diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2012-12-16 00:02:42 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2012-12-16 00:02:42 +0000 |
| commit | 57c8fec2d0897cc0892ee29b72398dd6f66709f7 (patch) | |
| tree | 6d2ddee31ed3bc9acab0939930dbe1fcbca6fbc0 /sys-apps/rng-tools | |
| parent | Dev channel bump. Use system harfbuzz. Re-enable nacl (no pnacl yet). Remove ... (diff) | |
| download | gentoo-2-57c8fec2d0897cc0892ee29b72398dd6f66709f7.tar.gz gentoo-2-57c8fec2d0897cc0892ee29b72398dd6f66709f7.tar.bz2 gentoo-2-57c8fec2d0897cc0892ee29b72398dd6f66709f7.zip | |
Update init script so that OpenRC can check on the daemon, also fix stop with rdrand-capable CPUs (bug #442238), and disallow /dev/urandom mixin by default (bug #292239). The init script no longer tries to second-guess the configuration parameters, leaving the erroring out for missing sources to rngd itself, as it was broken and would have caused more trouble when rdrand is present.
(Portage version: 2.2.0_alpha148/cvs/Linux x86_64, signed Manifest commit with key 1CD13C8AD4301342)
Diffstat (limited to 'sys-apps/rng-tools')
| -rw-r--r-- | sys-apps/rng-tools/ChangeLog | 13 | ||||
| -rw-r--r-- | sys-apps/rng-tools/files/rngd-confd-4.1 | 27 | ||||
| -rw-r--r-- | sys-apps/rng-tools/files/rngd-initd-4.1 | 32 | ||||
| -rw-r--r-- | sys-apps/rng-tools/rng-tools-4-r2.ebuild | 31 |
4 files changed, 102 insertions, 1 deletions
diff --git a/sys-apps/rng-tools/ChangeLog b/sys-apps/rng-tools/ChangeLog index 3561af23a613..65fc7d90ae9c 100644 --- a/sys-apps/rng-tools/ChangeLog +++ b/sys-apps/rng-tools/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for sys-apps/rng-tools # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.33 2012/11/11 06:24:22 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.34 2012/12/16 00:02:42 flameeyes Exp $ + +*rng-tools-4-r2 (16 Dec 2012) + + 16 Dec 2012; Diego E. Pettenò <flameeyes@gentoo.org> +files/rngd-confd-4.1, + +files/rngd-initd-4.1, +rng-tools-4-r2.ebuild: + Update init script so that OpenRC can check on the daemon, also fix stop with + rdrand-capable CPUs (bug #442238), and disallow /dev/urandom mixin by default + (bug #292239). The init script no longer tries to second-guess the + configuration parameters, leaving the erroring out for missing sources to rngd + itself, as it was broken and would have caused more trouble when rdrand is + present. *rng-tools-4-r1 (11 Nov 2012) diff --git a/sys-apps/rng-tools/files/rngd-confd-4.1 b/sys-apps/rng-tools/files/rngd-confd-4.1 new file mode 100644 index 000000000000..e46dfcc3e867 --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-confd-4.1 @@ -0,0 +1,27 @@ +# /etc/conf.d/rngd + +# Please see "/usr/sbin/rngd --help" and "man rngd" for more information + +# If a single device is preferred, then specify it here, otherwise we will +# search for suitable devices. TPM is specified via a later option, not this +# one. +#DEVICE= +#TPM_DEVICE= + +# Random step (Number of bytes written to random-device at a time): +STEP=64 + +# Should TPM be avoided? +NO_TPM=0 + +# Should RDRAND be avoided? +NO_DRNG=0 + +# Fill watermark +# 0 <= n <= 4096 +WATERMARK=2048 + +# Bug #292239: Remixing /dev/urandom back into /dev/random is considered a +# security vulnerability in some cases where not enough entropy is present on +# systems. +DO_NOT_REMIX_URANDOM=1 diff --git a/sys-apps/rng-tools/files/rngd-initd-4.1 b/sys-apps/rng-tools/files/rngd-initd-4.1 new file mode 100644 index 000000000000..1478c15fd7c3 --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-initd-4.1 @@ -0,0 +1,32 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/files/rngd-initd-4.1,v 1.1 2012/12/16 00:02:42 flameeyes Exp $ + +depend() { + need localmount + after random + provide entropy +} + +# Do NOT add /dev/tpm to this. +DEFAULT_DEVICE="/dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng*" +[ $DO_NOT_REMIX_URANDOM -eq 0 ] && DEFAULT_DEVICE="${DEFAULT_DEVICE} /dev/urandom" + +find_device() { + # The echo is to cause globbing + local d + for d in $* ; do + [ -e "${d}" ] && break + done + echo "${d}" +} + +find_rng_device() { + echo "$(find_device $(echo ${DEVICE:-${DEFAULT_DEVICE}}) /dev/null)" +} + +command=/usr/sbin/rngd +pidfile="/var/run/${SVCNAME}.pid" +command_args="--pid-file ${pidfile} --background --random-step ${STEP:-64} --no-tpm=${NO_TPM:-0} --no-drng=${NO_DRNG:-0} --fill-watermark ${WATERMARK} --rng-device $(find_rng_device)" +start_stop_daemon_args="--retry SIGKILL/5 --wait 1000" diff --git a/sys-apps/rng-tools/rng-tools-4-r2.ebuild b/sys-apps/rng-tools/rng-tools-4-r2.ebuild new file mode 100644 index 000000000000..65180662f579 --- /dev/null +++ b/sys-apps/rng-tools/rng-tools-4-r2.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/rng-tools-4-r2.ebuild,v 1.1 2012/12/16 00:02:42 flameeyes Exp $ + +EAPI="4" + +inherit eutils autotools toolchain-funcs + +DESCRIPTION="Daemon to use hardware random number generators" +HOMEPAGE="http://gkernel.sourceforge.net/" +SRC_URI="mirror://sourceforge/gkernel/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~x86" +IUSE="" + +src_prepare() { + echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am + epatch "${FILESDIR}"/test-for-argp.patch + eautoreconf + + sed -i '/^AR /d' Makefile.in + tc-export AR +} + +src_install() { + default + newinitd "${FILESDIR}"/rngd-initd-4.1 rngd + newconfd "${FILESDIR}"/rngd-confd-4.1 rngd +} |