rpms/rng-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import rng-tools-6.8-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-04-23 23:01:46 +00:00 committed by Andrew Lukoshko
commit 78dd57eba8
11 changed files with 517 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
SOURCES/jitterentropy-library-2.1.2.tar.gz
SOURCES/rng-tools-6.8.tar.gz

2
.rng-tools.metadata Normal file
View File

@ -0,0 +1,2 @@
2fed101132b55f9d5008ed22fde54ef9e4cfc75d SOURCES/jitterentropy-library-2.1.2.tar.gz
25a20dfc818f3d95d3c63145feb7c102c1572540 SOURCES/rng-tools-6.8.tar.gz

60
SOURCES/Add-reserved-option-value-to-not-change-write_wakeup.patch Normal file
View File

@ -0,0 +1,60 @@
From 02b720e951160f652b0744f679d57623b81b1d8f Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@tuxdriver.com>
Date: Mon, 2 Dec 2019 11:35:16 -0500
Subject: [PATCH 2/2] Add reserved option value to not change
write_wakeup_threshold
several distributions use a separate single shot service to set the
write_wakeup_threashold, which allows for non-root users to run rngd. This
results in a warning however, when rngd attempts to write the
write_wakeup_threshold. Avoid this by allowing a reserved value, 0 for the
fill-watermark option that causes rngd to just not touch the
write_wakeup_threshold
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
---
rngd.8.in | 4 +++-
rngd_linux.c | 5 ++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/rngd.8.in b/rngd.8.in
index 181f35d..16a359a 100644
--- a/rngd.8.in
+++ b/rngd.8.in
@@ -106,7 +106,9 @@ if the entropy pool size couldn't be determined.
Setting this too high will cause \fIrngd\fR to dominate the contents of the
entropy pool. Low values will hurt system performance during entropy
starves. Do not set \fIfill-watermark\fR above the size of the
-entropy pool (usually 4096 bits).
+entropy pool (usually 4096 bits). A value of 0 to this option will cause no
+watermark to be set.
+
.TP
\fB\-q\fR, \fB\-\-quiet\fR
Suppress all messages
diff --git a/rngd_linux.c b/rngd_linux.c
index 51c38ac..9e60088 100644
--- a/rngd_linux.c
+++ b/rngd_linux.c
@@ -94,6 +94,9 @@ void init_kernel_rng(const char* randomdev)
randomdev, strerror(errno));
exit(EXIT_USAGE);
}
+ /* Don't set the watermark if the watermark is zero */
+ if (!arguments->fill_watermark)
+ return;
f = fopen("/proc/sys/kernel/random/write_wakeup_threshold", "w");
if (!f) {
@@ -105,7 +108,7 @@ void init_kernel_rng(const char* randomdev)
}
if (err) {
message(LOG_DAEMON|LOG_WARNING,
- "unable to adjust write_wakeup_threshold: %s",
+ "unable to adjust write_wakeup_threshold: %s\n",
strerror(errno));
}
--
2.21.0

21
SOURCES/Fix-message-log-on-error-in-thread_entropy_task.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up ./rngd_jitter.c.message ./rngd_jitter.c
--- ./rngd_jitter.c.message 2019-12-02 11:41:40.456723553 -0500
+++ ./rngd_jitter.c 2019-12-02 11:43:09.331427470 -0500
@@ -302,15 +302,11 @@ static void *thread_entropy_task(void *d
while(written != me->buf_sz) {
message(LOG_DAEMON|LOG_DEBUG, "Writing to pipe\n");
ret = write(me->pipe_fd, &tmpbuf[written], me->buf_sz - written);
+ if ((ret < 0) && (errno != EBADF))
+ message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
if (first)
me->active = 1;
- /*
- * suppress EBADF errors, as those indicate the pipe is
- * closed and we are exiting
- */
- if ((ret < 0) && (errno != EBADF))
- message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
if (!first && !me->active)
break;
first = 0;

29
SOURCES/jitter-rdtsc.patch Normal file
View File

@ -0,0 +1,29 @@
diff -up ./jitterentropy-library/jitterentropy.h.rdtsc ./jitterentropy-library/jitterentropy.h
--- ./jitterentropy-library/jitterentropy.h.rdtsc 2018-09-06 15:01:40.000000000 -0400
+++ ./jitterentropy-library/jitterentropy.h 2020-02-18 12:47:10.465684582 -0500
@@ -44,8 +44,12 @@
#ifdef __KERNEL__
#include "jitterentropy-base-kernel.h"
+#else /* __KERNEL__ */
+#ifdef __x86_64__
+#include "arch/jitterentropy-base-x86.h"
#else
#include "jitterentropy-base-user.h"
+#endif /* __x86_64__ */
#endif /* __KERNEL__ */
/* The entropy pool */
diff -up ./rngd_jitter.c.rdtsc ./rngd_jitter.c
--- ./rngd_jitter.c.rdtsc 2020-02-18 12:47:22.490646896 -0500
+++ ./rngd_jitter.c 2020-02-18 12:46:40.650778022 -0500
@@ -27,6 +27,9 @@
#include <unistd.h>
#include <signal.h>
#include <setjmp.h>
+#include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
#include "rng-tools-config.h"
#include <jitterentropy.h>

118
SOURCES/jitter-setjmp.patch Normal file
View File

@ -0,0 +1,118 @@
commit 3e47faae108df4824531bf9c003cc1c65b7b2842
Author: Neil Horman <nhorman@tuxdriver.com>
Date: Fri Jun 7 08:51:02 2019 -0400
Allow jitter threads to exit faster
Even with the recent pipe adjustments, it can take a long time for
jitterentropy to exit. This is because the call to jent_read_entropy
can take a long time to complete, and termination signal delivery won't
cause it to return early, like a syscall.
Mitigate this by using sigsetjmp/siglongjmp. We set a return point at
the top of the loop for each thread, and register a signal handler to
execute a siglongjmp back to that point so that we can recheck the
active flag and break the loop as soon as a signal is delivered.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
diff --git a/rngd_jitter.c b/rngd_jitter.c
index 54070ae..7f01ee9 100644
--- a/rngd_jitter.c
+++ b/rngd_jitter.c
@@ -26,6 +26,7 @@
#include <time.h>
#include <unistd.h>
#include <signal.h>
+#include <setjmp.h>
#include "rng-tools-config.h"
#include <jitterentropy.h>
@@ -48,6 +49,7 @@ struct thread_data {
int active;
int done;
struct timespec slptm;
+ sigjmp_buf jmpbuf;
};
static struct thread_data *tdata;
@@ -228,6 +230,16 @@ static inline void update_sleep_time(struct thread_data *me,
me->slptm.tv_nsec /= 2;
}
+void jitter_thread_exit_signal(int signum)
+{
+ pthread_t self = pthread_self();
+ int i;
+ for(i=0;i<num_threads;i++) {
+ if (threads[i] == self)
+ siglongjmp(tdata[i].jmpbuf, 1);
+ }
+}
+
static void *thread_entropy_task(void *data)
{
cpu_set_t cpuset;
@@ -263,6 +275,13 @@ static void *thread_entropy_task(void *data)
goto out;
}
+ /*
+ * Use setjmp here to allow us to return early from
+ * jent_read_entropy, as it can run for a long time
+ */
+ if (sigsetjmp(me->jmpbuf, 1))
+ goto out_interrupt;
+
/* Now go to sleep until there is more work to do */
do {
message(LOG_DAEMON|LOG_DEBUG, "JITTER thread on cpu %d wakes up for refill\n", me->core_id);
@@ -286,7 +305,11 @@ static void *thread_entropy_task(void *data)
message(LOG_DAEMON|LOG_DEBUG, "DONE Writing to pipe with return %ld\n", ret);
if (first)
me->active = 1;
- if (ret < 0)
+ /*
+ * suppress EBADF errors, as those indicate the pipe is
+ * closed and we are exiting
+ */
+ if ((ret < 0) && (errno != EBADF))
message(LOG_DAEMON|LOG_WARNING, "Error on pipe write: %s\n", strerror(errno));
if (!first && !me->active)
break;
@@ -296,6 +319,7 @@ static void *thread_entropy_task(void *data)
} while (me->active);
+out_interrupt:
free(tmpbuf);
out:
me->done = 1;
@@ -335,6 +359,7 @@ int validate_jitter_options(struct rng *ent_src)
return 0;
}
+
/*
* Init JITTER
*/
@@ -349,6 +374,9 @@ int init_jitter_entropy_source(struct rng *ent_src)
#ifdef HAVE_LIBGCRYPT
char key[AES_BLOCK];
#endif
+
+ signal(SIGUSR1, jitter_thread_exit_signal);
+
int ret = jent_entropy_init();
if(ret) {
message(LOG_DAEMON|LOG_WARNING, "JITTER rng fails with code %d\n", ret);
@@ -474,8 +502,8 @@ void close_jitter_entropy_source(struct rng *ent_src)
/* And wait for completion of each thread */
for (i=0; i < num_threads; i++) {
message(LOG_DAEMON|LOG_DEBUG, "Checking on done for thread %d\n", i);
+ pthread_kill(threads[i], SIGUSR1);
while (!tdata[i].done)
- pthread_kill(threads[i], SIGINT);
if(tdata[i].done) {
message(LOG_DAEMON|LOG_INFO, "Closing thread %d\n", tdata[i].core_id);
pthread_join(threads[i], NULL);

36
SOURCES/jitterentropy-build-static.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up ./Makefile.am.static ./Makefile.am
--- ./Makefile.am.static 2019-11-07 14:20:39.000000000 -0500
+++ ./Makefile.am 2019-11-15 10:08:31.554914291 -0500
@@ -1,7 +1,7 @@
##
## Toplevel Makefile.am for rng-tools
##
-SUBDIRS = contrib tests
+SUBDIRS = contrib tests jitterentropy-library
sbin_PROGRAMS = rngd
bin_PROGRAMS = rngtest
@@ -23,19 +23,17 @@ if DARN
rngd_SOURCES += rngd_darn.c
endif
-if JITTER
rngd_SOURCES += rngd_jitter.c
-endif
-rngd_LDADD = librngd.a -lsysfs $(LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
+rngd_LDADD = librngd.a -lsysfs $(LIBS) jitterentropy-library/libjitterentropy.a ${libp11_LIBS} ${libcrypto_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
+
+rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
+rngd_LDFLAGS = $(PTHREAD_CFLAGS)
if PKCS11
rngd_SOURCES += rngd_pkcs11.c
endif
-rngd_CFLAGS = ${pkcs11_CFLAGS} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
-rngd_LDFLAGS = $(PTHREAD_CFLAGS)
-
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
rngtest_LDADD = librngd.a

22
SOURCES/jitterentropy-remove-install.patch Normal file
View File

@ -0,0 +1,22 @@
diff -up ./jitterentropy-library/Makefile.remove ./jitterentropy-library/Makefile
--- ./jitterentropy-library/Makefile.remove 2018-11-20 10:34:18.350397594 -0500
+++ ./jitterentropy-library/Makefile 2018-11-20 10:35:27.023144673 -0500
@@ -46,18 +46,6 @@ $(NAME): $(OBJS)
scan: $(OBJS)
scan-build --use-analyzer=/usr/bin/clang $(CC) -shared -Wl,-soname,lib$(NAME).so.$(LIBMAJOR) -o lib$(NAME).so.$(LIBVERSION) $(OBJS) $(LDFLAGS)
-install:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
- gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -s lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-
clean:
@- $(RM) $(NAME)
@- $(RM) $(OBJS)

13
SOURCES/rngd-wake-threshold.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Hardware RNG Entropy Gatherer Wake threshold service
Before=rngd.service
[Service]
CapabilityBoundingSet=CAP_SYS_ADMIN
AmbientCapabilities=CAP_SYS_ADMIN
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold"
[Install]
WantedBy=sysinit.target

14
SOURCES/rngd.service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=Hardware RNG Entropy Gatherer Daemon
Requires=rngd-wake-threshold.service
[Service]
User=rngd
Group=rngd
CapabilityBoundingSet=CAP_SYS_ADMIN
AmbientCapabilities=CAP_SYS_ADMIN
ExecStart=/sbin/rngd -f --fill-watermark=0
TimeoutStartSec=60s
[Install]
WantedBy=sysinit.target

200
SPECS/rng-tools.spec Normal file
View File

@ -0,0 +1,200 @@
%global _hardened_build 1
%global _sbindir /sbin
Summary: Random number generator related utilities
Name: rng-tools
Version: 6.8
Release: 3%{?dist}
Group: System Environment/Base
License: GPLv2+
URL: https://github.com/nhorman/rng-tools
Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz
Source1: rngd.service
Source2: jitterentropy-library-2.1.2.tar.gz
Source3: rngd-wake-threshold.service
Patch0: jitterentropy-remove-install.patch
Patch1: jitterentropy-build-static.patch
Patch2: jitter-setjmp.patch
Patch3: Fix-message-log-on-error-in-thread_entropy_task.patch
Patch4: Add-reserved-option-value-to-not-change-write_wakeup.patch
Patch5: jitter-rdtsc.patch
# https://sourceforge.net/p/gkernel/patches/111/
BuildRequires: gettext
BuildRequires: systemd-units
BuildRequires: libgcrypt-devel
BuildRequires: autoconf automake
BuildRequires: libsysfs-devel libcurl-devel
BuildRequires: libxml2-devel openssl-devel
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires: libgcrypt libsysfs
Requires: openssl libxml2 libcurl
%description
Hardware random number generation tools.
%prep
%setup
tar xvf %{SOURCE2}
mv jitterentropy-library-2.1.2 jitterentropy-library
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
./autogen.sh
%configure --without-pkcs11
%make_build
%install
%make_install
# install systemd unit file
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE3}
%pre
getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
%post
%systemd_post rngd.service rngd-wake-threshold.service
%preun
%systemd_preun rngd.service rngd-wake-threshold.service
%postun
%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
%files
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc AUTHORS NEWS README
%{_bindir}/rngtest
%{_sbindir}/rngd
%{_mandir}/man1/rngtest.1.*
%{_mandir}/man8/rngd.8.*
%attr(0644,root,root) %{_unitdir}/rngd.service
%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service
%changelog
* Tue Feb 18 2020 Neil Horman <nhorman@redhat.com> - 6.8-3
- Fix coarse clock time on Azure (bz 180155)
* Mon Dec 02 2019 Neil Horman <nhorman@redhat.com> - 6.8-2
- Fix erroneous message due to bad errno check (bz 1776710)
- Enable addition of 0 value for fill-watermark (bz 1776710)
* Fri Nov 15 2019 Neil Horman <nhorman@redhat.com> - 6.8-1
- Update to latest upstream (bz 1769916)
* Wed Oct 09 2019 Neil Horman <nhorman@redhat.com> 6.6-5
- Fix group typo in rngd.service (bz 1751810)
* Fri Oct 04 2019 Neil Horman <nhorman@redhat.com> 6.6-4
- Revision bump to rebuild for new CI runs
* Mon Mar 25 2019 Neil Horman <nhorman@redhat.com> 6.2-3
- Allow rngd to run as non-privledged user (bz 1692435)
* Mon Dec 17 2018 Neil Horman <nhorman@redhat.com> 6.2-2
- default to 1 thread on cpu 0 if getaffinty returns error (bz 1658855)
* Thu May 17 2018 Neil Horman <nhorman@redhat.com> 6.2-1
- Update to latest upstream
- Add CI self tests
* Thu Feb 15 2018 Adam Williamson <awilliam@redhat.com> - 6.1-4
- Drop all attempts to 'fix' #1490632, revert spec to same as 6.1-1
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Nov 02 2017 Neil Horman <nhorman@redhat.com> - 6.1-2
- Enable rngd on entropy src availability (bz 1490632)
* Tue Oct 10 2017 Neil Horman <nhorman@redhat.com> - 6.1-1
- update to latest upstream
* Fri Jul 28 2017 Neil Horman <nhorman@redhat.com> - 6-1
- Update to latest upstream
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Oct 18 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5-8
- If device is not found exit immediately (#892178)
* Sun Mar 6 2016 Peter Robinson <pbrobinson@fedoraproject.org> 5-7
- Use %%license
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Dec 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5-4
- Build with hardening flags (#1051344)
- Fail nicely if no hardware generator is found (#892178)
- Drop unneeded dependency
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 23 2014 Luke Macken <lmacken@redhat.com> - 5-1
- Update to release version 5.
- Remove rng-tools-man.patch
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Sep 25 2012 Jaromir Capik <jcapik@redhat.com> - 4-2
- Migration to new systemd macros
* Mon Aug 6 2012 Jeff Garzik <jgarzik@redhat.com> - 4-1
- Update to release version 4.
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Jiri Popelka <jpopelka@redhat.com> - 3-4
- 2 patches from RHEL-6
- systemd service
- man page fixes
- modernize spec file
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Jul 3 2010 Jeff Garzik <jgarzik@redhat.com> - 3-2
- comply with renaming guidelines, by Providing rng-utils = 1:2.0-4.2
* Sat Jul 3 2010 Jeff Garzik <jgarzik@redhat.com> - 3-1
- Update to release version 3.
* Fri Mar 26 2010 Jeff Garzik <jgarzik@redhat.com> - 2-3
- more minor updates for package review
* Thu Mar 25 2010 Jeff Garzik <jgarzik@redhat.com> - 2-2
- several minor updates for package review
* Wed Mar 24 2010 Jeff Garzik <jgarzik@redhat.com> - 2-1
- initial revision (as rng-tools)