Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-07-06 Thread Alexander Dahl 
Hello,

On Fri, Jun 30, 2017 at 02:16:07PM +0200, Michael Olbrich wrote:
> On Fri, Jun 30, 2017 at 09:19:18AM +0200, Alexander Dahl wrote:
> > Besides: is there any way to have this random generator stuff
> > certainly ready before generating dropbear keys (rc-once)?
> 
> I think /dev/random and getrandom() can block until then. Something could
> be built on top of that. However you need to be careful: This may block a
> very long time on an idle embedded system.

I had a look into dropbearkey now. As far as I understand the code,
dropbear just uses /dev/urandom, but tries to feed some entropy into
it before doing anything with randomness. The "documentation" in
default_options.h suggests /dev/random is used for keygen, but I think
it's wrong (our outdated) and only non blocking randomness is used.

dropbear can use prngd or egd, but no hint in the code on haveged. The
only thing I found on dropbear profiting from haveged is an old ticket
in the OpenWRT bugtracker, but they just do the "hopefully wait long
enough" thing. [1]

So I guess to improve this situation someone may have to talk to
upstream dropbear to discuss some possibilies?

Greets
Alex

[1] https://dev.openwrt.org/ticket/9631

-- 
»With the first link, the chain is forged. The first speech censured, 
the first thought forbidden, the first freedom denied, chains us all 
irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: C28E E6B9 0263 95CF 8FAF  08FA 34AD CD00 7221 5CC6 ***


pgpq47oRvAD6T.pgp
Description: PGP signature
___
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-07-02 Thread Robert Schwebel 
Hi Alexander,

On Fri, Jun 30, 2017 at 09:19:18AM +0200, Alexander Dahl wrote:
> tested this without systemd on top of a recent ptxdist 2017.06.0 based
> BSP with the sysv init script from buildroot.

Would you share your patch, on top of my v2 patch?

rsc
-- 
Pengutronix e.K.   | |
Industrial Linux Solutions | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0|
Amtsgericht Hildesheim, HRA 2686   | Fax:   +49-5121-206917- |

___
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-07-02 Thread Robert Schwebel 
On Fri, Jun 30, 2017 at 10:19:55AM +0200, Michael Olbrich wrote:
> > +# 
> > 
> > +# Prepare
> > +# 
> > 
> > +
> > +#
> > +# autoconf
> > +#
> > +HAVEGED_CONF_TOOL  := autoconf
> > +HAVEGED_CONF_OPT   := \
> > +   $(CROSS_AUTOCONF_USR) \
> > +   --enable-clock_gettime \
> > +   --enable-daemon=yes \
> > +   --enable-diagnostic=no \
> > +   --enable-init=service.fedora \
> > +   --enable-initdir=? \
> 
> --enable-initdir=/usr/lib/systemd/system
> 
> otherwise pkg-config is queried and that requires a dependency on systemd.

Will change in v2.

rsc
-- 
Pengutronix e.K.   | |
Industrial Linux Solutions | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0|
Amtsgericht Hildesheim, HRA 2686   | Fax:   +49-5121-206917- |

___
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-06-30 Thread Michael Olbrich 
On Fri, Jun 30, 2017 at 09:19:18AM +0200, Alexander Dahl wrote:
> Hei hei,
> 
> tested this without systemd on top of a recent ptxdist 2017.06.0 based
> BSP with the sysv init script from buildroot. The usual 'random: crng
> init done' message on the serial konsole comes a lot earlier now, so I
> guess it works. ;-)
> 
> Besides: is there any way to have this random generator stuff
> certainly ready before generating dropbear keys (rc-once)?

I think /dev/random and getrandom() can block until then. Something could
be built on top of that. However you need to be careful: This may block a
very long time on an idle embedded system.

Michael

> Greets
> Alex
> 
> Tested-by: Alexander Dahl 
> 
> On Thu, Jun 29, 2017 at 11:49:26PM +0200, Robert Schwebel wrote:
> > Add the haveged package.
> > 
> > Signed-off-by: Robert Schwebel 
> > ---
> >  ac-fix-handling-for-enable-clock_gettime.patch | 26 
> >  .../0002-init-fix-path-for-systemd-unit-dir.patch  | 24 +++
> >  ...nstallation-of-systemd-unit-file-DESTDIR-.patch | 28 
> >  ...akefile.am-create-nonexisting-directories.patch | 31 +
> >  ...file.am-do-not-call-systemd-during-compil.patch | 29 +
> >  patches/haveged-1.9.1/autogen.sh   |  1 +
> >  patches/haveged-1.9.1/series   |  8 +++
> >  rules/haveged.in   |  7 ++
> >  rules/haveged.make | 76 
> > ++
> >  9 files changed, 230 insertions(+)
> >  create mode 100644 
> > patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> >  create mode 100644 
> > patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> >  create mode 100644 
> > patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
> >  create mode 100644 
> > patches/haveged-1.9.1/0004-init.d-Makefile.am-create-nonexisting-directories.patch
> >  create mode 100644 
> > patches/haveged-1.9.1/0005-init.d-Makefile.am-do-not-call-systemd-during-compil.patch
> >  create mode 12 patches/haveged-1.9.1/autogen.sh
> >  create mode 100644 patches/haveged-1.9.1/series
> >  create mode 100644 rules/haveged.in
> >  create mode 100644 rules/haveged.make
> > 
> > diff --git 
> > a/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> >  
> > b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> > new file mode 100644
> > index 0..20a34b466
> > --- /dev/null
> > +++ 
> > b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> > @@ -0,0 +1,26 @@
> > +From: Robert Schwebel 
> > +Date: Thu, 29 Jun 2017 22:30:34 +0200
> > +Subject: [PATCH] configure.ac: fix handling for --enable-clock_gettime
> > +
> > +The logic for this configure option is broken; on ARM, we fall into the
> > +*) path and the logic decides that this option is not set, no matter if
> > +we set it or not.
> > +
> > +Signed-off-by: Robert Schwebel 
> > +---
> > + configure.ac | 2 ++
> > + 1 file changed, 2 insertions(+)
> > +
> > +diff --git a/configure.ac b/configure.ac
> > +index f8d76c106014..e4f17a80d876 100644
> > +--- a/configure.ac
> >  b/configure.ac
> > +@@ -175,6 +175,8 @@ case "$host" in
> > +  *)
> > + if test "x$enable_clock_gettime" = "xx"; then
> > +   enable_clock_gettime="yes"
> > ++elif test "x$enable_clock_gettime" = "xyes"; then
> > ++  enable_clock_gettime="yes"
> > + else
> > +   AC_MSG_ERROR([no timer source for host :"$host".])
> > + fi
> > diff --git 
> > a/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch 
> > b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> > new file mode 100644
> > index 0..6ae95fbb5
> > --- /dev/null
> > +++ b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> > @@ -0,0 +1,24 @@
> > +From: Robert Schwebel 
> > +Date: Thu, 29 Jun 2017 22:53:16 +0200
> > +Subject: [PATCH] init: fix path for systemd unit dir
> > +
> > +This branch was obviously not tested.
> > +
> > +Signed-off-by: Robert Schwebel 
> > +---
> > + init.d/Makefile.am | 2 +-
> > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > +
> > +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> > +index ca3ad1c1e854..bf86773176a6 100644
> > +--- a/init.d/Makefile.am
> >  b/init.d/Makefile.am
> > +@@ -37,7 +37,7 @@ install-data-hook:
> > + if ENABLE_SYSTEMD_LOOKUP
> > +   install -p -m644 haveged.service `pkg-config 
> > --variable=systemdsystemunitdir systemd`/haveged.service;
> > + else
> > +-  install -p -m644 haveged.service ($unit_dir)/haveged.service;
> > ++  install -p -m644 haveged.service $(unit_dir)/haveged.service;
> > + endif
> > +   systemctl enable haveged.service;
> > + 
> > diff --git 
> >

Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-06-30 Thread Michael Olbrich 
On Thu, Jun 29, 2017 at 11:49:26PM +0200, Robert Schwebel wrote:
> Add the haveged package.
> 
> Signed-off-by: Robert Schwebel 
> ---
>  ac-fix-handling-for-enable-clock_gettime.patch | 26 
>  .../0002-init-fix-path-for-systemd-unit-dir.patch  | 24 +++
>  ...nstallation-of-systemd-unit-file-DESTDIR-.patch | 28 
>  ...akefile.am-create-nonexisting-directories.patch | 31 +
>  ...file.am-do-not-call-systemd-during-compil.patch | 29 +
>  patches/haveged-1.9.1/autogen.sh   |  1 +
>  patches/haveged-1.9.1/series   |  8 +++
>  rules/haveged.in   |  7 ++
>  rules/haveged.make | 76 
> ++
>  9 files changed, 230 insertions(+)
>  create mode 100644 
> patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
>  create mode 100644 
> patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
>  create mode 100644 
> patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
>  create mode 100644 
> patches/haveged-1.9.1/0004-init.d-Makefile.am-create-nonexisting-directories.patch
>  create mode 100644 
> patches/haveged-1.9.1/0005-init.d-Makefile.am-do-not-call-systemd-during-compil.patch
>  create mode 12 patches/haveged-1.9.1/autogen.sh
>  create mode 100644 patches/haveged-1.9.1/series
>  create mode 100644 rules/haveged.in
>  create mode 100644 rules/haveged.make
> 
> diff --git 
> a/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
>  
> b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> new file mode 100644
> index 0..20a34b466
> --- /dev/null
> +++ 
> b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> @@ -0,0 +1,26 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:30:34 +0200
> +Subject: [PATCH] configure.ac: fix handling for --enable-clock_gettime
> +
> +The logic for this configure option is broken; on ARM, we fall into the
> +*) path and the logic decides that this option is not set, no matter if
> +we set it or not.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + configure.ac | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/configure.ac b/configure.ac
> +index f8d76c106014..e4f17a80d876 100644
> +--- a/configure.ac
>  b/configure.ac
> +@@ -175,6 +175,8 @@ case "$host" in
> +  *)
> + if test "x$enable_clock_gettime" = "xx"; then
> +   enable_clock_gettime="yes"
> ++elif test "x$enable_clock_gettime" = "xyes"; then
> ++  enable_clock_gettime="yes"
> + else
> +   AC_MSG_ERROR([no timer source for host :"$host".])
> + fi
> diff --git 
> a/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch 
> b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> new file mode 100644
> index 0..6ae95fbb5
> --- /dev/null
> +++ b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> @@ -0,0 +1,24 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:53:16 +0200
> +Subject: [PATCH] init: fix path for systemd unit dir
> +
> +This branch was obviously not tested.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + init.d/Makefile.am | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> +index ca3ad1c1e854..bf86773176a6 100644
> +--- a/init.d/Makefile.am
>  b/init.d/Makefile.am
> +@@ -37,7 +37,7 @@ install-data-hook:
> + if ENABLE_SYSTEMD_LOOKUP
> + install -p -m644 haveged.service `pkg-config 
> --variable=systemdsystemunitdir systemd`/haveged.service;
> + else
> +-install -p -m644 haveged.service ($unit_dir)/haveged.service;
> ++install -p -m644 haveged.service $(unit_dir)/haveged.service;
> + endif
> + systemctl enable haveged.service;
> + 
> diff --git 
> a/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
>  
> b/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
> new file mode 100644
> index 0..5a536871a
> --- /dev/null
> +++ 
> b/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
> @@ -0,0 +1,28 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:54:11 +0200
> +Subject: [PATCH] init: make installation of systemd unit file DESTDIR aware
> +
> +The installation currently does not care about a DESTDIR, which is
> +imporant when cross compiling.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + init.d/Makefile.am | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> +index bf86773176a6..2f92cb7fdde4 100644
> +---

Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-06-30 Thread Robert Schwebel 
On Fri, Jun 30, 2017 at 10:19:55AM +0200, Michael Olbrich wrote:
> > +   --enable-initdir=? \
> 
> --enable-initdir=/usr/lib/systemd/system
> 
> otherwise pkg-config is queried and that requires a dependency on systemd.

We open code this in several places now. Time for a variable?

rsc@leda:~/git/ptxdist$ git grep /usr/lib/systemd/system | wc -l
170

rsc
-- 
Pengutronix e.K.   | |
Industrial Linux Solutions | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0|
Amtsgericht Hildesheim, HRA 2686   | Fax:   +49-5121-206917- |

___
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-06-30 Thread Michael Olbrich 
On Thu, Jun 29, 2017 at 11:49:26PM +0200, Robert Schwebel wrote:
> Add the haveged package.
> 
> Signed-off-by: Robert Schwebel 
> ---
>  ac-fix-handling-for-enable-clock_gettime.patch | 26 
>  .../0002-init-fix-path-for-systemd-unit-dir.patch  | 24 +++
>  ...nstallation-of-systemd-unit-file-DESTDIR-.patch | 28 
>  ...akefile.am-create-nonexisting-directories.patch | 31 +
>  ...file.am-do-not-call-systemd-during-compil.patch | 29 +
>  patches/haveged-1.9.1/autogen.sh   |  1 +
>  patches/haveged-1.9.1/series   |  8 +++
>  rules/haveged.in   |  7 ++
>  rules/haveged.make | 76 
> ++
>  9 files changed, 230 insertions(+)
>  create mode 100644 
> patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
>  create mode 100644 
> patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
>  create mode 100644 
> patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
>  create mode 100644 
> patches/haveged-1.9.1/0004-init.d-Makefile.am-create-nonexisting-directories.patch
>  create mode 100644 
> patches/haveged-1.9.1/0005-init.d-Makefile.am-do-not-call-systemd-during-compil.patch
>  create mode 12 patches/haveged-1.9.1/autogen.sh
>  create mode 100644 patches/haveged-1.9.1/series
>  create mode 100644 rules/haveged.in
>  create mode 100644 rules/haveged.make
> 
> diff --git 
> a/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
>  
> b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> new file mode 100644
> index 0..20a34b466
> --- /dev/null
> +++ 
> b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> @@ -0,0 +1,26 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:30:34 +0200
> +Subject: [PATCH] configure.ac: fix handling for --enable-clock_gettime
> +
> +The logic for this configure option is broken; on ARM, we fall into the
> +*) path and the logic decides that this option is not set, no matter if
> +we set it or not.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + configure.ac | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/configure.ac b/configure.ac
> +index f8d76c106014..e4f17a80d876 100644
> +--- a/configure.ac
>  b/configure.ac
> +@@ -175,6 +175,8 @@ case "$host" in
> +  *)
> + if test "x$enable_clock_gettime" = "xx"; then
> +   enable_clock_gettime="yes"
> ++elif test "x$enable_clock_gettime" = "xyes"; then
> ++  enable_clock_gettime="yes"
> + else
> +   AC_MSG_ERROR([no timer source for host :"$host".])
> + fi
> diff --git 
> a/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch 
> b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> new file mode 100644
> index 0..6ae95fbb5
> --- /dev/null
> +++ b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> @@ -0,0 +1,24 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:53:16 +0200
> +Subject: [PATCH] init: fix path for systemd unit dir
> +
> +This branch was obviously not tested.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + init.d/Makefile.am | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> +index ca3ad1c1e854..bf86773176a6 100644
> +--- a/init.d/Makefile.am
>  b/init.d/Makefile.am
> +@@ -37,7 +37,7 @@ install-data-hook:
> + if ENABLE_SYSTEMD_LOOKUP
> + install -p -m644 haveged.service `pkg-config 
> --variable=systemdsystemunitdir systemd`/haveged.service;
> + else
> +-install -p -m644 haveged.service ($unit_dir)/haveged.service;
> ++install -p -m644 haveged.service $(unit_dir)/haveged.service;
> + endif
> + systemctl enable haveged.service;
> + 
> diff --git 
> a/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
>  
> b/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
> new file mode 100644
> index 0..5a536871a
> --- /dev/null
> +++ 
> b/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
> @@ -0,0 +1,28 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:54:11 +0200
> +Subject: [PATCH] init: make installation of systemd unit file DESTDIR aware
> +
> +The installation currently does not care about a DESTDIR, which is
> +imporant when cross compiling.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + init.d/Makefile.am | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> +index bf86773176a6..2f92cb7fdde4 100644
> +---

Re: [ptxdist] [PATCH] haveged: add entropy daemon

2017-06-30 Thread Alexander Dahl 
Hei hei,

tested this without systemd on top of a recent ptxdist 2017.06.0 based
BSP with the sysv init script from buildroot. The usual 'random: crng
init done' message on the serial konsole comes a lot earlier now, so I
guess it works. ;-)

Besides: is there any way to have this random generator stuff
certainly ready before generating dropbear keys (rc-once)?

Greets
Alex

Tested-by: Alexander Dahl 

On Thu, Jun 29, 2017 at 11:49:26PM +0200, Robert Schwebel wrote:
> Add the haveged package.
> 
> Signed-off-by: Robert Schwebel 
> ---
>  ac-fix-handling-for-enable-clock_gettime.patch | 26 
>  .../0002-init-fix-path-for-systemd-unit-dir.patch  | 24 +++
>  ...nstallation-of-systemd-unit-file-DESTDIR-.patch | 28 
>  ...akefile.am-create-nonexisting-directories.patch | 31 +
>  ...file.am-do-not-call-systemd-during-compil.patch | 29 +
>  patches/haveged-1.9.1/autogen.sh   |  1 +
>  patches/haveged-1.9.1/series   |  8 +++
>  rules/haveged.in   |  7 ++
>  rules/haveged.make | 76 
> ++
>  9 files changed, 230 insertions(+)
>  create mode 100644 
> patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
>  create mode 100644 
> patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
>  create mode 100644 
> patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
>  create mode 100644 
> patches/haveged-1.9.1/0004-init.d-Makefile.am-create-nonexisting-directories.patch
>  create mode 100644 
> patches/haveged-1.9.1/0005-init.d-Makefile.am-do-not-call-systemd-during-compil.patch
>  create mode 12 patches/haveged-1.9.1/autogen.sh
>  create mode 100644 patches/haveged-1.9.1/series
>  create mode 100644 rules/haveged.in
>  create mode 100644 rules/haveged.make
> 
> diff --git 
> a/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
>  
> b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> new file mode 100644
> index 0..20a34b466
> --- /dev/null
> +++ 
> b/patches/haveged-1.9.1/0001-configure.ac-fix-handling-for-enable-clock_gettime.patch
> @@ -0,0 +1,26 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:30:34 +0200
> +Subject: [PATCH] configure.ac: fix handling for --enable-clock_gettime
> +
> +The logic for this configure option is broken; on ARM, we fall into the
> +*) path and the logic decides that this option is not set, no matter if
> +we set it or not.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + configure.ac | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/configure.ac b/configure.ac
> +index f8d76c106014..e4f17a80d876 100644
> +--- a/configure.ac
>  b/configure.ac
> +@@ -175,6 +175,8 @@ case "$host" in
> +  *)
> + if test "x$enable_clock_gettime" = "xx"; then
> +   enable_clock_gettime="yes"
> ++elif test "x$enable_clock_gettime" = "xyes"; then
> ++  enable_clock_gettime="yes"
> + else
> +   AC_MSG_ERROR([no timer source for host :"$host".])
> + fi
> diff --git 
> a/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch 
> b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> new file mode 100644
> index 0..6ae95fbb5
> --- /dev/null
> +++ b/patches/haveged-1.9.1/0002-init-fix-path-for-systemd-unit-dir.patch
> @@ -0,0 +1,24 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:53:16 +0200
> +Subject: [PATCH] init: fix path for systemd unit dir
> +
> +This branch was obviously not tested.
> +
> +Signed-off-by: Robert Schwebel 
> +---
> + init.d/Makefile.am | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> +index ca3ad1c1e854..bf86773176a6 100644
> +--- a/init.d/Makefile.am
>  b/init.d/Makefile.am
> +@@ -37,7 +37,7 @@ install-data-hook:
> + if ENABLE_SYSTEMD_LOOKUP
> + install -p -m644 haveged.service `pkg-config 
> --variable=systemdsystemunitdir systemd`/haveged.service;
> + else
> +-install -p -m644 haveged.service ($unit_dir)/haveged.service;
> ++install -p -m644 haveged.service $(unit_dir)/haveged.service;
> + endif
> + systemctl enable haveged.service;
> + 
> diff --git 
> a/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
>  
> b/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
> new file mode 100644
> index 0..5a536871a
> --- /dev/null
> +++ 
> b/patches/haveged-1.9.1/0003-init-make-installation-of-systemd-unit-file-DESTDIR-.patch
> @@ -0,0 +1,28 @@
> +From: Robert Schwebel 
> +Date: Thu, 29 Jun 2017 22:54:11 +0200
> +Subject: [PATCH] init: make