import rng-tools-6.8-3.el8
This commit is contained in:
parent
96ee372812
commit
05cb9ffc36
|
@ -1,2 +1,2 @@
|
||||||
SOURCES/jitterentropy-library-2.1.2.tar.gz
|
SOURCES/jitterentropy-library-2.1.2.tar.gz
|
||||||
SOURCES/rng-tools-6.6.tar.gz
|
SOURCES/rng-tools-6.8.tar.gz
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
2fed101132b55f9d5008ed22fde54ef9e4cfc75d SOURCES/jitterentropy-library-2.1.2.tar.gz
|
2fed101132b55f9d5008ed22fde54ef9e4cfc75d SOURCES/jitterentropy-library-2.1.2.tar.gz
|
||||||
2d1a03fdbed9ee00ea1f610037c626d995a4a697 SOURCES/rng-tools-6.6.tar.gz
|
25a20dfc818f3d95d3c63145feb7c102c1572540 SOURCES/rng-tools-6.8.tar.gz
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
From d2b4876231ac9c2e26880ebe428bfb41e60e098e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Neil Horman <nhorman@tuxdriver.com>
|
|
||||||
Date: Wed, 19 Dec 2018 10:10:44 -0500
|
|
||||||
Subject: [PATCH] Default to one thread if getaffinity returns an error
|
|
||||||
|
|
||||||
Its possible on virt systems, for sched_getaffinity to return an error
|
|
||||||
if the vm has cpus, but cgroup placement restricts that set to 0
|
|
||||||
physical processors. In that event, just default to 1 thread on cpu 0
|
|
||||||
|
|
||||||
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
|
|
||||||
---
|
|
||||||
rngd_jitter.c | 6 +++++-
|
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/rngd_jitter.c b/rngd_jitter.c
|
|
||||||
index 4e4b348..d14a3ba 100644
|
|
||||||
--- a/rngd_jitter.c
|
|
||||||
+++ b/rngd_jitter.c
|
|
||||||
@@ -421,7 +421,11 @@ int init_jitter_entropy_source(struct rng *ent_src)
|
|
||||||
cpus = CPU_ALLOC(i);
|
|
||||||
cpusize = CPU_ALLOC_SIZE(i);
|
|
||||||
CPU_ZERO_S(cpusize, cpus);
|
|
||||||
- sched_getaffinity(0, cpusize, cpus);
|
|
||||||
+ if (sched_getaffinity(0, cpusize, cpus) < 0) {
|
|
||||||
+ message(LOG_DAEMON|LOG_DEBUG, "Can not determine affinity of process, defaulting to 1 thread\n");
|
|
||||||
+ CPU_SET(0,cpus);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
num_threads = CPU_COUNT_S(cpusize, cpus);
|
|
||||||
|
|
||||||
if (num_threads >= ent_src->rng_options[JITTER_OPT_THREADS].int_val)
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
From 02b720e951160f652b0744f679d57623b81b1d8f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Neil Horman <nhorman@tuxdriver.com>
|
||||||
|
Date: Mon, 2 Dec 2019 11:35:16 -0500
|
||||||
|
Subject: [PATCH 2/2] Add reserved option value to not change
|
||||||
|
write_wakeup_threshold
|
||||||
|
|
||||||
|
several distributions use a separate single shot service to set the
|
||||||
|
write_wakeup_threashold, which allows for non-root users to run rngd. This
|
||||||
|
results in a warning however, when rngd attempts to write the
|
||||||
|
write_wakeup_threshold. Avoid this by allowing a reserved value, 0 for the
|
||||||
|
fill-watermark option that causes rngd to just not touch the
|
||||||
|
write_wakeup_threshold
|
||||||
|
|
||||||
|
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
|
||||||
|
---
|
||||||
|
rngd.8.in | 4 +++-
|
||||||
|
rngd_linux.c | 5 ++++-
|
||||||
|
2 files changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/rngd.8.in b/rngd.8.in
|
||||||
|
index 181f35d..16a359a 100644
|
||||||
|
--- a/rngd.8.in
|
||||||
|
+++ b/rngd.8.in
|
||||||
|
@@ -106,7 +106,9 @@ if the entropy pool size couldn't be determined.
|
||||||
|
Setting this too high will cause \fIrngd\fR to dominate the contents of the
|
||||||
|
entropy pool. Low values will hurt system performance during entropy
|
||||||
|
starves. Do not set \fIfill-watermark\fR above the size of the
|
||||||
|
-entropy pool (usually 4096 bits).
|
||||||
|
+entropy pool (usually 4096 bits). A value of 0 to this option will cause no
|
||||||
|
+watermark to be set.
|
||||||
|
+
|
||||||
|
.TP
|
||||||
|
\fB\-q\fR, \fB\-\-quiet\fR
|
||||||
|
Suppress all messages
|
||||||
|
diff --git a/rngd_linux.c b/rngd_linux.c
|
||||||
|
index 51c38ac..9e60088 100644
|
||||||
|
--- a/rngd_linux.c
|
||||||
|
+++ b/rngd_linux.c
|
||||||
|
@@ -94,6 +94,9 @@ void init_kernel_rng(const char* randomdev)
|
||||||
|
randomdev, strerror(errno));
|
||||||
|
exit(EXIT_USAGE);
|
||||||
|
}
|
||||||
|
+ /* Don't set the watermark if the watermark is zero */
|
||||||
|
+ if (!arguments->fill_watermark)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
f = fopen("/proc/sys/kernel/random/write_wakeup_threshold", "w");
|
||||||
|
if (!f) {
|
||||||
|
@@ -105,7 +108,7 @@ void init_kernel_rng(const char* randomdev)
|
||||||
|
}
|
||||||
|
if (err) {
|
||||||
|
message(LOG_DAEMON|LOG_WARNING,
|
||||||
|
- "unable to adjust write_wakeup_threshold: %s",
|
||||||
|
+ "unable to adjust write_wakeup_threshold: %s\n",
|
||||||
|
strerror(errno));
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
diff -up ./rngd_jitter.c.message ./rngd_jitter.c
|
||||||
|
--- ./rngd_jitter.c.message 2019-12-02 11:41:40.456723553 -0500
|
||||||
|
+++ ./rngd_jitter.c 2019-12-02 11:43:09.331427470 -0500
|
||||||
|
@@ -302,15 +302,11 @@ static void *thread_entropy_task(void *d
|
||||||
|
while(written != me->buf_sz) {
|
||||||
|
message(LOG_DAEMON|LOG_DEBUG, "Writing to pipe\n");
|
||||||
|
ret = write(me->pipe_fd, &tmpbuf[written], me->buf_sz - written);
|
||||||
|
+ if ((ret < 0) && (errno != EBADF))
|
||||||
|
+ message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
|
||||||
|
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
|
||||||
|
if (first)
|
||||||
|
me->active = 1;
|
||||||
|
- /*
|
||||||
|
- * suppress EBADF errors, as those indicate the pipe is
|
||||||
|
- * closed and we are exiting
|
||||||
|
- */
|
||||||
|
- if ((ret < 0) && (errno != EBADF))
|
||||||
|
- message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
|
||||||
|
if (!first && !me->active)
|
||||||
|
break;
|
||||||
|
first = 0;
|
|
@ -0,0 +1,29 @@
|
||||||
|
diff -up ./jitterentropy-library/jitterentropy.h.rdtsc ./jitterentropy-library/jitterentropy.h
|
||||||
|
--- ./jitterentropy-library/jitterentropy.h.rdtsc 2018-09-06 15:01:40.000000000 -0400
|
||||||
|
+++ ./jitterentropy-library/jitterentropy.h 2020-02-18 12:47:10.465684582 -0500
|
||||||
|
@@ -44,8 +44,12 @@
|
||||||
|
|
||||||
|
#ifdef __KERNEL__
|
||||||
|
#include "jitterentropy-base-kernel.h"
|
||||||
|
+#else /* __KERNEL__ */
|
||||||
|
+#ifdef __x86_64__
|
||||||
|
+#include "arch/jitterentropy-base-x86.h"
|
||||||
|
#else
|
||||||
|
#include "jitterentropy-base-user.h"
|
||||||
|
+#endif /* __x86_64__ */
|
||||||
|
#endif /* __KERNEL__ */
|
||||||
|
|
||||||
|
/* The entropy pool */
|
||||||
|
diff -up ./rngd_jitter.c.rdtsc ./rngd_jitter.c
|
||||||
|
--- ./rngd_jitter.c.rdtsc 2020-02-18 12:47:22.490646896 -0500
|
||||||
|
+++ ./rngd_jitter.c 2020-02-18 12:46:40.650778022 -0500
|
||||||
|
@@ -27,6 +27,9 @@
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <signal.h>
|
||||||
|
#include <setjmp.h>
|
||||||
|
+#include <errno.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <fcntl.h>
|
||||||
|
#include "rng-tools-config.h"
|
||||||
|
|
||||||
|
#include <jitterentropy.h>
|
|
@ -0,0 +1,118 @@
|
||||||
|
commit 3e47faae108df4824531bf9c003cc1c65b7b2842
|
||||||
|
Author: Neil Horman <nhorman@tuxdriver.com>
|
||||||
|
Date: Fri Jun 7 08:51:02 2019 -0400
|
||||||
|
|
||||||
|
Allow jitter threads to exit faster
|
||||||
|
|
||||||
|
Even with the recent pipe adjustments, it can take a long time for
|
||||||
|
jitterentropy to exit. This is because the call to jent_read_entropy
|
||||||
|
can take a long time to complete, and termination signal delivery won't
|
||||||
|
cause it to return early, like a syscall.
|
||||||
|
|
||||||
|
Mitigate this by using sigsetjmp/siglongjmp. We set a return point at
|
||||||
|
the top of the loop for each thread, and register a signal handler to
|
||||||
|
execute a siglongjmp back to that point so that we can recheck the
|
||||||
|
active flag and break the loop as soon as a signal is delivered.
|
||||||
|
|
||||||
|
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
|
||||||
|
|
||||||
|
diff --git a/rngd_jitter.c b/rngd_jitter.c
|
||||||
|
index 54070ae..7f01ee9 100644
|
||||||
|
--- a/rngd_jitter.c
|
||||||
|
+++ b/rngd_jitter.c
|
||||||
|
@@ -26,6 +26,7 @@
|
||||||
|
#include <time.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <signal.h>
|
||||||
|
+#include <setjmp.h>
|
||||||
|
#include "rng-tools-config.h"
|
||||||
|
|
||||||
|
#include <jitterentropy.h>
|
||||||
|
@@ -48,6 +49,7 @@ struct thread_data {
|
||||||
|
int active;
|
||||||
|
int done;
|
||||||
|
struct timespec slptm;
|
||||||
|
+ sigjmp_buf jmpbuf;
|
||||||
|
};
|
||||||
|
|
||||||
|
static struct thread_data *tdata;
|
||||||
|
@@ -228,6 +230,16 @@ static inline void update_sleep_time(struct thread_data *me,
|
||||||
|
me->slptm.tv_nsec /= 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
+void jitter_thread_exit_signal(int signum)
|
||||||
|
+{
|
||||||
|
+ pthread_t self = pthread_self();
|
||||||
|
+ int i;
|
||||||
|
+ for(i=0;i<num_threads;i++) {
|
||||||
|
+ if (threads[i] == self)
|
||||||
|
+ siglongjmp(tdata[i].jmpbuf, 1);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void *thread_entropy_task(void *data)
|
||||||
|
{
|
||||||
|
cpu_set_t cpuset;
|
||||||
|
@@ -263,6 +275,13 @@ static void *thread_entropy_task(void *data)
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Use setjmp here to allow us to return early from
|
||||||
|
+ * jent_read_entropy, as it can run for a long time
|
||||||
|
+ */
|
||||||
|
+ if (sigsetjmp(me->jmpbuf, 1))
|
||||||
|
+ goto out_interrupt;
|
||||||
|
+
|
||||||
|
/* Now go to sleep until there is more work to do */
|
||||||
|
do {
|
||||||
|
message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id);
|
||||||
|
@@ -286,7 +305,11 @@ static void *thread_entropy_task(void *data)
|
||||||
|
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
|
||||||
|
if (first)
|
||||||
|
me->active = 1;
|
||||||
|
- if (ret < 0)
|
||||||
|
+ /*
|
||||||
|
+ * suppress EBADF errors, as those indicate the pipe is
|
||||||
|
+ * closed and we are exiting
|
||||||
|
+ */
|
||||||
|
+ if ((ret < 0) && (errno != EBADF))
|
||||||
|
message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
|
||||||
|
if (!first && !me->active)
|
||||||
|
break;
|
||||||
|
@@ -296,6 +319,7 @@ static void *thread_entropy_task(void *data)
|
||||||
|
|
||||||
|
} while (me->active);
|
||||||
|
|
||||||
|
+out_interrupt:
|
||||||
|
free(tmpbuf);
|
||||||
|
out:
|
||||||
|
me->done = 1;
|
||||||
|
@@ -335,6 +359,7 @@ int validate_jitter_options(struct rng *ent_src)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Init JITTER
|
||||||
|
*/
|
||||||
|
@@ -349,6 +374,9 @@ int init_jitter_entropy_source(struct rng *ent_src)
|
||||||
|
#ifdef HAVE_LIBGCRYPT
|
||||||
|
char key[AES_BLOCK];
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+ signal(SIGUSR1, jitter_thread_exit_signal);
|
||||||
|
+
|
||||||
|
int ret = jent_entropy_init();
|
||||||
|
if(ret) {
|
||||||
|
message(LOG_DAEMON|LOG_WARNING, "JITTER rng fails with code %d\n", ret);
|
||||||
|
@@ -474,8 +502,8 @@ void close_jitter_entropy_source(struct rng *ent_src)
|
||||||
|
/* And wait for completion of each thread */
|
||||||
|
for (i=0; i < num_threads; i++) {
|
||||||
|
message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
|
||||||
|
+ pthread_kill(threads[i], SIGUSR1);
|
||||||
|
while (!tdata[i].done)
|
||||||
|
- pthread_kill(threads[i], SIGINT);
|
||||||
|
if(tdata[i].done) {
|
||||||
|
message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
|
||||||
|
pthread_join(threads[i], NULL);
|
|
@ -1,6 +1,6 @@
|
||||||
diff -up ./Makefile.am.build ./Makefile.am
|
diff -up ./Makefile.am.static ./Makefile.am
|
||||||
--- ./Makefile.am.build 2018-10-20 11:38:30.000000000 -0400
|
--- ./Makefile.am.static 2019-11-07 14:20:39.000000000 -0500
|
||||||
+++ ./Makefile.am 2018-11-20 12:03:08.367191838 -0500
|
+++ ./Makefile.am 2019-11-15 10:08:31.554914291 -0500
|
||||||
@@ -1,7 +1,7 @@
|
@@ -1,7 +1,7 @@
|
||||||
##
|
##
|
||||||
## Toplevel Makefile.am for rng-tools
|
## Toplevel Makefile.am for rng-tools
|
||||||
|
@ -10,7 +10,7 @@ diff -up ./Makefile.am.build ./Makefile.am
|
||||||
|
|
||||||
sbin_PROGRAMS = rngd
|
sbin_PROGRAMS = rngd
|
||||||
bin_PROGRAMS = rngtest
|
bin_PROGRAMS = rngtest
|
||||||
@@ -23,14 +23,12 @@ if DARN
|
@@ -23,19 +23,17 @@ if DARN
|
||||||
rngd_SOURCES += rngd_darn.c
|
rngd_SOURCES += rngd_darn.c
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
@ -18,12 +18,19 @@ diff -up ./Makefile.am.build ./Makefile.am
|
||||||
rngd_SOURCES += rngd_jitter.c
|
rngd_SOURCES += rngd_jitter.c
|
||||||
-endif
|
-endif
|
||||||
|
|
||||||
|
-rngd_LDADD = librngd.a -lsysfs $(LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
||||||
|
+rngd_LDADD = librngd.a -lsysfs $(LIBS) jitterentropy-library/libjitterentropy.a ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
||||||
|
+
|
||||||
|
+rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
|
||||||
|
+rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
||||||
|
|
||||||
-rngd_LDADD = librngd.a -lsysfs $(LIBS) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
if PKCS11
|
||||||
+rngd_LDADD = librngd.a -lsysfs $(LIBS) jitterentropy-library/libjitterentropy.a ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
rngd_SOURCES += rngd_pkcs11.c
|
||||||
|
endif
|
||||||
-rngd_CFLAGS = ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
|
|
||||||
+rngd_CFLAGS = ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
|
|
||||||
rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
|
||||||
|
|
||||||
|
-rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
|
||||||
|
-rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
||||||
|
-
|
||||||
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
|
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
|
||||||
|
rngtest_LDADD = librngd.a
|
||||||
|
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
commit 901468598270db9c9f19f63f9812a94f5a44a487
|
|
||||||
Author: Neil Horman <nhorman@tuxdriver.com>
|
|
||||||
Date: Tue Nov 20 11:31:29 2018 -0500
|
|
||||||
|
|
||||||
Fix build break on ppc
|
|
||||||
|
|
||||||
didn't update the rng options properly for rng_darn.c
|
|
||||||
|
|
||||||
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
|
|
||||||
|
|
||||||
diff --git a/rngd_darn.c b/rngd_darn.c
|
|
||||||
index 45c81c7..abd34b0 100644
|
|
||||||
--- a/rngd_darn.c
|
|
||||||
+++ b/rngd_darn.c
|
|
||||||
@@ -126,7 +126,7 @@ static int refill_rand(struct rng *ent_src)
|
|
||||||
|
|
||||||
if (darn_buf_avail)
|
|
||||||
return 0;
|
|
||||||
- if (ent_src->options[DARN_USE_AES].int_val) {
|
|
||||||
+ if (ent_src->rng_options[DARN_OPT_AES].int_val) {
|
|
||||||
if (rand_bytes_served >= rekey_thresh) {
|
|
||||||
message(LOG_DAEMON|LOG_DEBUG, "rekeying DARN rng\n");
|
|
||||||
gcry_cipher_close(gcry_cipher_hd);
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Hardware RNG Entropy Gatherer Wake threshold service
|
||||||
|
Before=rngd.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||||
|
AmbientCapabilities=CAP_SYS_ADMIN
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold"
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sysinit.target
|
|
@ -1,8 +1,14 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Hardware RNG Entropy Gatherer Daemon
|
Description=Hardware RNG Entropy Gatherer Daemon
|
||||||
|
Requires=rngd-wake-threshold.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/sbin/rngd -f
|
User=rngd
|
||||||
|
Group=rngd
|
||||||
|
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||||
|
AmbientCapabilities=CAP_SYS_ADMIN
|
||||||
|
ExecStart=/sbin/rngd -f --fill-watermark=0
|
||||||
|
TimeoutStartSec=60s
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=sysinit.target
|
WantedBy=sysinit.target
|
||||||
|
|
|
@ -3,19 +3,22 @@
|
||||||
|
|
||||||
Summary: Random number generator related utilities
|
Summary: Random number generator related utilities
|
||||||
Name: rng-tools
|
Name: rng-tools
|
||||||
Version: 6.6
|
Version: 6.8
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: https://github.com/nhorman/rng-tools
|
URL: https://github.com/nhorman/rng-tools
|
||||||
Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz
|
Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz
|
||||||
Source1: rngd.service
|
Source1: rngd.service
|
||||||
Source2: jitterentropy-library-2.1.2.tar.gz
|
Source2: jitterentropy-library-2.1.2.tar.gz
|
||||||
|
Source3: rngd-wake-threshold.service
|
||||||
|
|
||||||
Patch0: jitterentropy-remove-install.patch
|
Patch0: jitterentropy-remove-install.patch
|
||||||
Patch1: jitterentropy-build-static.patch
|
Patch1: jitterentropy-build-static.patch
|
||||||
Patch2: rng-tools-darn.patch
|
Patch2: jitter-setjmp.patch
|
||||||
Patch3: 0001-Default-to-one-thread-if-getaffinity-returns-an-erro.patch
|
Patch3: Fix-message-log-on-error-in-thread_entropy_task.patch
|
||||||
|
Patch4: Add-reserved-option-value-to-not-change-write_wakeup.patch
|
||||||
|
Patch5: jitter-rdtsc.patch
|
||||||
|
|
||||||
# https://sourceforge.net/p/gkernel/patches/111/
|
# https://sourceforge.net/p/gkernel/patches/111/
|
||||||
|
|
||||||
|
@ -43,10 +46,12 @@ mv jitterentropy-library-2.1.2 jitterentropy-library
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
%configure
|
%configure --without-pkcs11
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
@ -54,15 +59,19 @@ mv jitterentropy-library-2.1.2 jitterentropy-library
|
||||||
|
|
||||||
# install systemd unit file
|
# install systemd unit file
|
||||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||||
|
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE3}
|
||||||
|
|
||||||
|
%pre
|
||||||
|
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%systemd_post rngd.service
|
%systemd_post rngd.service rngd-wake-threshold.service
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%systemd_preun rngd.service
|
%systemd_preun rngd.service rngd-wake-threshold.service
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
%systemd_postun_with_restart rngd.service
|
%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
|
@ -73,8 +82,28 @@ install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||||
%{_mandir}/man1/rngtest.1.*
|
%{_mandir}/man1/rngtest.1.*
|
||||||
%{_mandir}/man8/rngd.8.*
|
%{_mandir}/man8/rngd.8.*
|
||||||
%attr(0644,root,root) %{_unitdir}/rngd.service
|
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||||
|
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 18 2020 Neil Horman <nhorman@redhat.com> - 6.8-3
|
||||||
|
- Fix coarse clock time on Azure (bz 180155)
|
||||||
|
|
||||||
|
* Mon Dec 02 2019 Neil Horman <nhorman@redhat.com> - 6.8-2
|
||||||
|
- Fix erroneous message due to bad errno check (bz 1776710)
|
||||||
|
- Enable addition of 0 value for fill-watermark (bz 1776710)
|
||||||
|
|
||||||
|
* Fri Nov 15 2019 Neil Horman <nhorman@redhat.com> - 6.8-1
|
||||||
|
- Update to latest upstream (bz 1769916)
|
||||||
|
|
||||||
|
* Wed Oct 09 2019 Neil Horman <nhorman@redhat.com> 6.6-5
|
||||||
|
- Fix group typo in rngd.service (bz 1751810)
|
||||||
|
|
||||||
|
* Fri Oct 04 2019 Neil Horman <nhorman@redhat.com> 6.6-4
|
||||||
|
- Revision bump to rebuild for new CI runs
|
||||||
|
|
||||||
|
* Mon Mar 25 2019 Neil Horman <nhorman@redhat.com> 6.2-3
|
||||||
|
- Allow rngd to run as non-privledged user (bz 1692435)
|
||||||
|
|
||||||
* Mon Dec 17 2018 Neil Horman <nhorman@redhat.com> 6.2-2
|
* Mon Dec 17 2018 Neil Horman <nhorman@redhat.com> 6.2-2
|
||||||
- default to 1 thread on cpu 0 if getaffinty returns error (bz 1658855)
|
- default to 1 thread on cpu 0 if getaffinty returns error (bz 1658855)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue