diff --git a/SOURCES/3-rt-change-option.patch b/SOURCES/3-rt-change-option.patch new file mode 100644 index 0000000..3c7557a --- /dev/null +++ b/SOURCES/3-rt-change-option.patch @@ -0,0 +1,40 @@ +From 6e1a11ae6df8cd6c98657a8b78761763f3ff2abd Mon Sep 17 00:00:00 2001 +From: Neil Horman +Date: Mon, 28 Feb 2022 07:59:57 -0500 +Subject: [PATCH 2/3] Change DARN_OPT_AES to DRNG_OPT_AES for rngd_rndr.c +Content-type: text/plain + +@dermotbradley noted that we were using the wrong define for the arm +rndr instruction. Fix that up + +Signed-off-by: Neil Horman +Signed-off-by: Vladis Dronov +--- + rngd_rndr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git rngd_rndr.c rngd_rndr.c +index 79bf2ce..fa1eaa9 100644 +--- rngd_rndr.c ++++ rngd_rndr.c +@@ -171,7 +171,7 @@ static int fill_from_rndr(void *buf, size_t size) + + int xread_rndr(void *buf, size_t size, struct rng *ent_src) + { +- if (ent_src->rng_options[DARN_OPT_AES].int_val) ++ if (ent_src->rng_options[DRNG_OPT_AES].int_val) + return fill_from_aes(ent_src, buf, size); + else + return fill_from_rndr(buf, size); +@@ -187,7 +187,7 @@ int init_rndr_entropy_source(struct rng *ent_src) + return 1; + } + message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling aarch64 RNDR rng support\n"); +- if (ent_src->rng_options[DARN_OPT_AES].int_val && init_openssl(ent_src)) ++ if (ent_src->rng_options[DRNG_OPT_AES].int_val && init_openssl(ent_src)) + return 1; + return 0; + } +-- +2.35.1 + diff --git a/SOURCES/4-rt-adjust-detection.patch b/SOURCES/4-rt-adjust-detection.patch new file mode 100644 index 0000000..8fce433 --- /dev/null +++ b/SOURCES/4-rt-adjust-detection.patch @@ -0,0 +1,32 @@ +From e2698477e8abf623c18ab28d33cc894ec882a706 Mon Sep 17 00:00:00 2001 +From: Neil Horman +Date: Fri, 18 Mar 2022 18:59:52 -0400 +Subject: [PATCH 3/3] Adjust jitterentropy detection to look for the settick + function +Content-type: text/plain + +Theres no great way to detect if jitterentropy has the internal timer +feature enabled so we have to look for a function that is only defined +when it is enabled + +Signed-off-by: Vladis Dronov +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git configure.ac configure.ac +index e16e1a0..0f5a38e 100644 +--- configure.ac ++++ configure.ac +@@ -94,7 +94,7 @@ AS_IF( + AC_SEARCH_LIBS(jent_version,jitterentropy, + [AM_CONDITIONAL([JITTER], [true]) + AC_DEFINE([HAVE_JITTER],1,[Enable JITTER]) +- AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl, ++ AC_CHECK_LIB(jitterentropy, jent_notime_settick, + [AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])], + [],-lpthread)], + AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread) +-- +2.35.1 + diff --git a/SOURCES/5-rt-drop-unused-variables.patch b/SOURCES/5-rt-drop-unused-variables.patch new file mode 100644 index 0000000..d6e8bb5 --- /dev/null +++ b/SOURCES/5-rt-drop-unused-variables.patch @@ -0,0 +1,53 @@ +From 370e252c6caedf561c832fa19b20abb7e249b326 Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Fri, 25 Mar 2022 12:41:45 +0100 +Subject: [PATCH] Drop unused variables +Content-type: text/plain + +And brush up code a bit. Unused variables are reported by gcc as: + +rngd_darn.c: In function 'init_openssl': +rngd_darn.c:68:13: warning: unused variable 'i' [-Wunused-variable] + 68 | int i; +rngd_darn.c: In function 'xread_darn': +rngd_darn.c:163:19: warning: unused variable 'darn_ptr' [-Wunused-variable] + 163 | uint64_t *darn_ptr =(uint64_t *)buf; + +Signed-off-by: Vladis Dronov +--- + rngd_darn.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git rngd_darn.c rngd_darn.c +index 5254195..7b26cbe 100644 +--- rngd_darn.c ++++ rngd_darn.c +@@ -65,7 +65,6 @@ static size_t rand_bytes_served = 0; + static int init_openssl(struct rng *ent_src) + { + uint64_t darn_val; +- int i; + + ossl_aes_random_key(key, NULL); + +@@ -140,8 +139,7 @@ static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t cop + */ + static uint64_t get_darn() + { +- uint64_t darn_val; +- darn_val = 0; ++ uint64_t darn_val = 0; + int i; + + /* +@@ -160,7 +158,6 @@ static uint64_t get_darn() + + int xread_darn(void *buf, size_t size, struct rng *ent_src) + { +- uint64_t *darn_ptr =(uint64_t *)buf; + size_t copied = 0; + + while (copied < size) { +-- +2.35.1 + diff --git a/SOURCES/60-hwrng.rules b/SOURCES/60-hwrng.rules deleted file mode 100644 index dfb7cae..0000000 --- a/SOURCES/60-hwrng.rules +++ /dev/null @@ -1 +0,0 @@ -SUBSYSTEM=="misc", KERNEL=="hw_random", GROUP="rngd", MODE="0640" diff --git a/SOURCES/rngd-wake-threshold.service b/SOURCES/rngd-wake-threshold.service index 41ef172..4da3ff7 100644 --- a/SOURCES/rngd-wake-threshold.service +++ b/SOURCES/rngd-wake-threshold.service @@ -1,14 +1,15 @@ +# This unit is needed to run rngd as a non-privileged user. +# It performs a system set up which requires privileges. + [Unit] Description=Hardware RNG Entropy Gatherer Wake threshold service ConditionVirtualization=!container Before=rngd.service [Service] -CapabilityBoundingSet=CAP_SYS_ADMIN -AmbientCapabilities=CAP_SYS_ADMIN Type=oneshot RemainAfterExit=yes -ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; udevadm trigger --sysname-match=hw_random --settle" +ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; if [ -e /dev/hwrng ]; then chmod 0640 /dev/hwrng; chgrp rngd /dev/hwrng; fi" [Install] -WantedBy=sysinit.target +WantedBy=multi-user.target diff --git a/SPECS/rng-tools.spec b/SPECS/rng-tools.spec index 1d19fd1..2d1a864 100644 --- a/SPECS/rng-tools.spec +++ b/SPECS/rng-tools.spec @@ -12,19 +12,15 @@ Summary: Random number generator related utilities Name: rng-tools Version: 6.14 -Release: 2.git.b2b7934e%{?dist} +Release: 5.git.b2b7934e%{?dist} License: GPLv2+ URL: https://github.com/nhorman/rng-tools Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source1: rngd.service Source2: rngd-wake-threshold.service -Source3: 60-hwrng.rules -Source4: rngd.sysconfig +Source3: rngd.sysconfig -Patch0: 1-rt-revert-build-randstat.patch -Patch1: 2-rt-comment-out-have-aesni.patch - -BuildRequires: gcc make +BuildRequires: gcc make binutils BuildRequires: gettext BuildRequires: systemd systemd-rpm-macros BuildRequires: autoconf automake @@ -44,6 +40,12 @@ Requires(preun): systemd Requires(postun): systemd Requires: jansson openssl +Patch0: 1-rt-revert-build-randstat.patch +Patch1: 2-rt-comment-out-have-aesni.patch +Patch2: 3-rt-change-option.patch +Patch3: 4-rt-adjust-detection.patch +Patch4: 5-rt-drop-unused-variables.patch + %description This is a random number generator daemon and its tools. It monitors a set of entropy sources present on a system (like /dev/hwrng, RDRAND, @@ -67,15 +69,15 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool. %install %make_install -# install systemd unit file and udev rules +# install systemd unit files install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2} -install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3} # install sysconfig file -install -D %{SOURCE4} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd +install -D %{SOURCE3} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd %pre -getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd +getent group rngd >/dev/null || groupadd -f -r rngd +getent passwd rngd >/dev/null || useradd -r -g rngd -M -d / -s /sbin/nologin -c "Random Number Generator Daemon" rngd %post %systemd_post rngd.service rngd-wake-threshold.service @@ -86,6 +88,7 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s %postun %systemd_postun_with_restart rngd.service rngd-wake-threshold.service +getent passwd rngd >/dev/null && userdel rngd %files %{!?_licensedir:%global license %%doc} @@ -97,10 +100,19 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s %{_mandir}/man8/rngd.8.* %attr(0644,root,root) %{_unitdir}/rngd.service %attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service -%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd %changelog +* Thu Apr 28 2022 Vladis Dronov - 6.14-5.git.b2b7934e +- Fix a missing rngd group issue (bz2079379) +- Fix test script permissions + +* Thu Apr 21 2022 Vladis Dronov - 6.14-4.git.b2b7934e +- Fix udevadm issues on systems lacking it (bz 2057030) +- Fix a missing working directory issue (bz 2053160) +- Add some upstream patches +- Fix tests + * Tue Nov 23 2021 Vladis Dronov - 6.14-2.git.b2b7934e - Update to the upstream v6.14 @ b2b7934e (bz 2015566) - Add a config file for storing rngd options