Resolves: bz1490632
This commit is contained in:
Neil Horman
Neil Horman
parent
7a42c5f5a4
commit
2aa45beb75
@ -1,151 +0,0 @@
|
||||
From 74f1926a81b80ce8719c92b688737c51ece2cb4b Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 18 Oct 2016 10:50:42 -0400
|
||||
Subject: [PATCH] If device is not found, exit immediately
|
||||
|
||||
This avoids stupid warnings in the logs:
|
||||
rng[961]: read error
|
||||
rng[961]: read error
|
||||
...
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=892178
|
||||
---
|
||||
rngd.c | 4 +---
|
||||
rngd_entsource.c | 38 +++++++++++++++++++++++++++-----------
|
||||
2 files changed, 28 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/rngd.c b/rngd.c
|
||||
index cd5bc8a40b..7755651f1c 100644
|
||||
--- a/rngd.c
|
||||
+++ b/rngd.c
|
||||
@@ -315,9 +315,7 @@ int main(int argc, char **argv)
|
||||
if (rc_rng && rc_drng && rc_tpm) {
|
||||
if (!arguments->quiet) {
|
||||
message(LOG_DAEMON|LOG_ERR,
|
||||
- "can't open any entropy source");
|
||||
- message(LOG_DAEMON|LOG_ERR,
|
||||
- "Maybe RNG device modules are not loaded\n");
|
||||
+ "No entropy sources found, exiting");
|
||||
}
|
||||
return 66;
|
||||
}
|
||||
diff --git a/rngd_entsource.c b/rngd_entsource.c
|
||||
index f0e219d7af..468ad1cfc6 100644
|
||||
--- a/rngd_entsource.c
|
||||
+++ b/rngd_entsource.c
|
||||
@@ -63,8 +63,13 @@ int xread(void *buf, size_t size, struct rng *ent_src)
|
||||
size -= r;
|
||||
}
|
||||
|
||||
+ if (errno == ENODEV) {
|
||||
+ message(LOG_DAEMON|LOG_ERR, "%s: %m", ent_src->rng_name);
|
||||
+ return -ENODEV;
|
||||
+ }
|
||||
+
|
||||
if (size) {
|
||||
- message(LOG_DAEMON|LOG_ERR, "read error\n");
|
||||
+ message(LOG_DAEMON|LOG_ERR, "%s: %m", ent_src->rng_name);
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
@@ -89,14 +94,14 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
|
||||
|
||||
ent_src->rng_fd = open(ent_src->rng_name, O_RDWR);
|
||||
if (ent_src->rng_fd == -1) {
|
||||
- message(LOG_ERR|LOG_INFO,"Unable to open file: %s",ent_src->rng_name);
|
||||
+ message(LOG_ERR|LOG_INFO,"%s: %m",ent_src->rng_name);
|
||||
return -1;
|
||||
}
|
||||
|
||||
temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
|
||||
memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
|
||||
if (temp_buf == NULL) {
|
||||
- message(LOG_ERR|LOG_INFO,"No memory");
|
||||
+ message(LOG_ERR|LOG_INFO,"%m");
|
||||
close(ent_src->rng_fd);
|
||||
return -1;
|
||||
}
|
||||
@@ -114,7 +119,7 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
|
||||
sizeof(rng_cmd) - r);
|
||||
if (retval < 0) {
|
||||
message(LOG_ERR|LOG_INFO,
|
||||
- "Error writing %s\n",
|
||||
+ "Error writing %s",
|
||||
ent_src->rng_name);
|
||||
retval = -1;
|
||||
goto error_out;
|
||||
@@ -123,7 +128,7 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
|
||||
}
|
||||
if (r < sizeof(rng_cmd)) {
|
||||
message(LOG_ERR|LOG_INFO,
|
||||
- "Error writing %s\n", ent_src->rng_name);
|
||||
+ "Error writing %s", ent_src->rng_name);
|
||||
retval = -1;
|
||||
goto error_out;
|
||||
}
|
||||
@@ -152,22 +157,27 @@ error_out:
|
||||
}
|
||||
|
||||
/* Initialize entropy source */
|
||||
-static int discard_initial_data(struct rng *ent_src)
|
||||
+static int discard_initial_data(struct rng *ent_src, int *data)
|
||||
{
|
||||
/* Trash 32 bits of what is probably stale (non-random)
|
||||
- * initial state from the RNG. For Intel's, 8 bits would
|
||||
+ * initial state from the RNG. For Intel's, 8 bits would
|
||||
* be enough, but since AMD's generates 32 bits at a time...
|
||||
*
|
||||
* The kernel drivers should be doing this at device powerup,
|
||||
* but at least up to 2.4.24, it doesn't. */
|
||||
unsigned char tempbuf[4];
|
||||
- xread(tempbuf, sizeof(tempbuf), ent_src);
|
||||
+ int r;
|
||||
+
|
||||
+ r = xread(tempbuf, sizeof(tempbuf), ent_src);
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
|
||||
/* Return 32 bits of bootstrap data */
|
||||
xread(tempbuf, sizeof(tempbuf), ent_src);
|
||||
|
||||
- return tempbuf[0] | (tempbuf[1] << 8) |
|
||||
+ *data = tempbuf[0] | (tempbuf[1] << 8) |
|
||||
(tempbuf[2] << 16) | (tempbuf[3] << 24);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -175,14 +185,20 @@ static int discard_initial_data(struct rng *ent_src)
|
||||
*/
|
||||
int init_entropy_source(struct rng *ent_src)
|
||||
{
|
||||
+ int data;
|
||||
+
|
||||
ent_src->rng_fd = open(ent_src->rng_name, O_RDONLY);
|
||||
if (ent_src->rng_fd == -1) {
|
||||
return 1;
|
||||
}
|
||||
+ if (discard_initial_data(ent_src, &data)) {
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
src_list_add(ent_src);
|
||||
/* Bootstrap FIPS tests */
|
||||
ent_src->fipsctx = malloc(sizeof(fips_ctx_t));
|
||||
- fips_init(ent_src->fipsctx, discard_initial_data(ent_src));
|
||||
+ fips_init(ent_src->fipsctx, data);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -193,7 +209,7 @@ int init_tpm_entropy_source(struct rng *ent_src)
|
||||
{
|
||||
ent_src->rng_fd = open(ent_src->rng_name, O_RDWR);
|
||||
if (ent_src->rng_fd == -1) {
|
||||
- message(LOG_ERR|LOG_INFO,"Unable to open file: %s",ent_src->rng_name);
|
||||
+ message(LOG_ERR|LOG_INFO,"%s: %m",ent_src->rng_name);
|
||||
return 1;
|
||||
}
|
||||
src_list_add(ent_src);
|
||||
--
|
||||
2.9.0
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
#!/bin/sh
|
||||
rngd --list > /dev/null 2>&1
|
||||
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
systemctl enable rngd.service
|
||||
systemctl start rngd.service
|
||||
fi
|
||||
|
||||
exit 0
|
||||
@ -1,17 +0,0 @@
|
||||
[Unit]
|
||||
Description=Checker to look for entropy sources and enable rngd
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
After=systemd-remount-fs.service
|
||||
Before=systemd-sysusers.service sysinit.target shutdown.target
|
||||
ConditionFirstBoot=yes
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/check-rng-entropy
|
||||
StandardOutput=null
|
||||
StandardError=null
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
||||
|
||||
@ -10,8 +10,8 @@ License: GPLv2+
|
||||
URL: https://github.com/nhorman/rng-tools
|
||||
Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz
|
||||
Source1: rngd.service
|
||||
Source2: check-rng-entropy
|
||||
Source3: entropy-check.service
|
||||
|
||||
Patch0: rngd-exit-code-for-list.patch
|
||||
|
||||
# https://sourceforge.net/p/gkernel/patches/111/
|
||||
|
||||
@ -44,19 +44,27 @@ Hardware random number generation tools.
|
||||
|
||||
# install systemd unit file
|
||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
|
||||
install -Dt %{buildroot}%{_bindir} -m0755 %{SOURCE3}
|
||||
|
||||
%post
|
||||
%systemd_post rngd.service
|
||||
%systemd_post entropy-check.service
|
||||
|
||||
# Check to ensure there is at least one entropy source
|
||||
# If there are none, disable the service
|
||||
/usr/sbin/rngd --list -f > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
systemctl --no-reload enable --now rngd.service > /dev/null 2>&1
|
||||
else
|
||||
#Disable the service if there is no entropy source
|
||||
systemctl --no-reload disable --now rngd.service > /dev/null 2>&1
|
||||
fi
|
||||
|
||||
|
||||
%preun
|
||||
%systemd_preun rngd.service
|
||||
%systemd_preun entropy-check.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart rngd.service
|
||||
%systemd_postun_with_restart entropy-check.service
|
||||
|
||||
%files
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
@ -69,8 +77,8 @@ install -Dt %{buildroot}%{_bindir} -m0755 %{SOURCE3}
|
||||
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||
|
||||
%changelog
|
||||
* Fri Oct 26 2017 Neil Horman <nhorman@redhat.com> - 6.1-2
|
||||
- Conditionally enable rngd on entropy src availability (bz 1490632)
|
||||
* Thu Nov 02 2017 Neil Horman <nhorman@redhat.com> - 6.1-2
|
||||
- Enable rngd on entropy src availability (bz 1490632)
|
||||
|
||||
* Tue Oct 10 2017 Neil Horman <nhorman@redhat.com> - 6.1-1
|
||||
- update to latest upstream
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
diff -up rng-tools-5/rngd.c.rfail rng-tools-5/rngd.c
|
||||
--- rng-tools-5/rngd.c.rfail 2014-12-10 09:18:25.333873892 +0100
|
||||
+++ rng-tools-5/rngd.c 2014-12-10 09:19:06.096070334 +0100
|
||||
@@ -319,7 +319,7 @@ int main(int argc, char **argv)
|
||||
message(LOG_DAEMON|LOG_ERR,
|
||||
"Maybe RNG device modules are not loaded\n");
|
||||
}
|
||||
- return 1;
|
||||
+ return 66;
|
||||
}
|
||||
|
||||
if (arguments->verbose) {
|
||||
@ -1,18 +0,0 @@
|
||||
diff --git a/rngd_entsource.h b/rngd_entsource.h
|
||||
index 3ba6820..f2407c1 100644
|
||||
--- a/rngd_entsource.h
|
||||
+++ b/rngd_entsource.h
|
||||
@@ -36,7 +36,13 @@ extern fips_ctx_t tpm_fipsctx; /* Context for the tpm FIPS tests */
|
||||
* sourcedev is the path to the entropy source
|
||||
*/
|
||||
extern int init_entropy_source(struct rng *);
|
||||
+#ifdef HAVE_RDRAND
|
||||
extern int init_drng_entropy_source(struct rng *);
|
||||
+#endif
|
||||
+#ifdef HAVE_DARN
|
||||
+extern int init_darn_entropy_source(struct rng *);
|
||||
+#endif
|
||||
+
|
||||
extern int init_tpm_entropy_source(struct rng *);
|
||||
|
||||
/* Read data from the entropy source */
|
||||
@ -1,18 +0,0 @@
|
||||
diff --git a/rngd.c b/rngd.c
|
||||
index 9873c46..418feeb 100644
|
||||
--- a/rngd.c
|
||||
+++ b/rngd.c
|
||||
@@ -191,11 +191,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
|
||||
case 'x':
|
||||
idx = strtol(arg, NULL, 10);
|
||||
if ((idx == LONG_MAX) || (idx > ENT_MAX)) {
|
||||
- printf("exclude index is out of range: %d\n", idx);
|
||||
+ printf("exclude index is out of range: %lu\n", idx);
|
||||
return -ERANGE;
|
||||
}
|
||||
entropy_sources[idx].disabled = true;
|
||||
- printf("Disabling %d: %s\n", idx, entropy_sources[idx].rng_name);
|
||||
+ printf("Disabling %lu: %s\n", idx, entropy_sources[idx].rng_name);
|
||||
break;
|
||||
case 'l':
|
||||
arguments->list = true;
|
||||
Loading…
Reference in New Issue
Block a user