Page MenuHomeFreeBSD
Differential D20358

save-entropy(8), rc.d/random: Set nodump flag
ClosedPublic
Actions

Authored by cem on May 22 2019, 6:35 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jan 18, 7:48 AM
Unknown Object (File)
Sat, Jan 18, 3:25 AM
Unknown Object (File)
Sun, Jan 12, 11:00 AM
Unknown Object (File)
Dec 13 2024, 5:53 PM
Unknown Object (File)
Dec 6 2024, 7:03 PM
Unknown Object (File)
Dec 4 2024, 7:05 AM
Unknown Object (File)
Dec 2 2024, 5:01 AM
Unknown Object (File)
Dec 2 2024, 5:01 AM
View All 97 Files
Subscribers
imp

Details

Reviewers
markm
delphij
Commits
rS348122: save-entropy(8), rc.d/random: Set nodump flag
Summary

Tag saved entropy files as "nodump," to signal that the files should not be
backed up by dump(8) or other automated backup software that honors the file
flag.

Do not produce an error if the target file resides on a filesystem that does
not support file flags (e.g., msdos /boot).

Test Plan

The Fortuna chapter points out that saved entropy should not be backed up or
snapshotted. We don't have a lot of control over the latter as a VM guest, but
we can at least attempt to set file flags that signal "don't backup."

This is a weak signal since a lot of software might not be aware of the nodump
file flag, and some commonly used filesystems do not support it. But we might
as well set it for those that do honor it.

Testing:

testvm# /bin/ls -lo /var/db/entropy
total 32
-r--------  1 operator  operator  nodump 4096 May 22 13:55 saved-entropy.1
-r--------  1 operator  operator  -      4096 May 22 13:44 saved-entropy.2
...

(i.e., periodic save-entropy(8) has rolled the first file and will eventually set nodump on all files as rotation occurs).

testvm# /bin/ls -lo /boot/entropy
-rw-------  1 root  wheel  - 4096 May 22 11:08 /boot/entropy
testvm# reboot
...
Feeding entropy: .
...
testvm# /bin/ls -lo /boot/entropy
-rw-------  1 root  wheel  nodump 4096 May 22 13:56 /boot/entropy

rc.d/random updates flag.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cem created this revision.May 22 2019, 6:35 PM
Harbormaster completed remote builds in B24401: Diff 57710.May 22 2019, 6:35 PM
delphij requested changes to this revision.May 22 2019, 8:20 PM

Looks good to me overall, but please remove the warn (see comment inline for reasoning).

libexec/rc/rc.d/random
31 ↗(On Diff #57710)

Please remove the warn here.

The old code you have get rid of (which is a good thing) used warn because dd's stderr output was redirected to /dev/null, with the version in save_dev_random, dd would emit the accurate error message, when applicable, and it's much better than a vague (unwriteable or full fs?) message.

This revision now requires changes to proceed.May 22 2019, 8:20 PM
cem planned changes to this revision.May 22 2019, 8:26 PM
cem added inline comments.
libexec/rc/rc.d/random
31 ↗(On Diff #57710)

Works for me, will do! Thanks

cem edited the test plan for this revision. (Show Details)May 22 2019, 8:57 PM
cem updated this revision to Diff 57723.May 22 2019, 8:57 PM

Drop redundant warn, thanks delphij

Harbormaster completed remote builds in B24410: Diff 57723.May 22 2019, 8:57 PM
delphij accepted this revision.May 22 2019, 9:25 PM
This revision is now accepted and ready to land.May 22 2019, 9:25 PM
Closed by commit rS348122: save-entropy(8), rc.d/random: Set nodump flag (authored by cem). · Explain WhyMay 22 2019, 9:47 PM
This revision was automatically updated to reflect the committed changes.
cem marked an inline comment as done.
Herald added a subscriber: imp. · View Herald TranscriptMay 22 2019, 9:47 PM
markm added a comment.May 23 2019, 8:54 AM

Good move!

Revision Contents
Changeset List

PathSize
head/
libexec/
rc/
rc.d/
19 lines
save-entropy/
1 line

Diff 57733

View Options

head/libexec/rc/rc.d/random

Loading...
View Options

head/libexec/save-entropy/save-entropy.sh

Loading...