commit 176f296261ab07e2ac7a9ccf2b62ebbb0bad46c1 Author: CentOS Sources Date: Tue May 17 06:28:09 2022 -0400 import rng-tools-6.14-2.git.b2b7934e.el9 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5611679 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/rng-tools-6.14.tar.gz diff --git a/.rng-tools.metadata b/.rng-tools.metadata new file mode 100644 index 0000000..80cc952 --- /dev/null +++ b/.rng-tools.metadata @@ -0,0 +1 @@ +fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz diff --git a/SOURCES/1-rt-revert-build-randstat.patch b/SOURCES/1-rt-revert-build-randstat.patch new file mode 100644 index 0000000..c784c64 --- /dev/null +++ b/SOURCES/1-rt-revert-build-randstat.patch @@ -0,0 +1,47 @@ +From de2ee0d8b7e8ad2915165ef941a6ec37442a2fdc Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Tue, 6 Jul 2021 14:36:46 +0200 +Subject: [PATCH] Revert "Build randstat binary" + +We do not want new and mostly useless randstat binary. +This reverts commit 2ce93190cb0111fcab2f622a539689d70960643a. + +Signed-off-by: Vladis Dronov +--- + .gitignore | 3 +-- + contrib/Makefile.am | 5 +++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git .gitignore .gitignore +index 943fa2b..5dc334d 100644 +--- .gitignore ++++ .gitignore +@@ -1,6 +1,6 @@ + *.a + *.o +-.deps/ ++/.deps/ + /aclocal.m4 + /ar-lib + /autom4te.cache/ +@@ -10,7 +10,6 @@ + /config.status + /config.sub + /configure +-/contrib/randstat + /depcomp + /install-sh + /missing +diff --git contrib/Makefile.am contrib/Makefile.am +index a81fb0e..18c4fbc 100644 +--- contrib/Makefile.am ++++ contrib/Makefile.am +@@ -1,2 +1,3 @@ +-bin_PROGRAMS = randstat +-randstat_SOURCES = randstat.c ++ ++EXTRA_DIST = randstat.c ++ +-- +2.26.3 + diff --git a/SOURCES/2-rt-comment-out-have-aesni.patch b/SOURCES/2-rt-comment-out-have-aesni.patch new file mode 100644 index 0000000..8661e6e --- /dev/null +++ b/SOURCES/2-rt-comment-out-have-aesni.patch @@ -0,0 +1,42 @@ +From 86a66ed41390fa5f98aade60a55376269fd163b0 Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Fri, 17 Sep 2021 01:04:51 +0200 +Subject: [PATCH] Comment out an unused assignment + +Covscan warns about an unused value. Comment it out. + +Defect type: UNUSED_VALUE: covscan warning: +rng-tools-6.13/rngd_rdrand.c:260: assigned_value: Assigning value +from "!!(info.ecx & 0x2000000U)" to "have_aesni" here, but that +stored value is overwritten before it can be used. + +Signed-off-by: Vladis Dronov +--- + rngd_rdrand.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git rngd_rdrand.c rngd_rdrand.c +index caa9d05..ea7b8fa 100644 +--- rngd_rdrand.c ++++ rngd_rdrand.c +@@ -239,7 +239,7 @@ int init_drng_entropy_source(struct rng *ent_src) + struct cpuid info; + /* We need RDRAND, but AESni is optional */ + const uint32_t features_ecx1_rdrand = 1 << 30; +- const uint32_t features_ecx1_aesni = 1 << 25; ++ //const uint32_t features_ecx1_aesni = 1 << 25; + const uint32_t features_ebx7_rdseed = 1 << 18; + uint32_t max_cpuid_leaf; + unsigned char xkey[AES_BLOCK]; /* Material to XOR into the key */ +@@ -257,7 +257,7 @@ int init_drng_entropy_source(struct rng *ent_src) + if (!(info.ecx & features_ecx1_rdrand)) + return 1; + +- have_aesni = !!(info.ecx & features_ecx1_aesni); ++ //have_aesni = !!(info.ecx & features_ecx1_aesni); + have_aesni = 0; /* BACK OUT NH */ + have_rdseed = 0; + if (max_cpuid_leaf >= 7) { +-- +2.26.3 + diff --git a/SOURCES/60-hwrng.rules b/SOURCES/60-hwrng.rules new file mode 100644 index 0000000..dfb7cae --- /dev/null +++ b/SOURCES/60-hwrng.rules @@ -0,0 +1 @@ +SUBSYSTEM=="misc", KERNEL=="hw_random", GROUP="rngd", MODE="0640" diff --git a/SOURCES/rngd-wake-threshold.service b/SOURCES/rngd-wake-threshold.service new file mode 100644 index 0000000..41ef172 --- /dev/null +++ b/SOURCES/rngd-wake-threshold.service @@ -0,0 +1,14 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Wake threshold service +ConditionVirtualization=!container +Before=rngd.service + +[Service] +CapabilityBoundingSet=CAP_SYS_ADMIN +AmbientCapabilities=CAP_SYS_ADMIN +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; udevadm trigger --sysname-match=hw_random --settle" + +[Install] +WantedBy=sysinit.target diff --git a/SOURCES/rngd.service b/SOURCES/rngd.service new file mode 100644 index 0000000..8c919eb --- /dev/null +++ b/SOURCES/rngd.service @@ -0,0 +1,18 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Daemon +ConditionVirtualization=!container +Requires=rngd-wake-threshold.service + +# The "-f" option is required for the systemd service rngd to work with Type=simple +[Service] +User=rngd +Group=rngd +CapabilityBoundingSet=CAP_SYS_ADMIN +AmbientCapabilities=CAP_SYS_ADMIN +TimeoutStartSec=60s +Type=simple +EnvironmentFile=/etc/sysconfig/rngd +ExecStart=/usr/sbin/rngd -f $RNGD_ARGS + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/rngd.sysconfig b/SOURCES/rngd.sysconfig new file mode 100644 index 0000000..f0da1d9 --- /dev/null +++ b/SOURCES/rngd.sysconfig @@ -0,0 +1,3 @@ +# Optional arguments passed to rngd. See rngd(8) and +# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21 +RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist" diff --git a/SPECS/rng-tools.spec b/SPECS/rng-tools.spec new file mode 100644 index 0000000..1d19fd1 --- /dev/null +++ b/SPECS/rng-tools.spec @@ -0,0 +1,324 @@ +%global _hardened_build 1 + +# this is a correct if, bcond_with actually means without and vice versa +%if 0%{?rhel} && 0%{?rhel} >= 9 +%bcond_with pkcs11 +%bcond_with rtlsdr +%else +%bcond_without pkcs11 +%bcond_without rtlsdr +%endif + +Summary: Random number generator related utilities +Name: rng-tools +Version: 6.14 +Release: 2.git.b2b7934e%{?dist} +License: GPLv2+ +URL: https://github.com/nhorman/rng-tools +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +Source1: rngd.service +Source2: rngd-wake-threshold.service +Source3: 60-hwrng.rules +Source4: rngd.sysconfig + +Patch0: 1-rt-revert-build-randstat.patch +Patch1: 2-rt-comment-out-have-aesni.patch + +BuildRequires: gcc make +BuildRequires: gettext +BuildRequires: systemd systemd-rpm-macros +BuildRequires: autoconf automake +BuildRequires: libgcrypt-devel libcurl-devel +BuildRequires: libxml2-devel openssl-devel +BuildRequires: jitterentropy-devel +BuildRequires: jansson-devel +%if %{with rtlsdr} +BuildRequires: rtl-sdr-devel +%endif +%if %{with pkcs11} +BuildRequires: libp11-devel +%endif + +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires: jansson openssl + +%description +This is a random number generator daemon and its tools. It monitors +a set of entropy sources present on a system (like /dev/hwrng, RDRAND, +TPM, jitter) and supplies entropy from them to a kernel entropy pool. + +%prep +%autosetup -p0 + +%build +%if !%{with pkcs11} +%define _without_pkcs11 --without-pkcs11 +%endif +%if !%{with rtlsdr} +%define _without_rtlsdr --without-rtlsdr +%endif + +./autogen.sh +%configure %{?_without_pkcs11} %{?_without_rtlsdr} +%make_build + +%install +%make_install + +# install systemd unit file and udev rules +install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} +install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2} +install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3} +# install sysconfig file +install -D %{SOURCE4} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd + +%pre +getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd + +%post +%systemd_post rngd.service rngd-wake-threshold.service +/usr/bin/systemctl start rngd-wake-threshold.service || : + +%preun +%systemd_preun rngd.service rngd-wake-threshold.service + +%postun +%systemd_postun_with_restart rngd.service rngd-wake-threshold.service + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc AUTHORS README +%{_bindir}/rngtest +%{_sbindir}/rngd +%{_mandir}/man1/rngtest.1.* +%{_mandir}/man8/rngd.8.* +%attr(0644,root,root) %{_unitdir}/rngd.service +%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service +%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd + +%changelog +* Tue Nov 23 2021 Vladis Dronov - 6.14-2.git.b2b7934e +- Update to the upstream v6.14 @ b2b7934e (bz 2015566) +- Add a config file for storing rngd options + +* Tue Aug 10 2021 Mohan Boddu - 6.13-6.git.d207e0b6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jul 27 2021 Vladis Dronov - 6.13-5.git.d207e0b6 +- A version bump due to a necessary rebuild. + +* Thu Jul 22 2021 Vladis Dronov - 6.13-4.git.d207e0b6 +- Update to the upstream v6.13 + tip of origin/master + onecpu + branch + revert of 2ce93190 (bz 1965318) +- Rebuild rng-tools against the latest jitterentropy library + 3.0.2-2.git.409828cf with fixes for an important issue +- Adjust Source0 to a more proper one + +* Mon Jul 05 2021 Vladis Dronov - 6.13-3 +- Adjust rngd-wake-threshold.service and post section so udevadm + is not run in a container (bz 1965318) + +* Thu Jun 17 2021 Mohan Boddu - 6.13-2 +- Specbump for openssl 3.0 + Related: rhbz#1971065 + +* Wed Jun 16 2021 Vladis Dronov - 6.13-1 +- Update the sources to 6.13 +- Add important fixes from the upstream +- Remove Provides: jitterentropy-rngd as it was retired in f29. + +* Wed Jun 16 2021 Mohan Boddu - 6.12-5 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Mon May 24 2021 Vladis Dronov - 6.12-4 +- Allow rngd to run as non-privledged user (bz 1965318) +- Update the rngd.service file +- Add 3 small upstream patches fixing issues + +* Wed Apr 28 2021 Vladis Dronov - 6.12-3 +- There is no need to hardcode _sbindir anymore, also the old + value is incorrect (bz 1965318) + +* Fri Apr 16 2021 Mohan Boddu - 6.12-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. + Related: rhbz#1947937 + +* Fri Mar 12 2021 Vladis Dronov - 6.12-1 +- Update to 6.12 +- Drop libsysfs dependency since it is not used anymore +- Remove jitterentropy-remove-install.patch since we depend on + a system jitterentropy library now +- Remove rngd-shutdown.patch since it is the upstream commit 62fbff0a +- Remove rngd-exit-code-for-list.patch since it is the upstream commit + fb46dc48 +- Remove pkcs11-path.patch since it is the upstream commit 1993eca9 + +* Tue Mar 02 2021 Vladis Dronov - 6.11-3 +- Replace outdated systemd-units + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 6.11-2 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Fri Jan 29 2021 Dan Horák - 6.11-1 +- Update to 6.11 + +* Wed Jan 27 2021 Fedora Release Engineering - 6.10-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Nov 16 2020 Vladis Dronov - 6.10-7 +- Make rtl-sdr optional +- For RHEL9 and above, do not build with rtl-sdr + +* Mon Oct 05 2020 Troy Dawson - 6.10-6 +- Make pkcs11 optional +- For RHEL9 and above, do not build with pkcs11 + +* Sat Aug 01 2020 Fedora Release Engineering - 6.10-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 6.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Mar 27 2020 Neil Horman - 6.10-3 +- Fix missing buildrequires + +* Fri Mar 27 2020 Neil Horman - 6.10-2 +- Fix missing buildrequires + +* Fri Mar 27 2020 Neil Horman - 6.10-1 +- Update to latest upstream + +* Thu Jan 30 2020 Fedora Release Engineering - 6.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Jan 13 2020 Neil Horman - 6.9-2 +- Correct default pkcs11 path on 32 bit arch (bz 1788083) + +* Tue Dec 17 2019 Neil Horman - 6.9-1 +- update to latest upstream + +* Mon Aug 05 2019 Volker Froehlich - 6.7-4 +- Remove explicit Requires for libraries + +* Fri Jul 26 2019 Fedora Release Engineering - 6.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 24 2019 Neil Horman -6.7-2 +- Fix race in shutdown leading to hang (bz 1690364) +- bump version number + +* Thu Feb 14 2019 Neil Horman - 6.7-1 +- Update to latest upstream + +* Sat Feb 02 2019 Fedora Release Engineering - 6.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Oct 01 2018 Neil Horman - 6.3.1-2 +- Add Provides for jitterentropy-rngd (bz 1634788) + +* Mon Jul 16 2018 Neil Horman - 6.3.1-1 +- Update to latest upstream + +* Sat Jul 14 2018 Fedora Release Engineering - 6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jul 06 2018 Neil Horman - 6.3-1 +- update to latest upstream (#1598608) + +* Thu May 10 2018 Neil Horman +- Update to latest upstream + +* Thu Feb 15 2018 Adam Williamson - 6.1-4 +- Drop all attempts to 'fix' #1490632, revert spec to same as 6.1-1 + +* Fri Feb 09 2018 Fedora Release Engineering - 6.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Nov 02 2017 Neil Horman - 6.1-2 +- Enable rngd on entropy src availability (bz 1490632) + +* Tue Oct 10 2017 Neil Horman - 6.1-1 +- update to latest upstream + +* Fri Jul 28 2017 Neil Horman - 6-1 +- Update to latest upstream + +* Thu Jul 27 2017 Fedora Release Engineering - 5-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Oct 18 2016 Zbigniew Jędrzejewski-Szmek - 5-8 +- If device is not found exit immediately (#892178) + +* Sun Mar 6 2016 Peter Robinson 5-7 +- Use %%license + +* Thu Feb 04 2016 Fedora Release Engineering - 5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Dec 10 2014 Zbigniew Jędrzejewski-Szmek - 5-4 +- Build with hardening flags (#1051344) +- Fail nicely if no hardware generator is found (#892178) +- Drop unneeded dependency + +* Mon Aug 18 2014 Fedora Release Engineering - 5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 23 2014 Luke Macken - 5-1 +- Update to release version 5. +- Remove rng-tools-man.patch + +* Sun Aug 04 2013 Fedora Release Engineering - 4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Sep 25 2012 Jaromir Capik - 4-2 +- Migration to new systemd macros + +* Mon Aug 6 2012 Jeff Garzik - 4-1 +- Update to release version 4. + +* Sat Jul 21 2012 Fedora Release Engineering - 3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jan 12 2012 Jiri Popelka - 3-4 +- 2 patches from RHEL-6 +- systemd service +- man page fixes +- modernize spec file + +* Wed Feb 09 2011 Fedora Release Engineering - 3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sat Jul 3 2010 Jeff Garzik - 3-2 +- comply with renaming guidelines, by Providing rng-utils = 1:2.0-4.2 + +* Sat Jul 3 2010 Jeff Garzik - 3-1 +- Update to release version 3. + +* Fri Mar 26 2010 Jeff Garzik - 2-3 +- more minor updates for package review + +* Thu Mar 25 2010 Jeff Garzik - 2-2 +- several minor updates for package review + +* Wed Mar 24 2010 Jeff Garzik - 2-1 +- initial revision (as rng-tools)