Date: Tue, 4 Sep 2012 16:00:51 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r240090 - head/libexec/save-entropy Message-ID: <201209041600.q84G0p4u080312@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dougb Date: Tue Sep 4 16:00:51 2012 New Revision: 240090 URL: http://svn.freebsd.org/changeset/base/240090 Log: 1. Use install -d to create the entropy_dir if missing so that we can do it all in one command, with no permissions race. 2. Simplify the rotation logic by cd'ing into the directory, with a test to make sure that it succeeds. 3. Remove any files numbered higher than entropy_save_num. This helps when the user reduces the number, and may be useful for other purposes down the road. 4. Simplify the rotation logic by first testing the common case (it's a regular file) then testing if something else exists with the same name using elif. Also switch from using jot to simpler countdown format. 5. Fix logger lines and error messages to be more consistent, and wrap the code more consistently in the 80 column range. The "not a regular file" error message was mistakenly wrapped entirely in "quotes" which caused logger to include line-wrapping whitespace. Change that to wrap only the variables in quotes, which is both consistent and works better. 6. Update copyright to reflect the fact that changes were made this year. Parts of 2-4 were taken from etc/periodic/daily/310.accounting Modified: head/libexec/save-entropy/save-entropy.sh Modified: head/libexec/save-entropy/save-entropy.sh ============================================================================== --- head/libexec/save-entropy/save-entropy.sh Tue Sep 4 15:58:58 2012 (r240089) +++ head/libexec/save-entropy/save-entropy.sh Tue Sep 4 16:00:51 2012 (r240090) @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2001-2006 Douglas Barton, DougB@FreeBSD.org +# Copyright (c) 2001-2006,2012 Douglas Barton, dougb@FreeBSD.org # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -29,7 +29,7 @@ # This script is called by cron to store bits of randomness which are # then used to seed /dev/random on boot. -# Originally developed by Doug Barton, DougB@FreeBSD.org +# Originally developed by Doug Barton, dougb@FreeBSD.org PATH=/bin:/usr/bin @@ -55,38 +55,36 @@ entropy_save_sz=${entropy_save_sz:-2048} entropy_save_num=${entropy_save_num:-8} if [ ! -d "${entropy_dir}" ]; then - umask 077 - mkdir "${entropy_dir}" || { - logger -is -t "$0" The entropy directory "${entropy_dir}" does not \ -exist, and cannot be created. Therefore no entropy can be saved. ; - exit 1;} - /usr/sbin/chown operator:operator "${entropy_dir}" - chmod 0700 "${entropy_dir}" + install -d -o operator -g operator -m 0700 "${entropy_dir}" || { + logger -is -t "$0" The entropy directory "${entropy_dir}" does \ + not exist, and cannot be created. Therefore no entropy can \ + be saved.; exit 1; } fi +cd "${entropy_dir}" || { + logger -is -t "$0" Cannot cd to the entropy directory: "${entropy_dir}". \ + Entropy file rotation is aborted.; exit 1; } + +for f in saved-entropy.*; do + case "${f}" in saved-entropy.\*) continue ;; esac # No files match + [ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f} +done + umask 377 -esn_m1=$(( ${entropy_save_num} - 1 )) -for file_num in `jot $esn_m1 $esn_m1 1`; do - if [ -e "${entropy_dir}/saved-entropy.${file_num}" ]; then - if [ -f "${entropy_dir}/saved-entropy.${file_num}" ]; then - new_file=saved-entropy.$(( $file_num + 1 )) - if [ -e "${entropy_dir}/${new_file}" ]; then - unlink ${entropy_dir}/${new_file} - fi - mv "${entropy_dir}/saved-entropy.${file_num}" \ - "${entropy_dir}/${new_file}" - else - logger -is -t "$0" \ -"${entropy_dir}/saved-entropy.${file_num} is not a regular file, and therefore \ -it will not be rotated. Entropy file harvesting is aborted." - exit 1 - fi +n=$(( ${entropy_save_num} - 1 )) +while [ ${n} -ge 1 ]; do + if [ -f "saved-entropy.${n}" ]; then + mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))" + elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then + logger -is -t "$0" \ + "${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \ + it will not be rotated. Entropy file rotation is aborted. + exit 1 fi + n=$(( ${n} - 1 )) done -dd if=/dev/random of="${entropy_dir}/saved-entropy.1" \ - bs="$entropy_save_sz" count=1 2> /dev/null +dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null exit 0 -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209041600.q84G0p4u080312>