libexec/save-entropy/save-entropy.sh

119026Sume#!/bin/sh
66776Skris#
55163Sshin# Copyright (c) 2001-2005 Douglas Barton, DougB@FreeBSD.org
55163Sshin# All rights reserved.
55163Sshin#
62632Skris# Redistribution and use in source and binary forms, with or without
55163Sshin# modification, are permitted provided that the following conditions
55163Sshin# are met:
55163Sshin# 1. Redistributions of source code must retain the above copyright
55163Sshin#    notice, this list of conditions and the following disclaimer.
55163Sshin# 2. Redistributions in binary form must reproduce the above copyright
55163Sshin#    notice, this list of conditions and the following disclaimer in the
55163Sshin#    documentation and/or other materials provided with the distribution.
55163Sshin#
55163Sshin# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
55163Sshin# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55163Sshin# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
62632Skris# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
55163Sshin# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55163Sshin# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55163Sshin# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55163Sshin# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55163Sshin# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55163Sshin# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55163Sshin# SUCH DAMAGE.
55163Sshin#
55163Sshin# $FreeBSD: head/libexec/save-entropy/save-entropy.sh 144889 2005-04-11 02:07:33Z dougb $
55163Sshin
55163Sshin# This script is called by cron to store bits of randomness which are
55163Sshin# then used to seed /dev/random on boot.
55163Sshin
55163Sshin# Originally developed by Doug Barton, DougB@FreeBSD.org
55163Sshin
55163SshinPATH=/bin:/usr/bin
55163Sshin
62632Skris# If there is a global system configuration file, suck it in.
118909Sume#
55163Sshinif [ -r /etc/defaults/rc.conf ]; then
62632Skris	. /etc/defaults/rc.conf
55163Sshin	source_rc_confs
55163Sshinelif [ -r /etc/rc.conf ]; then
55163Sshin	. /etc/rc.conf
55163Sshinfi
55163Sshin
55163Sshincase ${entropy_dir} in
55163Sshin[Nn][Oo])
55163Sshin	exit 0
55163Sshin	;;
55163Sshin*)
55163Sshin	entropy_dir=${entropy_dir:-/var/db/entropy}
55163Sshin	;;
55163Sshinesac
55163Sshin
66776Skrisentropy_save_sz=${entropy_save_sz:-2048}
118916Sumeentropy_save_num=${entropy_save_num:-8}
118916Sume
118916Sumeif [ ! -d "${entropy_dir}" ]; then
118664Sume	umask 077
55163Sshin	mkdir "${entropy_dir}" || {
55163Sshin	    logger -is -t "$0" The entropy directory "${entropy_dir}" does not \
55163Sshinexist, and cannot be created.  Therefore no entropy can be saved. ;
55163Sshin	    exit 1;}
118664Sume	/usr/sbin/chown operator:operator "${entropy_dir}"
118664Sume	chmod 0700 "${entropy_dir}"
124525Sumefi
118664Sume
66776Skrisumask 377
66776Skris
118664Sumefor file_num in `jot ${entropy_save_num} ${entropy_save_num} 1`; do
118661Sume	if [ -e "${entropy_dir}/saved-entropy.${file_num}" ]; then
55163Sshin		if [ -f "${entropy_dir}/saved-entropy.${file_num}" ]; then
147150Ssuz			new_num=$(($file_num + 1))
62632Skris			if [ "${new_num}" -gt "${entropy_save_num}" ]; then
62632Skris				rm -f "${entropy_dir}/saved-entropy.${file_num}"
62632Skris			else
55163Sshin				mv "${entropy_dir}/saved-entropy.${file_num}" \
118664Sume				    "${entropy_dir}/saved-entropy.${new_num}"
118910Sume			fi
118664Sume		else
118664Sume			logger -is -t "$0" \
118664Sume"${entropy_dir}/saved-entropy.${file_num} is not a regular file, and therefore \
55163Sshinit will not be rotated. Entropy file harvesting is aborted."
173412Skevlo			exit 1
55163Sshin		fi
55163Sshin	fi
55163Sshindone
124526Sume
55163Sshindd if=/dev/random of="${entropy_dir}/saved-entropy.1" \
62632Skris    bs="$entropy_save_sz" count=1 2> /dev/null
124526Sume
124526Sumeexit 0
55163Sshin
124526Sume