Get rid of the postrandom script. It was born in a time when the
random script ran before filesystems were mounted, which is no longer the case. In random_start(), immediately delete each file that is fed into /dev/random, and recreate the default entropy file immediately after reading and deleting it. The logic used in random_stop() to determine which file to write to should probably be factored out and used here as well.
This commit is contained in:
parent
d3f3e12a4f
commit
7417198fcf
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=273957
@ -38,6 +38,8 @@
|
|||||||
# xargs -n1 | sort | uniq -d;
|
# xargs -n1 | sort | uniq -d;
|
||||||
# done
|
# done
|
||||||
|
|
||||||
|
# 20141102: postrandom obsoleted by new /dev/random code
|
||||||
|
OLD_FILES+=etc/rc.d/postrandom
|
||||||
# 20141031: initrandom obsoleted by new /dev/random code
|
# 20141031: initrandom obsoleted by new /dev/random code
|
||||||
OLD_FILES+=etc/rc.d/initrandom
|
OLD_FILES+=etc/rc.d/initrandom
|
||||||
# 20141028: debug files accidentally installed as directory name
|
# 20141028: debug files accidentally installed as directory name
|
||||||
|
@ -112,7 +112,6 @@ FILES= DAEMON \
|
|||||||
pf \
|
pf \
|
||||||
pflog \
|
pflog \
|
||||||
pfsync \
|
pfsync \
|
||||||
postrandom \
|
|
||||||
powerd \
|
powerd \
|
||||||
power_profile \
|
power_profile \
|
||||||
ppp \
|
ppp \
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
# PROVIDE: adjkerntz
|
# PROVIDE: adjkerntz
|
||||||
# REQUIRE: FILESYSTEMS postrandom
|
# REQUIRE: FILESYSTEMS
|
||||||
# BEFORE: netif
|
# BEFORE: netif
|
||||||
# KEYWORD: nojail
|
# KEYWORD: nojail
|
||||||
|
|
||||||
|
@ -1,41 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# $FreeBSD$
|
|
||||||
#
|
|
||||||
|
|
||||||
# PROVIDE: postrandom
|
|
||||||
# REQUIRE: random FILESYSTEMS
|
|
||||||
# BEFORE: LOGIN
|
|
||||||
# KEYWORD: nojail
|
|
||||||
|
|
||||||
. /etc/rc.subr
|
|
||||||
|
|
||||||
name="postrandom"
|
|
||||||
start_cmd="${name}_start"
|
|
||||||
stop_cmd=":"
|
|
||||||
|
|
||||||
# This will remove old ${entropy_file} and generate a new one.
|
|
||||||
# According to Bruce Schneier, this is strongly recommended in order
|
|
||||||
# to avoid using same ${entropy_file} across reboots.
|
|
||||||
# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3
|
|
||||||
|
|
||||||
postrandom_start()
|
|
||||||
{
|
|
||||||
/etc/rc.d/random fastsaveseed
|
|
||||||
|
|
||||||
case ${entropy_dir} in
|
|
||||||
[Nn][Oo])
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
entropy_dir=${entropy_dir:-/var/db/entropy}
|
|
||||||
if [ -d "${entropy_dir}" ]; then
|
|
||||||
if [ -w /dev/random ]; then
|
|
||||||
rm -f ${entropy_dir}/*
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
load_rc_config random
|
|
||||||
run_rc_command "$1"
|
|
@ -17,41 +17,58 @@ stop_cmd="random_stop"
|
|||||||
extra_commands="saveseed"
|
extra_commands="saveseed"
|
||||||
saveseed_cmd="${name}_stop"
|
saveseed_cmd="${name}_stop"
|
||||||
|
|
||||||
|
save_dev_random()
|
||||||
|
{
|
||||||
|
for f ; do
|
||||||
|
if :>>"$f" ; then
|
||||||
|
debug "saving entropy to $f"
|
||||||
|
dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
feed_dev_random()
|
feed_dev_random()
|
||||||
{
|
{
|
||||||
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
|
for f ; do
|
||||||
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
|
if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
|
||||||
fi
|
if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
|
||||||
|
debug "entropy read from $f"
|
||||||
|
rm -f "$f"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
random_start()
|
random_start()
|
||||||
{
|
{
|
||||||
|
echo -n 'Feeding entropy:'
|
||||||
|
|
||||||
|
if [ ! -w /dev/random ] ; then
|
||||||
|
warn "/dev/random is not writeable"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
# Reseed /dev/random with previously stored entropy.
|
# Reseed /dev/random with previously stored entropy.
|
||||||
case ${entropy_dir} in
|
case ${entropy_dir:=/var/db/entropy} in
|
||||||
[Nn][Oo])
|
[Nn][Oo])
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
entropy_dir=${entropy_dir:-/var/db/entropy}
|
if [ -d "${entropy_dir}" ] ; then
|
||||||
if [ -d "${entropy_dir}" ]; then
|
feed_dev_random "${entropy_dir}"/*
|
||||||
if [ -w /dev/random ]; then
|
|
||||||
for seedfile in ${entropy_dir}/*; do
|
|
||||||
feed_dev_random "${seedfile}"
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
case ${entropy_file} in
|
case ${entropy_file:=/entropy} in
|
||||||
[Nn][Oo] | '')
|
[Nn][Oo] | '')
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
if [ -w /dev/random ]; then
|
feed_dev_random "${entropy_file}" /var/db/entropy-file
|
||||||
feed_dev_random "${entropy_file}"
|
save_dev_random "${entropy_file}"
|
||||||
feed_dev_random /var/db/entropy-file
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
echo '.'
|
||||||
}
|
}
|
||||||
|
|
||||||
random_stop()
|
random_stop()
|
||||||
@ -59,7 +76,7 @@ random_stop()
|
|||||||
# Write some entropy so when the machine reboots /dev/random
|
# Write some entropy so when the machine reboots /dev/random
|
||||||
# can be reseeded
|
# can be reseeded
|
||||||
#
|
#
|
||||||
case ${entropy_file} in
|
case ${entropy_file:=/entropy} in
|
||||||
[Nn][Oo] | '')
|
[Nn][Oo] | '')
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
Loading…
Reference in New Issue
Block a user