Date: Thu, 4 Oct 2012 22:23:40 +0000 (UTC) From: Doug Barton <dougb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r241205 - stable/9/libexec/save-entropy Message-ID: <201210042223.q94MNedd034666@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dougb Date: Thu Oct 4 22:23:40 2012 New Revision: 241205 URL: http://svn.freebsd.org/changeset/base/241205 Log: MFC r240090: Improve file rotation Modified: stable/9/libexec/save-entropy/save-entropy.sh Directory Properties: stable/9/libexec/save-entropy/ (props changed) Modified: stable/9/libexec/save-entropy/save-entropy.sh ============================================================================== --- stable/9/libexec/save-entropy/save-entropy.sh Thu Oct 4 22:16:58 2012 (r241204) +++ stable/9/libexec/save-entropy/save-entropy.sh Thu Oct 4 22:23:40 2012 (r241205) @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2001-2006 Douglas Barton, DougB@FreeBSD.org +# Copyright (c) 2001-2006,2012 Douglas Barton, dougb@FreeBSD.org # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -29,7 +29,7 @@ # This script is called by cron to store bits of randomness which are # then used to seed /dev/random on boot. -# Originally developed by Doug Barton, DougB@FreeBSD.org +# Originally developed by Doug Barton, dougb@FreeBSD.org PATH=/bin:/usr/bin @@ -55,38 +55,36 @@ entropy_save_sz=${entropy_save_sz:-2048} entropy_save_num=${entropy_save_num:-8} if [ ! -d "${entropy_dir}" ]; then - umask 077 - mkdir "${entropy_dir}" || { - logger -is -t "$0" The entropy directory "${entropy_dir}" does not \ -exist, and cannot be created. Therefore no entropy can be saved. ; - exit 1;} - /usr/sbin/chown operator:operator "${entropy_dir}" - chmod 0700 "${entropy_dir}" + install -d -o operator -g operator -m 0700 "${entropy_dir}" || { + logger -is -t "$0" The entropy directory "${entropy_dir}" does \ + not exist, and cannot be created. Therefore no entropy can \ + be saved.; exit 1; } fi +cd "${entropy_dir}" || { + logger -is -t "$0" Cannot cd to the entropy directory: "${entropy_dir}". \ + Entropy file rotation is aborted.; exit 1; } + +for f in saved-entropy.*; do + case "${f}" in saved-entropy.\*) continue ;; esac # No files match + [ ${f#saved-entropy\.} -ge ${entropy_save_num} ] && unlink ${f} +done + umask 377 -esn_m1=$(( ${entropy_save_num} - 1 )) -for file_num in `jot $esn_m1 $esn_m1 1`; do - if [ -e "${entropy_dir}/saved-entropy.${file_num}" ]; then - if [ -f "${entropy_dir}/saved-entropy.${file_num}" ]; then - new_file=saved-entropy.$(( $file_num + 1 )) - if [ -e "${entropy_dir}/${new_file}" ]; then - unlink ${entropy_dir}/${new_file} - fi - mv "${entropy_dir}/saved-entropy.${file_num}" \ - "${entropy_dir}/${new_file}" - else - logger -is -t "$0" \ -"${entropy_dir}/saved-entropy.${file_num} is not a regular file, and therefore \ -it will not be rotated. Entropy file harvesting is aborted." - exit 1 - fi +n=$(( ${entropy_save_num} - 1 )) +while [ ${n} -ge 1 ]; do + if [ -f "saved-entropy.${n}" ]; then + mv "saved-entropy.${n}" "saved-entropy.$(( ${n} + 1 ))" + elif [ -e "saved-entropy.${n}" -o -L "saved-entropy.${n}" ]; then + logger -is -t "$0" \ + "${entropy_dir}/saved-entropy.${n}" is not a regular file, and so \ + it will not be rotated. Entropy file rotation is aborted. + exit 1 fi + n=$(( ${n} - 1 )) done -dd if=/dev/random of="${entropy_dir}/saved-entropy.1" \ - bs="$entropy_save_sz" count=1 2> /dev/null +dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null exit 0 -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210042223.q94MNedd034666>