Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/libexec/save-entropy/save-entropy.sh
34821 views
1
#!/bin/sh

2
#

3
# SPDX-License-Identifier: BSD-2-Clause

4
#

5
# Copyright (c) 2001-2006,2012 Douglas Barton, [email protected]

6
# All rights reserved.

7
#

8
# Redistribution and use in source and binary forms, with or without

9
# modification, are permitted provided that the following conditions

10
# are met:

11
# 1. Redistributions of source code must retain the above copyright

12
#    notice, this list of conditions and the following disclaimer.

13
# 2. Redistributions in binary form must reproduce the above copyright

14
#    notice, this list of conditions and the following disclaimer in the

15
#    documentation and/or other materials provided with the distribution.

16
#

17
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

18
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

19
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

20
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

21
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

22
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

23
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

24
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

25
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

26
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

27
# SUCH DAMAGE.

28
#

29


30
# This script is called by cron to store bits of randomness which are

31
# then used to seed /dev/random on boot.

32


33
# Originally developed by Doug Barton, [email protected]

34


35
PATH=/bin:/usr/bin

36


37
# If there is a global system configuration file, suck it in.

38
#

39
if [ -r /etc/defaults/rc.conf ]; then

40
	. /etc/defaults/rc.conf

41
	source_rc_confs 2>/dev/null

42
elif [ -r /etc/rc.conf ]; then

43
	. /etc/rc.conf 2>/dev/null

44
fi

45


46
[ $(/sbin/sysctl -n security.jail.jailed) = 0 ] || exit 0

47


48
case ${entropy_dir} in

49
[Nn][Oo])

50
	exit 0

51
	;;

52
*)

53
	entropy_dir=${entropy_dir:-/var/db/entropy}

54
	;;

55
esac

56


57
entropy_save_sz=${entropy_save_sz:-4096}

58
entropy_save_num=${entropy_save_num:-8}

59


60
if [ ! -d "${entropy_dir}" ]; then

61
	install -d -o operator -g operator -m 0700 "${entropy_dir}" || {

62
		logger -is -t "$0" The entropy directory "${entropy_dir}" does \

63
		    not exist, and cannot be created. Therefore no entropy can \

64
		    be saved.; exit 1; }

65
fi

66


67
cd "${entropy_dir}" || {

68
	logger -is -t "$0" Cannot cd to the entropy directory: "${entropy_dir}". \

69
	    Entropy file rotation is aborted.; exit 1; }

70


71
for f in saved-entropy.*; do

72
	case "${f}" in saved-entropy.\*) continue ;; esac	# No files match

73
	[ ${f#saved-entropy\.} -gt ${entropy_save_num} ] && unlink ${f}

74
done

75


76
umask 177

77


78
# Scan slots [1..$entropy_save_num), picking an empty slot or the oldest

79
# existing file if no empty slot was available.

80
#

81
# 1. Find out the first regular file or empty slot (and its serial number)

82
#

83
n=1

84
while [ ${n} -le ${entropy_save_num} ]; do

85
	save_file="saved-entropy.${n}"

86
	if [ ! -e "${save_file}" -o -f "${save_file}" ]; then

87
		break

88
	else

89
		logger -is -t "$0" \

90
		    "${save_file}" is not a regular file, skipped.

91
	fi

92
	n=$(( ${n} + 1 ))

93
done

94
#

95
# 2. Start from (serial number + 1), and check if the slot is empty

96
#    or is an older regular file, update save_file pointer in either

97
#    case, and break early if we found an empty slot.

98
#

99
if [ -f ${save_file} ]; then

100
	n=$(( ${n} + 1 ))

101
	while [ ${n} -le ${entropy_save_num} ]; do

102
		next_file=saved-entropy.${n}

103
		if [ -f "${next_file}" ]; then

104
			[ "${next_file}" -ot "${save_file}" ] && \

105
			    save_file="${next_file}"

106
		elif [ ! -e "${next_file}" ]; then

107
			save_file="${next_file}"

108
			break

109
		else

110
			logger -is -t "$0" \

111
			    "${next_file}" is not a regular file, skipped.

112
		fi

113
		n=$(( ${n} + 1 ))

114
	done

115
fi

116
#

117
# 3. Check if the pointer we have in hand is really a regular file or

118
#    an empty slot, and bail out as that means there is no available slot.

119
#

120
if [ -e "${save_file}" -a ! -f "${save_file}" ]; then

121
	logger -is -t "$0" \

122
		No available slot in "${entropy_dir}", save entropy is aborted.

123
	exit 1

124
fi

125


126
# Save entropy to the selected slot.

127
chmod 600 "${save_file}" 2>/dev/null || :

128
dd if=/dev/random of="${save_file}" bs=${entropy_save_sz} count=1 2>/dev/null

129
chflags nodump "${save_file}" 2>/dev/null || :

130
fsync "${save_file}" "."

131


132
exit 0

133


134