1#!/bin/sh 2# 3# $NetBSD: random_seed,v 1.1 2011/11/23 10:47:48 tls Exp $ 4# 5 6# PROVIDE: random_seed 7# REQUIRE: mountcritlocal 8# BEFORE: securelevel 9# KEYWORD: shutdown 10 11$_rc_subr_loaded . /etc/rc.subr 12 13name="random_seed" 14rcvar=$name 15start_cmd="random_load" 16stop_cmd="random_save" 17 18random_file=${random_file:-/var/db/entropy-file} 19 20fs_safe() 21{ 22 # 23 # Enforce that the file's on a local filesystem. 24 # Include only the types we can actually write. 25 # 26 fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}') 27 case $fstype in 28 ffs) 29 return 0 30 ;; 31 lfs) 32 return 0 33 ;; 34 ext2fs) 35 return 0; 36 ;; 37 msdosfs) 38 return 0; 39 ;; 40 v7fs) 41 return 0; 42 ;; 43 esac 44 return 1 45} 46 47random_load() 48{ 49 if [ -f $random_file ]; then 50 51 if ! fs_safe $(dirname ${random_file}); then 52 return 1 53 fi 54 55 eval $(stat -s ${random_file}) 56 57 # The file must be owned by root, 58 if [ "$st_uid" != "0" ]; then 59 return 1 60 fi 61 # and root read/write only. 62 if [ "$(echo $st_mode | tail -c4)" != "600" ]; then 63 return 1 64 fi 65 66 if rndctl -L ${random_file}; then 67 echo "Loaded entropy from disk." 68 fi 69 70 fi 71} 72 73random_save() 74{ 75 oum=$(umask) 76 umask 077 77 78 rm -Pf ${random_file} 79 80 if ! fs_safe $(dirname ${random_file}); then 81 return 1 82 fi 83 84 if rndctl -S ${random_file}; then 85 echo "Saved entropy to disk." 86 fi 87} 88 89 90load_rc_config $name 91run_rc_command "$1" 92