Get rid of the postrandom script. It was born in a time when the

random script ran before filesystems were mounted, which is no longer the case. In random_start(), immediately delete each file that is fed into /dev/random, and recreate the default entropy file immediately after reading and deleting it. The logic used in random_stop() to determine which file to write to should probably be factored out and used here as well.
svn path=/head/; revision=273957
2014-11-02 01:47:27 +00:00 · 2014-11-02 01:47:27 +00:00 · 7417198fcf · 2020-12-20 02:59:44 +00:00
commit 7417198fcf
parent d3f3e12a4f
5 changed files with 37 additions and 60 deletions
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@ -38,6 +38,8 @@
 #   xargs -n1 | sort | uniq -d;
 # done

+# 20141102: postrandom obsoleted by new /dev/random code
+OLD_FILES+=etc/rc.d/postrandom
 # 20141031: initrandom obsoleted by new /dev/random code
 OLD_FILES+=etc/rc.d/initrandom
 # 20141028: debug files accidentally installed as directory name
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@ -112,7 +112,6 @@ FILES=	DAEMON \
 	pf \
 	pflog \
 	pfsync \
-	postrandom \
 	powerd \
 	power_profile \
 	ppp \
--- a/etc/rc.d/adjkerntz
+++ b/etc/rc.d/adjkerntz
@ -4,7 +4,7 @@
 #

 # PROVIDE: adjkerntz
-# REQUIRE: FILESYSTEMS postrandom
+# REQUIRE: FILESYSTEMS
 # BEFORE: netif
 # KEYWORD: nojail

--- a/etc/rc.d/postrandom
+++ b/etc/rc.d/postrandom
@ -1,41 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# PROVIDE: postrandom
-# REQUIRE: random FILESYSTEMS
-# BEFORE: LOGIN
-# KEYWORD: nojail
-
-. /etc/rc.subr
-
-name="postrandom"
-start_cmd="${name}_start"
-stop_cmd=":"
-
-# This will remove old ${entropy_file} and generate a new one.
-# According to Bruce Schneier, this is strongly recommended in order
-# to avoid using same ${entropy_file} across reboots.
-# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3
-
-postrandom_start()
-{
-	/etc/rc.d/random fastsaveseed
-
-	case ${entropy_dir} in
-	[Nn][Oo])
-		;;
-	*)
-		entropy_dir=${entropy_dir:-/var/db/entropy}
-		if [ -d "${entropy_dir}" ]; then
-			if [ -w /dev/random ]; then
-				rm -f ${entropy_dir}/*
-			fi
-		fi
-		;;
-	esac
-}
-
-load_rc_config random
-run_rc_command "$1"
--- a/etc/rc.d/random
+++ b/etc/rc.d/random
@ -17,41 +17,58 @@ stop_cmd="random_stop"
 extra_commands="saveseed"
 saveseed_cmd="${name}_stop"

+save_dev_random()
+{
+	for f ; do
+		if :>>"$f" ; then
+			debug "saving entropy to $f"
+			dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
+		fi
+	done
+}
+
 feed_dev_random()
 {
-	if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
-		cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
-	fi
+	for f ; do
+		if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
+			if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
+				debug "entropy read from $f"
+				rm -f "$f"
+			fi
+		fi
+	done
 }

 random_start()
 {
+	echo -n 'Feeding entropy:'
+
+	if [ ! -w /dev/random ] ; then
+		warn "/dev/random is not writeable"
+		return 1
+	fi
+
 	# Reseed /dev/random with previously stored entropy.
-	case ${entropy_dir} in
+	case ${entropy_dir:=/var/db/entropy} in
 	[Nn][Oo])
 		;;
 	*)
-		entropy_dir=${entropy_dir:-/var/db/entropy}
-		if [ -d "${entropy_dir}" ]; then
-			if [ -w /dev/random ]; then
-				for seedfile in ${entropy_dir}/*; do
-					feed_dev_random "${seedfile}"
-				done
-			fi
+		if [ -d "${entropy_dir}" ] ; then
+			feed_dev_random "${entropy_dir}"/*
 		fi
 		;;
 	esac

-	case ${entropy_file} in
+	case ${entropy_file:=/entropy} in
 	[Nn][Oo] | '')
 		;;
 	*)
-		if [ -w /dev/random ]; then
-			feed_dev_random "${entropy_file}"
-			feed_dev_random /var/db/entropy-file
-		fi
+		feed_dev_random "${entropy_file}" /var/db/entropy-file
+		save_dev_random "${entropy_file}"
 		;;
 	esac
+
+	echo '.'
 }

 random_stop()
@ -59,7 +76,7 @@ random_stop()
 	# Write some entropy so when the machine reboots /dev/random
 	# can be reseeded
 	#
-	case ${entropy_file} in
+	case ${entropy_file:=/entropy} in
 	[Nn][Oo] | '')
 		;;
 	*)