import rng-tools-6.14-2.git.b2b7934e.el9

.gitignore

@@ -1 +1 @@
-SOURCES/rng-tools-6.13.tar.gz
+SOURCES/rng-tools-6.14.tar.gz

.rng-tools.metadata

@@ -1 +1 @@
-d62bce6a0602c417073fa438c998ceef0d150373 SOURCES/rng-tools-6.13.tar.gz
+fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz

SOURCES/1-rt-revert-build-randstat.patch

@@ -0,0 +1,47 @@
+From de2ee0d8b7e8ad2915165ef941a6ec37442a2fdc Mon Sep 17 00:00:00 2001
+From: Vladis Dronov <vdronov@redhat.com>
+Date: Tue, 6 Jul 2021 14:36:46 +0200
+Subject: [PATCH] Revert "Build randstat binary"
+
+We do not want new and mostly useless randstat binary.
+This reverts commit 2ce93190cb0111fcab2f622a539689d70960643a.
+
+Signed-off-by: Vladis Dronov <vdronov@redhat.com>
+---
+ .gitignore          | 3 +--
+ contrib/Makefile.am | 5 +++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git .gitignore .gitignore
+index 943fa2b..5dc334d 100644
+--- .gitignore
++++ .gitignore
+@@ -1,6 +1,6 @@
+ *.a
+ *.o
+-.deps/
++/.deps/
+ /aclocal.m4
+ /ar-lib
+ /autom4te.cache/
+@@ -10,7 +10,6 @@
+ /config.status
+ /config.sub
+ /configure
+-/contrib/randstat
+ /depcomp
+ /install-sh
+ /missing
+diff --git contrib/Makefile.am contrib/Makefile.am
+index a81fb0e..18c4fbc 100644
+--- contrib/Makefile.am
++++ contrib/Makefile.am
+@@ -1,2 +1,3 @@
+-bin_PROGRAMS = randstat
+-randstat_SOURCES = randstat.c
++
++EXTRA_DIST = randstat.c
++
+-- 
+2.26.3
+

SOURCES/2-rt-comment-out-have-aesni.patch

@@ -0,0 +1,42 @@
+From 86a66ed41390fa5f98aade60a55376269fd163b0 Mon Sep 17 00:00:00 2001
+From: Vladis Dronov <vdronov@redhat.com>
+Date: Fri, 17 Sep 2021 01:04:51 +0200
+Subject: [PATCH] Comment out an unused assignment
+
+Covscan warns about an unused value. Comment it out.
+
+Defect type: UNUSED_VALUE: covscan warning:
+rng-tools-6.13/rngd_rdrand.c:260: assigned_value: Assigning value
+from "!!(info.ecx & 0x2000000U)" to "have_aesni" here, but that
+stored value is overwritten before it can be used.
+
+Signed-off-by: Vladis Dronov <vdronov@redhat.com>
+---
+ rngd_rdrand.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git rngd_rdrand.c rngd_rdrand.c
+index caa9d05..ea7b8fa 100644
+--- rngd_rdrand.c
++++ rngd_rdrand.c
+@@ -239,7 +239,7 @@ int init_drng_entropy_source(struct rng *ent_src)
+ 	struct cpuid info;
+ 	/* We need RDRAND, but AESni is optional */
+ 	const uint32_t features_ecx1_rdrand = 1 << 30;
+-	const uint32_t features_ecx1_aesni  = 1 << 25;
++	//const uint32_t features_ecx1_aesni  = 1 << 25;
+ 	const uint32_t features_ebx7_rdseed = 1 << 18;
+ 	uint32_t max_cpuid_leaf;
+ 	unsigned char xkey[AES_BLOCK];	/* Material to XOR into the key */
+@@ -257,7 +257,7 @@ int init_drng_entropy_source(struct rng *ent_src)
+ 	if (!(info.ecx & features_ecx1_rdrand))
+ 		return 1;
+ 
+-	have_aesni = !!(info.ecx & features_ecx1_aesni);
++	//have_aesni = !!(info.ecx & features_ecx1_aesni);
+ 	have_aesni = 0; /* BACK OUT NH */
+ 	have_rdseed = 0;
+ 	if (max_cpuid_leaf >= 7) {
+-- 
+2.26.3
+

SOURCES/rngd.service

@@ -3,13 +3,16 @@ Description=Hardware RNG Entropy Gatherer Daemon
 ConditionVirtualization=!container
 Requires=rngd-wake-threshold.service
 
+# The "-f" option is required for the systemd service rngd to work with Type=simple
 [Service]
 User=rngd
 Group=rngd
 CapabilityBoundingSet=CAP_SYS_ADMIN
 AmbientCapabilities=CAP_SYS_ADMIN
-ExecStart=/usr/sbin/rngd -f --fill-watermark=0
 TimeoutStartSec=60s
+Type=simple
+EnvironmentFile=/etc/sysconfig/rngd
+ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
 
 [Install]
 WantedBy=multi-user.target

SOURCES/rngd.sysconfig

@@ -0,0 +1,3 @@
+# Optional arguments passed to rngd. See rngd(8) and
+# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
+RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"

SPECS/rng-tools.spec

@@ -11,14 +11,18 @@
 
 Summary:        Random number generator related utilities
 Name:           rng-tools
-Version:        6.13
+Version:        6.14
-Release:        6.git.d207e0b6%{?dist}
+Release:        2.git.b2b7934e%{?dist}
 License:        GPLv2+
 URL:            https://github.com/nhorman/rng-tools
 Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        rngd.service
 Source2:        rngd-wake-threshold.service
 Source3:        60-hwrng.rules
+Source4:        rngd.sysconfig
+
+Patch0: 1-rt-revert-build-randstat.patch
+Patch1: 2-rt-comment-out-have-aesni.patch
 
 BuildRequires: gcc make
 BuildRequires: gettext
@@ -38,12 +42,15 @@ BuildRequires: libp11-devel
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
+Requires: jansson openssl
 
 %description
-Hardware random number generation tools.
+This is a random number generator daemon and its tools. It monitors
+a set of entropy sources present on a system (like /dev/hwrng, RDRAND,
+TPM, jitter) and supplies entropy from them to a kernel entropy pool.
 
 %prep
-%autosetup
+%autosetup -p0
 
 %build
 %if !%{with pkcs11}
@@ -64,6 +71,8 @@ Hardware random number generation tools.
 install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
 install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
 install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3}
+# install sysconfig file
+install -D %{SOURCE4} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
 
 %pre
 getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
@@ -89,8 +98,13 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
 %attr(0644,root,root)   %{_unitdir}/rngd.service
 %attr(0644,root,root)   %{_unitdir}/rngd-wake-threshold.service
 %attr(0644,root,root)   %{_udevrulesdir}/60-hwrng.rules
+%config(noreplace) %attr(0644,root,root)   %{_sysconfdir}/sysconfig/rngd
 
 %changelog
+* Tue Nov 23 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-2.git.b2b7934e
+- Update to the upstream v6.14 @ b2b7934e (bz 2015566)
+- Add a config file for storing rngd options
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 6.13-6.git.d207e0b6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688