From bb48bcd52c75511c7ca269e7bb2f2a3955508650 Mon Sep 17 00:00:00 2001 From: dougb Date: Thu, 4 Oct 2012 22:23:40 +0000 Subject: [PATCH] MFC r240090: Improve file rotation git-svn-id: svn://svn.freebsd.org/base/stable/9@241205 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- libexec/save-entropy/save-entropy.sh | 54 ++++++++++++++-------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/libexec/save-entropy/save-entropy.sh b/libexec/save-entropy/save-entropy.sh index b5b37d40c..e96b543a7 100755 --- a/libexec/save-entropy/save-entropy.sh +++ b/libexec/save-entropy/save-entropy.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2001-2006 Douglas Barton, DougB@FreeBSD.org +# Copyright (c) 2001-2006,2012 Douglas Barton, dougb@FreeBSD.org # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -29,7 +29,7 @@ # This script is called by cron to store bits of randomness which are # then used to seed /dev/random on boot. -# Originally developed by Doug Barton, DougB@FreeBSD.org +# Originally developed by Doug Barton, dougb@FreeBSD.org PATH=/bin:/usr/bin @@ -55,38 +55,36 @@ entropy_save_sz=${entropy_save_sz:-2048} entropy_save_num=${entropy_save_num:-8} if [ ! -d "${entropy_dir}" ]; then - umask 077 - mkdir "${entropy_dir}" || { - logger -is -t "$0" The entropy directory "${entropy_dir}" does not \ -exist, and cannot be created. Therefore no entropy can be saved. ; - exit 1;} - /usr/sbin/chown operator:operator "${entropy_dir}" - chmod 0700 "${entropy_dir}" + install -d -o operator -g operator -m 0700 "${entropy_dir}" || { + logger -is -t "$0" The entropy directory "${entropy_dir}" does \ + not exist, and cannot be created. Therefore no entropy can \ + be saved.; exit 1; } fi +cd "${entropy_dir}" || { + logger -is -t "$0" Cannot cd to the entropy directory: "${entropy_dir}". \ + Entropy file rotation is aborted.; exit 1; } + +for f in saved-entropy.*; do + case "${f}" in saved-entropy.\*) continue ;; esac # No files match + [ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f} +done + umask 377 -esn_m1=$(( ${entropy_save_num} - 1 )) -for file_num in `jot $esn_m1 $esn_m1 1`; do - if [ -e "${entropy_dir}/saved-entropy.${file_num}" ]; then - if [ -f "${entropy_dir}/saved-entropy.${file_num}" ]; then - new_file=saved-entropy.$(( $file_num + 1 )) - if [ -e "${entropy_dir}/${new_file}" ]; then - unlink ${entropy_dir}/${new_file} - fi - mv "${entropy_dir}/saved-entropy.${file_num}" \ - "${entropy_dir}/${new_file}" - else - logger -is -t "$0" \ -"${entropy_dir}/saved-entropy.${file_num} is not a regular file, and therefore \ -it will not be rotated. Entropy file harvesting is aborted." - exit 1 - fi +n=$(( ${entropy_save_num} - 1 )) +while [ ${n} -ge 1 ]; do + if [ -f "saved-entropy.${n}" ]; then + mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))" + elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then + logger -is -t "$0" \ + "${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \ + it will not be rotated. Entropy file rotation is aborted. + exit 1 fi + n=$(( ${n} - 1 )) done -dd if=/dev/random of="${entropy_dir}/saved-entropy.1" \ - bs="$entropy_save_sz" count=1 2> /dev/null +dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null exit 0 - -- 2.45.0