Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package haveged for openSUSE:Factory checked
in at 2022-02-17 23:39:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haveged (Old)
and /work/SRC/openSUSE:Factory/.haveged.new.1958 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haveged"
Thu Feb 17 23:39:52 2022 rev:63 rq:955204 version:1.9.17
Changes:
--------
--- /work/SRC/openSUSE:Factory/haveged/haveged.changes 2021-11-23
22:12:37.334470768 +0100
+++ /work/SRC/openSUSE:Factory/.haveged.new.1958/haveged.changes
2022-02-17 23:40:33.755700897 +0100
@@ -1,0 +2,21 @@
+Tue Feb 15 15:22:09 UTC 2022 - Otto Hollmann <otto.hollm...@suse.com>
+
+- Update to v1.9.17:
+ * Added new verbose mode [Jirka Hladky]
+ * haveged-once.service - use @SBIN_DIR@ instead of hard-coded path [Jirka
Hladky]
+
+- Changes for version v1.9.16:
+ * Allow newuname syscall [Jirka Hladky]
+ * Fix: haveged cannot be run as an application if also running as a daemon
[G??nther Brunthaler]
+ * Add entropy unconditionally at the start and then every 60 seconds [Jirka
Hladky]
+ * New parameter --once to refill entropy once and quit immediately [Jirka
Hladky]
+ * Added haveged-once.service to provide entropy once (intended for
initramfs) [Jirka Hladky]
+
+- Changes for version v1.9.15:
+ * Check for sys/auxv.h before using it. [Peter Seiderer]
+ * fix build on uclibc (origin/pr/58) [Pierre-Jean Texier]
+ * Improved make check tests [Jirka Hladky]
+ * Removed old init.d files. Configs are under contrib directory [Jirka
Hladky]
+ * Support for Linux kernel LRNG patch set
+
+-------------------------------------------------------------------
Old:
----
haveged-1.9.14.tar.gz
New:
----
haveged-1.9.17.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haveged.spec ++++++
--- /var/tmp/diff_new_pack.LqK3ZB/_old 2022-02-17 23:40:34.403700892 +0100
+++ /var/tmp/diff_new_pack.LqK3ZB/_new 2022-02-17 23:40:34.415700892 +0100
@@ -1,7 +1,7 @@
#
# spec file for package haveged
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir
udev)/rules.d }
Name: haveged
-Version: 1.9.14
+Version: 1.9.17
Release: 0
Summary: Daemon for feeding entropy into the random pool
License: GPL-3.0-only
++++++ 90-haveged.rules ++++++
--- /var/tmp/diff_new_pack.LqK3ZB/_old 2022-02-17 23:40:34.443700891 +0100
+++ /var/tmp/diff_new_pack.LqK3ZB/_new 2022-02-17 23:40:34.443700891 +0100
@@ -1,3 +1,6 @@
+# Start the haveged service as soon as the random device is available
+# to avoid starting other services while starved of entropy
+
ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd",
ENV{SYSTEMD_WANTS}+="haveged.service"
++++++ haveged-1.9.14.tar.gz -> haveged-1.9.17.tar.gz ++++++
++++ 2922 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/ChangeLog new/haveged-1.9.17/ChangeLog
--- old/haveged-1.9.14/ChangeLog 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/ChangeLog 2022-01-08 19:47:03.000000000 +0100
@@ -1,3 +1,21 @@
+v1.9.17 (Jan 08, 2022)
+* Added new verbose mode [Jirka Hladky]
+* haveged-once.service - use @SBIN_DIR@ instead of hard-coded path [Jirka
Hladky]
+
+v1.9.16 (Jan 02, 2022)
+* Allow newuname syscall [Jirka Hladky]
+* Fix: haveged cannot be run as an application if also running as a daemon
[G??nther Brunthaler]
+* Add entropy unconditionally at the start and then every 60 seconds [Jirka
Hladky]
+* New parameter --once to refill entropy once and quit immediately [Jirka
Hladky]
+* Added haveged-once.service to provide entropy once (intended for initramfs)
[Jirka Hladky]
+
+v1.9.15 (Sep 30, 2021)
+* Check for sys/auxv.h before using it. [Peter Seiderer]
+* fix build on uclibc (origin/pr/58) [Pierre-Jean Texier]
+* Improved make check tests [Jirka Hladky]
+* Removed old init.d files. Configs are under contrib directory [Jirka Hladky]
+* Support for Linux kernel LRNG patch set
+
v1.9.14 (Jan 01, 2021)
* made enttest configurable
* havegecmd.c - new command added to close the communication socket [Werner
Fink]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/Makefile.am new/haveged-1.9.17/Makefile.am
--- old/haveged-1.9.14/Makefile.am 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/Makefile.am 2022-01-08 19:47:03.000000000 +0100
@@ -1,8 +1,7 @@
## Process this file with automake to produce Makefile.in
# Files to be included in distribution
-EXTRA_DIST = ent/entitle.gif init.d/service.fedora init.d/service.redhat \
- init.d/sysv.lsb init.d/sysv.redhat nist/template9 \
+EXTRA_DIST = ent/entitle.gif nist/template9 \
contrib/diags/data_prep.c contrib/diags/bins.p
contrib/diags/inc.p \
contrib/diags/lognorm.r contrib/diags/lognorm.sh \
haveged.spec contrib/build/build.sh contrib/build/lib.spec
contrib/build/nolib.spec \
@@ -12,7 +11,7 @@
EXTRA_PROGRAMS = ent/entest nist/nist
# Build install script and tests as necessary
-SUBDIRS = src init.d man ent nist
+SUBDIRS = src man ent nist
# check entire package
DISTCHECK_CONFIGURE_FLAGS = "--enable-nistest"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/NEWS new/haveged-1.9.17/NEWS
--- old/haveged-1.9.14/NEWS 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/NEWS 2022-01-08 19:47:03.000000000 +0100
@@ -1,3 +1,5 @@
+Please see ChangeLog for the latest NEWS.
+
v1.9.8 (Sep 30, 2019)
* Various bug fixes - please see ChangeLog for the detailed list of changes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/README new/haveged-1.9.17/README
--- old/haveged-1.9.14/README 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/README 2022-01-08 19:47:03.000000000 +0100
@@ -136,12 +136,10 @@
1. --enable-clock_gettime (default 'no' for recognized hosts)
2. --enable-daemon (default 'yes' if Linux)
3. --enable-diagnostic (default 'no')
-4. --enable-init (type, default 'no')
-5. --enable-initdir (default '' unless enable--init="service.*")
-6. --enable-nistest (default 'no' but recommended)
-7. --enable-olt (default 'yes')
-8. --enable-threads (experimental)
-9. --enable-tune (default 'yes')
+4. --enable-nistest (default 'no' but recommended)
+5. --enable-olt (default 'yes')
+6. --enable-threads (experimental)
+7. --enable-tune (default 'yes')
Detailed option information is available by typing "./configure --help". For
options xxx that take "yes/no" arguments, --disable-xxx may be used as the
@@ -170,15 +168,6 @@
the option to 'capture' or 'inject'. A setting for any value other than 'no'
for this option forces --enable-daemon=no. See DIAGNOSTICS below for details.
-The --enable-init option is active only when --enable-daemon is 'yes'. This
-value can specify a template to be used in the installation of an init method
-by the build's install target. The default value, 'no', disables the feature.
-Other values can be used to install a traditional systemv init script or
-systemd unit definition. See INSTALLATION for details.
-
-The --enable-initdir is active only when --enable-init='service.*', i.e. a
-systemd install. See INSTALLATION for details.
-
The --enable-nistest option enables more thorough testing for the check target.
See CHECKING for details.
@@ -256,7 +245,7 @@
Users are encouraged to run their own external tests. The --number==0 option is
a convenient means to pipe haveged output into external suites such as
Dieharder,
-the TESTU01 batteries, or PractRand.
+the TESTU01 batteries, or PractRand.
RUNNING haveged
@@ -333,7 +322,7 @@
build option flags represent the ./configure options as:
C=clock_gettime, D=diagnostic I=tune with cpuid, M=multi-core, T=online
tests, V=tune with vfs
-
+
tuning sources are:
D=default value, P=instance parameter, C=cpuid present,
H=hyperthreading, A=AMD cpuid, A5=AMD fn5, A6=AMD fn6, A8=AMD fn8
@@ -369,7 +358,7 @@
<action> is either 'retry' or 'fail'
<bytes> is number of bytes processed in procedure before failure
<fill> is the number of times the buffer was filled
-
+
The exec summary is logged upon error or signal terminations. Other log output
is
controlled by --verbose:
@@ -423,38 +412,6 @@
is provided for the libtool build. If the daemon interface is enabled, the
executable is installed in automake's sbin_PROGRAMS directory.
-If the daemon interface is enabled, the --enable-init setting provides a simple
-template system to setup the init method. If --enable-init is set to none
-no action is taken. Otherwise, the template must reside in the init.d build
-directory and is selected by the setting. Template names "service.*" indicate
-that a systemd style init, while template names "sysv.*" are used for sysv
-style init scripts.
-
-Sample sysv style templates are provided for linux standard base, sysv.lsb,
-and redhat systems, sysv.redhat , such as centos which have not moved to
-systemd style inits.
-
-For systemd style installs, --enable-initdir specifies the systemd unit
-directory. If the setting is not specified (or is ''), the default value is
-obtained from hosts pkg-config query for systemdsystemunitdir. Sample systemd
-templates are provided for forking, service.forking, and non-forking,
-service.fedora, configurations. The non-forking configuration is recommended to
-avoid the overhead of PID file and minimize start-up cost.
-
-Examples:
-
-./configure --enable-init=service.redhat
-./configure --enable-init=sysv.lsb
-
-Custom init scripts can be added as necessary by adding templates to the
-init.d directory.
-
-A sample file, haveged.spec, is provided in the build root as a guide for
-those who want to build a rpm. As with init scripts, the sample may need
-customization before use. Other SPEC file examples can be found in the
-contrib directory (see EXTRAS for details).
-
-
EXTRAS
The contrib directory contains bits and pieces that are not integrated into the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/README.md new/haveged-1.9.17/README.md
--- old/haveged-1.9.14/README.md 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/README.md 2022-01-08 19:47:03.000000000 +0100
@@ -2,6 +2,23 @@
Haveged, an entropy source
+IMPORTANT UPDATE
+
+Starting from Linux kernel v5.6, the HAVEGED **service** has become obsolete.
The userspace application as well as the haveged library are not affected.
There are two main reasons for that:
+
+1) The mainline??Linux Kernel has now HAVEGED algorithm build in internally,
see??the [LKML article.](
https://lore.kernel.org/lkml/alpine.deb.2.21.1909290010500.2...@nanos.tec.linutronix.de/T/)
+
+2) Furthermore, as soon as the??CRNG (the Linux cryptographic-strength random
number generator) gets ready,??`/dev/random` does not block on reads
anymore.??See the [kernel
commit.](https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32)
+
+I'm happy that these changes made it into the mainline??kernel. It's nice to
see that the main idea behind HAVEGED has sustained time test- it was published
already in 2003
[here.](https://www.irisa.fr/caps/projects/hipsor/publications/havege-tomacs.pdf)
+
+I'm also glad that the HAVEGE algorithm is being further explored and examined
- see the [CPU Jitter Random Number
Generator.](https://www.chronox.de/jent.html)
+
+I will keep maintaining HAVEGED - there are a couple??of reasons for that:
+* Most Linux installations are still running on the older kernel versions.??
+* HAVEGED can also be used as the userspace RNG to generate random numbers.
See??`man -S8 haveged` for examples or try running `haveged -n 0 | pv >
/dev/null`
+* Last but not least, HAVEGED can be used as the RNG library.??
+
INTRODUCTION
Complete documentation on haveged can be found at
http://www.issihosts.com/haveged/
@@ -137,12 +154,10 @@
1. --enable-clock_gettime (default 'no' for recognized hosts)
2. --enable-daemon (default 'yes' if Linux)
3. --enable-diagnostic (default 'no')
-4. --enable-init (type, default 'no')
-5. --enable-initdir (default '' unless enable--init="service.*")
-6. --enable-nistest (default 'no' but recommended)
-7. --enable-olt (default 'yes')
-8. --enable-threads (experimental)
-9. --enable-tune (default 'yes')
+4. --enable-nistest (default 'no' but recommended)
+5. --enable-olt (default 'yes')
+6. --enable-threads (experimental)
+7. --enable-tune (default 'yes')
Detailed option information is available by typing "./configure --help". For
options xxx that take "yes/no" arguments, --disable-xxx may be used as the
@@ -171,15 +186,6 @@
the option to 'capture' or 'inject'. A setting for any value other than 'no'
for this option forces --enable-daemon=no. See DIAGNOSTICS below for details.
-The --enable-init option is active only when --enable-daemon is 'yes'. This
-value can specify a template to be used in the installation of an init method
-by the build's install target. The default value, 'no', disables the feature.
-Other values can be used to install a traditional systemv init script or
-systemd unit definition. See INSTALLATION for details.
-
-The --enable-initdir is active only when --enable-init='service.*', i.e. a
-systemd install. See INSTALLATION for details.
-
The --enable-nistest option enables more thorough testing for the check target.
See CHECKING for details.
@@ -238,9 +244,9 @@
NIST to review the detailed results. AIS31 provides recommendations for the
NIST test suite as 'additional tests'. See testing documentation at
http://www.issihosts.com/haveged/ais31.html for further information.
-
+
The "quick" test is always part of the check target. The NIST suite is run only
-when --enable-nistest is 'yes'.
+when --enable-nistest is 'yes'.
Both checks function the same way, haveged is run to collect a sample file in
the test directory which is then analyzed by the test program. A pass-fail
return
@@ -257,7 +263,7 @@
Users are encouraged to run their own external tests. The --number==0 option is
a convenient means to pipe haveged output into external suites such as
Dieharder,
-the TESTU01 batteries, or PractRand.
+the TESTU01 batteries, or PractRand.
RUNNING haveged
@@ -334,7 +340,7 @@
build option flags represent the ./configure options as:
C=clock_gettime, D=diagnostic I=tune with cpuid, M=multi-core, T=online
tests, V=tune with vfs
-
+
tuning sources are:
D=default value, P=instance parameter, C=cpuid present,
H=hyperthreading, A=AMD cpuid, A5=AMD fn5, A6=AMD fn6, A8=AMD fn8
@@ -370,7 +376,7 @@
<action> is either 'retry' or 'fail'
<bytes> is number of bytes processed in procedure before failure
<fill> is the number of times the buffer was filled
-
+
The exec summary is logged upon error or signal terminations. Other log output
is
controlled by --verbose:
@@ -424,38 +430,6 @@
is provided for the libtool build. If the daemon interface is enabled, the
executable is installed in automake's sbin_PROGRAMS directory.
-If the daemon interface is enabled, the --enable-init setting provides a simple
-template system to setup the init method. If --enable-init is set to none
-no action is taken. Otherwise, the template must reside in the init.d build
-directory and is selected by the setting. Template names "service.*" indicate
-that a systemd style init, while template names "sysv.*" are used for sysv
-style init scripts.
-
-Sample sysv style templates are provided for linux standard base, sysv.lsb,
-and redhat systems, sysv.redhat , such as centos which have not moved to
-systemd style inits.
-
-For systemd style installs, --enable-initdir specifies the systemd unit
-directory. If the setting is not specified (or is ''), the default value is
-obtained from hosts pkg-config query for systemdsystemunitdir. Sample systemd
-templates are provided for forking, service.forking, and non-forking,
-service.fedora, configurations. The non-forking configuration is recommended to
-avoid the overhead of PID file and minimize start-up cost.
-
-Examples:
-
-./configure --enable-init=service.redhat
-./configure --enable-init=sysv.lsb
-
-Custom init scripts can be added as necessary by adding templates to the
-init.d directory.
-
-A sample file, haveged.spec, is provided in the build root as a guide for
-those who want to build a rpm. As with init scripts, the sample may need
-customization before use. Other SPEC file examples can be found in the
-contrib directory (see EXTRAS for details).
-
-
EXTRAS
The contrib directory contains bits and pieces that are not integrated into the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/config/compile new/haveged-1.9.17/config/compile
--- old/haveged-1.9.14/config/compile 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/config/compile 2022-01-08 19:47:03.000000000 +0100
@@ -3,7 +3,7 @@
scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1999-2018 Free Software Foundation, Inc.
+# Copyright (C) 1999-2020 Free Software Foundation, Inc.
# Written by Tom Tromey <tro...@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -53,7 +53,7 @@
MINGW*)
file_conv=mingw
;;
- CYGWIN*)
+ CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
@@ -67,7 +67,7 @@
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
- cygwin/*)
+ cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/config/missing new/haveged-1.9.17/config/missing
--- old/haveged-1.9.14/config/missing 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/config/missing 2022-01-08 19:47:03.000000000 +0100
@@ -3,7 +3,7 @@
scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/config.h.in new/haveged-1.9.17/config.h.in
--- old/haveged-1.9.14/config.h.in 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/config.h.in 2022-01-08 19:47:03.000000000 +0100
@@ -33,6 +33,9 @@
/* Define to 1 if you have the `floor' function. */
#undef HAVE_FLOOR
+/* Define to 1 if you have the `getauxval' function. */
+#undef HAVE_GETAUXVAL
+
/* Define to 1 if you have the `getsockopt' function. */
#undef HAVE_GETSOCKOPT
@@ -138,6 +141,9 @@
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
+/* Define to 1 if you have the <sys/auxv.h> header file. */
+#undef HAVE_SYS_AUXV_H
+
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
@@ -186,9 +192,6 @@
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
-/* Define to 1 to suppress daemon interface */
-#undef NO_DAEMON
-
/* Define to single collection thread */
#undef NUMBER_CORES
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/configure.ac new/haveged-1.9.17/configure.ac
--- old/haveged-1.9.14/configure.ac 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/configure.ac 2022-01-08 19:47:03.000000000 +0100
@@ -3,7 +3,7 @@
## Minimum Autoconf version
AC_PREREQ([2.59])
-AC_INIT([haveged],[1.9.14])
+AC_INIT([haveged],[1.9.17])
AC_CONFIG_AUX_DIR(config)
AC_USE_SYSTEM_EXTENSIONS
AC_CONFIG_HEADER([config.h])
@@ -49,14 +49,6 @@
enable_daemon="no";
fi
-## Make init configurable
-AC_ARG_ENABLE(init,
- AS_HELP_STRING([--enable-init=[type]],[Enable service.* or sysv.* template
[default=no]]),
- , enable_init="no" )
-AC_ARG_ENABLE(initdir,
- AS_HELP_STRING([--enable-initdir=DIR], [Directory for systemd service files
[default=pkg-config var if init==service.*]]),
- , enable_initdir="?")
-
## Make nist self-test configurable
AC_ARG_ENABLE(nistest,
AS_HELP_STRING([--enable-nistest=[no/yes]],[Run NIST test suite
[default=no]]),
@@ -110,7 +102,7 @@
AC_PROG_GCC_TRADITIONAL
AC_FUNC_SELECT_ARGTYPES
AC_TYPE_SIGNAL
-AC_CHECK_FUNCS([__rdtsc accept accept4 bind connect execv floor getsockopt
gettimeofday listen memset pow pselect recv sched_yield select send setsockopt
socket sqrt])
+AC_CHECK_FUNCS([__rdtsc accept accept4 bind connect execv floor getauxval
getsockopt gettimeofday listen memset pow pselect recv sched_yield select send
setsockopt socket sqrt])
## Checks for header files.
AC_HEADER_STDC
@@ -124,7 +116,9 @@
AC_CHECK_HEADERS(stdio.h)
AC_CHECK_HEADERS(stdlib.h)
AC_CHECK_HEADERS(string.h)
+AC_CHECK_HEADERS([sys/auxv.h])
AC_CHECK_HEADERS(sys/ioctl.h)
+AC_CHECK_HEADERS(sys/auxv.h)
AC_CHECK_HEADERS(sys/mman.h)
AC_CHECK_HEADERS(sys/types.h)
AC_CHECK_HEADERS(sys/socket.h)
@@ -218,34 +212,9 @@
fi
-## Determine init type
-
-if test "$daemon_type" = "none"; then
- AC_DEFINE(NO_DAEMON, 1, [Define to 1 to suppress daemon interface])
- init_type="none"
-else
- case "$enable_init" in
- service.*)
- init_type="systemd"
- ;;
- sysv.*)
- init_type="sysv"
- ;;
- *)
- init_type="none"
- ;;
-esac
-fi
-
## Fixup install and test options
-AC_SUBST(HA_DISTRO,$enable_init)
-AC_SUBST(HA_UNITD,$enable_initdir)
AM_CONDITIONAL(ENABLE_BIN, test "$daemon_type" = "none")
-AM_CONDITIONAL(ENABLE_SYSV, test "$init_type" = "sysv")
-AM_CONDITIONAL(ENABLE_SYSTEMD, test "$init_type" = "systemd")
-AM_CONDITIONAL(ENABLE_SYSTEMD_LOOKUP, test "$enable_initdir" = "?")
-AM_CONDITIONAL(ENABLE_NOINIT, test "$init_type" = "none")
AM_CONDITIONAL(ENABLE_ENT_TEST, test "$enable_enttest" = "yes")
AM_CONDITIONAL(ENABLE_NIST_TEST, test "$enable_nistest" = "yes")
@@ -256,7 +225,6 @@
AC_CONFIG_FILES([Makefile
src/Makefile
man/Makefile
- init.d/Makefile
ent/Makefile
nist/Makefile])
AC_OUTPUT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/contrib/Fedora/haveged-once.service
new/haveged-1.9.17/contrib/Fedora/haveged-once.service
--- old/haveged-1.9.14/contrib/Fedora/haveged-once.service 1970-01-01
01:00:00.000000000 +0100
+++ new/haveged-1.9.17/contrib/Fedora/haveged-once.service 2022-01-08
19:47:03.000000000 +0100
@@ -0,0 +1,31 @@
+[Unit]
+Description=Entropy Daemon based on the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --once --Foreground
+SuccessExitStatus=137 143
+
+SecureBits=noroot-locked
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
+# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
+PrivateTmp=false
+PrivateDevices=true
+# We can *not* set PrivateNetwork=true to allow command mode (chroot when
included in initramfs)
+#PrivateNetwork=true
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+RestrictNamespaces=true
+RestrictRealtime=true
+
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@mount
+SystemCallErrorNumber=EPERM
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/contrib/Fedora/haveged-switch-root.service
new/haveged-1.9.17/contrib/Fedora/haveged-switch-root.service
--- old/haveged-1.9.14/contrib/Fedora/haveged-switch-root.service
2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/contrib/Fedora/haveged-switch-root.service
2022-01-08 19:47:03.000000000 +0100
@@ -1,6 +1,7 @@
[Unit]
Description=Tell haveged about new root
DefaultDependencies=no
+ConditionKernelVersion=<5.6
ConditionPathExists=/etc/initrd-release
Before=initrd-switch-root.service
JoinsNamespaceOf=haveged.service
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/contrib/Fedora/haveged.conf
new/haveged-1.9.17/contrib/Fedora/haveged.conf
--- old/haveged-1.9.14/contrib/Fedora/haveged.conf 1970-01-01
01:00:00.000000000 +0100
+++ new/haveged-1.9.17/contrib/Fedora/haveged.conf 2022-01-08
19:47:03.000000000 +0100
@@ -0,0 +1 @@
+add_dracutmodules+=" haveged "
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/contrib/Fedora/haveged.service
new/haveged-1.9.17/contrib/Fedora/haveged.service
--- old/haveged-1.9.14/contrib/Fedora/haveged.service 2021-01-03
00:26:40.000000000 +0100
+++ new/haveged-1.9.17/contrib/Fedora/haveged.service 2022-01-08
19:47:03.000000000 +0100
@@ -2,11 +2,12 @@
Description=Entropy Daemon based on the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
DefaultDependencies=no
+ConditionKernelVersion=<5.6
After=systemd-tmpfiles-setup-dev.service
Before=sysinit.target shutdown.target systemd-journald.service
[Service]
-ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground -v 64
Restart=always
SuccessExitStatus=137 143
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/contrib/Fedora/haveged.spec
new/haveged-1.9.17/contrib/Fedora/haveged.spec
--- old/haveged-1.9.14/contrib/Fedora/haveged.spec 2021-01-03
00:26:40.000000000 +0100
+++ new/haveged-1.9.17/contrib/Fedora/haveged.spec 2022-01-08
19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
%define dracutlibdir lib/dracut
Summary: A Linux entropy source using the HAVEGE algorithm
Name: haveged
-Version: 1.9.14
+Version: 1.9.15
Release: 1%{?dist}
License: GPLv3+
URL: https://github.com/jirka-h/haveged
@@ -11,7 +11,7 @@
Requires(postun): systemd
BuildRequires: gcc
-BuildRequires: automake coreutils glibc-common systemd-units
+BuildRequires: make automake coreutils glibc-common systemd-units
Enhances: apache2 gpg2 openssl openvpn php5 smtp_daemon systemd
%description
@@ -21,7 +21,7 @@
standard mechanisms for harvesting randomness for the system entropy
pool. This is important in systems with high entropy needs or limited
user interaction (e.g. headless servers).
-
+
Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)
to maintain a 1M pool of random bytes used to fill /dev/random
whenever the supply of random bits in /dev/random falls below the low
@@ -101,7 +101,20 @@
%changelog
-* Sun Jun 28 2020 Jirka Hladky <hladky.j...@gmail.com> - 1.9.14-1
+* Thu Sep 30 2021 Jirka Hladky <hladky.j...@gmail.com> - 1.9.15-1
+ - Update to 1.9.15
+
+* Thu Jul 22 2021 Fedora Release Engineering <rel...@fedoraproject.org> -
1.9.14-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 02 2021 Zbigniew J??drzejewski-Szmek <zbys...@in.waw.pl> - 1.9.14-4
+- Rebuilt for updated systemd-rpm-macros
+ See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> -
1.9.14-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Jan 3 2021 Jirka Hladky <hladky.j...@gmail.com> - 1.9.14-2
- Update to 1.9.14
- BZ1835006 - Added dracut module
- Start the service as soon as the random device is available with
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/contrib/SUSE/haveged-switch-root.service
new/haveged-1.9.17/contrib/SUSE/haveged-switch-root.service
--- old/haveged-1.9.14/contrib/SUSE/haveged-switch-root.service 2021-01-03
00:26:40.000000000 +0100
+++ new/haveged-1.9.17/contrib/SUSE/haveged-switch-root.service 2022-01-08
19:47:03.000000000 +0100
@@ -1,6 +1,7 @@
[Unit]
Description=Tell haveged about new root
DefaultDependencies=no
+ConditionKernelVersion=<5.6
ConditionPathExists=/etc/initrd-release
Before=initrd-switch-root.service
JoinsNamespaceOf=haveged.service
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/ent/Makefile.am new/haveged-1.9.17/ent/Makefile.am
--- old/haveged-1.9.14/ent/Makefile.am 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/ent/Makefile.am 2022-01-08 19:47:03.000000000 +0100
@@ -10,13 +10,14 @@
entest_SOURCES = entest.c iso8859.c randtest.c chisq.c iso8859.h randtest.h
-CLEANFILES = sample
+CLEANFILES = sample *log
+clean-local:
+ rm -rf chi_square
MAINTAINERCLEANFILES = Makefile.in
if ENABLE_ENT_TEST
check-local:
./entest -t ${srcdir}/entitle.gif
- ../src/haveged -n 16384k -v 1 $*
- ./entest -vf sample
+ ./test.sh
endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/ent/examine_chi_square.R
new/haveged-1.9.17/ent/examine_chi_square.R
--- old/haveged-1.9.14/ent/examine_chi_square.R 1970-01-01 01:00:00.000000000
+0100
+++ new/haveged-1.9.17/ent/examine_chi_square.R 2022-01-08 19:47:03.000000000
+0100
@@ -0,0 +1,13 @@
+d <- read.table('chi.txt', header = FALSE, sep = "", dec = ".")
+summary(d)
+h <- hist(d[,1],breaks=20)
+chisq.test(h$counts)
+h$counts=h$counts/sum(h$counts)
+x11()
+plot(h, col = "gray")
+curve(100/length(h$counts)*dunif(x,0,100),add=TRUE, col="red")
+x11()
+ks.test(d[,1], "punif", 0, 100)
+plot(ecdf(d[,1]))
+curve(punif(x, 0, 100), add=TRUE, col="red")
+#locator(1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/ent/examine_chi_square.sh
new/haveged-1.9.17/ent/examine_chi_square.sh
--- old/haveged-1.9.14/ent/examine_chi_square.sh 1970-01-01
01:00:00.000000000 +0100
+++ new/haveged-1.9.17/ent/examine_chi_square.sh 2022-01-08
19:47:03.000000000 +0100
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+#for i in $(seq -w 1000); do
+# ./entest -vf <(head -c 16M /dev/random) > "${i}_linux.log"
+#done
+
+mkdir chi_square
+pushd chi_square || exit 1
+for i in $(seq -w 1000); do
+ ../entest -vf <(../../src/haveged -n 16384k -f -) > "${i}_haveged.log"
+done
+
+grep -Poh "Chi-Square: .*\(\K[0-9.]+" ./*haveged.log > ./chi.txt
+R --vanilla <../examine_chi_square.R > examine_chi_square.summary
+popd || exit 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/ent/test.sh new/haveged-1.9.17/ent/test.sh
--- old/haveged-1.9.14/ent/test.sh 1970-01-01 01:00:00.000000000 +0100
+++ new/haveged-1.9.17/ent/test.sh 2022-01-08 19:47:03.000000000 +0100
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+runs=10
+for i in $(seq -w "$runs"); do
+ ./entest -vf <(../src/haveged -n 16384k -f -) > "${i}_entest.log"
+done
+
+fails=$(grep Fail ./*_entest.log | wc -l)
+
+if (( fails > 2 )); then
+ echo "Total $fails in $runs"
+ grep Fail ./*_entest.log
+ echo "Marking the whole test as failed"
+ exit 255
+else
+ echo "Test passed!"
+fi
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/init.d/Makefile.am new/haveged-1.9.17/init.d/Makefile.am
--- old/haveged-1.9.14/init.d/Makefile.am 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/init.d/Makefile.am 1970-01-01 01:00:00.000000000
+0100
@@ -1,45 +0,0 @@
-## Process this file with automake to produce Makefile.in.
-
-EXTRA_DIST = service.fedora service.forking service.redhat service.suse
sysv.lsb sysv.redhat
-
-MAINTAINERCLEANFILES = Makefile.in
-
-CLEANFILES = haveged haveged.service
-
-do_subst = sed -e 's,[@]SBIN_DIR[@],$(sbindir),g'
-src_tmpl = @HA_DISTRO@
-unit_dir = @HA_UNITD@
-
-if ENABLE_NOINIT
-## user will install manually.
-install-exec-hook:
- @echo "no init script installed";
-endif
-
-if ENABLE_SYSV
-## legacy init script - installation via automake defaults
-
-initdir = $(sysconfdir)/init.d
-init_SCRIPTS = haveged
-
-haveged: $(src_tmpl) Makefile
- $(do_subst) < $(srcdir)/$(src_tmpl) > haveged;
-
-endif
-
-if ENABLE_SYSTEMD
-## systemd script - lookup unitdir if not specified
-
-install-exec-hook:
- $(do_subst) < $(srcdir)/$(src_tmpl) > haveged.service;
-
-install-data-hook: install-exec-hook
-if ENABLE_SYSTEMD_LOOKUP
- install -p -D -m644 haveged.service $(DESTDIR)`pkg-config
--variable=systemdsystemunitdir systemd`/haveged.service;
-else
- install -p -D -m644 haveged.service
$(DESTDIR)$(unit_dir)/haveged.service;
-endif
-## Defer systemd call to for cross-compile case
-## systemctl enable haveged.service;
-
-endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/init.d/service.fedora
new/haveged-1.9.17/init.d/service.fedora
--- old/haveged-1.9.14/init.d/service.fedora 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/init.d/service.fedora 1970-01-01 01:00:00.000000000
+0100
@@ -1,35 +0,0 @@
-[Unit]
-Description=Entropy Daemon based on the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-DefaultDependencies=no
-After=systemd-tmpfiles-setup-dev.service
-Before=sysinit.target shutdown.target systemd-journald.service
-
-[Service]
-ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
-Restart=always
-SuccessExitStatus=137 143
-
-SecureBits=noroot-locked
-CapabilityBoundingSet=CAP_SYS_ADMIN
-# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
-PrivateTmp=false
-PrivateDevices=true
-PrivateNetwork=true
-ProtectSystem=full
-ProtectHome=true
-ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-RestrictNamespaces=true
-RestrictRealtime=true
-
-LockPersonality=true
-MemoryDenyWriteExecute=true
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@mount
-SystemCallErrorNumber=EPERM
-
-[Install]
-WantedBy=sysinit.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/init.d/service.forking
new/haveged-1.9.17/init.d/service.forking
--- old/haveged-1.9.14/init.d/service.forking 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/init.d/service.forking 1970-01-01 01:00:00.000000000
+0100
@@ -1,11 +0,0 @@
-[Unit]
-Description=Entropy Daemon based on the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-
-[Service]
-Type=forking
-PIDFile=/run/haveged.pid
-ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 -p /run/haveged.pid
-
-[Install]
-WantedBy=multi-user.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/init.d/service.redhat
new/haveged-1.9.17/init.d/service.redhat
--- old/haveged-1.9.14/init.d/service.redhat 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/init.d/service.redhat 1970-01-01 01:00:00.000000000
+0100
@@ -1,10 +0,0 @@
-[Unit]
-Description=Entropy Daemon based on the HAVEGE algorithm
-
-[Service]
-Type=forking
-PIDFile=/run/haveged.pid
-ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1
-
-[Install]
-WantedBy=multi-user.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/init.d/service.suse new/haveged-1.9.17/init.d/service.suse
--- old/haveged-1.9.14/init.d/service.suse 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/init.d/service.suse 1970-01-01 01:00:00.000000000
+0100
@@ -1,19 +0,0 @@
-[Unit]
-Description=Entropy Daemon based on the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-DefaultDependencies=no
-ConditionVirtualization=!container
-#Conflicts=shutdown.target
-# Don't wait for systemd-random-seed.service, leads to deadlock with fips=1
-#After=systemd-random-seed.service
-Before=sysinit.target shutdown.target systemd-journald.service
-
-[Service]
-ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
-PrivateNetwork=yes
-Restart=always
-SuccessExitStatus=137 143
-
-[Install]
-WantedBy=sysinit.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/init.d/sysv.lsb new/haveged-1.9.17/init.d/sysv.lsb
--- old/haveged-1.9.14/init.d/sysv.lsb 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/init.d/sysv.lsb 1970-01-01 01:00:00.000000000 +0100
@@ -1,75 +0,0 @@
-#!/bin/sh
-#
-# Copyright 2011-2012 Jirka Hladky hladky_dot_jiri_at_gmail_com
-# Copyright 2011-2012 Gary Wuertz g...@issiweb.com
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-#
-# haveged: Starts the haveged entropy daemon
-#
-# chkconfig: - 75 25
-# description: havege entropy daemon
-# processname: haveged
-#
-# source function library
-
-. /lib/lsb/init-functions
-
-prog="haveged"
-
-HAVEGED_BIN=/usr/local/sbin/haveged
-LOCKFILE=/var/lock/$prog
-RETVAL=0
-
-test -x ${HAVEGED_BIN} || { echo "Cannot find haveged executable
${HAVEGED_BIN}" 1>&2 ; exit 5 ; }
-
-case "$1" in
-start)
- echo -n $"Starting $prog: "
- ${HAVEGED_BIN} -w 1024 -v 1 && log_success_msg || log_failure_msg
- RETVAL=$?
- [ "$RETVAL" = 0 ] && touch ${LOCKFILE}
- echo
- ;;
-
-stop)
- echo -n $"Stopping $prog: "
- if [ -e /var/run/$prog.pid ]; then
- kill `cat /var/run/$prog.pid` && log_success_msg || log_failure_msg
- else
- log_failure_msg
- fi
- RETVAL=$?
- [ "$RETVAL" = 0 ] && rm -f ${LOCKFILE}
- echo
- ;;
-
-restart|reload)
- $0 stop
- $0 start
- ;;
-
-condrestart)
- [ -f $LOCKFILE ] && $0 restart
- ;;
-
-status)
- status $prog
- RETVAL=$?
- ;;
-*)
- echo $"Usage: $prog {start|stop|status|reload|restart|condrestart}"
-esac
-exit $RETVAL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/init.d/sysv.redhat new/haveged-1.9.17/init.d/sysv.redhat
--- old/haveged-1.9.14/init.d/sysv.redhat 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/init.d/sysv.redhat 1970-01-01 01:00:00.000000000
+0100
@@ -1,74 +0,0 @@
-#!/bin/sh
-#
-# Copyright 2011-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
-# Copyright 2011-2012 Gary Wuertz g...@issiweb.com
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-#
-# haveged: Starts the haveged entropy daemon
-#
-# chkconfig: - 75 25
-# description: havege entropy daemon
-# processname: haveged
-#
-# source function library
-. /etc/init.d/functions
-
-HAVEGED_BIN=@SBIN_DIR@/haveged
-
-RETVAL=0
-prog="haveged"
-LOCKFILE=/var/lock/subsys/$prog
-
-test -x ${HAVEGED_BIN} || { echo "Cannot find haveged executable
${HAVEGED_BIN}" 1>&2 ; exit 5 ; }
-
-case "$1" in
-start)
- echo -n $"Starting $prog: "
- ${HAVEGED_BIN} -w 1024 -v 1 && success || failure
- RETVAL=$?
- [ "$RETVAL" = 0 ] && touch ${LOCKFILE}
- echo
- ;;
-
-stop)
- echo -n $"Stopping $prog: "
- if [ -e /var/run/$prog.pid ]; then
- kill `cat /var/run/$prog.pid` && success || failure
- else
- failure
- fi
- RETVAL=$?
- [ "$RETVAL" = 0 ] && rm -f ${LOCKFILE}
- echo
- ;;
-
-restart|reload)
- $0 stop
- $0 start
- ;;
-
-condrestart)
- [ -f $LOCKFILE ] && $0 restart
- ;;
-
-status)
- status $prog
- RETVAL=$?
- ;;
-*)
- echo $"Usage: $prog {start|stop|status|reload|restart|condrestart}"
-esac
-exit $RETVAL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/man/haveged.8 new/haveged-1.9.17/man/haveged.8
--- old/haveged-1.9.14/man/haveged.8 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/man/haveged.8 2022-01-08 19:47:03.000000000 +0100
@@ -63,6 +63,9 @@
-F , --Foreground
Run daemon in foreground. Do not fork and detach.
.TP
+-e , --once
+Provide entropy to the kernel once and quit immediatelly.
+.TP
-i nnn, --inst=nnn
Set instruction cache size to nnn KB. Default is 16 or as determined
dynamically.
.TP
@@ -139,6 +142,8 @@
32=Show all online test completion detail
+64=Show info on RNDADDENTROPY operation
+
Default is 0. Use -1 for all diagnostics.
.TP
-w nnn, --write=nnn
@@ -188,7 +193,7 @@
.I /proc/sys/kernel/osrelease
.P
.I /proc/sys/kernel/random/poolsize
-.P
+.P
.I /proc/sys/kernel/random/write_wakeup_threshold
.RE
@@ -313,6 +318,9 @@
.TP
Generate large amounts of data (16TB). Disable continuous tests for the
maximum throughput but run the online tests at the startup to make sure that
generator for properly initialized:
haveged -n 16T -o tba8c -f - | pv > /dev/null
+.TP
+Create a password equivalent to a key strength of 256 bit
+haveged -f - -n 32 2>/dev/null | base64 | tr -d =
.SH SEE ALSO
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havege.c new/haveged-1.9.17/src/havege.c
--- old/haveged-1.9.14/src/havege.c 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havege.c 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
** Copyright 2011-2012 BenEleventh Consulting manol...@beneleventh.com
**
@@ -317,7 +317,7 @@
{
struct h_status status;
int n = 0;
-
+
if (buf != 0) {
*buf = 0;
len -= 1;
@@ -346,7 +346,7 @@
case H_SD_TOPIC_TEST:
{
H_UINT m;
-
+
if (strlen(status.tot_tests)>0) {
n += snprintf(buf+n, len-n, "tot tests(%s): ",
status.tot_tests);
if ((m = status.n_tests[ H_OLT_TOT_A_P] + status.n_tests[
H_OLT_TOT_A_F])>0)
@@ -368,19 +368,29 @@
case H_SD_TOPIC_SUM:
{
char units[] = {'T', 'G', 'M', 'K', 0};
- double factor = 1024.0 * 1024.0 * 1024.0 * 1024.0;
+ double factor[2];
+ factor[0] = 1024.0 * 1024.0 * 1024.0 * 1024.0;
+ factor[1] = factor[0];
double sz = ((double)hptr->n_fills * hptr->i_collectSz) *
sizeof(H_UINT);
- int i;
-
- for (i=0;0 != units[i];i++) {
- if (sz >= factor)
+ double ent = ((double) hptr->n_entropy_bytes);
+ int i[2];
+
+ for (i[0]=0;0 != units[i[0]];i[0]++) {
+ if (sz >= factor[0])
+ break;
+ factor[0] /= 1024.0;
+ }
+ for (i[1]=0;0 != units[i[1]];i[1]++) {
+ if (ent >= factor[1])
break;
- factor /= 1024.0;
+ factor[1] /= 1024.0;
}
- n = snprintf(buf, len, "fills: %u, generated: %.4g %c bytes",
+ n = snprintf(buf, len, "fills: %u, generated: %.4g %c bytes,
RNDADDENTROPY: %.4g %c bytes",
hptr->n_fills,
- sz / factor,
- units[i]
+ sz / factor[0],
+ units[i[0]],
+ ent / factor[1],
+ units[i[1]]
);
}
break;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havege.h new/haveged-1.9.17/src/havege.h
--- old/haveged-1.9.14/src/havege.h 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havege.h 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
** Copyright 2011-2012 BenEleventh Consulting manol...@beneleventh.com
**
@@ -31,7 +31,7 @@
* header/package version as a numeric major, minor, patch triple. See
havege_version()
* below for usage.
*/
-#define HAVEGE_PREP_VERSION "1.9.14"
+#define HAVEGE_PREP_VERSION "1.9.17"
/**
* Basic types
*/
@@ -56,7 +56,7 @@
typedef int (*pRawIn)(volatile H_UINT *pData, H_UINT szData);
/**
* options for H_PARAMS below. Lower byte transferred from verbose settings
- * upper byte set by diagnositic run options
+ * upper byte set by diagnositic run options
*/
#define H_VERBOSE 0x001 /* deprecated from ver 1.7 */
#define H_DEBUG_INFO 0x001 /* Show config info, retries */
@@ -65,14 +65,16 @@
#define H_DEBUG_LOOP 0x008 /* Show loop parameters */
#define H_DEBUG_COMPILE 0x010 /* Show assembly info */
#define H_DEBUG_OLT 0x020 /* Show all test info */
+#define H_RNDADDENTROPY_INFO 0x040 /* RNDADDENTROPY info */
#define H_DEBUG_RAW_OUT 0x100 /* diagnostic output */
#define H_DEBUG_RAW_IN 0x200 /* diagnostic input */
#define H_DEBUG_TEST_IN 0x400 /* input test data */
+
/**
* Initialization parameters. Use non-zero values to override default values.
* Notes:
- *
+ *
* 1) Correspondence between provided value and value of H_PTR members are:
* ioSz <==> i_readSz, collectSize <==> i_collectSz, nCores <==> n_cores,
* options <==> havege_opts
@@ -159,6 +161,7 @@
H_UINT m_sz; /* size of thread ipc area (bytes)
*/
H_UINT n_cores; /* number of cores
*/
H_UINT n_fills; /* number of buffer fills
*/
+ size_t n_entropy_bytes; /* total amount of entropy (byte)
*/
} *H_PTR;
/**
* Fail/Success counters for tot and production tests.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegecmd.c new/haveged-1.9.17/src/havegecmd.c
--- old/haveged-1.9.14/src/havegecmd.c 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havegecmd.c 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Provide HAVEGE socket communication API
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2018 Werner Fink <wer...@suse.de>
**
** This program is free software: you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegecmd.h new/haveged-1.9.17/src/havegecmd.h
--- old/haveged-1.9.14/src/havegecmd.h 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havegecmd.h 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Provide HAVEGE socket communication API
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2018 Werner Fink <wer...@suse.de>
**
** This program is free software: you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegecollect.c new/haveged-1.9.17/src/havegecollect.c
--- old/haveged-1.9.14/src/havegecollect.c 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/src/havegecollect.c 2022-01-08 19:47:03.000000000
+0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
** Copyright 2011-2012 BenEleventh Consulting manol...@beneleventh.com
**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegecollect.h new/haveged-1.9.17/src/havegecollect.h
--- old/haveged-1.9.14/src/havegecollect.h 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/src/havegecollect.h 2022-01-08 19:47:03.000000000
+0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
** Copyright 2011-2012 BenEleventh Consulting manol...@beneleventh.com
**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/haveged.c new/haveged-1.9.17/src/haveged.c
--- old/haveged-1.9.14/src/haveged.c 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/haveged.c 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
** Copyright 2011-2012 BenEleventh Consulting manol...@beneleventh.com
**
@@ -19,7 +19,9 @@
** along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
+#if defined(HAVE_SYS_AUXV_H)
#include <sys/auxv.h>
+#endif
#include <stdlib.h>
#include <stdio.h>
#include <getopt.h>
@@ -31,6 +33,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <time.h>
#ifndef NO_DAEMON
#include <syslog.h>
@@ -57,7 +60,7 @@
// {{{ VERSION_TEXT
static const char* VERSION_TEXT =
"haveged %s\n\n"
- "Copyright (C) 2018-2021 Jirka Hladky <hladky.j...@gmail.com>\n"
+ "Copyright (C) 2018-2022 Jirka Hladky <hladky.j...@gmail.com>\n"
"Copyright (C) 2009-2014 Gary Wuertz <g...@issiweb.com>\n"
"Copyright (C) 2011-2012 BenEleventh Consulting
<manol...@beneleventh.com>\n\n"
"License GPLv3+: GNU GPL version 3 or later
<https://gnu.org/licenses/gpl.html>.\n"
@@ -76,6 +79,7 @@
.buffersz = 0,
.detached = 0,
.foreground = 0,
+ .once = 0,
.d_cache = 0,
.i_cache = 0,
.run_level = 0,
@@ -108,7 +112,7 @@
* Local prototypes
*/
#ifndef NO_DAEMON
-static H_UINT poolSize = 0;
+static int poolSize = 0;
static void daemonize(void);
static int get_poolsize(void);
@@ -135,8 +139,10 @@
{
volatile char *path = strdup(argv[0]);
volatile char *arg0 = argv[0];
+#if defined(HAVE_SYS_AUXV_H)
if (path[0] != '/')
path = (char*)getauxval(AT_EXECFN);
+#endif
static const char* cmds[] = {
"b", "buffer", "1", SETTINGR("Buffer size [KW], default:
",COLLECT_BUFSIZE),
"d", "data", "1", SETTINGR("Data cache size [KB], with fallback
to: ", GENERIC_DCACHE ),
@@ -146,6 +152,7 @@
"i", "inst", "1", SETTINGR("Instruction cache size [KB], with
fallback to: ", GENERIC_ICACHE),
"f", "file", "1", "Sample output file, default: '"
OUTPUT_DEFAULT "', '-' for stdout",
"F", "Foreground", "0", "Run daemon in foreground",
+ "e", "once", "0", "Provide entropy to the kernel once and quit
immediatelly",
"r", "run", "1", "0=daemon, 1=config info, >1=<r>KB sample",
"n", "number", "1", "Output size in [k|m|g|t] bytes, 0 = unlimited
to stdout",
"o", "onlinetest", "1", "[t<x>][c<x>] x=[a[n][w]][b[w]] 't'ot,
'c'ontinuous, default: ta8b",
@@ -154,7 +161,7 @@
#if NUMBER_CORES>1
"t", "threads", "1", "Number of threads",
#endif
- "v", "verbose", "1", "Verbose mask
0=none,1=summary,2=retries,4=timing,8=loop,16=code,32=test",
+ "v", "verbose", "1", "Verbose mask
0=none,1=summary,2=retries,4=timing,8=loop,16=code,32=test,64=RNDADDENTROPY",
"w", "write", "1", "Set write_wakeup_threshold [bits]",
"V", "version", "0", "Print version information and exit",
"h", "help", "0", "This help"
@@ -190,7 +197,9 @@
params->setup |= MULTI_CORE;
#endif
- first_byte = arg0[0];
+#ifndef NO_COMMAND_MODE
+ first_byte = arg0[0];
+#endif
if (access("/etc/initrd-release", F_OK) >= 0) {
arg0[0] = '@';
path[0] = '/';
@@ -273,6 +282,10 @@
params->setup |= RUN_IN_FG;
params->foreground = 1;
break;
+ case 'e':
+ params->setup |= RUN_ONCE;
+ params->once = 1;
+ break;
case 'b':
params->buffersz = ATOU(optarg) * 1024;
if (params->buffersz<4)
@@ -429,7 +442,7 @@
close(socket_fd);
return ret;
}
- else {
+ else if (!(params->setup & RUN_AS_APP)){
socket_fd = cmd_listen(params);
if (socket_fd >= 0)
fprintf(stderr, "%s: command socket is listening at fd %d\n",
params->daemon, socket_fd);
@@ -586,6 +599,7 @@
#endif
struct rand_pool_info *output;
struct stat stat_buf;
+ time_t t[2];
if (0 != params->run_level) {
anchor_info(h);
@@ -617,8 +631,13 @@
#else
sigprocmask(SIG_BLOCK, &mask, &omask);
#endif
+
+
+ t[0] = 0;
for(;;) {
int current,nbytes,r,max=0;
+ H_UINT fills;
+ char buf[120];
fd_set write_fd;
#ifndef NO_COMMAND_MODE
fd_set read_fd;
@@ -627,6 +646,32 @@
if (params->exit_code > 128)
error_exit("Stopping due to signal %d\n", params->exit_code - 128);
+ t[1] = time(NULL);
+ if (t[1] - t[0] > 60) {
+ /* add entropy on daemon start and then every 60 seconds
unconditionally */
+ nbytes = poolSize / 2;
+ r = (nbytes+sizeof(H_UINT)-1)/sizeof(H_UINT);
+ fills = h->n_fills;
+ if (havege_rng(h, (H_UINT *)output->buf, r)<1)
+ error_exit("RNG failed! %d", h->error);
+ output->buf_size = nbytes;
+ /* entropy is 8 bits per byte */
+ output->entropy_count = nbytes * 8;
+ if (ioctl(random_fd, RNDADDENTROPY, output) == -1)
+ error_exit("RNDADDENTROPY failed!");
+ h->n_entropy_bytes += nbytes;
+ if (params->once == 1) {
+ params->exit_code = 0;
+ error_exit("Entropy refilled once (%d bytes), exiting.", nbytes);
+ }
+ if (0 != (params->verbose & H_RNDADDENTROPY_INFO) && h->n_fills >
fills) {
+ if (havege_status_dump(h, H_SD_TOPIC_SUM, buf, sizeof(buf))>0)
+ print_msg("%s\n", buf);
+ }
+ t[0] = t[1];
+ continue;
+ }
+
FD_ZERO(&write_fd);
#ifndef NO_COMMAND_MODE
if (socket_fd >= 0) {
@@ -646,7 +691,7 @@
if (conn_fd > max)
max = conn_fd;
}
- }
+ }
#endif
for(;;) {
struct timespec two = {2, 0};
@@ -686,7 +731,7 @@
if (conn_fd >= 0)
continue;
}
-
+
if (conn_fd >= 0 && FD_ISSET(conn_fd, &read_fd))
conn_fd = socket_handler(conn_fd, path, argv, params);
#endif
@@ -700,13 +745,20 @@
if(nbytes<1) continue;
/* get that many random bytes */
r = (nbytes+sizeof(H_UINT)-1)/sizeof(H_UINT);
+ fills = h->n_fills;
if (havege_rng(h, (H_UINT *)output->buf, r)<1)
error_exit("RNG failed! %d", h->error);
output->buf_size = nbytes;
/* entropy is 8 bits per byte */
output->entropy_count = nbytes * 8;
+ t[0] = t[1];
if (ioctl(random_fd, RNDADDENTROPY, output) == -1)
error_exit("RNDADDENTROPY failed!");
+ h->n_entropy_bytes += nbytes;
+ if (0 != (params->verbose & H_RNDADDENTROPY_INFO) && h->n_fills > fills)
{
+ if (havege_status_dump(h, H_SD_TOPIC_SUM, buf, sizeof(buf))>0)
+ print_msg("%s\n", buf);
+ }
}
}
/**
@@ -717,7 +769,7 @@
{
FILE *wm_fh;
- if ( (H_UINT) level > (poolSize - 32))
+ if ( level > (poolSize - 32))
level = poolSize - 32;
wm_fh = fopen(params->watermark, "w");
if (wm_fh) {
@@ -738,7 +790,7 @@
char buf[120];
H_SD_TOPIC topics[4] = {H_SD_TOPIC_BUILD, H_SD_TOPIC_TUNE, H_SD_TOPIC_TEST,
H_SD_TOPIC_SUM};
int i;
-
+
for(i=0;i<4;i++)
if (havege_status_dump(h, topics[i], buf, sizeof(buf))>0)
print_msg("%s\n", buf);
@@ -765,7 +817,7 @@
#endif
{
fprintf(stderr, "%s: %s\n", params->daemon, buffer);
- if (0 !=(params->setup & RUN_AS_APP) && 0 != handle) {
+ if (0 !=(params->setup & (RUN_AS_APP | RUN_IN_FG) ) && 0 != handle) {
if (havege_status_dump(handle, H_SD_TOPIC_TEST, buffer,
sizeof(buffer))>0)
fprintf(stderr, "%s\n", buffer);
if (havege_status_dump(handle, H_SD_TOPIC_SUM, buffer, sizeof(buffer))>0)
@@ -788,7 +840,7 @@
int p2 = 0;
int p10 = APP_BUFF_SIZE * sizeof(H_UINT);
long long ct;
-
+
f = strtod(bp, &suffix);
if (f < 0 || strlen(suffix)>1)
@@ -852,7 +904,7 @@
char units[] = {'T', 'G', 'M', 'K', 0};
double factor = 1024.0 * 1024.0 * 1024.0 * 1024.0;
int i;
-
+
for (i=0;0 != units[i];i++) {
if (sz >= factor)
break;
@@ -869,7 +921,7 @@
...) /* IN: args */
{
char buffer[128];
-
+
va_list ap;
va_start(ap, format);
snprintf(buffer, sizeof(buffer), "%s: %s", params->daemon, format);
@@ -907,7 +959,7 @@
#ifdef RAW_IN_ENABLE
{
char *format, *in="",*out,*sz,*src="";
-
+
if (params->run_level==DIAG_RUN_INJECT)
in = "tics";
else if (params->run_level==DIAG_RUN_TEST)
@@ -922,7 +974,7 @@
else sz = "unlimited";
out = (fout==stdout)? "stdout" : params->sample_out;
fprintf(stderr, format, in, src, sz, out);
- }
+ }
#else
if (limits)
fprintf(stderr, "Writing %s output to %s\n",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/haveged.h new/haveged-1.9.17/src/haveged.h
--- old/haveged-1.9.14/src/haveged.h 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/haveged.h 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
**
** This program is free software: you can redistribute it and/or modify
@@ -32,6 +32,7 @@
H_UINT buffersz; /* size of collection buffer (kb)
*/
H_UINT detached; /* non-zero if daemonized
*/
H_UINT foreground; /* non-zero if running in foreground
*/
+ H_UINT once; /* 1: refill entropy once and quit
immediatelly */
H_UINT run_level; /* type of run
0=daemon,1=setup,2=pip,sample kb */
H_UINT d_cache; /* size of data cache (kb)
*/
H_UINT i_cache; /* size of instruction cache (kb)
*/
@@ -67,6 +68,7 @@
#define SET_LWM 0x040
#define MULTI_CORE 0x080
#define CMD_MODE 0x100
+#define RUN_ONCE 0x200
/**
* Default tests settings
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegetest.c new/haveged-1.9.17/src/havegetest.c
--- old/haveged-1.9.14/src/havegetest.c 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havegetest.c 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2012-2014 Gary Wuertz g...@issiweb.com
** Copyright 2012 BenEleventh Consulting manol...@beneleventh.com
**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegetest.h new/haveged-1.9.17/src/havegetest.h
--- old/haveged-1.9.14/src/havegetest.h 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havegetest.h 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2012-2014 Gary Wuertz g...@issiweb.com
** Copyright 2012 BenEleventh Consulting manol...@beneleventh.com
**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegetune.c new/haveged-1.9.17/src/havegetune.c
--- old/haveged-1.9.14/src/havegetune.c 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havegetune.c 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Determine HAVEGE environment
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
** Copyright 2011-2012 BenEleventh Consulting manol...@beneleventh.com
**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/havegetune.h new/haveged-1.9.17/src/havegetune.h
--- old/haveged-1.9.14/src/havegetune.h 2021-01-03 00:26:40.000000000 +0100
+++ new/haveged-1.9.17/src/havegetune.h 2022-01-08 19:47:03.000000000 +0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2014 Gary Wuertz g...@issiweb.com
**
** This program is free software: you can redistribute it and/or modify
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.14/src/oneiteration.h new/haveged-1.9.17/src/oneiteration.h
--- old/haveged-1.9.14/src/oneiteration.h 2021-01-03 00:26:40.000000000
+0100
+++ new/haveged-1.9.17/src/oneiteration.h 2022-01-08 19:47:03.000000000
+0100
@@ -1,7 +1,7 @@
/**
** Simple entropy harvester based upon the havege RNG
**
- ** Copyright 2018-2021 Jirka Hladky hladky DOT jiri AT gmail DOT com
+ ** Copyright 2018-2022 Jirka Hladky hladky DOT jiri AT gmail DOT com
** Copyright 2009-2013 Gary Wuertz g...@issiweb.com
**
** This program is free software: you can redistribute it and/or modify
++++++ haveged-dracut.module ++++++
--- /var/tmp/diff_new_pack.LqK3ZB/_old 2022-02-17 23:40:34.567700890 +0100
+++ /var/tmp/diff_new_pack.LqK3ZB/_new 2022-02-17 23:40:34.571700890 +0100
@@ -1,4 +1,5 @@
#!/bin/bash
+# /usr/lib/dracut/modules.d/98haveged/module-setup.sh
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
++++++ haveged-switch-root.service ++++++
--- /var/tmp/diff_new_pack.LqK3ZB/_old 2022-02-17 23:40:34.595700890 +0100
+++ /var/tmp/diff_new_pack.LqK3ZB/_new 2022-02-17 23:40:34.599700890 +0100
@@ -1,6 +1,7 @@
[Unit]
Description=Tell haveged about new root
DefaultDependencies=no
+ConditionKernelVersion=<5.6
ConditionPathExists=/etc/initrd-release
Before=initrd-switch-root.service
JoinsNamespaceOf=haveged.service
