2 patches from RHEL-6

2012-01-12 15:21:54 +01:00 · 2012-01-12 15:21:54 +01:00 · 9012e9eef4
commit 9012e9eef4
parent ac59ed77dd
3 changed files with 210 additions and 0 deletions
--- a/rng-tools-failures-disable.patch
+++ b/rng-tools-failures-disable.patch
@ -0,0 +1,113 @@
+commit 62838c656e342608ab7aa4e58c567987e4342a55
+Author: Jeff Garzik <jeff@garzik.org>
+Date:   Tue Aug 17 15:59:01 2010 -0400
+
+    Disable entropy source, if facing continued failures.
+    
+    If all entropy sources are disabled, exit.
+    
+    Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+
+diff --git a/rngd.c b/rngd.c
+index 6ebef64..6a7f120 100644
+--- a/rngd.c
+++ b/rngd.c
+@@ -111,16 +111,12 @@ static struct rng rng_default = {
+ 	.rng_name	= "/dev/hw_random",
+ 	.rng_fd		= -1,
+ 	.xread		= xread,
+-	.fipsctx	= NULL,
+-	.next		= NULL,
+ };
+ 
+ static struct rng rng_tpm = {
+ 	.rng_name	= "/dev/tpm0",
+ 	.rng_fd		= -1,
+ 	.xread		= xread_tpm,
+-	.fipsctx	= NULL,
+-	.next		= NULL,
+ };
+ 
+ struct rng *rng_list;
+@@ -207,18 +203,46 @@ static void do_loop(int random_step, double poll_timeout)
+ {
+ 	unsigned char buf[FIPS_RNG_BUFFER_SIZE];
+ 	int retval;
+	int no_work = 0;
+ 
+-	for (;;) {
+	while (no_work < 100) {
+ 		struct rng *iter;
+		bool work_done;
+
+		work_done = false;
+ 		for (iter = rng_list; iter; iter = iter->next)
+ 		{
+			int rc;
+
+			if (iter->disabled)
+				continue;	/* failed, no work */
+
+ 			retval = iter->xread(buf, sizeof buf, iter);
+-			if (retval == 0)
+-				update_kernel_random(random_step,
+-						     poll_timeout, buf,
+-						     iter->fipsctx);
+			if (retval)
+				continue;	/* failed, no work */
+
+			work_done = true;
+
+			rc = update_kernel_random(random_step,
+					     poll_timeout, buf,
+					     iter->fipsctx);
+			if (rc == 0)
+				continue;	/* succeeded, work done */
+
+			iter->failures++;
+			if (iter->failures == MAX_RNG_FAILURES) {
+				message(LOG_DAEMON|LOG_ERR,
+					"too many FIPS failures, disabling entropy source\n");
+				iter->disabled = true;
+			}
+ 		}
+
+		if (!work_done)
+			no_work++;
+ 	}
+
+	message(LOG_DAEMON|LOG_ERR,
+		"No entropy sources working, exiting rngd\n");
+ }
+ 
+ int main(int argc, char **argv)
+diff --git a/rngd.h b/rngd.h
+index 6e7e83f..bcc6f59 100644
+--- a/rngd.h
+++ b/rngd.h
+@@ -27,11 +27,16 @@
+ 
+ #include <unistd.h>
+ #include <stdint.h>
+#include <stdbool.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ 
+ #include "fips.h"
+ 
+enum {
+	MAX_RNG_FAILURES		= 25,
+};
+
+ /* Command line arguments and processing */
+ struct arguments {
+ 	char *random_name;
+@@ -49,6 +54,8 @@ extern struct arguments *arguments;
+ struct rng {
+ 	char *rng_name;
+ 	int rng_fd;
+	bool disabled;
+	int failures;
+ 
+ 	int (*xread) (void *buf, size_t size, struct rng *ent_src);
+ 	fips_ctx_t *fipsctx;
--- a/rng-tools-ignorefail.patch
+++ b/rng-tools-ignorefail.patch
@ -0,0 +1,89 @@
+diff -up rng-tools-3/rngd.8.in.ignorefail rng-tools-3/rngd.8.in
+--- rng-tools-3/rngd.8.in.ignorefail	2012-01-12 15:14:06.181307658 +0100
+++ rng-tools-3/rngd.8.in	2012-01-12 15:14:06.237306958 +0100
+@@ -9,6 +9,7 @@ rngd \- Check and feed random data from
+ .B rngd
+ [\fB\-b\fR, \fB\-\-background\fR]
+ [\fB\-f\fR, \fB\-\-foreground\fR]
+[\fB\-i\fR, \fB\-\-ignorefail\fR]
+ [\fB\-o\fR, \fB\-\-random-device=\fIfile\fR]
+ [\fB\-r\fR, \fB\-\-rng-device=\fIfile\fR]
+ [\fB\-s\fR, \fB\-\-random-step=\fInnn\fR]
+@@ -45,6 +46,9 @@ Become a daemon (default)
+ \fB\-f\fR, \fB\-\-foreground\fR
+ Do not fork and become a daemon
+ .TP
+\fB\-i\fR, \fB\-\-ignorefail\fR
+Ignore repeated fips failures
+.TP
+ \fB\-o\fI file\fR, \fB\-\-random-device=\fIfile\fR
+ Kernel device used for random number output
+ (default: /dev/random)
+diff -up rng-tools-3/rngd.c.ignorefail rng-tools-3/rngd.c
+--- rng-tools-3/rngd.c.ignorefail	2012-01-12 15:14:06.194307494 +0100
+++ rng-tools-3/rngd.c	2012-01-12 15:15:36.204182216 +0100
+@@ -58,6 +58,7 @@
+ 
+ /* Background/daemon mode */
+ int am_daemon;				/* Nonzero if we went daemon */
+int ignorefail;				/*Nonzero if we ignore MAX_RNG_FAILURES */
+ 
+ /* Command line arguments and processing */
+ const char *argp_program_version =
+@@ -75,6 +76,8 @@ static char doc[] =
+ static struct argp_option options[] = {
+ 	{ "foreground",	'f', 0, 0, "Do not fork and become a daemon" },
+ 
+	{ "ignorefail", 'i', 0, 0, "Ignore repeated fips failures" },
+
+ 	{ "background", 'b', 0, 0, "Become a daemon (default)" },
+ 
+ 	{ "random-device", 'o', "file", 0,
+@@ -103,6 +106,7 @@ static struct arguments default_argument
+ 	.random_step	= 64,
+ 	.fill_watermark	= 2048,
+ 	.daemon		= 1,
+	.ignorefail		= 0,
+ 	.enable_tpm	= 1,
+ };
+ struct arguments *arguments = &default_arguments;
+@@ -148,6 +152,9 @@ static error_t parse_opt (int key, char
+ 	case 'b':
+ 		arguments->daemon = 1;
+ 		break;
+	case 'i':
+		arguments->ignorefail = 1;
+		break;
+ 	case 's':
+ 		if (sscanf(arg, "%i", &arguments->random_step) == 0)
+ 			argp_usage(state);
+@@ -230,7 +237,7 @@ static void do_loop(int random_step, dou
+ 				continue;	/* succeeded, work done */
+ 
+ 			iter->failures++;
+-			if (iter->failures == MAX_RNG_FAILURES) {
+			if (iter->failures == MAX_RNG_FAILURES && (!ignorefail)) {
+ 				message(LOG_DAEMON|LOG_ERR,
+ 					"too many FIPS failures, disabling entropy source\n");
+ 				iter->disabled = true;
+@@ -281,6 +288,9 @@ int main(int argc, char **argv)
+ 		openlog("rngd", 0, LOG_DAEMON);
+ 	}
+ 
+	if (arguments->ignorefail)
+			ignorefail = 1;
+
+ 	do_loop(arguments->random_step,
+ 		arguments->poll_timeout ? : -1.0);
+ 
+diff -up rng-tools-3/rngd.h.ignorefail rng-tools-3/rngd.h
+--- rng-tools-3/rngd.h.ignorefail	2012-01-12 15:14:06.195307482 +0100
+++ rng-tools-3/rngd.h	2012-01-12 15:14:06.237306958 +0100
+@@ -46,6 +46,7 @@ struct arguments {
+ 	double poll_timeout;
+ 
+ 	int daemon;
+	int ignorefail;
+ 	int enable_tpm;
+ };
+ extern struct arguments *arguments;
--- a/rng-tools.spec
+++ b/rng-tools.spec
@ -13,6 +13,10 @@ Source1:        rngd.service

 # Man pages
 Patch0:         rng-tools-man.patch
+# bz#624530
+Patch1:         rng-tools-failures-disable.patch
+# bz#733452, bz#749629
+Patch2:         rng-tools-ignorefail.patch

 BuildRequires:  groff gettext
 BuildRequires:  systemd-units
@ -27,6 +31,9 @@ Hardware random number generation tools.
 %setup -q

 %patch0 -p1 -b .man
+%patch1 -p1 -b .failures-disable
+%patch2 -p1 -b .ignorefail
+

 %build
 %configure
@ -69,6 +76,7 @@ fi

 %changelog
 * Thu Jan 12 2012 Jiri Popelka <jpopelka@redhat.com> - 3-4
+- 2 patches from RHEL-6
 - systemd service
 - man page fixes
 - modernize spec file