xref: /freebsd/libexec/rc/rc.d/random (revision daceb336172a6b0572de864b97e70b28451ca636) 
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: random
7# REQUIRE: FILESYSTEMS
8# BEFORE: netif
9# KEYWORD: nojail shutdown
10
11. /etc/rc.subr
12
13name="random"
14desc="Harvest and save entropy for random device"
15start_cmd="random_start"
16stop_cmd="random_stop"
17
18extra_commands="saveseed"
19saveseed_cmd="${name}_stop"
20
21save_dev_random()
22{
23	oumask=`umask`
24	umask 077
25	for f ; do
26		debug "saving entropy to $f"
27		dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
28			chmod 600 "$f" &&
29			fsync "$f" "$(dirname "$f")"
30	done
31	umask ${oumask}
32}
33
34feed_dev_random()
35{
36	for f ; do
37		if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
38			if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
39				debug "entropy read from $f"
40				rm -f "$f"
41			fi
42		fi
43	done
44}
45
46random_start()
47{
48
49	if [ ${harvest_mask} -gt 0 ]; then
50		echo -n 'Setting up harvesting: '
51		${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
52		${SYSCTL_N} kern.random.harvest.mask_symbolic
53	fi
54
55	echo -n 'Feeding entropy: '
56
57	if [ ! -w /dev/random ] ; then
58		warn "/dev/random is not writeable"
59		return 1
60	fi
61
62	# Reseed /dev/random with previously stored entropy.
63	case ${entropy_dir:=/var/db/entropy} in
64	[Nn][Oo])
65		;;
66	*)
67		if [ -d "${entropy_dir}" ] ; then
68			feed_dev_random "${entropy_dir}"/*
69		fi
70		;;
71	esac
72
73	case ${entropy_file:=/entropy} in
74	[Nn][Oo])
75		;;
76	*)
77		feed_dev_random "${entropy_file}" /var/db/entropy-file
78		save_dev_random "${entropy_file}"
79		;;
80	esac
81
82	case ${entropy_boot_file:=/boot/entropy} in
83	[Nn][Oo])
84		;;
85	*)
86		save_dev_random "${entropy_boot_file}"
87		;;
88	esac
89
90	echo '.'
91}
92
93random_stop()
94{
95	# Write some entropy so when the machine reboots /dev/random
96	# can be reseeded
97	#
98	case ${entropy_file:=/entropy} in
99	[Nn][Oo])
100		;;
101	*)
102		echo -n 'Writing entropy file:'
103		rm -f ${entropy_file} 2> /dev/null
104		oumask=`umask`
105		umask 077
106		if touch ${entropy_file} 2> /dev/null; then
107			entropy_file_confirmed="${entropy_file}"
108		else
109			# Try this as a reasonable alternative for read-only
110			# roots, diskless workstations, etc.
111			rm -f /var/db/entropy-file 2> /dev/null
112			if touch /var/db/entropy-file 2> /dev/null; then
113				entropy_file_confirmed=/var/db/entropy-file
114			fi
115		fi
116		case ${entropy_file_confirmed} in
117		'')
118			warn 'write failed (read-only fs?)'
119			;;
120		*)
121			dd if=/dev/random of=${entropy_file_confirmed} \
122			    bs=4096 count=1 2> /dev/null ||
123			    warn 'write failed (unwriteable file or full fs?)'
124			fsync "${entropy_file_confirmed}" \
125			    "$(dirname "${entropy_file_confirmed}")" \
126			    2> /dev/null
127			echo '.'
128			;;
129		esac
130		umask ${oumask}
131		;;
132	esac
133	case ${entropy_boot_file:=/boot/entropy} in
134	[Nn][Oo])
135		;;
136	*)
137		echo -n 'Writing early boot entropy file:'
138		rm -f ${entropy_boot_file} 2> /dev/null
139		oumask=`umask`
140		umask 077
141		if touch ${entropy_boot_file} 2> /dev/null; then
142			entropy_boot_file_confirmed="${entropy_boot_file}"
143		fi
144		case ${entropy_boot_file_confirmed} in
145		'')
146			warn 'write failed (read-only fs?)'
147			;;
148		*)
149			dd if=/dev/random of=${entropy_boot_file_confirmed} \
150			    bs=4096 count=1 2> /dev/null ||
151			    warn 'write failed (unwriteable file or full fs?)'
152			fsync "${entropy_boot_file_confirmed}" \
153			    "$(dirname "${entropy_boot_file_confirmed}")" \
154			    2> /dev/null
155			echo '.'
156			;;
157		esac
158		umask ${oumask}
159		;;
160	esac
161}
162
163load_rc_config $name
164run_rc_command "$1"
165