blob: f75f72f259d5f68a9cf62583d35776f0582b1093 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
diff --git beadm beadm
index 6a0e397..f817e40 100755
--- beadm
+++ beadm
@@ -128,6 +128,24 @@ __be_new() { # 1=SOURCE 2=TARGET
unset NAME_NEW
unset NAME_SANITY
local SOURCE=$( echo ${1} | cut -d '@' -f 1 )
+ local ENTROPY=0
+ # secure current /boot/entropy file
+ if [ -f /boot/entropy ]
+ then
+ if ! cp -p /boot/entropy /boot/entropy.OLD 1> /dev/null 2> /dev/null
+ then
+ echo "ERROR: Can not copy current '/boot/entropy' file"
+ exit 1
+ fi
+ ENTROPY=1
+ fi
+ # create new /boot/entropy file that would be used in new boot environment
+ if ! dd if=/dev/random of=/boot/entropy bs=4096 count=1 1> /dev/null 2> /dev/null
+ then
+ echo "ERROR: Can not generate new '/boot/entropy' file"
+ exit 1
+ fi
+ # create snapshot that will be used as a base for new boot environment
if __be_snapshot ${1}
then
# create boot environment from snapshot
@@ -138,6 +156,13 @@ __be_new() { # 1=SOURCE 2=TARGET
if ! zfs list -H -o name ${FS}@${SNAPSHOT} 1> /dev/null 2> /dev/null
then
echo "ERROR: Child snapshot '${FS}@${SNAPSHOT}' does not exist"
+ if [ ${ENTROPY} -ne 0 ]
+ then
+ if ! mv /boot/entropy.OLD /boot/entropy 1> /dev/null 2> /dev/null
+ then
+ echo "WARNING: Can not bring back original '/boot/entropy' file"
+ fi
+ fi
exit 1
fi
done
@@ -146,6 +171,13 @@ __be_new() { # 1=SOURCE 2=TARGET
if zfs list -H -o name ${1}@${2##*/} 1> /dev/null 2> /dev/null
then
echo "ERROR: Snapshot '${1}@${2##*/}' already exists"
+ if [ ${ENTROPY} -ne 0 ]
+ then
+ if ! mv /boot/entropy.OLD /boot/entropy 1> /dev/null 2> /dev/null
+ then
+ echo "WARNING: Can not bring back original '/boot/entropy' file"
+ fi
+ fi
exit 1
fi
# snapshot format
@@ -153,9 +185,25 @@ __be_new() { # 1=SOURCE 2=TARGET
if ! zfs snapshot -r ${1}@${FMT} 1> /dev/null 2> /dev/null
then
echo "ERROR: Cannot create snapshot '${1}@${FMT}'"
+ if [ ${ENTROPY} -ne 0 ]
+ then
+ if ! mv /boot/entropy.OLD /boot/entropy 1> /dev/null 2> /dev/null
+ then
+ echo "WARNING: Can not bring back original '/boot/entropy' file"
+ fi
+ fi
exit 1
fi
fi
+ # bring back secured /boot/entropy.OLD file
+ if [ -f /boot/entropy.OLD ]
+ then
+ if ! mv /boot/entropy.OLD /boot/entropy 1> /dev/null 2> /dev/null
+ then
+ echo "WARNING: Can not bring back original '/boot/entropy' file"
+ fi
+ fi
+ unset ENTROPY
# clone properties of source boot environment
zfs list -H -o name -r ${SOURCE} \
| grep -v '@' \
|
