#!/bin/sh # # Copyright (c) 2001-2006,2012 Douglas Barton, dougb@FreeBSD.org # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD: stable/11/libexec/save-entropy/save-entropy.sh 273872 2014-10-30 21:21:53Z markm $ # This script is called by cron to store bits of randomness which are # then used to seed /dev/random on boot. # Originally developed by Doug Barton, dougb@FreeBSD.org setglobal PATH = '/bin:/usr/bin' # If there is a global system configuration file, suck it in. # if test -r /etc/defaults/rc.conf { source /etc/defaults/rc.conf source_rc_confs 2>/dev/null } elif test -r /etc/rc.conf { source /etc/rc.conf 2>/dev/null } test $[/sbin/sysctl -n security.jail.jailed] = 0 || exit 0 match $(entropy_dir) { with [Nn][Oo] exit 0 with * setglobal entropy_dir = $(entropy_dir:-/var/db/entropy) } setglobal entropy_save_sz = $(entropy_save_sz:-4096) setglobal entropy_save_num = $(entropy_save_num:-8) if test ! -d $(entropy_dir) { install -d -o operator -g operator -m 0700 $(entropy_dir) || do { logger -is -t $0 The entropy directory $(entropy_dir) does \ not exist, and cannot be created. Therefore no entropy can \ be saved.; exit 1; } } cd $(entropy_dir) || do { logger -is -t $0 Cannot cd to the entropy directory: "$(entropy_dir)". \ Entropy file rotation is aborted.; exit 1; } for f in [saved-entropy.*] { match $(f) { with saved-entropy.\* continue } # No files match test $(f#saved-entropy\.) -ge $(entropy_save_num) && unlink $(f) } umask 377 setglobal n = $shExpr(' ${entropy_save_num} - 1 ') while test $(n) -ge 1 { if test -f "saved-entropy.$(n)" { mv "saved-entropy.$(n)" "saved-entropy.$shExpr(' ${n} + 1 ')" } elif test -e "saved-entropy.$(n)" -o -L "saved-entropy.$(n)" { logger -is -t $0 \ "$(entropy_dir)/saved-entropy.$(n)" is not a regular file, and so \ it will not be rotated. Entropy file rotation is aborted. exit 1 } setglobal n = $shExpr(' ${n} - 1 ') } dd if=/dev/random of=saved-entropy.1 bs=$(entropy_save_sz) count=1 2>/dev/null exit 0