import rng-tools-6.15-1.el9

2022-11-15 01:57:53 -05:00 · 2022-11-15 01:57:53 -05:00 · 47f88c9907
parent 625d99c25d
commit 47f88c9907
10 changed files with 39 additions and 181 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/rng-tools-6.14.tar.gz
+SOURCES/rng-tools-6.15.tar.gz
--- a/.rng-tools.metadata
+++ b/.rng-tools.metadata
@ -1 +1 @@
-fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz
+79de2f603a8d5266691edd5b53efc1a7b6a02cd3 SOURCES/rng-tools-6.15.tar.gz
--- a/SOURCES/3-rt-change-option.patch
+++ b/SOURCES/3-rt-change-option.patch
@ -1,40 +0,0 @@
-From 6e1a11ae6df8cd6c98657a8b78761763f3ff2abd Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@tuxdriver.com>
-Date: Mon, 28 Feb 2022 07:59:57 -0500
-Subject: [PATCH 2/3] Change DARN_OPT_AES to DRNG_OPT_AES for rngd_rndr.c
-Content-type: text/plain
-
-@dermotbradley noted that we were using the wrong define for the arm
-rndr instruction.  Fix that up
-
-Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
- rngd_rndr.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git rngd_rndr.c rngd_rndr.c
-index 79bf2ce..fa1eaa9 100644
--- rngd_rndr.c
-+++ rngd_rndr.c
-@@ -171,7 +171,7 @@ static int fill_from_rndr(void *buf, size_t size)
- 
- int xread_rndr(void *buf, size_t size, struct rng *ent_src)
- {
-	if (ent_src->rng_options[DARN_OPT_AES].int_val)
-+	if (ent_src->rng_options[DRNG_OPT_AES].int_val)
- 		return fill_from_aes(ent_src, buf, size);
- 	else
- 		return fill_from_rndr(buf, size);
-@@ -187,7 +187,7 @@ int init_rndr_entropy_source(struct rng *ent_src)
- 		return 1;
- 	}
- 	message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling aarch64 RNDR rng support\n");
-	if (ent_src->rng_options[DARN_OPT_AES].int_val && init_openssl(ent_src))
-+	if (ent_src->rng_options[DRNG_OPT_AES].int_val && init_openssl(ent_src))
- 		return 1;
- 	return 0;
- }
-- 
-2.35.1
-
--- a/SOURCES/3-rt-fix-jent-define.patch
+++ b/SOURCES/3-rt-fix-jent-define.patch
@ -0,0 +1,14 @@
+--- configure.ac	2022-03-24 13:14:11.000000000 +0100
+++ configure.ac.new	2022-03-24 15:58:56.187367770 +0100
+@@ -95,7 +95,10 @@ AS_IF(
+ 				[AM_CONDITIONAL([JITTER], [true])
+ 				AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
+ 				AC_CHECK_LIB(jitterentropy, jent_notime_settick,
+-				[AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
+				[
+					AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])
+					AC_DEFINE([JENT_CONF_ENABLE_INTERNAL_TIMER],1,[Enable JENT_CONF_ENABLE_INTERNAL_TIMER])
+				],
+ 				[],-lpthread)],
+ 				AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
+ 	], [AC_MSG_NOTICE([Disabling JITTER entropy source])]
--- a/SOURCES/4-rt-adjust-detection.patch
+++ b/SOURCES/4-rt-adjust-detection.patch
@ -1,32 +0,0 @@
-From e2698477e8abf623c18ab28d33cc894ec882a706 Mon Sep 17 00:00:00 2001
-From: Neil Horman <neil.horman@privafy.com>
-Date: Fri, 18 Mar 2022 18:59:52 -0400
-Subject: [PATCH 3/3] Adjust jitterentropy detection to look for the settick
- function
-Content-type: text/plain
-
-Theres no great way to detect if jitterentropy has the internal timer
-feature enabled so we have to look for a function that is only defined
-when it is enabled
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git configure.ac configure.ac
-index e16e1a0..0f5a38e 100644
--- configure.ac
-+++ configure.ac
-@@ -94,7 +94,7 @@ AS_IF(
- 		AC_SEARCH_LIBS(jent_version,jitterentropy,
- 				[AM_CONDITIONAL([JITTER], [true])
- 				AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
-				AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl,
-+				AC_CHECK_LIB(jitterentropy, jent_notime_settick,
- 				[AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
- 				[],-lpthread)],
- 				AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
-- 
-2.35.1
-
--- a/SOURCES/5-rt-drop-unused-variables.patch
+++ b/SOURCES/5-rt-drop-unused-variables.patch
@ -1,53 +0,0 @@
-From 370e252c6caedf561c832fa19b20abb7e249b326 Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Fri, 25 Mar 2022 12:41:45 +0100
-Subject: [PATCH] Drop unused variables
-Content-type: text/plain
-
-And brush up code a bit. Unused variables are reported by gcc as:
-
-rngd_darn.c: In function 'init_openssl':
-rngd_darn.c:68:13: warning: unused variable 'i' [-Wunused-variable]
-   68 |         int i;
-rngd_darn.c: In function 'xread_darn':
-rngd_darn.c:163:19: warning: unused variable 'darn_ptr' [-Wunused-variable]
-  163 |         uint64_t *darn_ptr =(uint64_t *)buf;
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
- rngd_darn.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git rngd_darn.c rngd_darn.c
-index 5254195..7b26cbe 100644
--- rngd_darn.c
-+++ rngd_darn.c
-@@ -65,7 +65,6 @@ static size_t rand_bytes_served = 0;
- static int init_openssl(struct rng *ent_src)
- {
- 	uint64_t darn_val;
-	int i;
- 
- 	ossl_aes_random_key(key, NULL);
- 
-@@ -140,8 +139,7 @@ static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t cop
-  */
- static uint64_t get_darn()
- {
-	uint64_t darn_val;
-	darn_val = 0;
-+	uint64_t darn_val = 0;
- 	int i;
- 
- 	/*
-@@ -160,7 +158,6 @@ static uint64_t get_darn()
- 
- int xread_darn(void *buf, size_t size, struct rng *ent_src)
- {
-	uint64_t *darn_ptr =(uint64_t *)buf;
- 	size_t copied = 0;
- 
- 	while (copied < size) {
-- 
-2.35.1
-
--- a/SOURCES/rngd-wake-threshold.service
+++ b/SOURCES/rngd-wake-threshold.service
@ -1,15 +0,0 @@
-# This unit is needed to run rngd as a non-privileged user.
-# It performs a system set up which requires privileges.
-
-[Unit]
-Description=Hardware RNG Entropy Gatherer Wake threshold service
-ConditionVirtualization=!container
-Before=rngd.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; if [ -e /dev/hwrng ]; then chmod 0640 /dev/hwrng; chgrp rngd /dev/hwrng; fi"
-
-[Install]
-WantedBy=multi-user.target
--- a/SOURCES/rngd.service
+++ b/SOURCES/rngd.service
@ -1,15 +1,9 @@
 [Unit]
 Description=Hardware RNG Entropy Gatherer Daemon
 ConditionVirtualization=!container
-Requires=rngd-wake-threshold.service

 # The "-f" option is required for the systemd service rngd to work with Type=simple
 [Service]
-User=rngd
-Group=rngd
-CapabilityBoundingSet=CAP_SYS_ADMIN
-AmbientCapabilities=CAP_SYS_ADMIN
-TimeoutStartSec=60s
 Type=simple
 EnvironmentFile=/etc/sysconfig/rngd
 ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
--- a/SOURCES/rngd.sysconfig
+++ b/SOURCES/rngd.sysconfig
@ -1,3 +1,3 @@
 # Optional arguments passed to rngd. See rngd(8) and
 # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
-RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
+RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon"
--- a/SPECS/rng-tools.spec
+++ b/SPECS/rng-tools.spec
@ -11,14 +11,13 @@

 Summary:        Random number generator related utilities
 Name:           rng-tools
-Version:        6.14
-Release:        5.git.b2b7934e%{?dist}
+Version:        6.15
+Release:        1%{?dist}
 License:        GPLv2+
 URL:            https://github.com/nhorman/rng-tools
 Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        rngd.service
-Source2:        rngd-wake-threshold.service
-Source3:        rngd.sysconfig
+Source2:        rngd.sysconfig

 BuildRequires: gcc make binutils
 BuildRequires: gettext
@ -28,6 +27,7 @@ BuildRequires: libgcrypt-devel libcurl-devel
 BuildRequires: libxml2-devel openssl-devel
 BuildRequires: jitterentropy-devel
 BuildRequires: jansson-devel
+BuildRequires: libcap-devel
 %if %{with rtlsdr}
 BuildRequires: rtl-sdr-devel
 %endif
@ -38,13 +38,11 @@ BuildRequires: libp11-devel
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-Requires: jansson openssl
+Requires: selinux-policy >= 34.1.31-2

 Patch0: 1-rt-revert-build-randstat.patch
 Patch1: 2-rt-comment-out-have-aesni.patch
-Patch2: 3-rt-change-option.patch
-Patch3: 4-rt-adjust-detection.patch
-Patch4: 5-rt-drop-unused-variables.patch
+Patch2: 3-rt-fix-jent-define.patch

 %description
 This is a random number generator daemon and its tools. It monitors
@ -63,32 +61,27 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool.
 %endif

 ./autogen.sh
+# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS
+sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in
 %configure %{?_without_pkcs11} %{?_without_rtlsdr}
 %make_build

 %install
 %make_install

-# install systemd unit files
+# install systemd unit file
 install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
-install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
 # install sysconfig file
-install -D %{SOURCE3} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
-
-%pre
-getent group rngd >/dev/null || groupadd -f -r rngd
-getent passwd rngd >/dev/null || useradd -r -g rngd -M -d / -s /sbin/nologin -c "Random Number Generator Daemon" rngd
+install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd

 %post
-%systemd_post rngd.service rngd-wake-threshold.service
-/usr/bin/systemctl start rngd-wake-threshold.service || :
+%systemd_post rngd.service

 %preun
-%systemd_preun rngd.service rngd-wake-threshold.service
+%systemd_preun rngd.service

 %postun
-%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
-getent passwd rngd >/dev/null && userdel rngd
+%systemd_postun_with_restart rngd.service

 %files
 %{!?_licensedir:%global license %%doc}
@ -98,20 +91,17 @@ getent passwd rngd >/dev/null && userdel rngd
 %{_sbindir}/rngd
 %{_mandir}/man1/rngtest.1.*
 %{_mandir}/man8/rngd.8.*
-%attr(0644,root,root)   %{_unitdir}/rngd.service
-%attr(0644,root,root)   %{_unitdir}/rngd-wake-threshold.service
-%config(noreplace) %attr(0644,root,root)   %{_sysconfdir}/sysconfig/rngd
+%attr(0644,root,root)    %{_unitdir}/rngd.service
+%config(noreplace) %attr(0644,root,root)    %{_sysconfdir}/sysconfig/rngd

 %changelog
-* Thu Apr 28 2022 Vladis Dronov <vdronov@redhat.com> - 6.14-5.git.b2b7934e
- Fix a missing rngd group issue (bz2079379)
- Fix test script permissions
-
-* Thu Apr 21 2022 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
- Fix udevadm issues on systems lacking it (bz 2057030)
- Fix a missing working directory issue (bz 2053160)
- Add some upstream patches
- Fix tests
+* Sat Apr 16 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-1
+- Update to the upstream v6.15 @ 172bf0e3 (bz 2075977)
+- Allow rngd process to drop privileges with "-D user:group"
+- Fix an error building with jitterentropy-3.4.0
+- Add a requirement for selinux-policy of a certain version
+- Fix a build failure on ppc64
+- Small edits in test scripts

 * Tue Nov 23 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-2.git.b2b7934e
 - Update to the upstream v6.14 @ b2b7934e (bz 2015566)