On 01/13/2017 07:35 PM, Dan Horák wrote: > On Fri, 13 Jan 2017 16:01:34 +0100 > Harald Freudenberger <fre...@linux.vnet.ibm.com> wrote: > >> On 01/13/2017 02:27 PM, Dan Horák wrote: >>> On Fri, 13 Jan 2017 13:52:19 +0100 >>> Dan Horák <d...@danny.cz> wrote: >>> >>>> On Fri, 13 Jan 2017 11:17:47 +0100 >>>> Dan Horák <d...@danny.cz> wrote: >>>> >>>>> Put some separators to the test cases outputs so suite.out >>>>> is more readable. >>>> you can see the result in the build.log at >>>> https://s390.koji.fedoraproject.org/koji/taskinfo?taskID=2446194 >>>> >>>> Hm, the tests all passed when building the rpm locally. >>> it's missing /dev/prandom in the builder's chroot >> Hi Dan >> Why should opencryptoki have an dependency to /dev/prandom ? >> Libica and thus on top the ica token would attempt to >> open /dev/prandom during shared library initialization but if this >> node is not available the fallback is to use /dev/urandom instead. > that's what strace told me, libica is built with FIPS support enabled > > running LD_LIBRARY_PATH=../.libs PATH=..:$PATH strace ./icastats_test > in Fedora Rawhide (to-be Fedora 26) gives > ... > set_tid_address(0x3ff876767d0) = 45248 > set_robust_list(0x3ff876767e0, 24) = 0 > rt_sigaction(SIGRTMIN, {0x3ff87206000, [], SA_SIGINFO}, NULL, 8) = 0 > rt_sigaction(SIGRT_1, {0x3ff872060c0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0 > rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 > prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, > rlim_max=RLIM64_INFINITY}) = 0 > rt_sigprocmask(SIG_SETMASK, ~[ILL TRAP RTMIN RT_1], [], 8) = 0 > rt_sigaction(SIGILL, {0x3ff873c3f98, ~[ILL TRAP RTMIN RT_1], 0}, {SIG_DFL, > [], 0}, 8) = 0 > rt_sigprocmask(SIG_BLOCK, NULL, ~[ILL TRAP KILL STOP RTMIN RT_1], 8) = 0 > rt_sigaction(SIGILL, {SIG_DFL, [], 0}, NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > access("/etc/system-fips", F_OK) = -1 ENOENT (No such file or > directory) > geteuid() = 0 > statfs("/dev/shm/", {f_type=TMPFS_MAGIC, f_bsize=4096, f_blocks=238325, > f_bfree=238324, f_bavail=238324, f_files=238325, f_ffree=238323, f_fsid={0, > 0}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0 > futex(0x3ff87222370, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > open("/dev/shm/icastats_0", O_RDWR|O_CREAT|O_NOFOLLOW|O_CLOEXEC, 0600) = 3 > ftruncate(3, 464) = 0 > mmap(NULL, 464, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x3ff87500000 > rt_sigprocmask(SIG_UNBLOCK, [ILL], [], 8) = 0 > rt_sigaction(SIGILL, {0x3ff87596690, [], 0}, {SIG_DFL, [], 0}, 8) = 0 > futex(0x3ff875ad838, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > brk(NULL) = 0x8536d000 > brk(0x8538e000) = 0x8538e000 > rt_sigaction(SIGILL, {SIG_DFL, [], 0}, NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > rt_sigprocmask(SIG_UNBLOCK, [ILL], [], 8) = 0 > rt_sigaction(SIGILL, {0x3ff87596690, [HUP], 0}, {SIG_DFL, [], 0}, 8) = 0 > rt_sigaction(SIGILL, {SIG_DFL, [], 0}, NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > rt_sigprocmask(SIG_UNBLOCK, [ILL], [], 8) = 0 > rt_sigaction(SIGILL, {0x3ff87596690, [HUP], 0}, {SIG_DFL, [], 0}, 8) = 0 > rt_sigaction(SIGILL, {SIG_DFL, [], 0}, NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > rt_sigprocmask(SIG_UNBLOCK, [ILL], [], 8) = 0 > rt_sigaction(SIGILL, {0x3ff87596690, [HUP], 0}, {SIG_DFL, [], 0}, 8) = 0 > rt_sigaction(SIGILL, {SIG_DFL, [], 0}, NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > open("/proc/sys/crypto/fips_enabled", O_RDONLY) = 4 > fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 > read(4, "0\n", 1024) = 2 > close(4) = 0 > open("/dev/hwrng", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/dev/prandom", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/dev/hwrng", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/dev/prandom", O_RDONLY) = -1 ENOENT (No such file or > directory) > open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 4 > fstat(4, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0 > fstat(4, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0 > read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., > 4096) = 2102 > lseek(4, -1337, SEEK_CUR) = 765 > read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., > 4096) = 1337 > close(4) = 0 > socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 > connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No > such file or directory) > close(4) = 0 > futex(0x3ff874a6490, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > futex(0x3ff874a659c, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > open("/udev/z90crypt", O_RDWR) = -1 ENOENT (No such file or > directory) > open("/dev/z90crypt", O_RDWR) = -1 ENOENT (No such file or > directory) > open("/dev/zcrypt", O_RDWR) = -1 ENOENT (No such file or > directory) > open("/sys/devices/ap/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 > ENOENT (No such file or directory) > rt_sigaction(SIGINT, {SIG_IGN, [], 0}, {SIG_DFL, [], 0}, 8) = 0 > rt_sigaction(SIGQUIT, {SIG_IGN, [], 0}, {SIG_DFL, [], 0}, 8) = 0 > rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 > clone(child_stack=NULL, flags=CLONE_PARENT_SETTID|SIGCHLD, > parent_tidptr=0x3ffe37fe87c) = 45249 > wait4(45249, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 45249 > rt_sigaction(SIGINT, {SIG_DFL, [], 0}, NULL, 8) = 0 > rt_sigaction(SIGQUIT, {SIG_DFL, [], 0}, NULL, 8) = 0 > rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45249, si_uid=0, > si_status=0, si_utime=0, si_stime=0} --- > fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 > geteuid() = 0 > munmap(0x3ff87500000, 464) = 0 > close(3) = 0 > write(1, "Error in ica_random_number_gener"..., 37Error in > ica_random_number_generate: ) = 37 > exit_group(13) = ? > +++ exited with 13 +++ > > > Dan >
looks like you are running an fips enabled kernel. Well then libica (if build with FIPS support) is also running in fips mode. Not sure if libica initialization will refuse if there is no /dev/hwrng and /dev/prandom available. @Patrick can you answer this ? regards H.Freudenberger ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Opencryptoki-tech mailing list Opencryptoki-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
