rpms/rng-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:c9s
rpms:c9-beta
rpms:c9
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/rng-tools-6.17-4.el10
rpms:imports/c9-beta/rng-tools-6.16-7.el9
rpms:imports/c10s/rng-tools-6.17-3.el10
rpms:imports/c8/rng-tools-6.16-1.el8
rpms:imports/c9/rng-tools-6.16-1.el9
rpms:imports/c8-beta/rng-tools-6.16-1.el8
rpms:imports/c9-beta/rng-tools-6.16-1.el9
rpms:imports/c8/rng-tools-6.15-3.el8
rpms:imports/c9/rng-tools-6.15-3.el9
rpms:imports/c9-beta/rng-tools-6.15-3.el9
rpms:imports/c8-beta/rng-tools-6.15-3.el8
rpms:imports/c8s/rng-tools-6.15-3.el8
rpms:imports/c9/rng-tools-6.15-1.el9
rpms:imports/c8/rng-tools-6.15-1.el8
rpms:imports/c8s/rng-tools-6.15-2.el8
rpms:imports/c9-beta/rng-tools-6.15-1.el9
rpms:imports/c8-beta/rng-tools-6.15-1.el8
rpms:imports/c8/rng-tools-6.14-6.git.b2b7934e.el8_6
rpms:imports/c9/rng-tools-6.14-5.git.b2b7934e.el9_0
rpms:imports/c9/rng-tools-6.14-2.git.b2b7934e.el9
rpms:imports/c8s/rng-tools-6.15-1.el8
rpms:imports/c8/rng-tools-6.14-4.git.b2b7934e.el8
rpms:imports/c8-beta/rng-tools-6.14-4.git.b2b7934e.el8
rpms:imports/c9-beta/rng-tools-6.14-2.git.b2b7934e.el9
rpms:imports/c9-beta/rng-tools-6.13-6.git.d207e0b6.el9
rpms:imports/c8s/rng-tools-6.14-4.git.b2b7934e.el8
rpms:imports/c8/rng-tools-6.13-1.git.d207e0b6.el8
rpms:imports/c8-beta/rng-tools-6.13-1.git.d207e0b6.el8
rpms:imports/c8-beta/rng-tools-6.8-3.el8
rpms:imports/c8-beta/rng-tools-6.8-2.el8
rpms:imports/c8-beta/rng-tools-6.6-2.el8
rpms:imports/c8/rng-tools-6.8-4.el8_4
rpms:imports/c8s/rng-tools-6.13-1.git.d207e0b6.el8
rpms:imports/c8s/rng-tools-6.8-5.el8
rpms:imports/c8s/rng-tools-6.8-3.el8
rpms:imports/c8/rng-tools-6.8-3.el8
rpms:imports/c8/rng-tools-6.6-2.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c10s
rpms:c9s
rpms:c9-beta
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/rng-tools-6.17-4.el10
rpms:imports/c9-beta/rng-tools-6.16-7.el9
rpms:imports/c10s/rng-tools-6.17-3.el10
rpms:imports/c8/rng-tools-6.16-1.el8
rpms:imports/c9/rng-tools-6.16-1.el9
rpms:imports/c8-beta/rng-tools-6.16-1.el8
rpms:imports/c9-beta/rng-tools-6.16-1.el9
rpms:imports/c8/rng-tools-6.15-3.el8
rpms:imports/c9/rng-tools-6.15-3.el9
rpms:imports/c9-beta/rng-tools-6.15-3.el9
rpms:imports/c8-beta/rng-tools-6.15-3.el8
rpms:imports/c8s/rng-tools-6.15-3.el8
rpms:imports/c9/rng-tools-6.15-1.el9
rpms:imports/c8/rng-tools-6.15-1.el8
rpms:imports/c8s/rng-tools-6.15-2.el8
rpms:imports/c9-beta/rng-tools-6.15-1.el9
rpms:imports/c8-beta/rng-tools-6.15-1.el8
rpms:imports/c8/rng-tools-6.14-6.git.b2b7934e.el8_6
rpms:imports/c9/rng-tools-6.14-5.git.b2b7934e.el9_0
rpms:imports/c9/rng-tools-6.14-2.git.b2b7934e.el9
rpms:imports/c8s/rng-tools-6.15-1.el8
rpms:imports/c8/rng-tools-6.14-4.git.b2b7934e.el8
rpms:imports/c8-beta/rng-tools-6.14-4.git.b2b7934e.el8
rpms:imports/c9-beta/rng-tools-6.14-2.git.b2b7934e.el9
rpms:imports/c9-beta/rng-tools-6.13-6.git.d207e0b6.el9
rpms:imports/c8s/rng-tools-6.14-4.git.b2b7934e.el8
rpms:imports/c8/rng-tools-6.13-1.git.d207e0b6.el8
rpms:imports/c8-beta/rng-tools-6.13-1.git.d207e0b6.el8
rpms:imports/c8-beta/rng-tools-6.8-3.el8
rpms:imports/c8-beta/rng-tools-6.8-2.el8
rpms:imports/c8-beta/rng-tools-6.6-2.el8
rpms:imports/c8/rng-tools-6.8-4.el8_4
rpms:imports/c8s/rng-tools-6.13-1.git.d207e0b6.el8
rpms:imports/c8s/rng-tools-6.8-5.el8
rpms:imports/c8s/rng-tools-6.8-3.el8
rpms:imports/c8/rng-tools-6.8-3.el8
rpms:imports/c8/rng-tools-6.6-2.el8

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

18 changed files with 307 additions and 431 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/jitterentropy-library-3.4.1.tar.gz /rng-tools-*.tar.gz
SOURCES/rng-tools-6.16.tar.gz

0
SOURCES/4-rt-comment-out-have-aesni.patch → 1-rt-comment-out-have-aesni.patch
View File

23
SOURCES/5-rt-revert-build-randstat.patch → 2-rt-revert-build-randstat.patch
View File

@ -8,30 +8,9 @@ This reverts commit 2ce93190cb0111fcab2f622a539689d70960643a.
Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com>
--- ---
.gitignore | 3 +--
contrib/Makefile.am | 5 +++-- contrib/Makefile.am | 5 +++--
2 files changed, 4 insertions(+), 4 deletions(-) 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git .gitignore .gitignore
index 943fa2b..5dc334d 100644
--- .gitignore
+++ .gitignore
@@ -1,6 +1,6 @@
*.a
*.o
-.deps/
+/.deps/
/aclocal.m4
/ar-lib
/autom4te.cache/
@@ -10,7 +10,6 @@
/config.status
/config.sub
/configure
-/contrib/randstat
/depcomp
/install-sh
/missing
diff --git contrib/Makefile.am contrib/Makefile.am diff --git contrib/Makefile.am contrib/Makefile.am
index a81fb0e..18c4fbc 100644 index a81fb0e..18c4fbc 100644
--- contrib/Makefile.am --- contrib/Makefile.am

56
SOURCES/1-je-rh-makefile.patch
View File

@ -1,56 +0,0 @@
diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
--- jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
+++ jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
@@ -4,7 +4,7 @@ CC ?= gcc
#Hardening
ENABLE_STACK_PROTECTOR ?= 1
CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
-CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
+CFLAGS +=-Wp,-U_FORTIFY_SOURCE -Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
# Enable internal timer support
@@ -28,7 +28,7 @@ LIBDIR := lib
INCDIR := include
SRCDIR := src
-INSTALL_STRIP ?= install -s
+INSTALL ?= install
NAME := jitterentropy
LIBMAJOR=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep MAJVERSION | awk '{print $$3}')
@@ -73,25 +73,25 @@ cppcheck:
install: install-man install-shared install-includes
install-man:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
+ $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
install-shared:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- $(INSTALL_STRIP) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
+ $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
$(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
install-includes:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
- install -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- install -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
+ $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
+ $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
install-static:
- install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- install -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
+ $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
+ $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
clean:
@- $(RM) $(NAME)

33
SOURCES/2-je-remove-install.patch
View File

@ -1,33 +0,0 @@
diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
--- jitterentropy-library/Makefile 2021-07-13 17:23:42.954652287 +0200
+++ jitterentropy-library/Makefile 2021-07-13 17:27:27.958549833 +0200
@@ -70,29 +70,6 @@ scan: $(analyze_plists)
cppcheck:
cppcheck --force -q --enable=performance --enable=warning --enable=portability *.h *.c
-install: install-man install-shared install-includes
-
-install-man:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- $(INSTALL) -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
- gzip -n -f -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-
-install-shared:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- $(INSTALL) -m 0755 lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- $(RM) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -sf lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so.$(LIBMAJOR)
- ln -sf lib$(NAME).so.$(LIBMAJOR) $(DESTDIR)$(PREFIX)/$(LIBDIR)/lib$(NAME).so
-
-install-includes:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
- $(INSTALL) -m 0644 jitterentropy.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
- $(INSTALL) -m 0644 jitterentropy-base-user.h $(DESTDIR)$(PREFIX)/$(INCDIR)/
-
-install-static:
- $(INSTALL) -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- $(INSTALL) -m 0755 lib$(NAME).a $(DESTDIR)$(PREFIX)/$(LIBDIR)/
-
clean:
@- $(RM) $(NAME)
@- $(RM) $(OBJS)

59
SOURCES/3-rt-use-jitter-static.patch
View File

@ -1,59 +0,0 @@
diff -up Makefile.am Makefile.am
--- ./Makefile.am 2021-07-03 22:22:27.000000000 +0200
+++ ./Makefile.am 2021-08-06 12:18:48.498612099 +0200
@@ -1,7 +1,7 @@
##
## Toplevel Makefile.am for rng-tools
##
-SUBDIRS = contrib tests
+SUBDIRS = contrib tests jitterentropy-library
sbin_PROGRAMS = rngd
bin_PROGRAMS = rngtest
@@ -23,44 +23,31 @@ if RNDR
rngd_SOURCES += rngd_rndr.c
endif
-if JITTER
rngd_SOURCES += rngd_jitter.c
-endif
-
-if RTLSDR
-rngd_SOURCES += rngd_rtlsdr.c
-endif
if QRYPT
rngd_SOURCES += rngd_qrypt.c
endif
-rngd_LDADD = librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
+rngd_LDADD = librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
if DARN
rngd_SOURCES += rngd_darn.c
# Build Power9-only code with Power9
# compile flags in a separate library
rngd_LDADD += libdarn_impl.a
noinst_LIBRARIES += libdarn_impl.a
libdarn_impl_a_SOURCES = darn_impl.c
libdarn_impl_a_CFLAGS = -mcpu=power9 -mtune=power9
endif
-if PKCS11
-rngd_SOURCES += rngd_pkcs11.c
-pkcs11_ENGINE = -DDEFAULT_PKCS11_ENGINE=\"$(PKCS11_ENGINE)\"
-endif
-
-rngd_CFLAGS = ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS)
+rngd_CFLAGS = ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
rngd_LDFLAGS = $(PTHREAD_CFLAGS)
rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
rngtest_LDADD = librngd.a
librngd_a_SOURCES = fips.h fips.c
-
EXTRA_DIST = autogen.sh
-

257
SPECS/rng-tools.spec
View File

@ -1,257 +0,0 @@
%global _hardened_build 1
Summary: Random number generator related utilities
Name: rng-tools
Version: 6.16
Release: 1%{?dist}
Group: System Environment/Base
License: GPLv2+
URL: https://github.com/nhorman/rng-tools
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: rngd.service
Source2: rngd.sysconfig
Source3: jitterentropy-library-3.4.1.tar.gz
BuildRequires: gcc make binutils
BuildRequires: gettext
BuildRequires: systemd systemd-rpm-macros
BuildRequires: autoconf >= 2.57, automake >= 1.7
BuildRequires: libgcrypt-devel libcurl-devel
BuildRequires: libxml2-devel openssl-devel
BuildRequires: jansson-devel
BuildRequires: libcap-devel
Suggests: opensc
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# This ensures that the selinux-policy package and all its dependencies
# are not pulled into containers and other systems that do not use SELinux.
Requires: (selinux-policy >= 3.14.3-98 if selinux-policy)
Patch0: 1-je-rh-makefile.patch
Patch1: 2-je-remove-install.patch
Patch2: 3-rt-use-jitter-static.patch
Patch3: 4-rt-comment-out-have-aesni.patch
Patch4: 5-rt-revert-build-randstat.patch
%description
This is a random number generator daemon and its tools. It monitors
a set of entropy sources present on a system (like /dev/hwrng, RDRAND,
TPM, jitter) and supplies entropy from them to a kernel entropy pool.
%prep
%setup -q
tar xf %{SOURCE3}
mv jitterentropy-library-3.4.1 jitterentropy-library
%autopatch -p0
%build
./autogen.sh
# a dirty hack to force PIC for a PIC-aware assembly code for i686
# /usr/lib/rpm/redhat/redhat-hardened-cc1 in Koji/Brew does not
# force PIC for assembly sources as of now
%ifarch i386 i686
sed -i -e '/^#define RDRAND_RETRY_LIMIT\t10/a#define __PIC__ 1' rdrand_asm.S
%endif
# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS
sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in
%configure --without-pkcs11 --without-rtlsdr
%make_build
%install
%make_install
# install systemd unit file
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
# install sysconfig file
install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
%post
%systemd_post rngd.service
%preun
%systemd_preun rngd.service
%postun
%systemd_postun_with_restart rngd.service
%files
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc AUTHORS README.md
%{_bindir}/rngtest
%{_sbindir}/rngd
%{_mandir}/man1/rngtest.1.*
%{_mandir}/man8/rngd.8.*
%attr(0644,root,root) %{_unitdir}/rngd.service
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
%changelog
* Thu Mar 02 2023 Vladis Dronov <vdronov@redhat.com> - 6.16-1
- Update rng-tools to v6.16 @ 0e560296 (bz 2174908)
- Get rid of text relocations in -fPIE build
- Add a hint for opensc package (bz 1845854)
* Tue Dec 27 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-3
- Update rng-tools to v6.15 @ cb8cc624 (bz 2141379)
- Update jitterentropy library to v3.4.1 @ 7bf9f85d
- Fix a stack corruption on s390x
- Fix a number of issues found by covscan code scanner
- Add a jitter init timeout for tests
- Add a start condition for the FIPS mode (bz 2154804)
* Tue Oct 04 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-2
- Update rng-tools to v6.15 @ 6dcc9ec2 (bz 2124602)
- Update jitterentropy library to v3.4.1 @ 4544e113
- Do not require selinux-policy if it is not present
* Sat Apr 16 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-1
- Update rng-tools to v6.15 @ 172bf0e3 (bz 2075974)
- Update jitterentropy library to v3.4.0 @ 887c9871
- Allow rngd process to drop privileges with "-D user:group"
- Fix an error building with jitterentropy-3.4.0
- Add a requirement for selinux-policy of a certain version
- Fix a build failure on ppc64
- Small edits in test scripts
* Mon Nov 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
- Update rng-tools to v6.14 @ b2b7934e (bz 2015570)
- Update jitterentropy library to v3.3.1 @ 887c9871
- Add a config file for storing rngd options
- Fix a security issue found by a covscan in jitterentropy library
* Thu Jul 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-1.git.d207e0b6
- Update to the upstream v6.13 + tip of origin/master + onecpu
branch + revert of 2ce93190
- Rebuild rng-tools against the latest jitterentropy library
3.0.2-2.git.409828cf with fixes for an important issue
- Fix a number of issues (bz 1974103, bz 1980421, bz 1859154)
* Mon Jul 05 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-6
- Adjust rngd-wake-threshold.service and post section so udevadm is not
run in a container (bz 1975554)
* Thu May 27 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-5
- Fix /dev/hwrng permissions issue at boot time (bz 1955522)
* Mon May 24 2021 Vladis Dronov <vdronov@redhat.com> - 6.8-4
- There is no need to hardcode _sbindir anymore, also the old value is
incorrect
- Update the rngd.service file
- Fix a busyloop bug (bz 1956248)
- Fix /dev/hwrng permission issue (bz 1955522)
* Tue Feb 18 2020 Neil Horman <nhorman@redhat.com> - 6.8-3
- Fix coarse clock time on Azure (bz 180155)
* Mon Dec 02 2019 Neil Horman <nhorman@redhat.com> - 6.8-2
- Fix erroneous message due to bad errno check (bz 1776710)
- Enable addition of 0 value for fill-watermark (bz 1776710)
* Fri Nov 15 2019 Neil Horman <nhorman@redhat.com> - 6.8-1
- Update to latest upstream (bz 1769916)
* Wed Oct 09 2019 Neil Horman <nhorman@redhat.com> 6.6-5
- Fix group typo in rngd.service (bz 1751810)
* Fri Oct 04 2019 Neil Horman <nhorman@redhat.com> 6.6-4
- Revision bump to rebuild for new CI runs
* Mon Mar 25 2019 Neil Horman <nhorman@redhat.com> 6.2-3
- Allow rngd to run as non-privledged user (bz 1692435)
* Mon Dec 17 2018 Neil Horman <nhorman@redhat.com> 6.2-2
- default to 1 thread on cpu 0 if getaffinty returns error (bz 1658855)
* Thu May 17 2018 Neil Horman <nhorman@redhat.com> 6.2-1
- Update to latest upstream
- Add CI self tests
* Thu Feb 15 2018 Adam Williamson <awilliam@redhat.com> - 6.1-4
- Drop all attempts to 'fix' #1490632, revert spec to same as 6.1-1
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Nov 02 2017 Neil Horman <nhorman@redhat.com> - 6.1-2
- Enable rngd on entropy src availability (bz 1490632)
* Tue Oct 10 2017 Neil Horman <nhorman@redhat.com> - 6.1-1
- update to latest upstream
* Fri Jul 28 2017 Neil Horman <nhorman@redhat.com> - 6-1
- Update to latest upstream
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Oct 18 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5-8
- If device is not found exit immediately (#892178)
* Sun Mar 6 2016 Peter Robinson <pbrobinson@fedoraproject.org> 5-7
- Use %%license
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Dec 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5-4
- Build with hardening flags (#1051344)
- Fail nicely if no hardware generator is found (#892178)
- Drop unneeded dependency
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 23 2014 Luke Macken <lmacken@redhat.com> - 5-1
- Update to release version 5.
- Remove rng-tools-man.patch
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Sep 25 2012 Jaromir Capik <jcapik@redhat.com> - 4-2
- Migration to new systemd macros
* Mon Aug 6 2012 Jeff Garzik <jgarzik@redhat.com> - 4-1
- Update to release version 4.
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Jiri Popelka <jpopelka@redhat.com> - 3-4
- 2 patches from RHEL-6
- systemd service
- man page fixes
- modernize spec file
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Jul 3 2010 Jeff Garzik <jgarzik@redhat.com> - 3-2
- comply with renaming guidelines, by Providing rng-utils = 1:2.0-4.2
* Sat Jul 3 2010 Jeff Garzik <jgarzik@redhat.com> - 3-1
- Update to release version 3.
* Fri Mar 26 2010 Jeff Garzik <jgarzik@redhat.com> - 2-3
- more minor updates for package review
* Thu Mar 25 2010 Jeff Garzik <jgarzik@redhat.com> - 2-2
- several minor updates for package review
* Wed Mar 24 2010 Jeff Garzik <jgarzik@redhat.com> - 2-1
- initial revision (as rng-tools)

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

125
rng-tools.spec Normal file
View File

@ -0,0 +1,125 @@
%global _hardened_build 1
# this is a correct if, bcond_with actually means without and vice versa
%if 0%{?rhel} && 0%{?rhel} >= 9
%bcond_with pkcs11
%bcond_with rtlsdr
%else
%bcond_without pkcs11
%bcond_without rtlsdr
%endif
Summary: Random number generator related utilities
Name: rng-tools
Version: 6.17
Release: 4%{?dist}
License: GPL-2.0-or-later
URL: https://github.com/nhorman/rng-tools
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: rngd.service
Source2: rngd.sysconfig
BuildRequires: gcc make binutils
BuildRequires: gettext
BuildRequires: systemd systemd-rpm-macros
BuildRequires: autoconf >= 2.57, automake >= 1.7
BuildRequires: libgcrypt-devel libcurl-devel
BuildRequires: libxml2-devel openssl-devel
BuildRequires: jitterentropy-devel
BuildRequires: jansson-devel
BuildRequires: libcap-devel
%if %{with rtlsdr}
BuildRequires: rtl-sdr-devel
%endif
%if %{with pkcs11}
BuildRequires: libp11-devel
Suggests: opensc
%endif
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# This ensures that the selinux-policy package and all its dependencies
# are not pulled into containers and other systems that do not use SELinux.
Requires: (selinux-policy >= 36.5 if selinux-policy)
Patch0: 1-rt-comment-out-have-aesni.patch
Patch1: 2-rt-revert-build-randstat.patch
%description
This is a random number generator daemon and its tools. It monitors
a set of entropy sources present on a system (like /dev/hwrng, RDRAND,
TPM, jitter) and supplies entropy from them to a kernel entropy pool.
%prep
%autosetup -p0
%build
%if !%{with pkcs11}
%define _without_pkcs11 --without-pkcs11
%endif
%if !%{with rtlsdr}
%define _without_rtlsdr --without-rtlsdr
%endif
./autogen.sh
# a dirty hack to force PIC for a PIC-aware assembly code for i686
# /usr/lib/rpm/redhat/redhat-hardened-cc1 in Koji/Brew does not
# force PIC for assembly sources as of now
%ifarch i386 i686
sed -i -e '/^#define RDRAND_RETRY_LIMIT\t10/a#define __PIC__ 1' rdrand_asm.S
%endif
# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS
sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in
%configure %{?_without_pkcs11} %{?_without_rtlsdr}
%make_build
%install
%make_install
# install systemd unit file
install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
# install sysconfig file
install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
%post
%systemd_post rngd.service
%preun
%systemd_preun rngd.service
%postun
%systemd_postun_with_restart rngd.service
%files
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc AUTHORS README.md
%{_bindir}/rngtest
%{_sbindir}/rngd
%{_mandir}/man1/rngtest.1.*
%{_mandir}/man8/rngd.8.*
%attr(0644,root,root) %{_unitdir}/rngd.service
%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd
%changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 6.17-4
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 6.17-3
- Bump release for June 2024 mass rebuild
* Wed Jun 19 2024 Vladis Dronov <vdronov@redhat.com> - 6.17-2
- Add Intel CET IBT instrumentation to assembly code
- Update to the upstream v6.17 @ ac43f912 (RHEL-36771)
* Wed Jun 05 2024 Vladis Dronov <vdronov@redhat.com> - 6.17-1
- Update to the upstream v6.17 @ 2160b9c3 (RHEL-36771)
* Sat Mar 30 2024 Vladis Dronov <vdronov@redhat.com> - 6.16-7
- Update to the upstream v6.16 + tip of origin/master @ 98cf8d63
* Fri Jan 26 2024 Vladis Dronov <vdronov@redhat.com> - 6.16-6
- Initial import from Fedora 40

2
SOURCES/rngd.service → rngd.service
View File

@ -10,4 +10,4 @@ EnvironmentFile=/etc/sysconfig/rngd
ExecStart=/usr/sbin/rngd -f $RNGD_ARGS ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
[Install] [Install]
WantedBy=sysinit.target WantedBy=multi-user.target

2
SOURCES/rngd.sysconfig → rngd.sysconfig
View File

@ -1,3 +1,3 @@
# Optional arguments passed to rngd. See rngd(8) and # Optional arguments passed to rngd. See rngd(8) and
# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21 # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon" RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -x namedpipe -D daemon:daemon"

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (rng-tools-6.17.tar.gz) = 32d2d18b9ff13976f6af0011d89fe962fac41761e66eeb24a54f372c7068c8f665537aab6b396e432954d52101b56cd73ac27d27f6a59937d48fc549d9b71421

2
tests/README Normal file
View File

@ -0,0 +1,2 @@
initial tests:
run make check in src, which runs any selftests in the upstream source tarball

3
tests/inventory Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
export TEST_DOCKER_EXTRA_ARGS="--security-opt seccomp:unconfined"
exec merge-standard-inventory "$@"

64
tests/selftest/Makefile Normal file
View File

@ -0,0 +1,64 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/patch/Sanity/selftest
# Description: Executes upstream test suite
# Author: Miroslav Vadkerti <mvadkert@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/rng-tools/Sanity/selftest
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Miroslav Vadkerti <mvadkert@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Executes upstream test suite" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 30m" >> $(METADATA)
@echo "RunFor: patch" >> $(METADATA)
@echo "Requires: patch gcc rpm-build automake libselinux-devel ed libattr-devel" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL3 -RHEL4 -RHELServer5 -RHELClient5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/selftest/PURPOSE Normal file
View File

@ -0,0 +1,3 @@
PURPOSE of /CoreOS/rng-tools/Sanity/selftest
Description: Executes rngtest to validate randomness of rng data
Author: Neil Horman <nhorman@redhat.com>

80
tests/selftest/runtest.sh Executable file
View File

@ -0,0 +1,80 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/rng-tools/Sanity/selftest
# Description: Executes the upstream test suite comming with the package
# Author: Miroslav Vadkerti <mvadkert@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include rhts environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="rng-tools"
PACKAGES="rng-tools gcc make binutils gettext automake autoconf jitterentropy-devel jansson-devel libcap-devel libxml2 libxml2-devel openssl-devel libcurl-devel libgcrypt-devel"
BUILDLOG=`mktemp`
TESTLOG=`mktemp`
TARGET=$(echo `uname -m` | grep -E ppc)
if [[ $TARGET != "" ]]; then TARGET="--target `uname -m`"; fi
TOPDIR=`mktemp -d`
SPEC="$TOPDIR/SPECS/$PACKAGE*.spec"
TESTDIR="$TOPDIR/BUILD/$PACKAGE"
rlJournalStart
rlPhaseStartSetup
for PKG in $PACKAGES; do
rlAssertRpm $PKG
done
rlPhaseEnd
rlPhaseStartTest
rlFetchSrcForInstalled $PACKAGE
rlRun "rpm -ivh --define '_topdir $TOPDIR' $PACKAGE*.src.rpm" 0 "Installing $PACKAGE src rpm"
echo "+ Building $PACKAGE in $TOPDIR (Log: $BUILDLOG)"
echo "+ Build command: rpmbuild -bc $SPEC $TARGET"
rlRun "rpmbuild --define '_topdir $TOPDIR' -bc $SPEC $TARGET &> $BUILDLOG"
echo "+ Buildlog:"
tail -n 100 $BUILDLOG
rlFileSubmit $BUILDLOG
echo "+ Testing $PACKAGE (Log: $TESTLOG)"
rlRun "pushd ."
# an ugly trick to get exacly into $PACKAGE-$major.$minor directory
cd $TESTDIR-???? || cd $TESTDIR-??? || cd $TESTDIR-????? || echo Failed to cd to a test dir
rlRun "RNGD_JITTER_TIMEOUT=60 make check &> $TESTLOG"
if [ $? -eq 0 ]
then
rlPass "Selftest Passed"
else
rlFail "Selftest Failed"
fi
echo "+ Testlog:"
tail -n 100 $TESTLOG
rlFileSubmit $TESTLOG
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -rf $PACKAGE*.src.rpm" 0 "Removing source rpm"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

19
tests/tests.yml Normal file
View File

@ -0,0 +1,19 @@
---
# This first play always runs on the local staging system
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
tests:
- selftest
required_packages:
- gettext
- jitterentropy-devel
- jansson-devel
- libcap-devel
- libxml2
- libxml2-devel
- openssl-devel
- libcurl-devel
- libgcrypt-devel