Index: libexec/rc/rc.d/random =================================================================== --- libexec/rc/rc.d/random +++ libexec/rc/rc.d/random @@ -25,8 +25,10 @@ for f ; do debug "saving entropy to $f" dd if=/dev/random of="$f" bs=4096 count=1 status=none && + ( chflags nodump "$f" 2>/dev/null || : ) && chmod 600 "$f" && - fsync "$f" "$(dirname "$f")" + fsync "$f" "$(dirname "$f")" || + warn "write failed (unwriteable or full fs?)" done umask ${oumask} } @@ -99,7 +101,7 @@ [Nn][Oo]) ;; *) - echo -n 'Writing entropy file:' + echo -n 'Writing entropy file: ' rm -f ${entropy_file} 2> /dev/null oumask=`umask` umask 077 @@ -118,12 +120,7 @@ warn 'write failed (read-only fs?)' ;; *) - dd if=/dev/random of=${entropy_file_confirmed} \ - bs=4096 count=1 2> /dev/null || - warn 'write failed (unwriteable file or full fs?)' - fsync "${entropy_file_confirmed}" \ - "$(dirname "${entropy_file_confirmed}")" \ - 2> /dev/null + save_dev_random "${entropy_file_confirmed}" echo '.' ;; esac @@ -134,7 +131,7 @@ [Nn][Oo]) ;; *) - echo -n 'Writing early boot entropy file:' + echo -n 'Writing early boot entropy file: ' rm -f ${entropy_boot_file} 2> /dev/null oumask=`umask` umask 077 @@ -146,12 +143,7 @@ warn 'write failed (read-only fs?)' ;; *) - dd if=/dev/random of=${entropy_boot_file_confirmed} \ - bs=4096 count=1 2> /dev/null || - warn 'write failed (unwriteable file or full fs?)' - fsync "${entropy_boot_file_confirmed}" \ - "$(dirname "${entropy_boot_file_confirmed}")" \ - 2> /dev/null + save_dev_random "${entropy_boot_file_confirmed}" echo '.' ;; esac Index: libexec/save-entropy/save-entropy.sh =================================================================== --- libexec/save-entropy/save-entropy.sh +++ libexec/save-entropy/save-entropy.sh @@ -90,6 +90,7 @@ done dd if=/dev/random of=saved-entropy.1 bs=${entropy_save_sz} count=1 2>/dev/null +chflags nodump saved-entropy.1 2>/dev/null || : fsync saved-entropy.1 "." exit 0