import rng-tools-6.15-1.el9

This commit is contained in:
CentOS Sources 2022-11-15 01:57:53 -05:00 committed by Stepan Oksanichenko
parent 625d99c25d
commit 47f88c9907
10 changed files with 39 additions and 181 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/rng-tools-6.14.tar.gz
SOURCES/rng-tools-6.15.tar.gz

View File

@ -1 +1 @@
fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz
79de2f603a8d5266691edd5b53efc1a7b6a02cd3 SOURCES/rng-tools-6.15.tar.gz

View File

@ -1,40 +0,0 @@
From 6e1a11ae6df8cd6c98657a8b78761763f3ff2abd Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@tuxdriver.com>
Date: Mon, 28 Feb 2022 07:59:57 -0500
Subject: [PATCH 2/3] Change DARN_OPT_AES to DRNG_OPT_AES for rngd_rndr.c
Content-type: text/plain
@dermotbradley noted that we were using the wrong define for the arm
rndr instruction. Fix that up
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
rngd_rndr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git rngd_rndr.c rngd_rndr.c
index 79bf2ce..fa1eaa9 100644
--- rngd_rndr.c
+++ rngd_rndr.c
@@ -171,7 +171,7 @@ static int fill_from_rndr(void *buf, size_t size)
int xread_rndr(void *buf, size_t size, struct rng *ent_src)
{
- if (ent_src->rng_options[DARN_OPT_AES].int_val)
+ if (ent_src->rng_options[DRNG_OPT_AES].int_val)
return fill_from_aes(ent_src, buf, size);
else
return fill_from_rndr(buf, size);
@@ -187,7 +187,7 @@ int init_rndr_entropy_source(struct rng *ent_src)
return 1;
}
message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling aarch64 RNDR rng support\n");
- if (ent_src->rng_options[DARN_OPT_AES].int_val && init_openssl(ent_src))
+ if (ent_src->rng_options[DRNG_OPT_AES].int_val && init_openssl(ent_src))
return 1;
return 0;
}
--
2.35.1

View File

@ -0,0 +1,14 @@
--- configure.ac 2022-03-24 13:14:11.000000000 +0100
+++ configure.ac.new 2022-03-24 15:58:56.187367770 +0100
@@ -95,7 +95,10 @@ AS_IF(
[AM_CONDITIONAL([JITTER], [true])
AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
AC_CHECK_LIB(jitterentropy, jent_notime_settick,
- [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
+ [
+ AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])
+ AC_DEFINE([JENT_CONF_ENABLE_INTERNAL_TIMER],1,[Enable JENT_CONF_ENABLE_INTERNAL_TIMER])
+ ],
[],-lpthread)],
AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
], [AC_MSG_NOTICE([Disabling JITTER entropy source])]

View File

@ -1,32 +0,0 @@
From e2698477e8abf623c18ab28d33cc894ec882a706 Mon Sep 17 00:00:00 2001
From: Neil Horman <neil.horman@privafy.com>
Date: Fri, 18 Mar 2022 18:59:52 -0400
Subject: [PATCH 3/3] Adjust jitterentropy detection to look for the settick
function
Content-type: text/plain
Theres no great way to detect if jitterentropy has the internal timer
feature enabled so we have to look for a function that is only defined
when it is enabled
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git configure.ac configure.ac
index e16e1a0..0f5a38e 100644
--- configure.ac
+++ configure.ac
@@ -94,7 +94,7 @@ AS_IF(
AC_SEARCH_LIBS(jent_version,jitterentropy,
[AM_CONDITIONAL([JITTER], [true])
AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
- AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl,
+ AC_CHECK_LIB(jitterentropy, jent_notime_settick,
[AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
[],-lpthread)],
AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
--
2.35.1

View File

@ -1,53 +0,0 @@
From 370e252c6caedf561c832fa19b20abb7e249b326 Mon Sep 17 00:00:00 2001
From: Vladis Dronov <vdronov@redhat.com>
Date: Fri, 25 Mar 2022 12:41:45 +0100
Subject: [PATCH] Drop unused variables
Content-type: text/plain
And brush up code a bit. Unused variables are reported by gcc as:
rngd_darn.c: In function 'init_openssl':
rngd_darn.c:68:13: warning: unused variable 'i' [-Wunused-variable]
68 | int i;
rngd_darn.c: In function 'xread_darn':
rngd_darn.c:163:19: warning: unused variable 'darn_ptr' [-Wunused-variable]
163 | uint64_t *darn_ptr =(uint64_t *)buf;
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
rngd_darn.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git rngd_darn.c rngd_darn.c
index 5254195..7b26cbe 100644
--- rngd_darn.c
+++ rngd_darn.c
@@ -65,7 +65,6 @@ static size_t rand_bytes_served = 0;
static int init_openssl(struct rng *ent_src)
{
uint64_t darn_val;
- int i;
ossl_aes_random_key(key, NULL);
@@ -140,8 +139,7 @@ static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t cop
*/
static uint64_t get_darn()
{
- uint64_t darn_val;
- darn_val = 0;
+ uint64_t darn_val = 0;
int i;
/*
@@ -160,7 +158,6 @@ static uint64_t get_darn()
int xread_darn(void *buf, size_t size, struct rng *ent_src)
{
- uint64_t *darn_ptr =(uint64_t *)buf;
size_t copied = 0;
while (copied < size) {
--
2.35.1

View File

@ -1,15 +0,0 @@
# This unit is needed to run rngd as a non-privileged user.
# It performs a system set up which requires privileges.
[Unit]
Description=Hardware RNG Entropy Gatherer Wake threshold service
ConditionVirtualization=!container
Before=rngd.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; if [ -e /dev/hwrng ]; then chmod 0640 /dev/hwrng; chgrp rngd /dev/hwrng; fi"
[Install]
WantedBy=multi-user.target

View File

@ -1,15 +1,9 @@
[Unit]
Description=Hardware RNG Entropy Gatherer Daemon
ConditionVirtualization=!container
Requires=rngd-wake-threshold.service
# The "-f" option is required for the systemd service rngd to work with Type=simple
[Service]
User=rngd
Group=rngd
CapabilityBoundingSet=CAP_SYS_ADMIN
AmbientCapabilities=CAP_SYS_ADMIN
TimeoutStartSec=60s
Type=simple
EnvironmentFile=/etc/sysconfig/rngd
ExecStart=/usr/sbin/rngd -f $RNGD_ARGS

View File

@ -1,3 +1,3 @@
# Optional arguments passed to rngd. See rngd(8) and
# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon"

View File

@ -11,14 +11,13 @@
Summary: Random number generator related utilities
Name: rng-tools
Version: 6.14
Release: 5.git.b2b7934e%{?dist}
Version: 6.15
Release: 1%{?dist}
License: GPLv2+
URL: https://github.com/nhorman/rng-tools
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: rngd.service
Source2: rngd-wake-threshold.service
Source3: rngd.sysconfig
Source2: rngd.sysconfig
BuildRequires: gcc make binutils
BuildRequires: gettext
@ -28,6 +27,7 @@ BuildRequires: libgcrypt-devel libcurl-devel
BuildRequires: libxml2-devel openssl-devel
BuildRequires: jitterentropy-devel
BuildRequires: jansson-devel
BuildRequires: libcap-devel
%if %{with rtlsdr}
BuildRequires: rtl-sdr-devel
%endif
@ -38,13 +38,11 @@ BuildRequires: libp11-devel
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires: jansson openssl
Requires: selinux-policy >= 34.1.31-2
Patch0: 1-rt-revert-build-randstat.patch
Patch1: 2-rt-comment-out-have-aesni.patch
Patch2: 3-rt-change-option.patch
Patch3: 4-rt-adjust-detection.patch
Patch4: 5-rt-drop-unused-variables.patch
Patch2: 3-rt-fix-jent-define.patch
%description
This is a random number generator daemon and its tools. It monitors
@ -63,32 +61,27 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool.
%endif
./autogen.sh
# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS
sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in
%configure %{?_without_pkcs11} %{?_without_rtlsdr}
%make_build
%install
%make_install
# install systemd unit files
# install systemd unit file
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
# install sysconfig file
install -D %{SOURCE3} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
%pre
getent group rngd >/dev/null || groupadd -f -r rngd
getent passwd rngd >/dev/null || useradd -r -g rngd -M -d / -s /sbin/nologin -c "Random Number Generator Daemon" rngd
install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
%post
%systemd_post rngd.service rngd-wake-threshold.service
/usr/bin/systemctl start rngd-wake-threshold.service || :
%systemd_post rngd.service
%preun
%systemd_preun rngd.service rngd-wake-threshold.service
%systemd_preun rngd.service
%postun
%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
getent passwd rngd >/dev/null && userdel rngd
%systemd_postun_with_restart rngd.service
%files
%{!?_licensedir:%global license %%doc}
@ -98,20 +91,17 @@ getent passwd rngd >/dev/null && userdel rngd
%{_sbindir}/rngd
%{_mandir}/man1/rngtest.1.*
%{_mandir}/man8/rngd.8.*
%attr(0644,root,root) %{_unitdir}/rngd.service
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
%attr(0644,root,root) %{_unitdir}/rngd.service
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
%changelog
* Thu Apr 28 2022 Vladis Dronov <vdronov@redhat.com> - 6.14-5.git.b2b7934e
- Fix a missing rngd group issue (bz2079379)
- Fix test script permissions
* Thu Apr 21 2022 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
- Fix udevadm issues on systems lacking it (bz 2057030)
- Fix a missing working directory issue (bz 2053160)
- Add some upstream patches
- Fix tests
* Sat Apr 16 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-1
- Update to the upstream v6.15 @ 172bf0e3 (bz 2075977)
- Allow rngd process to drop privileges with "-D user:group"
- Fix an error building with jitterentropy-3.4.0
- Add a requirement for selinux-policy of a certain version
- Fix a build failure on ppc64
- Small edits in test scripts
* Tue Nov 23 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-2.git.b2b7934e
- Update to the upstream v6.14 @ b2b7934e (bz 2015566)