commit: fcd29101d4458d6715c5aaa96c75da29e93f80b4 Author: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> AuthorDate: Sat Dec 29 02:11:42 2018 +0000 Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> CommitDate: Sat Dec 29 02:12:35 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd29101
sys-apps/rng-tools: rewrite initd and confd (6.6-r1 only) Restructure the openrc init script and the accompanying confd file to reflect the recent changes to rngd. - Instead of having individual NO_FOO="1" style variables in the confd file for each entropy source, maintain a single list of entropy sources to enable. Likewise, maintain a list of entropy sources to disable. - Allow per-entropy-source options to be set inside the confd file. - The init file defines $description now. - Use $command_args_background instead of $command_args to specify the daemon behavior. - Allow default setting of --fill-watermark. - Allow extra arguments to be passed to rngd from the confd file. Bug: https://bugs.gentoo.org/650622 Bug: https://bugs.gentoo.org/673120 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org> sys-apps/rng-tools/files/rngd-confd-6 | 82 ++++++++++++++++++++++++++++++ sys-apps/rng-tools/files/rngd-initd-6-r1 | 60 ++++++++++++++++++++++ sys-apps/rng-tools/rng-tools-6.6-r1.ebuild | 68 +++++++++++++++++++++++++ 3 files changed, 210 insertions(+) diff --git a/sys-apps/rng-tools/files/rngd-confd-6 b/sys-apps/rng-tools/files/rngd-confd-6 new file mode 100644 index 00000000000..a30e8c4fdad --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-confd-6 @@ -0,0 +1,82 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# /etc/conf.d/rngd +# Please see "/usr/sbin/rngd --help" and "man rngd" for more information + +# Space-delimited list of entropy sources to enable +# Note that some of the entropy sources may require certain USE flags +# to be enabled or require hardware support to function properly +# Entropy sources not specified here (or in the exclude list below) +# will be enabled/disabled based on rngd default behavior +# +# Choose from the list: +# hwrng: Hardware RNG Device +# tpm: TPM RNG Device (Deprecated) +# rdrand: Intel RDRAND Instruction RNG +# darn: Power9 DARN Instruction RNG +# nist: NIST Network Entropy Beacon +# (UNSAFE for cryptographic operations) +# jitter: JITTER Entropy generator +# +#INCLUDE_ENTROPY_SOURCES="hwrng tpm rdrand darn nist jitter" + + +# Space-delimited list of entropy sources to disable +# This is useful for disabling certain entropy sources even +# when they are supported on the system +# +#EXCLUDE_ENTROPY_SOURCES="nist tpm" + + +# Entropy source specific options: +# +# +# hwrng device used for random number input: +# +#HWRNG_DEVICE="/dev/hwrng" +# +# +# rdrand options: +# use_aes:(BOOLEAN) +# +#RDRAND_OPTIONS="use_aes:1" +# +# +# darn options: +# use_aes:(BOOLEAN) +# +#DARN_OPTIONS="use_aes:1" +# +# +# jitter options: +# thread_count:(INTEGER) +# buffer_size:(INTEGER) +# refill_thresh:(INTEGER) +# retry_count:(INTEGER) +# retry_delay:(INTEGER) +# use_aes:(BOOLEAN) +# +#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535" +#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1" + + +# Kernel device used for random number output +# +#RANDOM_DEVICE="/dev/random" + + +# Random step (Number of bytes written to random-device at a time): +# +#STEP=64 + + +# Fill watermark +# 0 <= n <= `sysctl kernel.random.poolsize` +# +#WATERMARK=2048 + + +# Any extra arguments for rngd +# +#EXTRA_ARGS="" diff --git a/sys-apps/rng-tools/files/rngd-initd-6-r1 b/sys-apps/rng-tools/files/rngd-initd-6-r1 new file mode 100644 index 00000000000..5d89dd7a186 --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-initd-6-r1 @@ -0,0 +1,60 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need localmount + after urandom + provide entropy +} + +command="/usr/sbin/rngd" +description="Check and feed random data from hardware device to kernel entropy pool." +pidfile="/var/run/${RC_SVCNAME}.pid" +command_args="" +command_args_background="--pid-file ${pidfile} --background" +start_stop_daemon_args="--wait 1000" +retry="SIGKILL/5000" + + +# Parse rngd confd file for extra command line arguments +start_pre() { + for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -n ${entsrc}" + done + + for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -x ${entsrc}" + done + + if [ "x${HWRNG_DEVICE}" != "x" ]; then + command_args="${command_args} --rng-device=${HWRNG_DEVICE}" + fi + + for entsrc_opt in ${RDRAND_OPTIONS}; do + command_args="${command_args} -O rdrand:${entsrc_opt}" + done + + for entsrc_opt in ${DARN_OPTIONS}; do + command_args="${command_args} -O darn:${entsrc_opt}" + done + + for entsrc_opt in ${JITTER_OPTIONS}; do + command_args="${command_args} -O jitter:${entsrc_opt}" + done + + if [ "x${RANDOM_DEVICE}" != "x" ]; then + command_args="${command_args} --random-device=${RANDOM_DEVICE}" + fi + + if [ "x${STEP}" != "x" ]; then + command_args="${command_args} --random-step=${STEP}" + fi + + if [ "x${WATERMARK}" != "x" ]; then + command_args="${command_args} --fill-watermark=${WATERMARK}" + fi + + command_args="${command_args} ${EXTRA_ARGS}" + return 0 +} diff --git a/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild b/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild new file mode 100644 index 00000000000..49e8d55e554 --- /dev/null +++ b/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools systemd toolchain-funcs + +DESCRIPTION="Daemon to use hardware random number generators" +HOMEPAGE="https://github.com/nhorman/rng-tools" +SRC_URI="https://github.com/nhorman/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~x86" +IUSE="jitterentropy nistbeacon selinux" + +DEPEND="dev-libs/libgcrypt:0 + dev-libs/libgpg-error + sys-fs/sysfsutils + jitterentropy? ( + app-crypt/jitterentropy:= + ) + nistbeacon? ( + net-misc/curl[ssl] + dev-libs/libxml2:2= + dev-libs/openssl:0= + ) +" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-rngd )" +DEPEND="${DEPEND} + nistbeacon? ( + virtual/pkgconfig + ) +" + +PATCHES=( + "${FILESDIR}"/test-for-argp.patch + "${FILESDIR}"/${PN}-5-fix-textrels-on-PIC-x86.patch #469962 +) + +src_prepare() { + echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am || die + default + + mv README.md README || die + + eautoreconf + + sed -i '/^AR /d' Makefile.in || die + tc-export AR +} + +src_configure() { + local myeconfargs=( + $(use_with nistbeacon) + $(use_enable jitterentropy) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + newinitd "${FILESDIR}"/rngd-initd-6-r1 rngd + newconfd "${FILESDIR}"/rngd-confd-6 rngd + systemd_dounit "${FILESDIR}"/rngd.service +}