socsvn commit: r269994 - in soc2013/def/crashdump-head/etc: defaults rc.d

def at FreeBSD.org def at FreeBSD.org
Tue Jun 24 23:08:49 UTC 2014 

Author: def
Date: Tue Jun 24 23:08:48 2014
New Revision: 269994
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269994

Log:
  Don't generate RSA keys but disable crash dumps if they are missing.

Modified:
  soc2013/def/crashdump-head/etc/defaults/rc.conf
  soc2013/def/crashdump-head/etc/rc.d/dumpkey

Modified: soc2013/def/crashdump-head/etc/defaults/rc.conf
==============================================================================
--- soc2013/def/crashdump-head/etc/defaults/rc.conf	Tue Jun 24 22:15:27 2014	(r269993)
+++ soc2013/def/crashdump-head/etc/defaults/rc.conf	Tue Jun 24 23:08:48 2014	(r269994)
@@ -585,9 +585,7 @@
 dumpdev="AUTO"		# Device to crashdump to (device name, AUTO, or NO).
 dumpdir="/var/crash"	# Directory where crash dumps are to be stored
 dumpkey_enable="YES"	# Run dumpkey to generate a symmetric key.
-dumpkey_pub="/var/crash/.public.key"	# Public key to encrypt a symmetric key.
-dumpkey_priv="/var/crash/.private.key"	# Private key to decrypt a symmetric key.
-dumpkey_bits="2048"	# RSA keys' length.
+dumpkey_pubkey="/var/crash/.public.key"	# Public key to encrypt a symmetric key.
 savecore_flags="-m 10"	# Used if dumpdev is enabled above, and present.
 			# By default, only the 10 most recent kernel dumps
 			# are saved.

Modified: soc2013/def/crashdump-head/etc/rc.d/dumpkey
==============================================================================
--- soc2013/def/crashdump-head/etc/rc.d/dumpkey	Tue Jun 24 22:15:27 2014	(r269993)
+++ soc2013/def/crashdump-head/etc/rc.d/dumpkey	Tue Jun 24 23:08:48 2014	(r269994)
@@ -1,7 +1,9 @@
 #!/bin/sh
 
 # PROVIDE: dumpkey
-# REQUIRE: dumpon
+# REQUIRE: FILESYSTEMS sysctl
+# BEFORE: kldxref
+# KEYWORD: nojail
 
 . /etc/rc.subr
 
@@ -9,29 +11,25 @@
 rcvar="dumpkey_enable"
 start_cmd="dumpkey_start"
 start_precmd="dumpkey_prestart"
-stop_cmd="dumpkey_stop"
 
 dumpkey_prestart()
 {
-	if [ ! -r "${dumpkey_pub}" ] || [ ! -r "${dumpkey_priv}" ]; then
-		warn "At least one of keys doesn't exist. Generating new keys..."
-
-		dumpkey_pub=${dumpdir}/.public.key
-		dumpkey_priv=${dumpdir}/.private.key
-
-		/usr/bin/openssl genrsa -out ${dumpkey_priv} ${dumpkey_bits}
-		/usr/bin/openssl rsa -in ${dumpkey_priv} -out ${dumpkey_pub} -outform PEM -pubout
+	if [ ! -r "${dumpkey_pubkey}" ]; then
+		warn "Public RSA key does not exist. Crash dumps will not be saved."
+		sysctl kern.coredump=0 > /dev/null
+		return 1
 	fi
 }
 
 dumpkey_start()
 {
-	/sbin/dumpkey -e ${dumpkey_pub}
-}
+	if ! /sbin/dumpkey -e ${dumpkey_pubkey}; then
+		warn "Unable to generate and set a key. Crash dumps will not be saved."
+		sysctl kern.coredump=0 > /dev/null
+		return 1
+	fi
 
-dumpkey_stop()
-{
-	rm ${dumpdir}/*-decrypted
+	sysctl kern.coredump=1 > /dev/null
 }
 
 load_rc_config $name

More information about the svn-soc-all mailing list