From 47f88c990726198beee1365c35302d19dce7abe5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 15 Nov 2022 01:57:53 -0500 Subject: [PATCH] import rng-tools-6.15-1.el9 --- .gitignore | 2 +- .rng-tools.metadata | 2 +- SOURCES/3-rt-change-option.patch | 40 ------------------ SOURCES/3-rt-fix-jent-define.patch | 14 ++++++ SOURCES/4-rt-adjust-detection.patch | 32 -------------- SOURCES/5-rt-drop-unused-variables.patch | 53 ----------------------- SOURCES/rngd-wake-threshold.service | 15 ------- SOURCES/rngd.service | 6 --- SOURCES/rngd.sysconfig | 2 +- SPECS/rng-tools.spec | 54 ++++++++++-------------- 10 files changed, 39 insertions(+), 181 deletions(-) delete mode 100644 SOURCES/3-rt-change-option.patch create mode 100644 SOURCES/3-rt-fix-jent-define.patch delete mode 100644 SOURCES/4-rt-adjust-detection.patch delete mode 100644 SOURCES/5-rt-drop-unused-variables.patch delete mode 100644 SOURCES/rngd-wake-threshold.service diff --git a/.gitignore b/.gitignore index 5611679..6d2efdb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/rng-tools-6.14.tar.gz +SOURCES/rng-tools-6.15.tar.gz diff --git a/.rng-tools.metadata b/.rng-tools.metadata index 80cc952..d5ba298 100644 --- a/.rng-tools.metadata +++ b/.rng-tools.metadata @@ -1 +1 @@ -fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz +79de2f603a8d5266691edd5b53efc1a7b6a02cd3 SOURCES/rng-tools-6.15.tar.gz diff --git a/SOURCES/3-rt-change-option.patch b/SOURCES/3-rt-change-option.patch deleted file mode 100644 index 3c7557a..0000000 --- a/SOURCES/3-rt-change-option.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 6e1a11ae6df8cd6c98657a8b78761763f3ff2abd Mon Sep 17 00:00:00 2001 -From: Neil Horman -Date: Mon, 28 Feb 2022 07:59:57 -0500 -Subject: [PATCH 2/3] Change DARN_OPT_AES to DRNG_OPT_AES for rngd_rndr.c -Content-type: text/plain - -@dermotbradley noted that we were using the wrong define for the arm -rndr instruction. Fix that up - -Signed-off-by: Neil Horman -Signed-off-by: Vladis Dronov ---- - rngd_rndr.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git rngd_rndr.c rngd_rndr.c -index 79bf2ce..fa1eaa9 100644 ---- rngd_rndr.c -+++ rngd_rndr.c -@@ -171,7 +171,7 @@ static int fill_from_rndr(void *buf, size_t size) - - int xread_rndr(void *buf, size_t size, struct rng *ent_src) - { -- if (ent_src->rng_options[DARN_OPT_AES].int_val) -+ if (ent_src->rng_options[DRNG_OPT_AES].int_val) - return fill_from_aes(ent_src, buf, size); - else - return fill_from_rndr(buf, size); -@@ -187,7 +187,7 @@ int init_rndr_entropy_source(struct rng *ent_src) - return 1; - } - message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling aarch64 RNDR rng support\n"); -- if (ent_src->rng_options[DARN_OPT_AES].int_val && init_openssl(ent_src)) -+ if (ent_src->rng_options[DRNG_OPT_AES].int_val && init_openssl(ent_src)) - return 1; - return 0; - } --- -2.35.1 - diff --git a/SOURCES/3-rt-fix-jent-define.patch b/SOURCES/3-rt-fix-jent-define.patch new file mode 100644 index 0000000..e208c1a --- /dev/null +++ b/SOURCES/3-rt-fix-jent-define.patch @@ -0,0 +1,14 @@ +--- configure.ac 2022-03-24 13:14:11.000000000 +0100 ++++ configure.ac.new 2022-03-24 15:58:56.187367770 +0100 +@@ -95,7 +95,10 @@ AS_IF( + [AM_CONDITIONAL([JITTER], [true]) + AC_DEFINE([HAVE_JITTER],1,[Enable JITTER]) + AC_CHECK_LIB(jitterentropy, jent_notime_settick, +- [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])], ++ [ ++ AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME]) ++ AC_DEFINE([JENT_CONF_ENABLE_INTERNAL_TIMER],1,[Enable JENT_CONF_ENABLE_INTERNAL_TIMER]) ++ ], + [],-lpthread)], + AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread) + ], [AC_MSG_NOTICE([Disabling JITTER entropy source])] diff --git a/SOURCES/4-rt-adjust-detection.patch b/SOURCES/4-rt-adjust-detection.patch deleted file mode 100644 index 8fce433..0000000 --- a/SOURCES/4-rt-adjust-detection.patch +++ /dev/null @@ -1,32 +0,0 @@ -From e2698477e8abf623c18ab28d33cc894ec882a706 Mon Sep 17 00:00:00 2001 -From: Neil Horman -Date: Fri, 18 Mar 2022 18:59:52 -0400 -Subject: [PATCH 3/3] Adjust jitterentropy detection to look for the settick - function -Content-type: text/plain - -Theres no great way to detect if jitterentropy has the internal timer -feature enabled so we have to look for a function that is only defined -when it is enabled - -Signed-off-by: Vladis Dronov ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git configure.ac configure.ac -index e16e1a0..0f5a38e 100644 ---- configure.ac -+++ configure.ac -@@ -94,7 +94,7 @@ AS_IF( - AC_SEARCH_LIBS(jent_version,jitterentropy, - [AM_CONDITIONAL([JITTER], [true]) - AC_DEFINE([HAVE_JITTER],1,[Enable JITTER]) -- AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl, -+ AC_CHECK_LIB(jitterentropy, jent_notime_settick, - [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])], - [],-lpthread)], - AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread) --- -2.35.1 - diff --git a/SOURCES/5-rt-drop-unused-variables.patch b/SOURCES/5-rt-drop-unused-variables.patch deleted file mode 100644 index d6e8bb5..0000000 --- a/SOURCES/5-rt-drop-unused-variables.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 370e252c6caedf561c832fa19b20abb7e249b326 Mon Sep 17 00:00:00 2001 -From: Vladis Dronov -Date: Fri, 25 Mar 2022 12:41:45 +0100 -Subject: [PATCH] Drop unused variables -Content-type: text/plain - -And brush up code a bit. Unused variables are reported by gcc as: - -rngd_darn.c: In function 'init_openssl': -rngd_darn.c:68:13: warning: unused variable 'i' [-Wunused-variable] - 68 | int i; -rngd_darn.c: In function 'xread_darn': -rngd_darn.c:163:19: warning: unused variable 'darn_ptr' [-Wunused-variable] - 163 | uint64_t *darn_ptr =(uint64_t *)buf; - -Signed-off-by: Vladis Dronov ---- - rngd_darn.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git rngd_darn.c rngd_darn.c -index 5254195..7b26cbe 100644 ---- rngd_darn.c -+++ rngd_darn.c -@@ -65,7 +65,6 @@ static size_t rand_bytes_served = 0; - static int init_openssl(struct rng *ent_src) - { - uint64_t darn_val; -- int i; - - ossl_aes_random_key(key, NULL); - -@@ -140,8 +139,7 @@ static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t cop - */ - static uint64_t get_darn() - { -- uint64_t darn_val; -- darn_val = 0; -+ uint64_t darn_val = 0; - int i; - - /* -@@ -160,7 +158,6 @@ static uint64_t get_darn() - - int xread_darn(void *buf, size_t size, struct rng *ent_src) - { -- uint64_t *darn_ptr =(uint64_t *)buf; - size_t copied = 0; - - while (copied < size) { --- -2.35.1 - diff --git a/SOURCES/rngd-wake-threshold.service b/SOURCES/rngd-wake-threshold.service deleted file mode 100644 index 4da3ff7..0000000 --- a/SOURCES/rngd-wake-threshold.service +++ /dev/null @@ -1,15 +0,0 @@ -# This unit is needed to run rngd as a non-privileged user. -# It performs a system set up which requires privileges. - -[Unit] -Description=Hardware RNG Entropy Gatherer Wake threshold service -ConditionVirtualization=!container -Before=rngd.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; if [ -e /dev/hwrng ]; then chmod 0640 /dev/hwrng; chgrp rngd /dev/hwrng; fi" - -[Install] -WantedBy=multi-user.target diff --git a/SOURCES/rngd.service b/SOURCES/rngd.service index 8c919eb..2bd9e09 100644 --- a/SOURCES/rngd.service +++ b/SOURCES/rngd.service @@ -1,15 +1,9 @@ [Unit] Description=Hardware RNG Entropy Gatherer Daemon ConditionVirtualization=!container -Requires=rngd-wake-threshold.service # The "-f" option is required for the systemd service rngd to work with Type=simple [Service] -User=rngd -Group=rngd -CapabilityBoundingSet=CAP_SYS_ADMIN -AmbientCapabilities=CAP_SYS_ADMIN -TimeoutStartSec=60s Type=simple EnvironmentFile=/etc/sysconfig/rngd ExecStart=/usr/sbin/rngd -f $RNGD_ARGS diff --git a/SOURCES/rngd.sysconfig b/SOURCES/rngd.sysconfig index f0da1d9..dbb6f7a 100644 --- a/SOURCES/rngd.sysconfig +++ b/SOURCES/rngd.sysconfig @@ -1,3 +1,3 @@ # Optional arguments passed to rngd. See rngd(8) and # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21 -RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist" +RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon" diff --git a/SPECS/rng-tools.spec b/SPECS/rng-tools.spec index 2d1a864..ab0c5fa 100644 --- a/SPECS/rng-tools.spec +++ b/SPECS/rng-tools.spec @@ -11,14 +11,13 @@ Summary: Random number generator related utilities Name: rng-tools -Version: 6.14 -Release: 5.git.b2b7934e%{?dist} +Version: 6.15 +Release: 1%{?dist} License: GPLv2+ URL: https://github.com/nhorman/rng-tools Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source1: rngd.service -Source2: rngd-wake-threshold.service -Source3: rngd.sysconfig +Source2: rngd.sysconfig BuildRequires: gcc make binutils BuildRequires: gettext @@ -28,6 +27,7 @@ BuildRequires: libgcrypt-devel libcurl-devel BuildRequires: libxml2-devel openssl-devel BuildRequires: jitterentropy-devel BuildRequires: jansson-devel +BuildRequires: libcap-devel %if %{with rtlsdr} BuildRequires: rtl-sdr-devel %endif @@ -38,13 +38,11 @@ BuildRequires: libp11-devel Requires(post): systemd Requires(preun): systemd Requires(postun): systemd -Requires: jansson openssl +Requires: selinux-policy >= 34.1.31-2 Patch0: 1-rt-revert-build-randstat.patch Patch1: 2-rt-comment-out-have-aesni.patch -Patch2: 3-rt-change-option.patch -Patch3: 4-rt-adjust-detection.patch -Patch4: 5-rt-drop-unused-variables.patch +Patch2: 3-rt-fix-jent-define.patch %description This is a random number generator daemon and its tools. It monitors @@ -63,32 +61,27 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool. %endif ./autogen.sh +# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS +sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in %configure %{?_without_pkcs11} %{?_without_rtlsdr} %make_build %install %make_install -# install systemd unit files +# install systemd unit file install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} -install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2} # install sysconfig file -install -D %{SOURCE3} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd - -%pre -getent group rngd >/dev/null || groupadd -f -r rngd -getent passwd rngd >/dev/null || useradd -r -g rngd -M -d / -s /sbin/nologin -c "Random Number Generator Daemon" rngd +install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd %post -%systemd_post rngd.service rngd-wake-threshold.service -/usr/bin/systemctl start rngd-wake-threshold.service || : +%systemd_post rngd.service %preun -%systemd_preun rngd.service rngd-wake-threshold.service +%systemd_preun rngd.service %postun -%systemd_postun_with_restart rngd.service rngd-wake-threshold.service -getent passwd rngd >/dev/null && userdel rngd +%systemd_postun_with_restart rngd.service %files %{!?_licensedir:%global license %%doc} @@ -98,20 +91,17 @@ getent passwd rngd >/dev/null && userdel rngd %{_sbindir}/rngd %{_mandir}/man1/rngtest.1.* %{_mandir}/man8/rngd.8.* -%attr(0644,root,root) %{_unitdir}/rngd.service -%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service -%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd +%attr(0644,root,root) %{_unitdir}/rngd.service +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd %changelog -* Thu Apr 28 2022 Vladis Dronov - 6.14-5.git.b2b7934e -- Fix a missing rngd group issue (bz2079379) -- Fix test script permissions - -* Thu Apr 21 2022 Vladis Dronov - 6.14-4.git.b2b7934e -- Fix udevadm issues on systems lacking it (bz 2057030) -- Fix a missing working directory issue (bz 2053160) -- Add some upstream patches -- Fix tests +* Sat Apr 16 2022 Vladis Dronov - 6.15-1 +- Update to the upstream v6.15 @ 172bf0e3 (bz 2075977) +- Allow rngd process to drop privileges with "-D user:group" +- Fix an error building with jitterentropy-3.4.0 +- Add a requirement for selinux-policy of a certain version +- Fix a build failure on ppc64 +- Small edits in test scripts * Tue Nov 23 2021 Vladis Dronov - 6.14-2.git.b2b7934e - Update to the upstream v6.14 @ b2b7934e (bz 2015566)