etc/rc.d/random

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: random
   7 # REQUIRE: FILESYSTEMS
   8 # BEFORE: netif
   9 # KEYWORD: nojail shutdown
  10
  11 . /etc/rc.subr
  12
  13 name="random"
  14 desc="Harvest and save entropy for random device"
  15 start_cmd="random_start"
  16 stop_cmd="random_stop"
  17
  18 extra_commands="saveseed"
  19 saveseed_cmd="${name}_stop"
  20
  21 save_dev_random()
  22 {
  23         for f ; do
  24                 if :>>"$f" ; then
  25                         debug "saving entropy to $f"
  26                         dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
  27                 fi
  28         done
  29 }
  30
  31 feed_dev_random()
  32 {
  33         for f ; do
  34                 if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
  35                         if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
  36                                 debug "entropy read from $f"
  37                                 rm -f "$f"
  38                         fi
  39                 fi
  40         done
  41 }
  42
  43 random_start()
  44 {
  45
  46         if [ ${harvest_mask} -gt 0 ]; then
  47                 echo -n 'Setting up harvesting: '
  48                 ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
  49                 ${SYSCTL_N} kern.random.harvest.mask_symbolic
  50         fi
  51
  52         echo -n 'Feeding entropy: '
  53
  54         if [ ! -w /dev/random ] ; then
  55                 warn "/dev/random is not writeable"
  56                 return 1
  57         fi
  58
  59         # Reseed /dev/random with previously stored entropy.
  60         case ${entropy_dir:=/var/db/entropy} in
  61         [Nn][Oo])
  62                 ;;
  63         *)
  64                 if [ -d "${entropy_dir}" ] ; then
  65                         feed_dev_random "${entropy_dir}"/*
  66                 fi
  67                 ;;
  68         esac
  69
  70         case ${entropy_file:=/entropy} in
  71         [Nn][Oo])
  72                 ;;
  73         *)
  74                 feed_dev_random "${entropy_file}" /var/db/entropy-file
  75                 save_dev_random "${entropy_file}"
  76                 ;;
  77         esac
  78
  79         case ${entropy_boot_file:=/boot/entropy} in
  80         [Nn][Oo])
  81                 ;;
  82         *)
  83                 save_dev_random "${entropy_boot_file}"
  84                 ;;
  85         esac
  86
  87         echo '.'
  88 }
  89
  90 random_stop()
  91 {
  92         # Write some entropy so when the machine reboots /dev/random
  93         # can be reseeded
  94         #
  95         case ${entropy_file:=/entropy} in
  96         [Nn][Oo])
  97                 ;;
  98         *)
  99                 echo -n 'Writing entropy file:'
 100                 rm -f ${entropy_file} 2> /dev/null
 101                 oumask=`umask`
 102                 umask 077
 103                 if touch ${entropy_file} 2> /dev/null; then
 104                         entropy_file_confirmed="${entropy_file}"
 105                 else
 106                         # Try this as a reasonable alternative for read-only
 107                         # roots, diskless workstations, etc.
 108                         rm -f /var/db/entropy-file 2> /dev/null
 109                         if touch /var/db/entropy-file 2> /dev/null; then
 110                                 entropy_file_confirmed=/var/db/entropy-file
 111                         fi
 112                 fi
 113                 case ${entropy_file_confirmed} in
 114                 '')
 115                         warn 'write failed (read-only fs?)'
 116                         ;;
 117                 *)
 118                         dd if=/dev/random of=${entropy_file_confirmed} \
 119                             bs=4096 count=1 2> /dev/null ||
 120                             warn 'write failed (unwriteable file or full fs?)'
 121                         echo '.'
 122                         ;;
 123                 esac
 124                 umask ${oumask}
 125                 ;;
 126         esac
 127         case ${entropy_boot_file:=/boot/entropy} in
 128         [Nn][Oo])
 129                 ;;
 130         *)
 131                 echo -n 'Writing early boot entropy file:'
 132                 rm -f ${entropy_boot_file} 2> /dev/null
 133                 oumask=`umask`
 134                 umask 077
 135                 if touch ${entropy_boot_file} 2> /dev/null; then
 136                         entropy_boot_file_confirmed="${entropy_boot_file}"
 137                 fi
 138                 case ${entropy_boot_file_confirmed} in
 139                 '')
 140                         warn 'write failed (read-only fs?)'
 141                         ;;
 142                 *)
 143                         dd if=/dev/random of=${entropy_boot_file_confirmed} \
 144                             bs=4096 count=1 2> /dev/null ||
 145                             warn 'write failed (unwriteable file or full fs?)'
 146                         echo '.'
 147                         ;;
 148                 esac
 149                 umask ${oumask}
 150                 ;;
 151         esac
 152 }
 153
 154 load_rc_config $name
 155 run_rc_command "$1"