import rng-tools-6.14-4.git.b2b7934e.el8
This commit is contained in:
parent
ce6fc37dd4
commit
474fe720e2
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/jitterentropy-library-3.0.2.tar.gz
|
||||
SOURCES/rng-tools-6.13.tar.gz
|
||||
SOURCES/jitterentropy-library-3.3.1.tar.gz
|
||||
SOURCES/rng-tools-6.14.tar.gz
|
||||
|
@ -1,2 +1,2 @@
|
||||
4515a148eb1bec043c12135b867afd47cd512fe7 SOURCES/jitterentropy-library-3.0.2.tar.gz
|
||||
378735271b930a745c97b92be8dd61eefc0d79bc SOURCES/rng-tools-6.13.tar.gz
|
||||
b48e54d56961e3db138dac4fd6ab3117e31f5db9 SOURCES/jitterentropy-library-3.3.1.tar.gz
|
||||
fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz
|
||||
|
@ -1,28 +0,0 @@
|
||||
From 800d7c6e23f0a04bd893ee748a74b622657017a9 Mon Sep 17 00:00:00 2001
|
||||
From: David Seifert <soap@gentoo.org>
|
||||
Date: Sun, 1 Aug 2021 13:16:16 +0200
|
||||
Subject: [PATCH] configure.ac: Add missing `test`
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
configure.ac | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 0fe06fc..7c8e327 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -68,8 +68,8 @@ AC_PROG_GCC_TRADITIONAL
|
||||
|
||||
AX_PTHREAD
|
||||
|
||||
-AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || $host_cpu = i686])
|
||||
-AS_IF([test $host_cpu = x86_64 || $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
|
||||
+AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || test $host_cpu = i686])
|
||||
+AS_IF([test $host_cpu = x86_64 || test $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
|
||||
|
||||
AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le])
|
||||
AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
|
||||
--
|
||||
2.26.3
|
||||
|
47
SOURCES/4-rt-revert-build-randstat.patch
Normal file
47
SOURCES/4-rt-revert-build-randstat.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From de2ee0d8b7e8ad2915165ef941a6ec37442a2fdc Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Tue, 6 Jul 2021 14:36:46 +0200
|
||||
Subject: [PATCH] Revert "Build randstat binary"
|
||||
|
||||
We do not want new and mostly useless randstat binary.
|
||||
This reverts commit 2ce93190cb0111fcab2f622a539689d70960643a.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
.gitignore | 3 +--
|
||||
contrib/Makefile.am | 5 +++--
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git .gitignore .gitignore
|
||||
index 943fa2b..5dc334d 100644
|
||||
--- .gitignore
|
||||
+++ .gitignore
|
||||
@@ -1,6 +1,6 @@
|
||||
*.a
|
||||
*.o
|
||||
-.deps/
|
||||
+/.deps/
|
||||
/aclocal.m4
|
||||
/ar-lib
|
||||
/autom4te.cache/
|
||||
@@ -10,7 +10,6 @@
|
||||
/config.status
|
||||
/config.sub
|
||||
/configure
|
||||
-/contrib/randstat
|
||||
/depcomp
|
||||
/install-sh
|
||||
/missing
|
||||
diff --git contrib/Makefile.am contrib/Makefile.am
|
||||
index a81fb0e..18c4fbc 100644
|
||||
--- contrib/Makefile.am
|
||||
+++ contrib/Makefile.am
|
||||
@@ -1,2 +1,3 @@
|
||||
-bin_PROGRAMS = randstat
|
||||
-randstat_SOURCES = randstat.c
|
||||
+
|
||||
+EXTRA_DIST = randstat.c
|
||||
+
|
||||
--
|
||||
2.26.3
|
||||
|
42
SOURCES/5-rt-comment-out-have-aesni.patch
Normal file
42
SOURCES/5-rt-comment-out-have-aesni.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 86a66ed41390fa5f98aade60a55376269fd163b0 Mon Sep 17 00:00:00 2001
|
||||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Fri, 17 Sep 2021 01:04:51 +0200
|
||||
Subject: [PATCH] Comment out an unused assignment
|
||||
|
||||
Covscan warns about an unused value. Comment it out.
|
||||
|
||||
Defect type: UNUSED_VALUE: covscan warning:
|
||||
rng-tools-6.13/rngd_rdrand.c:260: assigned_value: Assigning value
|
||||
from "!!(info.ecx & 0x2000000U)" to "have_aesni" here, but that
|
||||
stored value is overwritten before it can be used.
|
||||
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
---
|
||||
rngd_rdrand.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git rngd_rdrand.c rngd_rdrand.c
|
||||
index caa9d05..ea7b8fa 100644
|
||||
--- rngd_rdrand.c
|
||||
+++ rngd_rdrand.c
|
||||
@@ -239,7 +239,7 @@ int init_drng_entropy_source(struct rng *ent_src)
|
||||
struct cpuid info;
|
||||
/* We need RDRAND, but AESni is optional */
|
||||
const uint32_t features_ecx1_rdrand = 1 << 30;
|
||||
- const uint32_t features_ecx1_aesni = 1 << 25;
|
||||
+ //const uint32_t features_ecx1_aesni = 1 << 25;
|
||||
const uint32_t features_ebx7_rdseed = 1 << 18;
|
||||
uint32_t max_cpuid_leaf;
|
||||
unsigned char xkey[AES_BLOCK]; /* Material to XOR into the key */
|
||||
@@ -257,7 +257,7 @@ int init_drng_entropy_source(struct rng *ent_src)
|
||||
if (!(info.ecx & features_ecx1_rdrand))
|
||||
return 1;
|
||||
|
||||
- have_aesni = !!(info.ecx & features_ecx1_aesni);
|
||||
+ //have_aesni = !!(info.ecx & features_ecx1_aesni);
|
||||
have_aesni = 0; /* BACK OUT NH */
|
||||
have_rdseed = 0;
|
||||
if (max_cpuid_leaf >= 7) {
|
||||
--
|
||||
2.26.3
|
||||
|
20
SOURCES/6-je-fix-ec-check.patch
Normal file
20
SOURCES/6-je-fix-ec-check.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff -up jitterentropy-library/src/jitterentropy-noise.c.orig jitterentropy-library/src/jitterentropy-noise.c
|
||||
--- jitterentropy-library/src/jitterentropy-noise.c 2021-11-23 15:42:47.809329173 +0100
|
||||
+++ jitterentropy-library/src/jitterentropy-noise.c 2021-11-23 15:44:19.820499338 +0100
|
||||
@@ -188,7 +188,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
|
||||
uint32_t u[4];
|
||||
uint8_t b[sizeof(uint32_t) * 4];
|
||||
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
|
||||
- uint32_t addressMask = ec->memmask;
|
||||
+ uint32_t addressMask;
|
||||
|
||||
/* Ensure that macros cannot overflow jent_loop_shuffle() */
|
||||
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
|
||||
@@ -197,6 +197,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
|
||||
|
||||
if (NULL == ec || NULL == ec->mem)
|
||||
return;
|
||||
+ addressMask = ec->memmask;
|
||||
|
||||
/*
|
||||
* Mix the current data into prngState
|
@ -3,13 +3,16 @@ Description=Hardware RNG Entropy Gatherer Daemon
|
||||
ConditionVirtualization=!container
|
||||
Requires=rngd-wake-threshold.service
|
||||
|
||||
# The "-f" option is required for the systemd service rngd to work with Type=simple
|
||||
[Service]
|
||||
User=rngd
|
||||
Group=rngd
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||
AmbientCapabilities=CAP_SYS_ADMIN
|
||||
ExecStart=/usr/sbin/rngd -f --fill-watermark=0
|
||||
TimeoutStartSec=60s
|
||||
Type=simple
|
||||
EnvironmentFile=/etc/sysconfig/rngd
|
||||
ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
||||
|
3
SOURCES/rngd.sysconfig
Normal file
3
SOURCES/rngd.sysconfig
Normal file
@ -0,0 +1,3 @@
|
||||
# Optional arguments passed to rngd. See rngd(8) and
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
|
||||
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
|
@ -2,8 +2,8 @@
|
||||
|
||||
Summary: Random number generator related utilities
|
||||
Name: rng-tools
|
||||
Version: 6.13
|
||||
Release: 1.git.d207e0b6%{?dist}
|
||||
Version: 6.14
|
||||
Release: 4.git.b2b7934e%{?dist}
|
||||
Group: System Environment/Base
|
||||
License: GPLv2+
|
||||
URL: https://github.com/nhorman/rng-tools
|
||||
@ -11,12 +11,15 @@ Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: rngd.service
|
||||
Source2: rngd-wake-threshold.service
|
||||
Source3: 60-hwrng.rules
|
||||
Source4: jitterentropy-library-3.0.2.tar.gz
|
||||
Source4: jitterentropy-library-3.3.1.tar.gz
|
||||
Source5: rngd.sysconfig
|
||||
|
||||
Patch0: 1-je-rh-makefile.patch
|
||||
Patch1: 2-je-remove-install.patch
|
||||
Patch2: 3-rt-use-jitter-static.patch
|
||||
Patch3: 4-rt-add-missing-test.patch
|
||||
Patch3: 4-rt-revert-build-randstat.patch
|
||||
Patch4: 5-rt-comment-out-have-aesni.patch
|
||||
Patch5: 6-je-fix-ec-check.patch
|
||||
|
||||
BuildRequires: gcc make
|
||||
BuildRequires: gettext
|
||||
@ -42,11 +45,13 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool.
|
||||
%prep
|
||||
%setup -q
|
||||
tar xf %{SOURCE4}
|
||||
mv jitterentropy-library-3.0.2 jitterentropy-library
|
||||
mv jitterentropy-library-3.3.1 jitterentropy-library
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch3 -p0
|
||||
%patch4 -p0
|
||||
%patch5 -p0
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
@ -60,6 +65,8 @@ mv jitterentropy-library-3.0.2 jitterentropy-library
|
||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
|
||||
install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3}
|
||||
# install sysconfig file
|
||||
install -D %{SOURCE5} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
|
||||
|
||||
%pre
|
||||
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
|
||||
@ -85,8 +92,15 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
|
||||
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
|
||||
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
|
||||
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
|
||||
|
||||
%changelog
|
||||
* Mon Nov 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
|
||||
- Update rng-tools to v6.14 @ b2b7934e (bz 2015570)
|
||||
- Update jitterentropy library to v3.3.1 @ 887c9871
|
||||
- Add a config file for storing rngd options
|
||||
- Fix a security issue found by a covscan in jitterentropy library
|
||||
|
||||
* Thu Jul 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-1.git.d207e0b6
|
||||
- Update to the upstream v6.13 + tip of origin/master + onecpu
|
||||
branch + revert of 2ce93190
|
||||
|
Loading…
Reference in New Issue
Block a user