xref: /NextBSD/etc/rc.d/random (revision 287e3b14e9552995def1802ec9c5034f4adf28ec)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: random
7# REQUIRE: FILESYSTEMS
8# BEFORE: netif
9# KEYWORD: nojail shutdown
10
11. /etc/rc.subr
12
13name="random"
14start_cmd="random_start"
15stop_cmd="random_stop"
16
17extra_commands="saveseed"
18saveseed_cmd="${name}_stop"
19
20save_dev_random()
21{
22	for f ; do
23		if :>>"$f" ; then
24			debug "saving entropy to $f"
25			dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
26		fi
27	done
28}
29
30feed_dev_random()
31{
32	for f ; do
33		if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
34			if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
35				debug "entropy read from $f"
36				rm -f "$f"
37			fi
38		fi
39	done
40}
41
42random_start()
43{
44
45	if [ ${harvest_mask} -gt 0 ]; then
46		echo -n 'Setting up harvesting:'
47		${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
48		${SYSCTL_N} kern.random.harvest.mask_symbolic
49	fi
50
51	echo -n 'Feeding entropy:'
52
53	if [ ! -w /dev/random ] ; then
54		warn "/dev/random is not writeable"
55		return 1
56	fi
57
58	# Reseed /dev/random with previously stored entropy.
59	case ${entropy_dir:=/var/db/entropy} in
60	[Nn][Oo])
61		;;
62	*)
63		if [ -d "${entropy_dir}" ] ; then
64			feed_dev_random "${entropy_dir}"/*
65		fi
66		;;
67	esac
68
69	case ${entropy_file:=/entropy} in
70	[Nn][Oo])
71		;;
72	*)
73		feed_dev_random "${entropy_file}" /var/db/entropy-file
74		save_dev_random "${entropy_file}"
75		;;
76	esac
77
78	case ${entropy_boot_file:=/boot/entropy} in
79	[Nn][Oo])
80		;;
81	*)
82		save_dev_random "${entropy_boot_file}"
83		;;
84	esac
85
86	echo '.'
87}
88
89random_stop()
90{
91	# Write some entropy so when the machine reboots /dev/random
92	# can be reseeded
93	#
94	case ${entropy_file:=/entropy} in
95	[Nn][Oo])
96		;;
97	*)
98		echo -n 'Writing entropy file:'
99		rm -f ${entropy_file} 2> /dev/null
100		oumask=`umask`
101		umask 077
102		if touch ${entropy_file} 2> /dev/null; then
103			entropy_file_confirmed="${entropy_file}"
104		else
105			# Try this as a reasonable alternative for read-only
106			# roots, diskless workstations, etc.
107			rm -f /var/db/entropy-file 2> /dev/null
108			if touch /var/db/entropy-file 2> /dev/null; then
109				entropy_file_confirmed=/var/db/entropy-file
110			fi
111		fi
112		case ${entropy_file_confirmed} in
113		'')
114			warn 'write failed (read-only fs?)'
115			;;
116		*)
117			dd if=/dev/random of=${entropy_file_confirmed} \
118			    bs=4096 count=1 2> /dev/null ||
119			    warn 'write failed (unwriteable file or full fs?)'
120			echo '.'
121			;;
122		esac
123		umask ${oumask}
124		;;
125	esac
126	case ${entropy_boot_file:=/boot/entropy} in
127	[Nn][Oo])
128		;;
129	*)
130		echo -n 'Writing early boot entropy file:'
131		rm -f ${entropy_boot_file} 2> /dev/null
132		oumask=`umask`
133		umask 077
134		if touch ${entropy_boot_file} 2> /dev/null; then
135			entropy_boot_file_confirmed="${entropy_boot_file}"
136		fi
137		case ${entropy_boot_file_confirmed} in
138		'')
139			warn 'write failed (read-only fs?)'
140			;;
141		*)
142			dd if=/dev/random of=${entropy_boot_file_confirmed} \
143			    bs=4096 count=1 2> /dev/null ||
144			    warn 'write failed (unwriteable file or full fs?)'
145			echo '.'
146			;;
147		esac
148		umask ${oumask}
149		;;
150	esac
151}
152
153load_rc_config $name
154run_rc_command "$1"
155