_safe $(dirname ${random_file}); then d97 1 a97 1 if rndctl -S ${random_file}; then @ 1.2 log @It's msdos, not msdosfs. @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.1 2011/11/23 10:47:48 tls Exp $ d9 1 d11 6 @ 1.2.2.1 log @Resync to 2012-11-19 00:00:00 UTC @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.3 2012/11/10 15:10:22 apb Exp $ a8 1 # BEFORE: bootconf a9 6 # # The "BEFORE: securelevel" is a real dependency, in that # this script won't work if run after the securelevel is changed. # # The "BEFORE: bootconf" is intended to cause this to # be the first script to runs after mountcritlocal. @ 1.2.2.2 log @resync with head @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.2.2.1 2012/11/20 02:57:56 tls Exp $ d16 1 a16 1 # be the first script that runs after mountcritlocal. d25 1 a25 16 random_file="${random_file:-/var/db/entropy-file}" message() { echo "${name}: ${random_file}: $@@" 1>&2 } getfstype() { df -G "$1" | while read line; do set -- $line if [ "$2" = "fstype" ]; then echo "$1" return fi done } d33 3 a35 3 fstype="$(getfstype "$1")" case "${fstype}" in ffs|lfs|ext2fs|msdos|v7fs) d38 11 a48 3 *) message "Bad filesystem type ${fstype}" return 1 d50 2 a51 1 esac d56 5 a60 4 if [ ! -f "${random_file}" ]; then message "Not present" return fi d62 1 a62 3 if ! fs_safe "$(dirname "${random_file}")"; then return 1 fi d64 8 a71 14 set -- $(ls -ldn "${random_file}") st_mode="$1" # should be "-rw-------" st_uid="$3" # should be "0" for root # The file must be owned by root, if [ "$st_uid" != "0" ]; then message "Bad owner ${st_uid}" return 1 fi # and root read/write only. if [ "$st_mode" != "-rw-------" ]; then message "Bad mode ${st_mode}" return 1 fi d73 4 a76 2 if rndctl -L "${random_file}"; then echo "Loaded entropy from ${random_file}." d82 1 a82 1 oum="$(umask)" d85 1 a85 1 rm -Pf "${random_file}" d87 1 a87 2 if ! fs_safe "$(dirname "${random_file}")"; then umask "${oum}" d91 2 a92 2 if rndctl -S "${random_file}"; then echo "Saved entropy to ${random_file}." a93 1 umask "${oum}" d97 1 a97 1 load_rc_config "${name}" @ 1.2.2.3 log @Rebase to HEAD as of a few days ago. @ text @d3 1 a3 1 # $NetBSD$ d45 1 a45 1 # Enforce that the file's on a local file system. d54 1 a54 1 message "Bad file system type ${fstype}" @ 1.1 log @ Load entropy at system boot (only works at securelevel < 1); save at system shutdown. Disable with random_seed=NO in rc.conf if desired. Goes to some trouble to never load or save to network filesystems. Entropy should really be loaded by the boot loader but I am still sorting out how to pass it to the kernel. @ text @d3 1 a3 1 # $NetBSD: mountcritlocal,v 1.13 2011/01/13 22:30:09 haad Exp $ d37 1 a37 1 msdosfs) @ 1.1.4.1 log @file random_seed was added on branch yamt-pagecache on 2012-04-17 00:02:59 +0000 @ text @d1 91 @ 1.1.4.2 log @sync with head @ text @a0 91 #!/bin/sh # # $NetBSD$ # # PROVIDE: random_seed # REQUIRE: mountcritlocal # BEFORE: securelevel # KEYWORD: shutdown $_rc_subr_loaded . /etc/rc.subr name="random_seed" rcvar=$name start_cmd="random_load" stop_cmd="random_save" random_file=${random_file:-/var/db/entropy-file} fs_safe() { # # Enforce that the file's on a local filesystem. # Include only the types we can actually write. # fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}') case $fstype in ffs) return 0 ;; lfs) return 0 ;; ext2fs) return 0; ;; msdosfs) return 0; ;; v7fs) return 0; ;; esac return 1 } random_load() { if [ -f $random_file ]; then if ! fs_safe $(dirname ${random_file}); then return 1 fi eval $(stat -s ${random_file}) # The file must be owned by root, if [ "$st_uid" != "0" ]; then return 1 fi # and root read/write only. if [ "$(echo $st_mode | tail -c4)" != "600" ]; then return 1 fi if rndctl -L ${random_file}; then echo "Loaded entropy from disk." fi fi } random_save() { oum=$(umask) umask 077 rm -Pf ${random_file} if ! fs_safe $(dirname ${random_file}); then return 1 fi if rndctl -S ${random_file}; then echo "Saved entropy to disk." fi } load_rc_config $name run_rc_command "$1" @ 1.1.4.3 log @sync with head @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.1.4.2 2012/04/17 00:02:59 yamt Exp $ d37 1 a37 1 msdos) @ 1.1.4.4 log @sync with (a bit old) head @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.1.4.3 2012/10/30 18:49:10 yamt Exp $ a8 1 # BEFORE: bootconf a9 6 # # The "BEFORE: securelevel" is a real dependency, in that # this script won't work if run after the securelevel is changed. # # The "BEFORE: bootconf" is intended to cause this to # be the first script to runs after mountcritlocal. @ 1.1.4.5 log @sync with head @ text @d3 1 a3 1 # $NetBSD: random_seed,v 1.1.4.4 2013/01/16 05:26:14 yamt Exp $ d16 1 a16 1 # be the first script that runs after mountcritlocal. d25 1 a25 16 random_file="${random_file:-/var/db/entropy-file}" message() { echo "${name}: ${random_file}: $@@" 1>&2 } getfstype() { df -G "$1" | while read line; do set -- $line if [ "$2" = "fstype" ]; then echo "$1" return fi done } d33 3 a35 3 fstype="$(getfstype "$1")" case "${fstype}" in ffs|lfs|ext2fs|msdos|v7fs) d38 11 a48 3 *) message "Bad filesystem type ${fstype}" return 1 d50 2 a51 1 esac d56 5 a60 4 if [ ! -f "${random_file}" ]; then message "Not present" return fi d62 1 a62 3 if ! fs_safe "$(dirname "${random_file}")"; then return 1 fi d64 8 a71 14 set -- $(ls -ldn "${random_file}") st_mode="$1" # should be "-rw-------" st_uid="$3" # should be "0" for root # The file must be owned by root, if [ "$st_uid" != "0" ]; then message "Bad owner ${st_uid}" return 1 fi # and root read/write only. if [ "$st_mode" != "-rw-------" ]; then message "Bad mode ${st_mode}" return 1 fi d73 4 a76 2 if rndctl -L "${random_file}"; then echo "Loaded entropy from ${random_file}." d82 1 a82 1 oum="$(umask)" d85 1 a85 1 rm -Pf "${random_file}" d87 1 a87 2 if ! fs_safe "$(dirname "${random_file}")"; then umask "${oum}" d91 2 a92 2 if rndctl -S "${random_file}"; then echo "Saved entropy to ${random_file}." a93 1 umask "${oum}" d97 1 a97 1 load_rc_config "${name}" @