Auto sync2gitlab import of rng-tools-6.14-4.git.b2b7934e.el8.src.rpm
This commit is contained in:
parent
52f7e60f86
commit
7626867714
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
/jitterentropy-library-3.3.1.tar.gz
|
||||||
|
/rng-tools-6.14.tar.gz
|
56
1-je-rh-makefile.patch
Normal file
56
1-je-rh-makefile.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
|
||||||
|
--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
|
||||||
|
+++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
CC ?= gcc
|
||||||
|
#Hardening
|
||||||
|
CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
|
||||||
|
-CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
|
||||||
|
+CFLAGS +=-Wp,-U_FORTIFY_SOURCE -Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
|
||||||
|
LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
|
||||||
|
|
||||||
|
GCCVERSIONFORMAT := $(shell echo `$(CC) -dumpversion | sed 's/\./\n/g' | wc -l`)
|
||||||
|
@@ -28,7 +28,7 @@ LIBDIR := lib
|
||||||
|
INCDIR := include
|
||||||
|
SRCDIR := src
|
||||||
|
|
||||||
|
-INSTALL_STRIP ?= install -s
|
||||||
|
+INSTALL ?= install
|
||||||
|
|
||||||
|
NAME := jitterentropy
|
||||||
|
LIBMAJOR=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}')
|
||||||
|
@@ -73,25 +73,25 @@ cppcheck:
|
||||||
|
install: install-man install-shared install-includes
|
||||||
|
|
||||||
|
install-man:
|
||||||
|
- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
|
||||||
|
- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
|
||||||
|
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
|
||||||
|
+ $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
|
||||||
|
gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
|
||||||
|
|
||||||
|
install-shared:
|
||||||
|
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
|
||||||
|
- $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
|
||||||
|
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
|
||||||
|
+ $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
|
||||||
|
$(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
|
||||||
|
ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
|
||||||
|
ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
|
||||||
|
|
||||||
|
install-includes:
|
||||||
|
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
|
||||||
|
- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
|
||||||
|
- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
|
||||||
|
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
|
||||||
|
+ $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
|
||||||
|
+ $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
|
||||||
|
|
||||||
|
install-static:
|
||||||
|
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
|
||||||
|
- install -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
|
||||||
|
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
|
||||||
|
+ $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
|
||||||
|
|
||||||
|
clean:
|
||||||
|
@- $(RM) $(NAME)
|
33
2-je-remove-install.patch
Normal file
33
2-je-remove-install.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
|
||||||
|
--- ./jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
|
||||||
|
+++ ./jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
|
||||||
|
@@ -70,29 +70,6 @@ scan: $(analyze_plists)
|
||||||
|
cppcheck:
|
||||||
|
cppcheck --force -q --enable=performance --enable=warning --enable=portability *.h *.c
|
||||||
|
|
||||||
|
-install: install-man install-shared install-includes
|
||||||
|
-
|
||||||
|
-install-man:
|
||||||
|
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
|
||||||
|
- $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
|
||||||
|
- gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
|
||||||
|
-
|
||||||
|
-install-shared:
|
||||||
|
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
|
||||||
|
- $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
|
||||||
|
- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
|
||||||
|
- ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
|
||||||
|
- ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
|
||||||
|
-
|
||||||
|
-install-includes:
|
||||||
|
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
|
||||||
|
- $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
|
||||||
|
- $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
|
||||||
|
-
|
||||||
|
-install-static:
|
||||||
|
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
|
||||||
|
- $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
|
||||||
|
-
|
||||||
|
clean:
|
||||||
|
@- $(RM) $(NAME)
|
||||||
|
@- $(RM) $(OBJS)
|
54
3-rt-use-jitter-static.patch
Normal file
54
3-rt-use-jitter-static.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
diff -up ./Makefile.am.orig ./Makefile.am
|
||||||
|
--- ./Makefile.am 2021-07-03 22:22:27.000000000 +0200
|
||||||
|
+++ ./Makefile.am 2021-08-06 12:18:48.498612099 +0200
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
##
|
||||||
|
## Toplevel Makefile.am for rng-tools
|
||||||
|
##
|
||||||
|
-SUBDIRS = contrib tests
|
||||||
|
+SUBDIRS = contrib tests jitterentropy-library
|
||||||
|
|
||||||
|
sbin_PROGRAMS = rngd
|
||||||
|
bin_PROGRAMS = rngtest
|
||||||
|
@@ -14,7 +14,7 @@ rngd_SOURCES = rngd.h rngd.c rngd_entsou
|
||||||
|
if NISTBEACON
|
||||||
|
rngd_SOURCES += rngd_nistbeacon.c
|
||||||
|
endif
|
||||||
|
-
|
||||||
|
+
|
||||||
|
if RDRAND
|
||||||
|
rngd_SOURCES += rngd_rdrand.c rdrand_asm.S
|
||||||
|
endif
|
||||||
|
@@ -27,29 +27,16 @@ if RNDR
|
||||||
|
rngd_SOURCES += rngd_rndr.c
|
||||||
|
endif
|
||||||
|
|
||||||
|
-if JITTER
|
||||||
|
rngd_SOURCES += rngd_jitter.c
|
||||||
|
-endif
|
||||||
|
-
|
||||||
|
-if RTLSDR
|
||||||
|
-rngd_SOURCES += rngd_rtlsdr.c
|
||||||
|
-endif
|
||||||
|
|
||||||
|
-rngd_LDADD = librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
||||||
|
+rngd_LDADD = librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
|
||||||
|
|
||||||
|
-if PKCS11
|
||||||
|
-rngd_SOURCES += rngd_pkcs11.c
|
||||||
|
-pkcs11_ENGINE = -DDEFAULT_PKCS11_ENGINE=\"$(PKCS11_ENGINE)\"
|
||||||
|
-endif
|
||||||
|
-
|
||||||
|
-rngd_CFLAGS = ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
|
||||||
|
-rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
||||||
|
+rngd_CFLAGS = ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
|
||||||
|
+rngd_LDFLAGS = $(PTHREAD_CFLAGS)
|
||||||
|
|
||||||
|
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
|
||||||
|
rngtest_LDADD = librngd.a
|
||||||
|
|
||||||
|
librngd_a_SOURCES = fips.h fips.c
|
||||||
|
|
||||||
|
-
|
||||||
|
EXTRA_DIST = autogen.sh
|
||||||
|
-
|
47
4-rt-revert-build-randstat.patch
Normal file
47
4-rt-revert-build-randstat.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From de2ee0d8b7e8ad2915165ef941a6ec37442a2fdc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vladis Dronov <vdronov@redhat.com>
|
||||||
|
Date: Tue, 6 Jul 2021 14:36:46 +0200
|
||||||
|
Subject: [PATCH] Revert "Build randstat binary"
|
||||||
|
|
||||||
|
We do not want new and mostly useless randstat binary.
|
||||||
|
This reverts commit 2ce93190cb0111fcab2f622a539689d70960643a.
|
||||||
|
|
||||||
|
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||||
|
---
|
||||||
|
.gitignore | 3 +--
|
||||||
|
contrib/Makefile.am | 5 +++--
|
||||||
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git .gitignore .gitignore
|
||||||
|
index 943fa2b..5dc334d 100644
|
||||||
|
--- .gitignore
|
||||||
|
+++ .gitignore
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
*.a
|
||||||
|
*.o
|
||||||
|
-.deps/
|
||||||
|
+/.deps/
|
||||||
|
/aclocal.m4
|
||||||
|
/ar-lib
|
||||||
|
/autom4te.cache/
|
||||||
|
@@ -10,7 +10,6 @@
|
||||||
|
/config.status
|
||||||
|
/config.sub
|
||||||
|
/configure
|
||||||
|
-/contrib/randstat
|
||||||
|
/depcomp
|
||||||
|
/install-sh
|
||||||
|
/missing
|
||||||
|
diff --git contrib/Makefile.am contrib/Makefile.am
|
||||||
|
index a81fb0e..18c4fbc 100644
|
||||||
|
--- contrib/Makefile.am
|
||||||
|
+++ contrib/Makefile.am
|
||||||
|
@@ -1,2 +1,3 @@
|
||||||
|
-bin_PROGRAMS = randstat
|
||||||
|
-randstat_SOURCES = randstat.c
|
||||||
|
+
|
||||||
|
+EXTRA_DIST = randstat.c
|
||||||
|
+
|
||||||
|
--
|
||||||
|
2.26.3
|
||||||
|
|
42
5-rt-comment-out-have-aesni.patch
Normal file
42
5-rt-comment-out-have-aesni.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
From 86a66ed41390fa5f98aade60a55376269fd163b0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vladis Dronov <vdronov@redhat.com>
|
||||||
|
Date: Fri, 17 Sep 2021 01:04:51 +0200
|
||||||
|
Subject: [PATCH] Comment out an unused assignment
|
||||||
|
|
||||||
|
Covscan warns about an unused value. Comment it out.
|
||||||
|
|
||||||
|
Defect type: UNUSED_VALUE: covscan warning:
|
||||||
|
rng-tools-6.13/rngd_rdrand.c:260: assigned_value: Assigning value
|
||||||
|
from "!!(info.ecx & 0x2000000U)" to "have_aesni" here, but that
|
||||||
|
stored value is overwritten before it can be used.
|
||||||
|
|
||||||
|
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||||
|
---
|
||||||
|
rngd_rdrand.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git rngd_rdrand.c rngd_rdrand.c
|
||||||
|
index caa9d05..ea7b8fa 100644
|
||||||
|
--- rngd_rdrand.c
|
||||||
|
+++ rngd_rdrand.c
|
||||||
|
@@ -239,7 +239,7 @@ int init_drng_entropy_source(struct rng *ent_src)
|
||||||
|
struct cpuid info;
|
||||||
|
/* We need RDRAND, but AESni is optional */
|
||||||
|
const uint32_t features_ecx1_rdrand = 1 << 30;
|
||||||
|
- const uint32_t features_ecx1_aesni = 1 << 25;
|
||||||
|
+ //const uint32_t features_ecx1_aesni = 1 << 25;
|
||||||
|
const uint32_t features_ebx7_rdseed = 1 << 18;
|
||||||
|
uint32_t max_cpuid_leaf;
|
||||||
|
unsigned char xkey[AES_BLOCK]; /* Material to XOR into the key */
|
||||||
|
@@ -257,7 +257,7 @@ int init_drng_entropy_source(struct rng *ent_src)
|
||||||
|
if (!(info.ecx & features_ecx1_rdrand))
|
||||||
|
return 1;
|
||||||
|
|
||||||
|
- have_aesni = !!(info.ecx & features_ecx1_aesni);
|
||||||
|
+ //have_aesni = !!(info.ecx & features_ecx1_aesni);
|
||||||
|
have_aesni = 0; /* BACK OUT NH */
|
||||||
|
have_rdseed = 0;
|
||||||
|
if (max_cpuid_leaf >= 7) {
|
||||||
|
--
|
||||||
|
2.26.3
|
||||||
|
|
20
6-je-fix-ec-check.patch
Normal file
20
6-je-fix-ec-check.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff -up jitterentropy-library/src/jitterentropy-noise.c.orig jitterentropy-library/src/jitterentropy-noise.c
|
||||||
|
--- jitterentropy-library/src/jitterentropy-noise.c 2021-11-23 15:42:47.809329173 +0100
|
||||||
|
+++ jitterentropy-library/src/jitterentropy-noise.c 2021-11-23 15:44:19.820499338 +0100
|
||||||
|
@@ -188,7 +188,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
|
||||||
|
uint32_t u[4];
|
||||||
|
uint8_t b[sizeof(uint32_t) * 4];
|
||||||
|
} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
|
||||||
|
- uint32_t addressMask = ec->memmask;
|
||||||
|
+ uint32_t addressMask;
|
||||||
|
|
||||||
|
/* Ensure that macros cannot overflow jent_loop_shuffle() */
|
||||||
|
BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
|
||||||
|
@@ -197,6 +197,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
|
||||||
|
|
||||||
|
if (NULL == ec || NULL == ec->mem)
|
||||||
|
return;
|
||||||
|
+ addressMask = ec->memmask;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Mix the current data into prngState
|
1
60-hwrng.rules
Normal file
1
60-hwrng.rules
Normal file
@ -0,0 +1 @@
|
|||||||
|
SUBSYSTEM=="misc", KERNEL=="hw_random", GROUP="rngd", MODE="0640"
|
236
rng-tools.spec
Normal file
236
rng-tools.spec
Normal file
@ -0,0 +1,236 @@
|
|||||||
|
%global _hardened_build 1
|
||||||
|
|
||||||
|
Summary: Random number generator related utilities
|
||||||
|
Name: rng-tools
|
||||||
|
Version: 6.14
|
||||||
|
Release: 4.git.b2b7934e%{?dist}
|
||||||
|
Group: System Environment/Base
|
||||||
|
License: GPLv2+
|
||||||
|
URL: https://github.com/nhorman/rng-tools
|
||||||
|
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
|
Source1: rngd.service
|
||||||
|
Source2: rngd-wake-threshold.service
|
||||||
|
Source3: 60-hwrng.rules
|
||||||
|
Source4: jitterentropy-library-3.3.1.tar.gz
|
||||||
|
Source5: rngd.sysconfig
|
||||||
|
|
||||||
|
Patch0: 1-je-rh-makefile.patch
|
||||||
|
Patch1: 2-je-remove-install.patch
|
||||||
|
Patch2: 3-rt-use-jitter-static.patch
|
||||||
|
Patch3: 4-rt-revert-build-randstat.patch
|
||||||
|
Patch4: 5-rt-comment-out-have-aesni.patch
|
||||||
|
Patch5: 6-je-fix-ec-check.patch
|
||||||
|
|
||||||
|
BuildRequires: gcc make
|
||||||
|
BuildRequires: gettext
|
||||||
|
#BuildRequires: systemd-units
|
||||||
|
BuildRequires: systemd systemd-rpm-macros
|
||||||
|
BuildRequires: autoconf automake
|
||||||
|
BuildRequires: libgcrypt-devel libcurl-devel
|
||||||
|
BuildRequires: libsysfs-devel jansson-devel
|
||||||
|
BuildRequires: libxml2-devel openssl-devel
|
||||||
|
#Requires(post): systemd-units
|
||||||
|
#Requires(preun): systemd-units
|
||||||
|
#Requires(postun): systemd-units
|
||||||
|
Requires(post): systemd
|
||||||
|
Requires(preun): systemd
|
||||||
|
Requires(postun): systemd
|
||||||
|
Requires: jansson openssl
|
||||||
|
|
||||||
|
%description
|
||||||
|
This is a random number generator daemon and its tools. It monitors
|
||||||
|
a set of entropy sources present on a system (like /dev/hwrng, RDRAND,
|
||||||
|
TPM, jitter) and supplies entropy from them to a kernel entropy pool.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q
|
||||||
|
tar xf %{SOURCE4}
|
||||||
|
mv jitterentropy-library-3.3.1 jitterentropy-library
|
||||||
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p0
|
||||||
|
%patch4 -p0
|
||||||
|
%patch5 -p0
|
||||||
|
|
||||||
|
%build
|
||||||
|
./autogen.sh
|
||||||
|
%configure --without-pkcs11 --without-rtlsdr
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
|
||||||
|
# install systemd unit file and udev rules
|
||||||
|
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
|
||||||
|
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
|
||||||
|
install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3}
|
||||||
|
# install sysconfig file
|
||||||
|
install -D %{SOURCE5} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
|
||||||
|
|
||||||
|
%pre
|
||||||
|
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
|
||||||
|
|
||||||
|
%post
|
||||||
|
%systemd_post rngd.service rngd-wake-threshold.service
|
||||||
|
/usr/bin/systemctl start rngd-wake-threshold.service || :
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%systemd_preun rngd.service rngd-wake-threshold.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
|
||||||
|
|
||||||
|
%files
|
||||||
|
%{!?_licensedir:%global license %%doc}
|
||||||
|
%license COPYING
|
||||||
|
%doc AUTHORS README
|
||||||
|
%{_bindir}/rngtest
|
||||||
|
%{_sbindir}/rngd
|
||||||
|
%{_mandir}/man1/rngtest.1.*
|
||||||
|
%{_mandir}/man8/rngd.8.*
|
||||||
|
%attr(0644,root,root) %{_unitdir}/rngd.service
|
||||||
|
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
|
||||||
|
%attr(0644,root,root) %{_udevrulesdir}/60-hwrng.rules
|
||||||
|
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Nov 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
|
||||||
|
- Update rng-tools to v6.14 @ b2b7934e (bz 2015570)
|
||||||
|
- Update jitterentropy library to v3.3.1 @ 887c9871
|
||||||
|
- Add a config file for storing rngd options
|
||||||
|
- Fix a security issue found by a covscan in jitterentropy library
|
||||||
|
|
||||||
|
* Thu Jul 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-1.git.d207e0b6
|
||||||
|
- Update to the upstream v6.13 + tip of origin/master + onecpu
|
||||||
|
branch + revert of 2ce93190
|
||||||
|
- Rebuild rng-tools against the latest jitterentropy library
|
||||||
|
3.0.2-2.git.409828cf with fixes for an important issue
|
||||||
|
- Fix a number of issues (bz 1974103, bz 1980421, bz 1859154)
|
||||||
|
|
||||||
|
* Mon Jul 05 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-6
|
||||||
|
- Adjust rngd-wake-threshold.service and post section so udevadm is not
|
||||||
|
run in a container (bz 1975554)
|
||||||
|
|
||||||
|
* Thu May 27 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-5
|
||||||
|
- Fix /dev/hwrng permissions issue at boot time (bz 1955522)
|
||||||
|
|
||||||
|
* Mon May 24 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-4
|
||||||
|
- There is no need to hardcode _sbindir anymore, also the old value is
|
||||||
|
incorrect
|
||||||
|
- Update the rngd.service file
|
||||||
|
- Fix a busyloop bug (bz 1956248)
|
||||||
|
- Fix /dev/hwrng permission issue (bz 1955522)
|
||||||
|
|
||||||
|
* Tue Feb 18 2020 Neil Horman <nhorman@redhat.com> - 6.8-3
|
||||||
|
- Fix coarse clock time on Azure (bz 180155)
|
||||||
|
|
||||||
|
* Mon Dec 02 2019 Neil Horman <nhorman@redhat.com> - 6.8-2
|
||||||
|
- Fix erroneous message due to bad errno check (bz 1776710)
|
||||||
|
- Enable addition of 0 value for fill-watermark (bz 1776710)
|
||||||
|
|
||||||
|
* Fri Nov 15 2019 Neil Horman <nhorman@redhat.com> - 6.8-1
|
||||||
|
- Update to latest upstream (bz 1769916)
|
||||||
|
|
||||||
|
* Wed Oct 09 2019 Neil Horman <nhorman@redhat.com> 6.6-5
|
||||||
|
- Fix group typo in rngd.service (bz 1751810)
|
||||||
|
|
||||||
|
* Fri Oct 04 2019 Neil Horman <nhorman@redhat.com> 6.6-4
|
||||||
|
- Revision bump to rebuild for new CI runs
|
||||||
|
|
||||||
|
* Mon Mar 25 2019 Neil Horman <nhorman@redhat.com> 6.2-3
|
||||||
|
- Allow rngd to run as non-privledged user (bz 1692435)
|
||||||
|
|
||||||
|
* Mon Dec 17 2018 Neil Horman <nhorman@redhat.com> 6.2-2
|
||||||
|
- default to 1 thread on cpu 0 if getaffinty returns error (bz 1658855)
|
||||||
|
|
||||||
|
* Thu May 17 2018 Neil Horman <nhorman@redhat.com> 6.2-1
|
||||||
|
- Update to latest upstream
|
||||||
|
- Add CI self tests
|
||||||
|
|
||||||
|
* Thu Feb 15 2018 Adam Williamson <awilliam@redhat.com> - 6.1-4
|
||||||
|
- Drop all attempts to 'fix' #1490632, revert spec to same as 6.1-1
|
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.1-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Nov 02 2017 Neil Horman <nhorman@redhat.com> - 6.1-2
|
||||||
|
- Enable rngd on entropy src availability (bz 1490632)
|
||||||
|
|
||||||
|
* Tue Oct 10 2017 Neil Horman <nhorman@redhat.com> - 6.1-1
|
||||||
|
- update to latest upstream
|
||||||
|
|
||||||
|
* Fri Jul 28 2017 Neil Horman <nhorman@redhat.com> - 6-1
|
||||||
|
- Update to latest upstream
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-10
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-9
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Oct 18 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5-8
|
||||||
|
- If device is not found exit immediately (#892178)
|
||||||
|
|
||||||
|
* Sun Mar 6 2016 Peter Robinson <pbrobinson@fedoraproject.org> 5-7
|
||||||
|
- Use %%license
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 5-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Dec 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5-4
|
||||||
|
- Build with hardening flags (#1051344)
|
||||||
|
- Fail nicely if no hardware generator is found (#892178)
|
||||||
|
- Drop unneeded dependency
|
||||||
|
|
||||||
|
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Apr 23 2014 Luke Macken <lmacken@redhat.com> - 5-1
|
||||||
|
- Update to release version 5.
|
||||||
|
- Remove rng-tools-man.patch
|
||||||
|
|
||||||
|
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Sep 25 2012 Jaromir Capik <jcapik@redhat.com> - 4-2
|
||||||
|
- Migration to new systemd macros
|
||||||
|
|
||||||
|
* Mon Aug 6 2012 Jeff Garzik <jgarzik@redhat.com> - 4-1
|
||||||
|
- Update to release version 4.
|
||||||
|
|
||||||
|
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 12 2012 Jiri Popelka <jpopelka@redhat.com> - 3-4
|
||||||
|
- 2 patches from RHEL-6
|
||||||
|
- systemd service
|
||||||
|
- man page fixes
|
||||||
|
- modernize spec file
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jul 3 2010 Jeff Garzik <jgarzik@redhat.com> - 3-2
|
||||||
|
- comply with renaming guidelines, by Providing rng-utils = 1:2.0-4.2
|
||||||
|
|
||||||
|
* Sat Jul 3 2010 Jeff Garzik <jgarzik@redhat.com> - 3-1
|
||||||
|
- Update to release version 3.
|
||||||
|
|
||||||
|
* Fri Mar 26 2010 Jeff Garzik <jgarzik@redhat.com> - 2-3
|
||||||
|
- more minor updates for package review
|
||||||
|
|
||||||
|
* Thu Mar 25 2010 Jeff Garzik <jgarzik@redhat.com> - 2-2
|
||||||
|
- several minor updates for package review
|
||||||
|
|
||||||
|
* Wed Mar 24 2010 Jeff Garzik <jgarzik@redhat.com> - 2-1
|
||||||
|
- initial revision (as rng-tools)
|
14
rngd-wake-threshold.service
Normal file
14
rngd-wake-threshold.service
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Hardware RNG Entropy Gatherer Wake threshold service
|
||||||
|
ConditionVirtualization=!container
|
||||||
|
Before=rngd.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||||
|
AmbientCapabilities=CAP_SYS_ADMIN
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; udevadm trigger --sysname-match=hw_random --settle"
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sysinit.target
|
18
rngd.service
Normal file
18
rngd.service
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Hardware RNG Entropy Gatherer Daemon
|
||||||
|
ConditionVirtualization=!container
|
||||||
|
Requires=rngd-wake-threshold.service
|
||||||
|
|
||||||
|
# The "-f" option is required for the systemd service rngd to work with Type=simple
|
||||||
|
[Service]
|
||||||
|
User=rngd
|
||||||
|
Group=rngd
|
||||||
|
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||||
|
AmbientCapabilities=CAP_SYS_ADMIN
|
||||||
|
TimeoutStartSec=60s
|
||||||
|
Type=simple
|
||||||
|
EnvironmentFile=/etc/sysconfig/rngd
|
||||||
|
ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sysinit.target
|
3
rngd.sysconfig
Normal file
3
rngd.sysconfig
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Optional arguments passed to rngd. See rngd(8) and
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
|
||||||
|
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SHA512 (jitterentropy-library-3.3.1.tar.gz) = 7dc17c377cf90d38057bbc135e00730a3f84bc66aeed83eca1ad1b0e1c2fb89c5346ec20bdf25d3ce27f1d21893d44e52c08e96175554c18dfa1934a8d4fd9f7
|
||||||
|
SHA512 (rng-tools-6.14.tar.gz) = fce5c43d8a21a0d120a1f50b2b8c1efe7cbef02f7da863539749d51450992bb30c2cec96a4913ca20a608ce137a44e262471ac7f560eb8f3e9228a29b2d38fb1
|
Loading…
Reference in New Issue
Block a user