diff options
| author | dougb <dougb@FreeBSD.org> | 2012-09-04 16:00:51 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2012-09-04 16:00:51 +0000 |
| commit | 83d50f9dde1f19f5ec2c458bb6d08a5538ae416c (patch) | |
| tree | e07537e27c197f49dfdbba22093733cfecd999e4 /libexec/save-entropy | |
| parent | b357c43c75b7875a5dbfbd6e6c28e0f15ed74252 (diff) | |
| download | FreeBSD-src-83d50f9dde1f19f5ec2c458bb6d08a5538ae416c.zip FreeBSD-src-83d50f9dde1f19f5ec2c458bb6d08a5538ae416c.tar.gz | |
1. Use install -d to create the entropy_dir if missing so that we can do it
all in one command, with no permissions race.
2. Simplify the rotation logic by cd'ing into the directory, with a test
to make sure that it succeeds.
3. Remove any files numbered higher than entropy_save_num. This helps when
the user reduces the number, and may be useful for other purposes down
the road.
4. Simplify the rotation logic by first testing the common case (it's a
regular file) then testing if something else exists with the same name
using elif. Also switch from using jot to simpler countdown format.
5. Fix logger lines and error messages to be more consistent, and wrap the
code more consistently in the 80 column range. The "not a regular file"
error message was mistakenly wrapped entirely in "quotes" which caused
logger to include line-wrapping whitespace. Change that to wrap only
the variables in quotes, which is both consistent and works better.
6. Update copyright to reflect the fact that changes were made this year.
Parts of 2-4 were taken from etc/periodic/daily/310.accounting
Diffstat (limited to 'libexec/save-entropy')
| -rwxr-xr-x | libexec/save-entropy/save-entropy.sh | 54 |
1 files changed, 26 insertions, 28 deletions
diff --git a/libexec/save-entropy/save-entropy.sh b/libexec/save-entropy/save-entropy.sh index b5b37d4..e96b543 100755 --- a/libexec/save-entropy/save-entropy.sh +++ b/libexec/save-entropy/save-entropy.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2001-2006 Douglas Barton, DougB@FreeBSD.org +# Copyright (c) 2001-2006,2012 Douglas Barton, dougb@FreeBSD.org # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -29,7 +29,7 @@ # This script is called by cron to store bits of randomness which are # then used to seed /dev/random on boot. -# Originally developed by Doug Barton, DougB@FreeBSD.org +# Originally developed by Doug Barton, dougb@FreeBSD.org PATH=/bin:/usr/bin @@ -55,38 +55,36 @@ entropy_save_sz=${entropy_save_sz:-2048} entropy_save_num=${entropy_save_num:-8} if [ ! -d "${entropy_dir}" ]; then - umask 077 - mkdir "${entropy_dir}" || { - logger -is -t "$0" The entropy directory "${entropy_dir}" does not \ -exist, and cannot be created. Therefore no entropy can be saved. ; - exit 1;} - /usr/sbin/chown operator:operator "${entropy_dir}" - chmod 0700 "${entropy_dir}" + install -d -o operator -g operator -m 0700 "${entropy_dir}" || { + logger -is -t "$0" The entropy directory "${entropy_dir}" does \ + not exist, and cannot be created. Therefore no entropy can \ + be saved.; exit 1; } fi +cd "${entropy_dir}" || { + logger -is -t "$0" Cannot cd to the entropy directory: "${entropy_dir}". \ + Entropy file rotation is aborted.; exit 1; } + +for f in saved-entropy.*; do + case "${f}" in saved-entropy.\*) continue ;; esac # No files match + [ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f} +done + umask 377 -esn_m1=$(( ${entropy_save_num} - 1 )) -for file_num in `jot $esn_m1 $esn_m1 1`; do - if [ -e "${entropy_dir}/saved-entropy.${file_num}" ]; then - if [ -f "${entropy_dir}/saved-entropy.${file_num}" ]; then - new_file=saved-entropy.$(( $file_num + 1 )) - if [ -e "${entropy_dir}/${new_file}" ]; then - unlink ${entropy_dir}/${new_file} - fi - mv "${entropy_dir}/saved-entropy.${file_num}" \ - "${entropy_dir}/${new_file}" - else - logger -is -t "$0" \ -"${entropy_dir}/saved-entropy.${file_num} is not a regular file, and therefore \ -it will not be rotated. Entropy file harvesting is aborted." - exit 1 - fi +n=$(( ${entropy_save_num} - 1 )) +while [ ${n} -ge 1 ]; do + if [ -f "saved-entropy.${n}" ]; then + mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))" + elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then + logger -is -t "$0" \ + "${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \ + it will not be rotated. Entropy file rotation is aborted. + exit 1 fi + n=$(( ${n} - 1 )) done -dd if=/dev/random of="${entropy_dir}/saved-entropy.1" \ - bs="$entropy_save_sz" count=1 2> /dev/null +dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null exit 0 - |
