save-entropy(8), rc.d/random: Set nodump flag

Tag saved entropy files as "nodump," to signal that the files should not be
backed up by dump(8) or other automated backup software that honors the file
flag.

Do not produce an error if the target file resides on a filesystem that does
not support file flags (e.g., msdos /boot).

Reviewed by:	delphij
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20358

libexec/rc/rc.d/random

@@ -25,6 +25,7 @@ save_dev_random()
 	for f ; do
 		debug "saving entropy to $f"
 		dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
+			( chflags nodump "$f" 2>/dev/null || : ) &&
 			chmod 600 "$f" &&
 			fsync "$f" "$(dirname "$f")"
 	done
@@ -118,12 +119,7 @@ random_stop()
 			warn 'write failed (read-only fs?)'
 			;;
 		*)
-			dd if=/dev/random of=${entropy_file_confirmed} \
+			save_dev_random "${entropy_file_confirmed}"
-			    bs=4096 count=1 2> /dev/null ||
-			    warn 'write failed (unwriteable file or full fs?)'
-			fsync "${entropy_file_confirmed}" \
-			    "$(dirname "${entropy_file_confirmed}")" \
-			    2> /dev/null
 			echo '.'
 			;;
 		esac
@@ -146,12 +142,7 @@ random_stop()
 			warn 'write failed (read-only fs?)'
 			;;
 		*)
-			dd if=/dev/random of=${entropy_boot_file_confirmed} \
+			save_dev_random "${entropy_boot_file_confirmed}"
-			    bs=4096 count=1 2> /dev/null ||
-			    warn 'write failed (unwriteable file or full fs?)'
-			fsync "${entropy_boot_file_confirmed}" \
-			    "$(dirname "${entropy_boot_file_confirmed}")" \
-			    2> /dev/null
 			echo '.'
 			;;
 		esac

libexec/save-entropy/save-entropy.sh

@@ -90,6 +90,7 @@ while [ ${n} -ge 1 ]; do
 done
 
 dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null
+chflags nodump saved-entropy.1 2>/dev/null || :
 fsync saved-entropy.1 "."
 
 exit 0