diff options
author | markm <markm@FreeBSD.org> | 2015-06-30 17:09:41 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2015-06-30 17:09:41 +0000 |
commit | 8b5b408c2c62fe7ff51161d7e59c3d1798f71834 (patch) | |
tree | d01a430c798b97b0fca9bf7cb575552298f86fda /etc | |
parent | d5861655770012f2a69a575c40f59a3567351672 (diff) | |
download | FreeBSD-src-8b5b408c2c62fe7ff51161d7e59c3d1798f71834.zip FreeBSD-src-8b5b408c2c62fe7ff51161d7e59c3d1798f71834.tar.gz |
Updated random(4) boot/shutdown scripting.
Fix the man pages as well.
Differential Revision: https://reviews.freebsd.org/D2924
Approved by: so (delphij)
Diffstat (limited to 'etc')
-rw-r--r-- | etc/defaults/rc.conf | 11 | ||||
-rwxr-xr-x | etc/rc.d/random | 43 |
2 files changed, 48 insertions, 6 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index ef3b861..125d59e 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -630,15 +630,16 @@ kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure # in the system booting with securelevel set to 1, as # init(8) will raise the level when rc(8) completes. update_motd="YES" # update version info in /etc/motd (or NO) -entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. +entropy_boot_file="/boot/entropy" # Set to NO to disable very early + # (used at early boot time) entropy caching through reboots. +entropy_file="/entropy" # Set to NO to disable late (used when going multi-user) + # entropy through reboots. # /var/db/entropy-file is preferred if / is not avail. entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="4096" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. -harvest_interrupt="YES" # Entropy device harvests interrupt randomness -harvest_ethernet="YES" # Entropy device harvests ethernet randomness -harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness -harvest_swi="YES" # Entropy device harvests internal SWI randomness +harvest_mask="511" # Entropy device harvests all but the very invasive sources. + # (See 'sysctl kern.random.harvest' and random(4)) dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot watchdogd_enable="NO" # Start the software watchdog daemon watchdogd_flags="" # Flags to watchdogd (if enabled) diff --git a/etc/rc.d/random b/etc/rc.d/random index 2420a39..13490a9 100755 --- a/etc/rc.d/random +++ b/etc/rc.d/random @@ -41,6 +41,13 @@ feed_dev_random() random_start() { + + if [ ${harvest_mask} -gt 0 ]; then + echo -n 'Setting up harvesting:' + ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null + ${SYSCTL_N} kern.random.harvest.mask_symbolic + fi + echo -n 'Feeding entropy:' if [ ! -w /dev/random ] ; then @@ -68,6 +75,14 @@ random_start() ;; esac + case ${entropy_boot_file:=/boot/entropy} in + [Nn][Oo] | '') + ;; + *) + save_dev_random "${entropy_boot_file}" + ;; + esac + echo '.' } @@ -100,7 +115,33 @@ random_stop() ;; *) dd if=/dev/random of=${entropy_file_confirmed} \ - bs=4096 count=1 2> /dev/null + bs=4096 count=1 2> /dev/null || + warn 'write failed (unwriteable file or full fs?)' + echo '.' + ;; + esac + umask ${oumask} + ;; + esac + case ${entropy_boot_file:=/boot/entropy} in + [Nn][Oo] | '') + ;; + *) + echo -n 'Writing early boot entropy file:' + rm -f ${entropy_boot_file} 2> /dev/null + oumask=`umask` + umask 077 + if touch ${entropy_boot_file} 2> /dev/null; then + entropy_boot_file_confirmed="${entropy_boot_file}" + fi + case ${entropy_boot_file_confirmed} in + '') + warn 'write failed (read-only fs?)' + ;; + *) + dd if=/dev/random of=${entropy_boot_file_confirmed} \ + bs=4096 count=1 2> /dev/null || + warn 'write failed (unwriteable file or full fs?)' echo '.' ;; esac |