1 |
commit: fcd29101d4458d6715c5aaa96c75da29e93f80b4 |
2 |
Author: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 29 02:11:42 2018 +0000 |
4 |
Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Dec 29 02:12:35 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd29101 |
7 |
|
8 |
sys-apps/rng-tools: rewrite initd and confd (6.6-r1 only) |
9 |
|
10 |
Restructure the openrc init script and the accompanying confd file to |
11 |
reflect the recent changes to rngd. |
12 |
|
13 |
- Instead of having individual NO_FOO="1" style variables in the confd |
14 |
file for each entropy source, maintain a single list of entropy |
15 |
sources to enable. Likewise, maintain a list of entropy sources to |
16 |
disable. |
17 |
- Allow per-entropy-source options to be set inside the confd file. |
18 |
- The init file defines $description now. |
19 |
- Use $command_args_background instead of $command_args to specify the |
20 |
daemon behavior. |
21 |
- Allow default setting of --fill-watermark. |
22 |
- Allow extra arguments to be passed to rngd from the confd file. |
23 |
|
24 |
Bug: https://bugs.gentoo.org/650622 |
25 |
Bug: https://bugs.gentoo.org/673120 |
26 |
Package-Manager: Portage-2.3.52, Repoman-2.3.12 |
27 |
Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org> |
28 |
|
29 |
sys-apps/rng-tools/files/rngd-confd-6 | 82 ++++++++++++++++++++++++++++++ |
30 |
sys-apps/rng-tools/files/rngd-initd-6-r1 | 60 ++++++++++++++++++++++ |
31 |
sys-apps/rng-tools/rng-tools-6.6-r1.ebuild | 68 +++++++++++++++++++++++++ |
32 |
3 files changed, 210 insertions(+) |
33 |
|
34 |
diff --git a/sys-apps/rng-tools/files/rngd-confd-6 b/sys-apps/rng-tools/files/rngd-confd-6 |
35 |
new file mode 100644 |
36 |
index 00000000000..a30e8c4fdad |
37 |
--- /dev/null |
38 |
+++ b/sys-apps/rng-tools/files/rngd-confd-6 |
39 |
@@ -0,0 +1,82 @@ |
40 |
+# Copyright 1999-2018 Gentoo Authors |
41 |
+# Distributed under the terms of the GNU General Public License v2 |
42 |
+ |
43 |
+# /etc/conf.d/rngd |
44 |
+# Please see "/usr/sbin/rngd --help" and "man rngd" for more information |
45 |
+ |
46 |
+# Space-delimited list of entropy sources to enable |
47 |
+# Note that some of the entropy sources may require certain USE flags |
48 |
+# to be enabled or require hardware support to function properly |
49 |
+# Entropy sources not specified here (or in the exclude list below) |
50 |
+# will be enabled/disabled based on rngd default behavior |
51 |
+# |
52 |
+# Choose from the list: |
53 |
+# hwrng: Hardware RNG Device |
54 |
+# tpm: TPM RNG Device (Deprecated) |
55 |
+# rdrand: Intel RDRAND Instruction RNG |
56 |
+# darn: Power9 DARN Instruction RNG |
57 |
+# nist: NIST Network Entropy Beacon |
58 |
+# (UNSAFE for cryptographic operations) |
59 |
+# jitter: JITTER Entropy generator |
60 |
+# |
61 |
+#INCLUDE_ENTROPY_SOURCES="hwrng tpm rdrand darn nist jitter" |
62 |
+ |
63 |
+ |
64 |
+# Space-delimited list of entropy sources to disable |
65 |
+# This is useful for disabling certain entropy sources even |
66 |
+# when they are supported on the system |
67 |
+# |
68 |
+#EXCLUDE_ENTROPY_SOURCES="nist tpm" |
69 |
+ |
70 |
+ |
71 |
+# Entropy source specific options: |
72 |
+# |
73 |
+# |
74 |
+# hwrng device used for random number input: |
75 |
+# |
76 |
+#HWRNG_DEVICE="/dev/hwrng" |
77 |
+# |
78 |
+# |
79 |
+# rdrand options: |
80 |
+# use_aes:(BOOLEAN) |
81 |
+# |
82 |
+#RDRAND_OPTIONS="use_aes:1" |
83 |
+# |
84 |
+# |
85 |
+# darn options: |
86 |
+# use_aes:(BOOLEAN) |
87 |
+# |
88 |
+#DARN_OPTIONS="use_aes:1" |
89 |
+# |
90 |
+# |
91 |
+# jitter options: |
92 |
+# thread_count:(INTEGER) |
93 |
+# buffer_size:(INTEGER) |
94 |
+# refill_thresh:(INTEGER) |
95 |
+# retry_count:(INTEGER) |
96 |
+# retry_delay:(INTEGER) |
97 |
+# use_aes:(BOOLEAN) |
98 |
+# |
99 |
+#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535" |
100 |
+#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1" |
101 |
+ |
102 |
+ |
103 |
+# Kernel device used for random number output |
104 |
+# |
105 |
+#RANDOM_DEVICE="/dev/random" |
106 |
+ |
107 |
+ |
108 |
+# Random step (Number of bytes written to random-device at a time): |
109 |
+# |
110 |
+#STEP=64 |
111 |
+ |
112 |
+ |
113 |
+# Fill watermark |
114 |
+# 0 <= n <= `sysctl kernel.random.poolsize` |
115 |
+# |
116 |
+#WATERMARK=2048 |
117 |
+ |
118 |
+ |
119 |
+# Any extra arguments for rngd |
120 |
+# |
121 |
+#EXTRA_ARGS="" |
122 |
|
123 |
diff --git a/sys-apps/rng-tools/files/rngd-initd-6-r1 b/sys-apps/rng-tools/files/rngd-initd-6-r1 |
124 |
new file mode 100644 |
125 |
index 00000000000..5d89dd7a186 |
126 |
--- /dev/null |
127 |
+++ b/sys-apps/rng-tools/files/rngd-initd-6-r1 |
128 |
@@ -0,0 +1,60 @@ |
129 |
+#!/sbin/openrc-run |
130 |
+# Copyright 1999-2018 Gentoo Authors |
131 |
+# Distributed under the terms of the GNU General Public License v2 |
132 |
+ |
133 |
+depend() { |
134 |
+ need localmount |
135 |
+ after urandom |
136 |
+ provide entropy |
137 |
+} |
138 |
+ |
139 |
+command="/usr/sbin/rngd" |
140 |
+description="Check and feed random data from hardware device to kernel entropy pool." |
141 |
+pidfile="/var/run/${RC_SVCNAME}.pid" |
142 |
+command_args="" |
143 |
+command_args_background="--pid-file ${pidfile} --background" |
144 |
+start_stop_daemon_args="--wait 1000" |
145 |
+retry="SIGKILL/5000" |
146 |
+ |
147 |
+ |
148 |
+# Parse rngd confd file for extra command line arguments |
149 |
+start_pre() { |
150 |
+ for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do |
151 |
+ command_args="${command_args} -n ${entsrc}" |
152 |
+ done |
153 |
+ |
154 |
+ for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do |
155 |
+ command_args="${command_args} -x ${entsrc}" |
156 |
+ done |
157 |
+ |
158 |
+ if [ "x${HWRNG_DEVICE}" != "x" ]; then |
159 |
+ command_args="${command_args} --rng-device=${HWRNG_DEVICE}" |
160 |
+ fi |
161 |
+ |
162 |
+ for entsrc_opt in ${RDRAND_OPTIONS}; do |
163 |
+ command_args="${command_args} -O rdrand:${entsrc_opt}" |
164 |
+ done |
165 |
+ |
166 |
+ for entsrc_opt in ${DARN_OPTIONS}; do |
167 |
+ command_args="${command_args} -O darn:${entsrc_opt}" |
168 |
+ done |
169 |
+ |
170 |
+ for entsrc_opt in ${JITTER_OPTIONS}; do |
171 |
+ command_args="${command_args} -O jitter:${entsrc_opt}" |
172 |
+ done |
173 |
+ |
174 |
+ if [ "x${RANDOM_DEVICE}" != "x" ]; then |
175 |
+ command_args="${command_args} --random-device=${RANDOM_DEVICE}" |
176 |
+ fi |
177 |
+ |
178 |
+ if [ "x${STEP}" != "x" ]; then |
179 |
+ command_args="${command_args} --random-step=${STEP}" |
180 |
+ fi |
181 |
+ |
182 |
+ if [ "x${WATERMARK}" != "x" ]; then |
183 |
+ command_args="${command_args} --fill-watermark=${WATERMARK}" |
184 |
+ fi |
185 |
+ |
186 |
+ command_args="${command_args} ${EXTRA_ARGS}" |
187 |
+ return 0 |
188 |
+} |
189 |
|
190 |
diff --git a/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild b/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild |
191 |
new file mode 100644 |
192 |
index 00000000000..49e8d55e554 |
193 |
--- /dev/null |
194 |
+++ b/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild |
195 |
@@ -0,0 +1,68 @@ |
196 |
+# Copyright 1999-2018 Gentoo Authors |
197 |
+# Distributed under the terms of the GNU General Public License v2 |
198 |
+ |
199 |
+EAPI=6 |
200 |
+ |
201 |
+inherit autotools systemd toolchain-funcs |
202 |
+ |
203 |
+DESCRIPTION="Daemon to use hardware random number generators" |
204 |
+HOMEPAGE="https://github.com/nhorman/rng-tools" |
205 |
+SRC_URI="https://github.com/nhorman/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
206 |
+ |
207 |
+LICENSE="GPL-2" |
208 |
+SLOT="0" |
209 |
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~x86" |
210 |
+IUSE="jitterentropy nistbeacon selinux" |
211 |
+ |
212 |
+DEPEND="dev-libs/libgcrypt:0 |
213 |
+ dev-libs/libgpg-error |
214 |
+ sys-fs/sysfsutils |
215 |
+ jitterentropy? ( |
216 |
+ app-crypt/jitterentropy:= |
217 |
+ ) |
218 |
+ nistbeacon? ( |
219 |
+ net-misc/curl[ssl] |
220 |
+ dev-libs/libxml2:2= |
221 |
+ dev-libs/openssl:0= |
222 |
+ ) |
223 |
+" |
224 |
+RDEPEND="${DEPEND} |
225 |
+ selinux? ( sec-policy/selinux-rngd )" |
226 |
+DEPEND="${DEPEND} |
227 |
+ nistbeacon? ( |
228 |
+ virtual/pkgconfig |
229 |
+ ) |
230 |
+" |
231 |
+ |
232 |
+PATCHES=( |
233 |
+ "${FILESDIR}"/test-for-argp.patch |
234 |
+ "${FILESDIR}"/${PN}-5-fix-textrels-on-PIC-x86.patch #469962 |
235 |
+) |
236 |
+ |
237 |
+src_prepare() { |
238 |
+ echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am || die |
239 |
+ default |
240 |
+ |
241 |
+ mv README.md README || die |
242 |
+ |
243 |
+ eautoreconf |
244 |
+ |
245 |
+ sed -i '/^AR /d' Makefile.in || die |
246 |
+ tc-export AR |
247 |
+} |
248 |
+ |
249 |
+src_configure() { |
250 |
+ local myeconfargs=( |
251 |
+ $(use_with nistbeacon) |
252 |
+ $(use_enable jitterentropy) |
253 |
+ ) |
254 |
+ |
255 |
+ econf "${myeconfargs[@]}" |
256 |
+} |
257 |
+ |
258 |
+src_install() { |
259 |
+ default |
260 |
+ newinitd "${FILESDIR}"/rngd-initd-6-r1 rngd |
261 |
+ newconfd "${FILESDIR}"/rngd-confd-6 rngd |
262 |
+ systemd_dounit "${FILESDIR}"/rngd.service |
263 |
+} |