From owner-svn-src-all@FreeBSD.ORG Sun Nov 2 01:47:28 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CA567417; Sun, 2 Nov 2014 01:47:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B6E6C211; Sun, 2 Nov 2014 01:47:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sA21lSw2082700; Sun, 2 Nov 2014 01:47:28 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sA21lRW0082695; Sun, 2 Nov 2014 01:47:27 GMT (envelope-from des@FreeBSD.org) Message-Id: <201411020147.sA21lRW0082695@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: des set sender to des@FreeBSD.org using -f From: Dag-Erling Smørgrav Date: Sun, 2 Nov 2014 01:47:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r273957 - in head: . etc/rc.d X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 01:47:29 -0000 Author: des Date: Sun Nov 2 01:47:27 2014 New Revision: 273957 URL: https://svnweb.freebsd.org/changeset/base/273957 Log: Get rid of the postrandom script. It was born in a time when the random script ran before filesystems were mounted, which is no longer the case. In random_start(), immediately delete each file that is fed into /dev/random, and recreate the default entropy file immediately after reading and deleting it. The logic used in random_stop() to determine which file to write to should probably be factored out and used here as well. Deleted: head/etc/rc.d/postrandom Modified: head/ObsoleteFiles.inc head/etc/rc.d/Makefile head/etc/rc.d/adjkerntz head/etc/rc.d/random Modified: head/ObsoleteFiles.inc ============================================================================== --- head/ObsoleteFiles.inc Sun Nov 2 01:13:11 2014 (r273956) +++ head/ObsoleteFiles.inc Sun Nov 2 01:47:27 2014 (r273957) @@ -38,6 +38,8 @@ # xargs -n1 | sort | uniq -d; # done +# 20141102: postrandom obsoleted by new /dev/random code +OLD_FILES+=etc/rc.d/postrandom # 20141031: initrandom obsoleted by new /dev/random code OLD_FILES+=etc/rc.d/initrandom # 20141028: debug files accidentally installed as directory name Modified: head/etc/rc.d/Makefile ============================================================================== --- head/etc/rc.d/Makefile Sun Nov 2 01:13:11 2014 (r273956) +++ head/etc/rc.d/Makefile Sun Nov 2 01:47:27 2014 (r273957) @@ -112,7 +112,6 @@ FILES= DAEMON \ pf \ pflog \ pfsync \ - postrandom \ powerd \ power_profile \ ppp \ Modified: head/etc/rc.d/adjkerntz ============================================================================== --- head/etc/rc.d/adjkerntz Sun Nov 2 01:13:11 2014 (r273956) +++ head/etc/rc.d/adjkerntz Sun Nov 2 01:47:27 2014 (r273957) @@ -4,7 +4,7 @@ # # PROVIDE: adjkerntz -# REQUIRE: FILESYSTEMS postrandom +# REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojail Modified: head/etc/rc.d/random ============================================================================== --- head/etc/rc.d/random Sun Nov 2 01:13:11 2014 (r273956) +++ head/etc/rc.d/random Sun Nov 2 01:47:27 2014 (r273957) @@ -17,41 +17,58 @@ stop_cmd="random_stop" extra_commands="saveseed" saveseed_cmd="${name}_stop" +save_dev_random() +{ + for f ; do + if :>>"$f" ; then + debug "saving entropy to $f" + dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null + fi + done +} + feed_dev_random() { - if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then - cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null - fi + for f ; do + if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then + if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then + debug "entropy read from $f" + rm -f "$f" + fi + fi + done } random_start() { + echo -n 'Feeding entropy:' + + if [ ! -w /dev/random ] ; then + warn "/dev/random is not writeable" + return 1 + fi + # Reseed /dev/random with previously stored entropy. - case ${entropy_dir} in + case ${entropy_dir:=/var/db/entropy} in [Nn][Oo]) ;; *) - entropy_dir=${entropy_dir:-/var/db/entropy} - if [ -d "${entropy_dir}" ]; then - if [ -w /dev/random ]; then - for seedfile in ${entropy_dir}/*; do - feed_dev_random "${seedfile}" - done - fi + if [ -d "${entropy_dir}" ] ; then + feed_dev_random "${entropy_dir}"/* fi ;; esac - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *) - if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" - feed_dev_random /var/db/entropy-file - fi + feed_dev_random "${entropy_file}" /var/db/entropy-file + save_dev_random "${entropy_file}" ;; esac + + echo '.' } random_stop() @@ -59,7 +76,7 @@ random_stop() # Write some entropy so when the machine reboots /dev/random # can be reseeded # - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *)