import rng-tools-6.15-1.el8
This commit is contained in:
parent
474fe720e2
commit
4cd71ca72a
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/jitterentropy-library-3.3.1.tar.gz
|
||||
SOURCES/rng-tools-6.14.tar.gz
|
||||
SOURCES/jitterentropy-library-3.4.0.tar.gz
|
||||
SOURCES/rng-tools-6.15.tar.gz
|
||||
|
@ -1,2 +1,2 @@
|
||||
b48e54d56961e3db138dac4fd6ab3117e31f5db9 SOURCES/jitterentropy-library-3.3.1.tar.gz
|
||||
fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz
|
||||
9b6ad5d20372878cc317a424135c575921d7aa61 SOURCES/jitterentropy-library-3.4.0.tar.gz
|
||||
79de2f603a8d5266691edd5b53efc1a7b6a02cd3 SOURCES/rng-tools-6.15.tar.gz
|
||||
|
@ -1,14 +1,18 @@
|
||||
diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
|
||||
--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
|
||||
+++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
|
||||
--- jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
|
||||
+++ jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
|
||||
@@ -3,11 +3,11 @@
|
||||
CC ?= gcc
|
||||
#Hardening
|
||||
ENABLE_STACK_PROTECTOR ?= 1
|
||||
CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
|
||||
-CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
|
||||
+CFLAGS +=-Wp,-U_FORTIFY_SOURCE -Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
|
||||
LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
|
||||
|
||||
# Enable internal timer support
|
||||
CFLAGS += -DJENT_CONF_ENABLE_INTERNAL_TIMER
|
||||
|
||||
GCCVERSIONFORMAT := $(shell echo `$(CC) -dumpversion | sed 's/\./\n/g' | wc -l`)
|
||||
@@ -28,7 +28,7 @@ LIBDIR := lib
|
||||
INCDIR := include
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
|
||||
--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
|
||||
+++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
|
||||
diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
|
||||
--- jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
|
||||
+++ jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
|
||||
@@ -70,29 +70,6 @@ scan: $(analyze_plists)
|
||||
cppcheck:
|
||||
cppcheck --force -q --enable=performance --enable=warning --enable=portability *.h *.c
|
||||
|
@ -1,25 +1,16 @@
|
||||
diff -up ./Makefile.am.orig ./Makefile.am
|
||||
diff -up Makefile.am Makefile.am
|
||||
--- ./Makefile.am 2021-07-03 22:22:27.000000000 +0200
|
||||
+++ ./Makefile.am 2021-08-06 12:18:48.498612099 +0200
|
||||
@@ -1,7 +1,7 @@
|
||||
##
|
||||
## Toplevel Makefile.am for rng-tools
|
||||
##
|
||||
-SUBDIRS = contrib tests
|
||||
-SUBDIRS = contrib tests
|
||||
+SUBDIRS = contrib tests jitterentropy-library
|
||||
|
||||
sbin_PROGRAMS = rngd
|
||||
bin_PROGRAMS = rngtest
|
||||
@@ -14,7 +14,7 @@ rngd_SOURCES = rngd.h rngd.c rngd_entsou
|
||||
if NISTBEACON
|
||||
rngd_SOURCES += rngd_nistbeacon.c
|
||||
endif
|
||||
-
|
||||
+
|
||||
if RDRAND
|
||||
rngd_SOURCES += rngd_rdrand.c rdrand_asm.S
|
||||
endif
|
||||
@@ -27,29 +27,16 @@ if RNDR
|
||||
@@ -27,40 +27,27 @@ if RNDR
|
||||
rngd_SOURCES += rngd_rndr.c
|
||||
endif
|
||||
|
||||
@ -31,18 +22,28 @@ diff -up ./Makefile.am.orig ./Makefile.am
|
||||
-rngd_SOURCES += rngd_rtlsdr.c
|
||||
-endif
|
||||
|
||||
-rngd_LDADD = librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
||||
+rngd_LDADD = librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
||||
-rngd_LDADD = librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
|
||||
+rngd_LDADD = librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
|
||||
|
||||
-if PKCS11
|
||||
if DARN
|
||||
rngd_SOURCES += rngd_darn.c
|
||||
|
||||
# Build Power9-only code with Power9
|
||||
# compile flags in a separate library
|
||||
rngd_LDADD += libdarn_impl.a
|
||||
noinst_LIBRARIES += libdarn_impl.a
|
||||
libdarn_impl_a_SOURCES = darn_impl.c
|
||||
libdarn_impl_a_CFLAGS = -mcpu=power9 -mtune=power9
|
||||
endif
|
||||
|
||||
-if PKCS11
|
||||
-rngd_SOURCES += rngd_pkcs11.c
|
||||
-pkcs11_ENGINE = -DDEFAULT_PKCS11_ENGINE=\"$(PKCS11_ENGINE)\"
|
||||
-endif
|
||||
-
|
||||
-rngd_CFLAGS = ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
|
||||
-rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
||||
+rngd_CFLAGS = ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
|
||||
+rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
||||
-rngd_CFLAGS = ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS)
|
||||
+rngd_CFLAGS = ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
|
||||
rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
||||
|
||||
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
|
||||
rngtest_LDADD = librngd.a
|
||||
|
@ -1,20 +0,0 @@
|
||||
diff -up jitterentropy-library/src/jitterentropy-noise.c.orig jitterentropy-library/src/jitterentropy-noise.c
|
||||
--- jitterentropy-library/src/jitterentropy-noise.c 2021-11-23 15:42:47.809329173 +0100
|
||||
+++ jitterentropy-library/src/jitterentropy-noise.c 2021-11-23 15:44:19.820499338 +0100
|
||||
@@ -188,7 +188,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
|
||||
uint32_t u[4];
|
||||
uint8_t b[sizeof(uint32_t) * 4];
|
||||
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
|
||||
- uint32_t addressMask = ec->memmask;
|
||||
+ uint32_t addressMask;
|
||||
|
||||
/* Ensure that macros cannot overflow jent_loop_shuffle() */
|
||||
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
|
||||
@@ -197,6 +197,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
|
||||
|
||||
if (NULL == ec || NULL == ec->mem)
|
||||
return;
|
||||
+ addressMask = ec->memmask;
|
||||
|
||||
/*
|
||||
* Mix the current data into prngState
|
14
SOURCES/6-rt-fix-jent-define.patch
Normal file
14
SOURCES/6-rt-fix-jent-define.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- configure.ac 2022-03-24 13:14:11.000000000 +0100
|
||||
+++ configure.ac.new 2022-03-24 15:58:56.187367770 +0100
|
||||
@@ -95,7 +95,10 @@ AS_IF(
|
||||
[AM_CONDITIONAL([JITTER], [true])
|
||||
AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
|
||||
AC_CHECK_LIB(jitterentropy, jent_notime_settick,
|
||||
- [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
|
||||
+ [
|
||||
+ AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])
|
||||
+ AC_DEFINE([JENT_CONF_ENABLE_INTERNAL_TIMER],1,[Enable JENT_CONF_ENABLE_INTERNAL_TIMER])
|
||||
+ ],
|
||||
[],-lpthread)],
|
||||
AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
|
||||
], [AC_MSG_NOTICE([Disabling JITTER entropy source])]
|
@ -1 +0,0 @@
|
||||
SUBSYSTEM=="misc", KERNEL=="hw_random", GROUP="rngd", MODE="0640"
|
@ -1,14 +0,0 @@
|
||||
[Unit]
|
||||
Description=Hardware RNG Entropy Gatherer Wake threshold service
|
||||
ConditionVirtualization=!container
|
||||
Before=rngd.service
|
||||
|
||||
[Service]
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||
AmbientCapabilities=CAP_SYS_ADMIN
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; udevadm trigger --sysname-match=hw_random --settle"
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
@ -1,15 +1,9 @@
|
||||
[Unit]
|
||||
Description=Hardware RNG Entropy Gatherer Daemon
|
||||
ConditionVirtualization=!container
|
||||
Requires=rngd-wake-threshold.service
|
||||
|
||||
# The "-f" option is required for the systemd service rngd to work with Type=simple
|
||||
[Service]
|
||||
User=rngd
|
||||
Group=rngd
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||
AmbientCapabilities=CAP_SYS_ADMIN
|
||||
TimeoutStartSec=60s
|
||||
Type=simple
|
||||
EnvironmentFile=/etc/sysconfig/rngd
|
||||
ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
|
||||
|
@ -1,3 +1,3 @@
|
||||
# Optional arguments passed to rngd. See rngd(8) and
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
|
||||
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
|
||||
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon"
|
||||
|
@ -2,40 +2,36 @@
|
||||
|
||||
Summary: Random number generator related utilities
|
||||
Name: rng-tools
|
||||
Version: 6.14
|
||||
Release: 4.git.b2b7934e%{?dist}
|
||||
Version: 6.15
|
||||
Release: 1%{?dist}
|
||||
Group: System Environment/Base
|
||||
License: GPLv2+
|
||||
URL: https://github.com/nhorman/rng-tools
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: rngd.service
|
||||
Source2: rngd-wake-threshold.service
|
||||
Source3: 60-hwrng.rules
|
||||
Source4: jitterentropy-library-3.3.1.tar.gz
|
||||
Source5: rngd.sysconfig
|
||||
Source2: rngd.sysconfig
|
||||
Source3: jitterentropy-library-3.4.0.tar.gz
|
||||
|
||||
Patch0: 1-je-rh-makefile.patch
|
||||
Patch1: 2-je-remove-install.patch
|
||||
Patch2: 3-rt-use-jitter-static.patch
|
||||
Patch3: 4-rt-revert-build-randstat.patch
|
||||
Patch4: 5-rt-comment-out-have-aesni.patch
|
||||
Patch5: 6-je-fix-ec-check.patch
|
||||
|
||||
BuildRequires: gcc make
|
||||
BuildRequires: gcc make binutils
|
||||
BuildRequires: gettext
|
||||
#BuildRequires: systemd-units
|
||||
BuildRequires: systemd systemd-rpm-macros
|
||||
BuildRequires: autoconf automake
|
||||
BuildRequires: libgcrypt-devel libcurl-devel
|
||||
BuildRequires: libsysfs-devel jansson-devel
|
||||
BuildRequires: libxml2-devel openssl-devel
|
||||
#Requires(post): systemd-units
|
||||
#Requires(preun): systemd-units
|
||||
#Requires(postun): systemd-units
|
||||
BuildRequires: jansson-devel
|
||||
BuildRequires: libcap-devel
|
||||
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
Requires: jansson openssl
|
||||
Requires: selinux-policy >= 3.14.3-98
|
||||
|
||||
Patch0: 1-je-rh-makefile.patch
|
||||
Patch1: 2-je-remove-install.patch
|
||||
Patch2: 3-rt-use-jitter-static.patch
|
||||
Patch3: 4-rt-revert-build-randstat.patch
|
||||
Patch4: 5-rt-comment-out-have-aesni.patch
|
||||
Patch5: 6-rt-fix-jent-define.patch
|
||||
|
||||
%description
|
||||
This is a random number generator daemon and its tools. It monitors
|
||||
@ -44,42 +40,33 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
tar xf %{SOURCE4}
|
||||
mv jitterentropy-library-3.3.1 jitterentropy-library
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p0
|
||||
%patch4 -p0
|
||||
%patch5 -p0
|
||||
tar xf %{SOURCE3}
|
||||
mv jitterentropy-library-3.4.0 jitterentropy-library
|
||||
%autopatch -p0
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS
|
||||
sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in
|
||||
%configure --without-pkcs11 --without-rtlsdr
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
# install systemd unit file and udev rules
|
||||
# install systemd unit file
|
||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
|
||||
install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3}
|
||||
# install sysconfig file
|
||||
install -D %{SOURCE5} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
|
||||
|
||||
%pre
|
||||
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
|
||||
install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
|
||||
|
||||
%post
|
||||
%systemd_post rngd.service rngd-wake-threshold.service
|
||||
/usr/bin/systemctl start rngd-wake-threshold.service || :
|
||||
%systemd_post rngd.service
|
||||
|
||||
%preun
|
||||
%systemd_preun rngd.service rngd-wake-threshold.service
|
||||
%systemd_preun rngd.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
|
||||
%systemd_postun_with_restart rngd.service
|
||||
|
||||
%files
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
@ -89,12 +76,19 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
|
||||
%{_sbindir}/rngd
|
||||
%{_mandir}/man1/rngtest.1.*
|
||||
%{_mandir}/man8/rngd.8.*
|
||||
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
|
||||
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
|
||||
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
|
||||
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
|
||||
|
||||
%changelog
|
||||
* Sat Apr 16 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-1
|
||||
- Update rng-tools to v6.15 @ 172bf0e3 (bz 2075974)
|
||||
- Update jitterentropy library to v3.4.0 @ 887c9871
|
||||
- Allow rngd process to drop privileges with "-D user:group"
|
||||
- Fix an error building with jitterentropy-3.4.0
|
||||
- Add a requirement for selinux-policy of a certain version
|
||||
- Fix a build failure on ppc64
|
||||
- Small edits in test scripts
|
||||
|
||||
* Mon Nov 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
|
||||
- Update rng-tools to v6.14 @ b2b7934e (bz 2015570)
|
||||
- Update jitterentropy library to v3.3.1 @ 887c9871
|
||||
|
Loading…
Reference in New Issue
Block a user