[gentoo-commits] repo/gentoo:master commit in: sys-apps/rng-tools/, sys-apps/rng-tools/files/

Fri, 28 Dec 2018 18:14:07 -0800 

commit:     fcd29101d4458d6715c5aaa96c75da29e93f80b4
Author:     Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 29 02:11:42 2018 +0000
Commit:     Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
CommitDate: Sat Dec 29 02:12:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd29101

sys-apps/rng-tools: rewrite initd and confd (6.6-r1 only)

Restructure the openrc init script and the accompanying confd file to
reflect the recent changes to rngd.

- Instead of having individual NO_FOO="1" style variables in the confd
  file for each entropy source, maintain a single list of entropy
  sources to enable. Likewise, maintain a list of entropy sources to
  disable.
- Allow per-entropy-source options to be set inside the confd file.
- The init file defines $description now.
- Use $command_args_background instead of $command_args to specify the
  daemon behavior.
- Allow default setting of --fill-watermark.
- Allow extra arguments to be passed to rngd from the confd file.

Bug: https://bugs.gentoo.org/650622
Bug: https://bugs.gentoo.org/673120
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org>

 sys-apps/rng-tools/files/rngd-confd-6      | 82 ++++++++++++++++++++++++++++++
 sys-apps/rng-tools/files/rngd-initd-6-r1   | 60 ++++++++++++++++++++++
 sys-apps/rng-tools/rng-tools-6.6-r1.ebuild | 68 +++++++++++++++++++++++++
 3 files changed, 210 insertions(+)

diff --git a/sys-apps/rng-tools/files/rngd-confd-6 
b/sys-apps/rng-tools/files/rngd-confd-6
new file mode 100644
index 00000000000..a30e8c4fdad
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-confd-6
@@ -0,0 +1,82 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# /etc/conf.d/rngd
+# Please see "/usr/sbin/rngd --help" and "man rngd" for more information
+
+# Space-delimited list of entropy sources to enable
+# Note that some of the entropy sources may require certain USE flags
+# to be enabled or require hardware support to function properly
+# Entropy sources not specified here (or in the exclude list below)
+# will be enabled/disabled based on rngd default behavior
+#
+# Choose from the list:
+#         hwrng:  Hardware RNG Device
+#         tpm:    TPM RNG Device (Deprecated)
+#         rdrand: Intel RDRAND Instruction RNG
+#         darn:   Power9 DARN Instruction RNG
+#         nist:   NIST Network Entropy Beacon
+#                 (UNSAFE for cryptographic operations)
+#         jitter: JITTER Entropy generator
+#
+#INCLUDE_ENTROPY_SOURCES="hwrng tpm rdrand darn nist jitter"
+
+
+# Space-delimited list of entropy sources to disable
+# This is useful for disabling certain entropy sources even
+# when they are supported on the system
+#
+#EXCLUDE_ENTROPY_SOURCES="nist tpm"
+
+
+# Entropy source specific options:
+#
+#
+# hwrng device used for random number input:
+#
+#HWRNG_DEVICE="/dev/hwrng"
+#
+#
+# rdrand options:
+#         use_aes:(BOOLEAN)
+#
+#RDRAND_OPTIONS="use_aes:1"
+#
+#
+# darn options:
+#         use_aes:(BOOLEAN)
+#
+#DARN_OPTIONS="use_aes:1"
+#
+#
+# jitter options:
+#         thread_count:(INTEGER)
+#         buffer_size:(INTEGER)
+#         refill_thresh:(INTEGER)
+#         retry_count:(INTEGER)
+#         retry_delay:(INTEGER)
+#         use_aes:(BOOLEAN)
+#
+#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535"
+#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1"
+
+
+# Kernel device used for random number output
+#
+#RANDOM_DEVICE="/dev/random"
+
+
+# Random step (Number of bytes written to random-device at a time):
+#
+#STEP=64
+
+
+# Fill watermark
+# 0 <= n <= `sysctl kernel.random.poolsize`
+#
+#WATERMARK=2048
+
+
+# Any extra arguments for rngd
+#
+#EXTRA_ARGS=""

diff --git a/sys-apps/rng-tools/files/rngd-initd-6-r1 
b/sys-apps/rng-tools/files/rngd-initd-6-r1
new file mode 100644
index 00000000000..5d89dd7a186
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-initd-6-r1
@@ -0,0 +1,60 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+       need localmount
+       after urandom
+       provide entropy
+}
+
+command="/usr/sbin/rngd"
+description="Check and feed random data from hardware device to kernel entropy 
pool."
+pidfile="/var/run/${RC_SVCNAME}.pid"
+command_args=""
+command_args_background="--pid-file ${pidfile} --background"
+start_stop_daemon_args="--wait 1000"
+retry="SIGKILL/5000"
+
+
+# Parse rngd confd file for extra command line arguments
+start_pre() {
+    for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do
+       command_args="${command_args} -n ${entsrc}"
+    done
+
+    for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do
+       command_args="${command_args} -x ${entsrc}"
+    done
+
+    if [ "x${HWRNG_DEVICE}" != "x" ]; then
+       command_args="${command_args} --rng-device=${HWRNG_DEVICE}"
+    fi
+
+    for entsrc_opt in ${RDRAND_OPTIONS}; do
+       command_args="${command_args} -O rdrand:${entsrc_opt}"
+    done
+
+    for entsrc_opt in ${DARN_OPTIONS}; do
+       command_args="${command_args} -O darn:${entsrc_opt}"
+    done
+
+    for entsrc_opt in ${JITTER_OPTIONS}; do
+       command_args="${command_args} -O jitter:${entsrc_opt}"
+    done
+
+    if [ "x${RANDOM_DEVICE}" != "x" ]; then
+       command_args="${command_args} --random-device=${RANDOM_DEVICE}"
+    fi
+
+    if [ "x${STEP}" != "x" ]; then
+       command_args="${command_args} --random-step=${STEP}"
+    fi
+
+    if [ "x${WATERMARK}" != "x" ]; then
+       command_args="${command_args} --fill-watermark=${WATERMARK}"
+    fi
+
+    command_args="${command_args} ${EXTRA_ARGS}"
+    return 0
+}

diff --git a/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild 
b/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild
new file mode 100644
index 00000000000..49e8d55e554
--- /dev/null
+++ b/sys-apps/rng-tools/rng-tools-6.6-r1.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools systemd toolchain-funcs
+
+DESCRIPTION="Daemon to use hardware random number generators"
+HOMEPAGE="https://github.com/nhorman/rng-tools";
+SRC_URI="https://github.com/nhorman/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~x86"
+IUSE="jitterentropy nistbeacon selinux"
+
+DEPEND="dev-libs/libgcrypt:0
+       dev-libs/libgpg-error
+       sys-fs/sysfsutils
+       jitterentropy? (
+               app-crypt/jitterentropy:=
+       )
+       nistbeacon? (
+               net-misc/curl[ssl]
+               dev-libs/libxml2:2=
+               dev-libs/openssl:0=
+       )
+"
+RDEPEND="${DEPEND}
+       selinux? ( sec-policy/selinux-rngd )"
+DEPEND="${DEPEND}
+       nistbeacon? (
+               virtual/pkgconfig
+       )
+"
+
+PATCHES=(
+       "${FILESDIR}"/test-for-argp.patch
+       "${FILESDIR}"/${PN}-5-fix-textrels-on-PIC-x86.patch #469962
+)
+
+src_prepare() {
+       echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am || die
+       default
+
+       mv README.md README || die
+
+       eautoreconf
+
+       sed -i '/^AR /d' Makefile.in || die
+       tc-export AR
+}
+
+src_configure() {
+       local myeconfargs=(
+               $(use_with nistbeacon)
+               $(use_enable jitterentropy)
+       )
+
+       econf "${myeconfargs[@]}"
+}
+
+src_install() {
+       default
+       newinitd "${FILESDIR}"/rngd-initd-6-r1 rngd
+       newconfd "${FILESDIR}"/rngd-confd-6 rngd
+       systemd_dounit "${FILESDIR}"/rngd.service
+}

Reply via email to