save-entropy(8), rc.d/random: Set nodump flag

Tag saved entropy files as "nodump," to signal that the files should not be backed up by dump(8) or other automated backup software that honors the file flag. Do not produce an error if the target file resides on a filesystem that does not support file flags (e.g., msdos /boot). Reviewed by: delphij Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D20358
svn path=/head/; revision=348122
2019-05-22 21:47:17 +00:00 · 2019-05-22 21:47:17 +00:00 · 26c4978843 · 2020-12-20 02:59:44 +00:00
commit 26c4978843
parent 563ab4e400
2 changed files with 6 additions and 14 deletions
--- a/libexec/rc/rc.d/random
+++ b/libexec/rc/rc.d/random
@ -25,6 +25,7 @@ save_dev_random()
 	for f ; do
 		debug "saving entropy to $f"
 		dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
+			( chflags nodump "$f" 2>/dev/null || : ) &&
 			chmod 600 "$f" &&
 			fsync "$f" "$(dirname "$f")"
 	done
@ -99,7 +100,7 @@ random_stop()
 	[Nn][Oo])
 		;;
 	*)
-		echo -n 'Writing entropy file:'
+		echo -n 'Writing entropy file: '
 		rm -f ${entropy_file} 2> /dev/null
 		oumask=`umask`
 		umask 077
@ -118,12 +119,7 @@ random_stop()
 			warn 'write failed (read-only fs?)'
 			;;
 		*)
-			dd if=/dev/random of=${entropy_file_confirmed} \
-			    bs=4096 count=1 2> /dev/null ||
-			    warn 'write failed (unwriteable file or full fs?)'
-			fsync "${entropy_file_confirmed}" \
-			    "$(dirname "${entropy_file_confirmed}")" \
-			    2> /dev/null
+			save_dev_random "${entropy_file_confirmed}"
 			echo '.'
 			;;
 		esac
@ -134,7 +130,7 @@ random_stop()
 	[Nn][Oo])
 		;;
 	*)
-		echo -n 'Writing early boot entropy file:'
+		echo -n 'Writing early boot entropy file: '
 		rm -f ${entropy_boot_file} 2> /dev/null
 		oumask=`umask`
 		umask 077
@ -146,12 +142,7 @@ random_stop()
 			warn 'write failed (read-only fs?)'
 			;;
 		*)
-			dd if=/dev/random of=${entropy_boot_file_confirmed} \
-			    bs=4096 count=1 2> /dev/null ||
-			    warn 'write failed (unwriteable file or full fs?)'
-			fsync "${entropy_boot_file_confirmed}" \
-			    "$(dirname "${entropy_boot_file_confirmed}")" \
-			    2> /dev/null
+			save_dev_random "${entropy_boot_file_confirmed}"
 			echo '.'
 			;;
 		esac
--- a/libexec/save-entropy/save-entropy.sh
+++ b/libexec/save-entropy/save-entropy.sh
@ -90,6 +90,7 @@ while [ ${n} -ge 1 ]; do
 done

 dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null
+chflags nodump saved-entropy.1 2>/dev/null || :
 fsync saved-entropy.1 "."

 exit 0