etc/rc.d/random

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: random
   7 # REQUIRE: FILESYSTEMS
   8 # BEFORE: netif
   9 # KEYWORD: nojail shutdown
  10
  11 . /etc/rc.subr
  12
  13 name="random"
  14 start_cmd="random_start"
  15 stop_cmd="random_stop"
  16
  17 extra_commands="saveseed"
  18 saveseed_cmd="${name}_stop"
  19
  20 save_dev_random()
  21 {
  22         for f ; do
  23                 if :>>"$f" ; then
  24                         debug "saving entropy to $f"
  25                         dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
  26                 fi
  27         done
  28 }
  29
  30 feed_dev_random()
  31 {
  32         for f ; do
  33                 if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
  34                         if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
  35                                 debug "entropy read from $f"
  36                                 rm -f "$f"
  37                         fi
  38                 fi
  39         done
  40 }
  41
  42 random_start()
  43 {
  44
  45         if [ ${harvest_mask} -gt 0 ]; then
  46                 echo -n 'Setting up harvesting:'
  47                 ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
  48                 ${SYSCTL_N} kern.random.harvest.mask_symbolic
  49         fi
  50
  51         echo -n 'Feeding entropy:'
  52
  53         if [ ! -w /dev/random ] ; then
  54                 warn "/dev/random is not writeable"
  55                 return 1
  56         fi
  57
  58         # Reseed /dev/random with previously stored entropy.
  59         case ${entropy_dir:=/var/db/entropy} in
  60         [Nn][Oo])
  61                 ;;
  62         *)
  63                 if [ -d "${entropy_dir}" ] ; then
  64                         feed_dev_random "${entropy_dir}"/*
  65                 fi
  66                 ;;
  67         esac
  68
  69         case ${entropy_file:=/entropy} in
  70         [Nn][Oo])
  71                 ;;
  72         *)
  73                 feed_dev_random "${entropy_file}" /var/db/entropy-file
  74                 save_dev_random "${entropy_file}"
  75                 ;;
  76         esac
  77
  78         case ${entropy_boot_file:=/boot/entropy} in
  79         [Nn][Oo])
  80                 ;;
  81         *)
  82                 save_dev_random "${entropy_boot_file}"
  83                 ;;
  84         esac
  85
  86         echo '.'
  87 }
  88
  89 random_stop()
  90 {
  91         # Write some entropy so when the machine reboots /dev/random
  92         # can be reseeded
  93         #
  94         case ${entropy_file:=/entropy} in
  95         [Nn][Oo])
  96                 ;;
  97         *)
  98                 echo -n 'Writing entropy file:'
  99                 rm -f ${entropy_file} 2> /dev/null
 100                 oumask=`umask`
 101                 umask 077
 102                 if touch ${entropy_file} 2> /dev/null; then
 103                         entropy_file_confirmed="${entropy_file}"
 104                 else
 105                         # Try this as a reasonable alternative for read-only
 106                         # roots, diskless workstations, etc.
 107                         rm -f /var/db/entropy-file 2> /dev/null
 108                         if touch /var/db/entropy-file 2> /dev/null; then
 109                                 entropy_file_confirmed=/var/db/entropy-file
 110                         fi
 111                 fi
 112                 case ${entropy_file_confirmed} in
 113                 '')
 114                         warn 'write failed (read-only fs?)'
 115                         ;;
 116                 *)
 117                         dd if=/dev/random of=${entropy_file_confirmed} \
 118                             bs=4096 count=1 2> /dev/null ||
 119                             warn 'write failed (unwriteable file or full fs?)'
 120                         echo '.'
 121                         ;;
 122                 esac
 123                 umask ${oumask}
 124                 ;;
 125         esac
 126         case ${entropy_boot_file:=/boot/entropy} in
 127         [Nn][Oo])
 128                 ;;
 129         *)
 130                 echo -n 'Writing early boot entropy file:'
 131                 rm -f ${entropy_boot_file} 2> /dev/null
 132                 oumask=`umask`
 133                 umask 077
 134                 if touch ${entropy_boot_file} 2> /dev/null; then
 135                         entropy_boot_file_confirmed="${entropy_boot_file}"
 136                 fi
 137                 case ${entropy_boot_file_confirmed} in
 138                 '')
 139                         warn 'write failed (read-only fs?)'
 140                         ;;
 141                 *)
 142                         dd if=/dev/random of=${entropy_boot_file_confirmed} \
 143                             bs=4096 count=1 2> /dev/null ||
 144                             warn 'write failed (unwriteable file or full fs?)'
 145                         echo '.'
 146                         ;;
 147                 esac
 148                 umask ${oumask}
 149                 ;;
 150         esac
 151 }
 152
 153 load_rc_config $name
 154 run_rc_command "$1"