From owner-svn-soc-all@FreeBSD.ORG Tue Jun 24 23:08:49 2014 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B97245FE for ; Tue, 24 Jun 2014 23:08:49 +0000 (UTC) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8BB6F2A45 for ; Tue, 24 Jun 2014 23:08:49 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5ON8nFT038632 for ; Tue, 24 Jun 2014 23:08:49 GMT (envelope-from def@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.8/8.14.8/Submit) id s5ON8mLr038629 for svn-soc-all@FreeBSD.org; Tue, 24 Jun 2014 23:08:48 GMT (envelope-from def@FreeBSD.org) Date: Tue, 24 Jun 2014 23:08:48 GMT Message-Id: <201406242308.s5ON8mLr038629@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to def@FreeBSD.org using -f From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r269994 - in soc2013/def/crashdump-head/etc: defaults rc.d MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 23:08:49 -0000 Author: def Date: Tue Jun 24 23:08:48 2014 New Revision: 269994 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269994 Log: Don't generate RSA keys but disable crash dumps if they are missing. Modified: soc2013/def/crashdump-head/etc/defaults/rc.conf soc2013/def/crashdump-head/etc/rc.d/dumpkey Modified: soc2013/def/crashdump-head/etc/defaults/rc.conf ============================================================================== --- soc2013/def/crashdump-head/etc/defaults/rc.conf Tue Jun 24 22:15:27 2014 (r269993) +++ soc2013/def/crashdump-head/etc/defaults/rc.conf Tue Jun 24 23:08:48 2014 (r269994) @@ -585,9 +585,7 @@ dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO). dumpdir="/var/crash" # Directory where crash dumps are to be stored dumpkey_enable="YES" # Run dumpkey to generate a symmetric key. -dumpkey_pub="/var/crash/.public.key" # Public key to encrypt a symmetric key. -dumpkey_priv="/var/crash/.private.key" # Private key to decrypt a symmetric key. -dumpkey_bits="2048" # RSA keys' length. +dumpkey_pubkey="/var/crash/.public.key" # Public key to encrypt a symmetric key. savecore_flags="-m 10" # Used if dumpdev is enabled above, and present. # By default, only the 10 most recent kernel dumps # are saved. Modified: soc2013/def/crashdump-head/etc/rc.d/dumpkey ============================================================================== --- soc2013/def/crashdump-head/etc/rc.d/dumpkey Tue Jun 24 22:15:27 2014 (r269993) +++ soc2013/def/crashdump-head/etc/rc.d/dumpkey Tue Jun 24 23:08:48 2014 (r269994) @@ -1,7 +1,9 @@ #!/bin/sh # PROVIDE: dumpkey -# REQUIRE: dumpon +# REQUIRE: FILESYSTEMS sysctl +# BEFORE: kldxref +# KEYWORD: nojail . /etc/rc.subr @@ -9,29 +11,25 @@ rcvar="dumpkey_enable" start_cmd="dumpkey_start" start_precmd="dumpkey_prestart" -stop_cmd="dumpkey_stop" dumpkey_prestart() { - if [ ! -r "${dumpkey_pub}" ] || [ ! -r "${dumpkey_priv}" ]; then - warn "At least one of keys doesn't exist. Generating new keys..." - - dumpkey_pub=${dumpdir}/.public.key - dumpkey_priv=${dumpdir}/.private.key - - /usr/bin/openssl genrsa -out ${dumpkey_priv} ${dumpkey_bits} - /usr/bin/openssl rsa -in ${dumpkey_priv} -out ${dumpkey_pub} -outform PEM -pubout + if [ ! -r "${dumpkey_pubkey}" ]; then + warn "Public RSA key does not exist. Crash dumps will not be saved." + sysctl kern.coredump=0 > /dev/null + return 1 fi } dumpkey_start() { - /sbin/dumpkey -e ${dumpkey_pub} -} + if ! /sbin/dumpkey -e ${dumpkey_pubkey}; then + warn "Unable to generate and set a key. Crash dumps will not be saved." + sysctl kern.coredump=0 > /dev/null + return 1 + fi -dumpkey_stop() -{ - rm ${dumpdir}/*-decrypted + sysctl kern.coredump=1 > /dev/null } load_rc_config $name