freebsd-skq/etc/rc.d/postrandom

#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: postrandom
# REQUIRE: initrandom random FILESYSTEMS
# BEFORE: LOGIN
# KEYWORD: nojail

. /etc/rc.subr

name="postrandom"
start_cmd="${name}_start"
stop_cmd=":"

# This will remove old ${entropy_file} and generate a new one.
# According to Bruce Schneier, this is strongly recommended in order
# to avoid using same ${entropy_file} across reboots.
# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3

postrandom_start()
{
	/etc/rc.d/random fastsaveseed

	case ${entropy_dir} in
	[Nn][Oo])
		;;
	*)
		entropy_dir=${entropy_dir:-/var/db/entropy}
		if [ -d "${entropy_dir}" ]; then
			if [ -w /dev/random ]; then
				rm -f ${entropy_dir}/*
			fi
		fi
		;;
	esac
}

load_rc_config random
run_rc_command "$1"
Remove old entropy seeding after consumption initializing /dev/random PRNG. Not doing so opens us up to replay attacks. Submitted by: Arthur Mesh <arthurmesh@gmail.com> Sponsored by: Juniper Networks 2012-08-22 18:43:21 +00:00			`#!/bin/sh`
			`#`
			`# $FreeBSD$`
			`#`

			`# PROVIDE: postrandom`
Simply things so that "#REQUIRE: FILESYSTEMS" means the file systems are fully "ready to go". 'FILESYSTEMS' states: "This is a dummy dependency, for services which require file systems to be mounted before starting." However, we have 'var' which is was run after 'FILESYSTEMS' and can mount /var if it already isn't mounted. Furthermore, several scripts cannot use /var until 'cleanvar' has done its thing. Thus "FILESYSTEMS" hasn't really meant all critical file systems are fully usable. 2012-09-11 05:04:59 +00:00			`# REQUIRE: initrandom random FILESYSTEMS`
Remove old entropy seeding after consumption initializing /dev/random PRNG. Not doing so opens us up to replay attacks. Submitted by: Arthur Mesh <arthurmesh@gmail.com> Sponsored by: Juniper Networks 2012-08-22 18:43:21 +00:00			`# BEFORE: LOGIN`
			`# KEYWORD: nojail`

			`. /etc/rc.subr`

			`name="postrandom"`
			`start_cmd="${name}_start"`
			`stop_cmd=":"`

			`# This will remove old ${entropy_file} and generate a new one.`
The entire comment block is now spell checked this time -- I promise. 2012-08-22 22:34:55 +00:00			`# According to Bruce Schneier, this is strongly recommended in order`
Remove old entropy seeding after consumption initializing /dev/random PRNG. Not doing so opens us up to replay attacks. Submitted by: Arthur Mesh <arthurmesh@gmail.com> Sponsored by: Juniper Networks 2012-08-22 18:43:21 +00:00			`# to avoid using same ${entropy_file} across reboots.`
The entire comment block is now spell checked this time -- I promise. 2012-08-22 22:34:55 +00:00			`# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3`
Remove old entropy seeding after consumption initializing /dev/random PRNG. Not doing so opens us up to replay attacks. Submitted by: Arthur Mesh <arthurmesh@gmail.com> Sponsored by: Juniper Networks 2012-08-22 18:43:21 +00:00
			`postrandom_start()`
			`{`
			`/etc/rc.d/random fastsaveseed`

			`case ${entropy_dir} in`
			`[Nn][Oo])`
			`;;`
			`*)`
			`entropy_dir=${entropy_dir:-/var/db/entropy}`
			`if [ -d "${entropy_dir}" ]; then`
			`if [ -w /dev/random ]; then`
			`rm -f ${entropy_dir}/*`
			`fi`
			`fi`
			`;;`
			`esac`
			`}`

			`load_rc_config random`
			`run_rc_command "$1"`