Hello community, here is the log from the commit of package haveged for openSUSE:Factory checked in at 2020-07-01 18:22:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haveged (Old) and /work/SRC/openSUSE:Factory/.haveged.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haveged" Wed Jul 1 18:22:15 2020 rev:56 rq:817818 version:1.9.13 Changes: -------- --- /work/SRC/openSUSE:Factory/haveged/haveged.changes 2020-06-03 20:28:43.080479677 +0200 +++ /work/SRC/openSUSE:Factory/.haveged.new.3060/haveged.changes 2020-07-01 18:22:17.737876155 +0200 @@ -1,0 +2,14 @@ +Tue Jun 30 07:07:57 UTC 2020 - Paolo Stivanin <[email protected]> + +- Update to 1.9.13: + * added support for --version [Jirka Hladky] + * updated systemd service file [Jirka Hladky] + * fix a memory leak in havege_destroy [Anakin Zhang] + * updated version reported by program [Jirka Hladky] + * fix ordering cycle with private tmp [Christian Hesse] + * Updated systemd service file [Nicolas Braud-Santoni] + * Bump soname [Nicolas Braud-Santoni] + * Fix crash on shutdown in threaded mode [Sergei Trofimovich] + * Fix compilation with --enable-threads [Lars Wendler] + +------------------------------------------------------------------- Old: ---- haveged-1.9.8.tar.gz New: ---- haveged-1.9.13.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haveged.spec ++++++ --- /var/tmp/diff_new_pack.QKPx2F/_old 2020-07-01 18:22:18.533878611 +0200 +++ /var/tmp/diff_new_pack.QKPx2F/_new 2020-07-01 18:22:18.533878611 +0200 @@ -18,7 +18,7 @@ %{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir udev)/rules.d } Name: haveged -Version: 1.9.8 +Version: 1.9.13 Release: 0 Summary: Daemon for feeding entropy into the random pool License: GPL-3.0-only @@ -60,7 +60,7 @@ %package devel Summary: Haveged development files Group: Development/Libraries/C and C++ -Requires: libhavege1 = %{version} +Requires: libhavege2 = %{version} %description devel Headers and for the haveged library @@ -68,11 +68,11 @@ This package contains the haveged implementation of the HAVEGE algorithm and supporting features. -%package -n libhavege1 +%package -n libhavege2 Summary: Haveged interface library Group: System/Libraries -%description -n libhavege1 +%description -n libhavege2 Shared object for the haveged library. This package contains the haveged implementation of the HAVEGE algorithm and supporting features. @@ -138,8 +138,8 @@ %service_del_preun %{name}.service %service_del_preun %{name}-switch-root.service -%post -n libhavege1 -p /sbin/ldconfig -%postun -n libhavege1 -p /sbin/ldconfig +%post -n libhavege2 -p /sbin/ldconfig +%postun -n libhavege2 -p /sbin/ldconfig %files %license COPYING @@ -162,7 +162,7 @@ %doc contrib/build/havege_sample.c %{_libdir}/*.so -%files -n libhavege1 +%files -n libhavege2 %license COPYING %{_libdir}/*.so.* ++++++ haveged-1.9.8.tar.gz -> haveged-1.9.13.tar.gz ++++++ ++++ 4483 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/.github/workflows/ci.yaml new/haveged-1.9.13/.github/workflows/ci.yaml --- old/haveged-1.9.8/.github/workflows/ci.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/haveged-1.9.13/.github/workflows/ci.yaml 2020-06-28 04:17:52.000000000 +0200 @@ -0,0 +1,19 @@ +name: Continuous Integration + +on: [push, pull_request] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: reconfigure + run: autoreconf -fi + - name: configure + run: ./configure --prefix="/usr" + - name: make + run: make + - name: make check + run: make check + - name: make install + run: sudo make install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/ChangeLog new/haveged-1.9.13/ChangeLog --- old/haveged-1.9.8/ChangeLog 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/ChangeLog 2020-06-28 04:17:52.000000000 +0200 @@ -1,3 +1,22 @@ +v1.9.13 (Jun 28, 2020) +* added support for --version [Jirka Hladky] +* updated systemd service file [Jirka Hladky] + +v1.9.12 (Jun 18, 2020) +* fix a memory leak in havege_destroy [Anakin Zhang] + +v1.9.11 (Jun 11, 2020) +* updated version reported by program [Jirka Hladky] + +v1.9.10 (Jun 11, 2020) +* fix ordering cycle with private tmp [Christian Hesse] + +v1.9.9 (Jun 9, 2020) +* Updated systemd service file [Nicolas Braud-Santoni] +* Bump soname [Nicolas Braud-Santoni] +* Fix crash on shutdown in threaded mode [Sergei Trofimovich] +* Fix compilation with --enable-threads [Lars Wendler] + v1.9.8 (Sep 30, 2019) * Fix for Unresolved symbol error_exit in libhavege #20 by pld-gitsync [Jirka Hladky] * order after systemd-tmpfiles-setup-dev.service (origin/pr/21) [Christian Hesse] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/NEWS new/haveged-1.9.13/NEWS --- old/haveged-1.9.8/NEWS 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/NEWS 2020-06-28 04:17:52.000000000 +0200 @@ -1,4 +1,4 @@ -v1.9.8 (Sep 30, 2018) +v1.9.8 (Sep 30, 2019) * Various bug fixes - please see ChangeLog for the detailed list of changes v1.9.5 (Aug 11, 2018) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/README.md new/haveged-1.9.13/README.md --- old/haveged-1.9.8/README.md 1970-01-01 01:00:00.000000000 +0100 +++ new/haveged-1.9.13/README.md 2020-06-28 04:17:52.000000000 +0200 @@ -0,0 +1,473 @@ + + +Haveged, an entropy source + +INTRODUCTION + +Complete documentation on haveged can be found at http://www.issihosts.com/haveged/ + +Linux provides device interfaces (/dev/random and /dev/urandom) to a pool of +random numbers collected from system interrupt service routines. On some +systems, especially on those systems with high needs or limited user +interaction, the standard collection mechanism cannot meet demand. In those +cases, an adequate supply of random numbers can be maintained by feeding +additional entropy into /dev/random pool via a file system interface. The +haveged daemon was created to fulfill this function using random data generated +by the HAVEGE algorithm. + +The HAVEGE algorithm is based upon the indirect effects of unrelated hardware +events on the instruction timing of a calculation that is sensitive to processor +features such as branch predictors and instruction/data access mechanisms. +Samples from a high-resolution timer are input into the algorithm to produce a +stream of random data in a collection buffer. The algorithm requires no special +privilege other than access to a high resolution timer, as provided by hardware +instruction or a system call. + +The HAVEGE mechanism is implemented in C using in-line assembly only where +direct hardware access is needed. On modern compilers, compiler intrinsics are +used to replace much if not all in-line assembly. The haveged implementation of +HAVEGE adds two crucial features: automated tuning of the algorithm to an +environment and a run time facility to verify the data generated in the +collection buffer. + +The haveged collection loop is tuned at run-time to match the size of the hosts +L1 data and instruction caches. The size determination is made on the basis of +the best fit to the following (low to high): + +1. as a compiled default +2. as determined by cpuid, if available +3. as determined by the /sys file system, if available +4. as specified by initialization parameters. + +Run-time verification of collection buffer contents is based upon the +methodology from the proposed AIS-31 standard from BSI, the German Federal +Office for Information Security (Bundesamt für Sicherheit in der +Informationstechnik). In the suggested configuration, haveged passes most of the +requirements for a NTG.1 class device described in version two of the AIS-31 +specification. + +The haveged implementation also provides an experimental feature to multiplex +havege collections over multiple cpu cores. Interprocess coordination in this +configuration sacrifices a significant fraction of haveged throughput in +exchange for a cpu load spread over a number of processors. + +All of the above features are contained within the haveged-devel sub package of +haveged. The haveged package can be built with libtool to expose the devel sub +package or without libtool if the devel library is not needed. In either case, +the executable built contains a file system interface to haveged-devel features +and an optional facility to feed havege output into the random device. The build +system also provides "check" targets to test the output of the executable's +random number generator through the file system interface. + +TESTING haveged + +Testing via build check targets has been part of the haveged distribution since +the project moved to automake. Original tests were limited to a quick evaluation +implemented as an adaptation of the open source ent tool from Fourmilab and a +more thorough evaluation based upon the NIST SP800 test suite. Run time testing +was added to haveged version 1.5 as part of an effort to loosely follow the RNG +testing AIS-31 framework of the German Common Criteria organization, BSI. + +The significant features of the AIS-31 framework are: + +Run-time tests are broken into 2 groups, Procedure A containing 5 tests, and +Procedure B containing 3 tests. Procedure A consists of performing a 48-bit +disjointedness test on 64K sequences, followed by 257 repetitions of the four +FIPS-140-1 tests and an auto-correlation test on successive 2000 bit sequences. +Procedure B performs distribution tests for 10,000 occurrences of 1, 2, 3, 4 bit +runs in successive samples, followed by a entropy estimate based upon on another +256000+2560 bit sample. A sample must pass all individual tests to pass the +procedure. An ideal RNG is expected to pass Procedure A with a probability of +0.9987 and pass Procedure B with with a probability of 0.9998. One retry will be +attempted to recover from the the failure of a single test in either procedure. +The probability an ideal generator would fail the retry is nill. + +Special features of the haveged implementation: + +1) A failure of either procedure is a fatal error. In the case of haveged, the + instance will terminate. +2) The tests operate directly on the collection buffer after a fill. Performance + costs are acceptable except for the auto-correlation test, test5. An option + to skip test5 on some repetitions mitigates this problem. +3) Tests can take place at start up (a "tot" test) or continuously as specified + by a haveged parameter. In the continuous case, there is no implied alignment + between the collection buffer and the testing context. Collection buffer + contents will be released for consumption provided the buffer does not contain + a failed individual test. +4) The size of the input required to complete procedure B depends on the content. + This means there is no fixed alignment of the test input in the collection + buffer. +5) Procedure retries are logged. Extended information is available with -v3. Retries + are expected (see failure rates above) but normally only seen with output + ranges north of a few GB. + +More detailed information on the adaptation of the BIS framework can be found +at http://www.issihosts.com/haveged/ais31.html + +BUILDING haveged + +This package originated on "Enterprise Linux 5" systems (RHEL 5 / CentOS 5 / SL +5), but every effort has been made to retain and broaden the hardware support of +the original HAVEGE implementation. The package uses the automake build system. +By default, the build uses a libtool build to expose haveged-devel. The +contrib/build directory contains a build.sh script to toggle the libtool +requirement and recover from some autotools failures. Change directory to the +build directory and type ./build.sh for options. + +The configure process uses hardware detection via config.sub or the configure +"-host" command line argument. The configure "host" variable is used to select +in-line assembly or compiler intrinsics appropriate to the build target. + +Currently supported hosts are: + +1. x86 +2. ia64 +3. powerpc +4. s390 +5. sparc +6. sparclite +7. generic + +The generic host type is provided for those systems without user level access to +a high-resolution system timer. In this case, the --enable-clock_gettime option +is set to 'yes'. + +The following build options are available to "./configure": + +1. --enable-clock_gettime (default 'no' for recognized hosts) +2. --enable-daemon (default 'yes' if Linux) +3. --enable-diagnostic (default 'no') +4. --enable-init (type, default 'no') +5. --enable-initdir (default '' unless enable--init="service.*") +6. --enable-nistest (default 'no' but recommended) +7. --enable-olt (default 'yes') +8. --enable-threads (experimental) +9. --enable-tune (default 'yes') + +Detailed option information is available by typing "./configure --help". For +options xxx that take "yes/no" arguments, --disable-xxx may be used as the +inverse of --enable-xxx. + +If --enable-clock_gettime() is 'yes', the clock_gettime(CLOCK_MONOTONIC) system +call will be used as a timer source. This option defaults to 'yes' for generic +host builds and 'no' otherwise. This option may proved useful if access to time +hardware is privileged. Due to variability of clock_gettime() implementations, +the adequacy of the clock_gettime() resolution cannot be known until run time. +It is strongly advised to use run-time testing if this option is used. + +If --enable-daemon is 'yes', ioctl access required to the random device and +read-write access to the /proc virtual file system is required. The daemon may +be run in the foreground or fork into the background based upon a command line +argument. The daemon interface targets the 2.6 and later kernel and may not work +on 2.4 kernels due to difference in the random interface between those two +kernel versions. The change in the proc file system from pool size expressed in +bytes to pool size expressed in bits has been taken into account, other changes +may be required. This option is 'no' when diagnostic modes are enabled. If +the option is no the executable is installed in the user bin directory instead +of the sbin directory. + +If --enable-diagnostic is 'yes', the capture and inject diagnostic interfaces +are enabled. The capture or inject diagnostic may be enabled singly by setting +the option to 'capture' or 'inject'. A setting for any value other than 'no' +for this option forces --enable-daemon=no. See DIAGNOSTICS below for details. + +The --enable-init option is active only when --enable-daemon is 'yes'. This +value can specify a template to be used in the installation of an init method +by the build's install target. The default value, 'no', disables the feature. +Other values can be used to install a traditional systemv init script or +systemd unit definition. See INSTALLATION for details. + +The --enable-initdir is active only when --enable-init='service.*', i.e. a +systemd install. See INSTALLATION for details. + +The --enable-nistest option enables more thorough testing for the check target. +See CHECKING for details. + +The --enable-olt option is provided to suppress the entire online test facility. +This option is provided for systems with a very limited resource budget and the +ability to thoroughly test the RNG output by other means. When enabled, the online +test system tests the output of the haveged random number generator using AIS-31 +test procedures A and B. Either or both tests may be run as a total failure check +(a "tot" test) at initialization and/or continuously during all subsequent haveged +operation - See the man page and the description at +http://www.issihosts.com/haveged/ais31.html for further information. + +The --enable-threads option is an experimental prototype for running multiple +collection threads in a single haveged instance. The goal is to create a +multi-core haveged that would spread collection overhead more evenly over the +available cpu resources. + +The --enable-tune option allows the on-line tuning facility to be suppressed. +This is intended for systems with special needs and or a limited resource budget. +Setting the option to 'yes' enables both the cpuid and virtual file system methods, +a value of 'no' suppresses both methods. Individual tuning methods can be selected +by setting the option to either 'cpuid' or 'vfs'. Note that the 'cpuid' method +is always conditional on host type and will not be present if the hardware +architecture does not support the instruction. + +The haveged build does not modify CFLAGS and DFLAGS, so for example: + +CFLAGS="-fpic -DGENERIC_DCACHE=32" LDFLAGS="-z now" ./configure --disable-tune + +would configure the build for a manually-tuned, hardened daemon with a default +data cache size of 32kb. + + +CHECKING haveged + +The build check target provides two test procedures for the build. + +1. A "quick" check based upon and adaptation of the public domain ENT program. + The "entest" program uses the ENT sources to subject a sample to the following: + + a) The Chi-Square result must fall within acceptable bounds (>1% and <99 %) + b) The entropy/character must exceed a minimum (7.5) + c) The arithmetic mean must exceed a minimum (127.0) + d) The monte-carlo approximation of PI must lie within error bounds (.5%) + e) The Sequential Correlation Coefficient must be below a minimum (.8) + + The program provides a pass-fail indication and an optional display of the + results to stdout. The entest checks are quite weak and intended only as a + quick sanity check. + +2. An adaptation of the NIST Statistical Test Suite as adapted by Oliver + Rochecouste of irisa.fr as part of the original havege project. More that 400 + tests are performed in a typical run. The program provides as pass-fail + indication with detailed results reported in the nist.out file in the + nist directory. You will need sit down with SP800-*.pdf available from the + NIST to review the detailed results. AIS31 provides recommendations for the + NIST test suite as 'additional tests'. See testing documentation at + http://www.issihosts.com/haveged/ais31.html for further information. + +The "quick" test is always part of the check target. The NIST suite is run only +when --enable-nistest is 'yes'. + +Both checks function the same way, haveged is run to collect a sample file in +the test directory which is then analyzed by the test program. A pass-fail return +is given in both cases, additional information is written to stdout. The input +samples and the nist.out report are deleted by the clean make target. + +Both test mechanisms are statistical and even a fully functional random number +generator will experience occasional failures. It is not uncommon to see one or +two failures in the NIST suite and the entest will occasionally fail with a small +sample size (usually the Chi-Square test barks). Early haveged releases used a +entest sample size of 1MB, this has been increased to 16MB because failures with +that sample size were all too common. A 16MB sample will also deplete and refill +the haveged collection area to exercise all buffer logic. + +Users are encouraged to run their own external tests. The --number==0 option is +a convenient means to pipe haveged output into external suites such as Dieharder, +the TESTU01 batteries, or PractRand. + + +RUNNING haveged + +The following invocation arguments are always available: + + --buffer , -b [] Buffer size [KW] - default : 128 + --data , -d [] Data cache size [KB], with fallback to 16 + --inst , -i [] Instruction cache size [KB], with fallback to 16 + --file , -f [] Sample output file - default: 'sample', '-' for stdout + --number , -n [] Output size in [k|m|g|t]. 0 = unlimited to stdout + --verbose , -v [] Verbose mask 0=none,1=summary,2=retries,4=timing,8=loop,16=code,32=test + --help , -h This help + +The "-b", "-d", "-i" options are needed only in special cases. Generator output +should be validated after changes to these values. + +If haveged is built with online testing enabled, the following is present + + --onlinetest , -o [] [t<x>][c<x>] x=[a[n][w]][b[w]] 't'ot, 'c'ontinuous, default: ta8b" + +The default configuration executes the "tot" test using AIS procedure B. At the completion +of the tot test, the buffer is reloaded and any continuous tests will be run before +data becomes available. + +If haveged is built with threads support, the following is present + + --threads , -t [] Number of threads + +If daemon interface is enabled, the following options are available: + + --Foreground , -F Run daemon in foreground, do not fork and detach, + --pid , -p [] The location of the daemon pid file, default: /var/run/haveged.pid + --run , -r [] 0=daemon,1=config info,>1=Write <r>KB sample file + --write , -w [] Set write_wakeup_threshold [bits] + +If haveged is running detached, diagnostic output is written to syslog, otherwise +output is written to stderr. + +If the daemon interface is enabled, non-zero "-r" options are used to test the +haveged random number generator; the random number generator will be configured, +the initial data collection pass will be executed, configuration details will be +written to stdout, and a "-r" KB sample of output will be written to the sample +output file for all "-r" > 1. The "-n" option provides a more friendly version +of r > 1. + +If the daemon interface and --run==1 is specified, or if --run is not available +and --number is not specified a summary of build, tuning, and execution +is displayed and haveged exits without generating data: + +<prog>: ver: <ver>; arch: <arch>; vend: <vend>, build: (<opts>); collect: <collect> +<prog>: cpu: <cpu> (<tune>);data: <data> (<tune>); inst: <inst> (<tune>); idx: <idx>; sz: <sz> +<prog>: tot tests(<spec>): <score>; continuous tests(<spec>):<score> last entropy estimate <ent> +<prog>: fills: <fills>, generated: <total> + +where + <prog> build: program name - normally haveged + <ver> build: package version + <arch> build: architecture: ia64, generic, ppc, s390, sparc, sparclite, x86 + <vend> build: vendor string of host from cpuid if available else 'generic' + <opts> build: version of gcc used and build option flags - see below. + <collect> tuning: collection buffer size + <cpu> tuning: (sources list for cpu info, see below) + <data> tuning: size, (sources list for L1 data cache) + <inst> tuning: size, (sources list for L1 instruction cache) + <idx> tuning: collector loops used/collector loops available + <sz> tuning: collector size used/collector size available. + <tune> tuning: tuning sources - see below + <spec> exec: tests to be executed in --onlinetest format + <ent> exec: last entropy estimate from procedure B. + <score> exec: pass/fail counts for AIS test procedures + <fills> exec: number of times buffer was filled + <total> exec: number of bytes output + +build option flags represent the ./configure options as: + C=clock_gettime, D=diagnostic I=tune with cpuid, M=multi-core, T=online tests, V=tune with vfs + +tuning sources are: + D=default value, P=instance parameter, C=cpuid present, + H=hyperthreading, A=AMD cpuid, A5=AMD fn5, A6=AMD fn6, A8=AMD fn8 + L2=Intel has leaf2, L4=Intel has leaf4, B=Intel leaf b, + 4=intel leaf4, V=virtual file system available + VS=/sys/devices/system/cpu/cpu%d/cache/index<n>/level, + VO=/sys/devices/system/cpu/online, VI=/proc/cpuinfo + VC=/sys/devices/system/cpu + +Sources displayed in parenthesis are white space separated lists of the above +tokens. The "collector * used/collector *available" values indicate the fit of +the haveged collection loop to the L1 instruction cache. + +Items marked 'exec:' above have meaning only when data is generated. The display +of test results is customized to match the test options specified. The last few +lines of the build/tuning summary (those items marked 'exec:' above) also +appear by themselves as the 'exec summary' in other circumstances. + +In other circumstances, the completion of initialization is announced by a banner +written to the log: + +"<prog>: starting up" +"Writing <n> byte output to <file>" + +The first line above is used when running as a daemon, the second otherwise. If +one or more online tests are running, test failures are logged as: + +<prog>: AIS-31 <stage> procedure <proc>: <action> <bytes> bytes fill <fill> + +where + <stage> is either 'tot' or 'continuous' + <proc> is either 'A' or 'B' + <action> is either 'retry' or 'fail' + <bytes> is number of bytes processed in procedure before failure + <fill> is the number of times the buffer was filled + +The exec summary is logged upon error or signal terminations. Other log output is +controlled by --verbose: + +A --verbose bit mask to obtain additional diagnostic information: + +0x01 Show exec summary on termination, retry summary +0x02 Show online test retry details +0x04 Show timing for collections +0x08 Show collection loop characteristics +0x10 Show code offsets +0x20 Show all online test completion details + +The "--write" option will set proc/sys/kernel/random/write_wakeup_threshold to +the given value. This is useful because this threshold is very small on some +systems. A minimum of 1024 is recommended. + +The file system interface supports file creation of up data setups up to 16tb or +can be part of a piped command set. See the man(8) page for examples. + +DIAGNOSTIC haveged build + +The diagnostic build is a special version of the non-daemon configuration with a +specialized --run option. The --run levels 0 and 1 correspond duplicate the +equivalent application functions. One or more of the addition commands may be +included depending on the --enable-diagnostic value chosen. + +capture (--run 2) + Run the RNG but collect the timer inputs in a separate buffer. The normal + RNG output is discarded and replaced by the timer inputs. Requires additional + buffering, performance is poor because 8 times as many fills are required to + generate same amount of output. + +inject tics (--run 4) + Replace timer source with file input. Requires additional buffering, source + must account for generator warmup. + +inject data (--run 8) + Bypass the normal RNG completely and read input directly into the output + buffer. Generator warmup is skipped. This option is useful for validating + the online test suite. + +Knowledge of haveged internals is needed to use the special features effectively +and interpret the results. The diagnostic build identifies itself as +'havege_diagnostic' in -help display and other outputs. + + +INSTALLATION + +If the daemon interface is not enabled, the install places the executable in +automake's bin_PROGRAMS directory and provides a man(8) page. A man(3) page +is provided for the libtool build. If the daemon interface is enabled, the +executable is installed in automake's sbin_PROGRAMS directory. + +If the daemon interface is enabled, the --enable-init setting provides a simple +template system to setup the init method. If --enable-init is set to none +no action is taken. Otherwise, the template must reside in the init.d build +directory and is selected by the setting. Template names "service.*" indicate +that a systemd style init, while template names "sysv.*" are used for sysv +style init scripts. + +Sample sysv style templates are provided for linux standard base, sysv.lsb, +and redhat systems, sysv.redhat , such as centos which have not moved to +systemd style inits. + +For systemd style installs, --enable-initdir specifies the systemd unit +directory. If the setting is not specified (or is ''), the default value is +obtained from hosts pkg-config query for systemdsystemunitdir. Sample systemd +templates are provided for forking, service.forking, and non-forking, +service.fedora, configurations. The non-forking configuration is recommended to +avoid the overhead of PID file and minimize start-up cost. + +Examples: + +./configure --enable-init=service.redhat +./configure --enable-init=sysv.lsb + +Custom init scripts can be added as necessary by adding templates to the +init.d directory. + +A sample file, haveged.spec, is provided in the build root as a guide for +those who want to build a rpm. As with init scripts, the sample may need +customization before use. Other SPEC file examples can be found in the +contrib directory (see EXTRAS for details). + + +EXTRAS + +The contrib directory contains bits and pieces that are not integrated into the +distribution. Currently this directory contains build related utilities in +the build directory and an unorganized collection of some of the tools used +to analyze haveged in the diags directory. + +The script contrib/build/build.sh organizes the build utilities. The script +provides methods to toggle the use of libtool in the build in particularly +problematic environments, a bootstrap to recover from automake error states +and the option to build and run a devel sample program after the devel +sub package has been built. + +Several sample package spec files are provided as contrib/build/*.spec. The +havege_sample.c source demonstrates usage of the havege.h API. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/configure.ac new/haveged-1.9.13/configure.ac --- old/haveged-1.9.8/configure.ac 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/configure.ac 2020-06-28 04:17:52.000000000 +0200 @@ -3,7 +3,7 @@ ## Minimum Autoconf version AC_PREREQ([2.59]) -AC_INIT([haveged],[1.9.8]) +AC_INIT([haveged],[1.9.13]) AC_CONFIG_AUX_DIR(config) AC_USE_SYSTEM_EXTENSIONS AC_CONFIG_HEADER([config.h]) @@ -18,7 +18,7 @@ AM_ENABLE_SHARED AM_DISABLE_STATIC LT_LANG([C]) -HAVEGE_LT_VERSION="1:1:0" +HAVEGE_LT_VERSION="2:0:0" AC_SUBST(HAVEGE_LT_VERSION) AC_DEFINE_UNQUOTED(HAVEGE_LIB_VERSION, "$HAVEGE_LT_VERSION", [Library version]) ##libtool_end## @@ -41,10 +41,10 @@ AC_DEFINE(RAW_OUT_ENABLE, 1, [Define to 1 for capture diagnostic]) AC_DEFINE(RAW_IN_ENABLE, 1, [Define to 1 for injection diagnostic]) enable_daemon="no"; -elif test "x$enable_diagnostic" == "xcapture"; then +elif test "x$enable_diagnostic" = "xcapture"; then AC_DEFINE(RAW_OUT_ENABLE, 1, [Define to 1 for capture diagnostic]) enable_daemon="no"; -elif test "x$enable_diagnostic" == "xinject"; then +elif test "x$enable_diagnostic" = "xinject"; then AC_DEFINE(RAW_IN_ENABLE, 1, [Define to 1 for injection diagnostic]) enable_daemon="no"; fi @@ -88,9 +88,9 @@ if test "x$enable_tune" = "xyes"; then AC_DEFINE(TUNING_CPUID_ENABLE, 1, [Define to 1 to tune with host cpuid]) AC_DEFINE(TUNING_VFS_ENABLE, 1, [Define to 1 to tune with host vfs]) -elif test "x$enable_tune" == "xcpuid"; then +elif test "x$enable_tune" = "xcpuid"; then AC_DEFINE(TUNING_CPUID_ENABLE, 1, [Define to 1 to tune with host cpuid]) -elif test "x$enable_tune" == "xvfs"; then +elif test "x$enable_tune" = "xvfs"; then AC_DEFINE(TUNING_VFS_ENABLE, 1, [Define to 1 to tune wiht host vfs]) fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/contrib/build/fedora.spec new/haveged-1.9.13/contrib/build/fedora.spec --- old/haveged-1.9.8/contrib/build/fedora.spec 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/contrib/build/fedora.spec 2020-06-28 04:17:52.000000000 +0200 @@ -1,26 +1,17 @@ Summary: A Linux entropy source using the HAVEGE algorithm Name: haveged -Version: 1.9 -Release: 0%{?dist} +Version: 1.9.13 +Release: 1%{?dist} License: GPLv3+ -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Group: System Environment/Daemons -URL: http://www.irisa.fr/caps/projects/hipsor/ -Source0: http://www.issihosts.com/haveged/%{name}-%{version}.tar.gz -Source1: haveged.service +URL: https://github.com/jirka-h/haveged +Source0: https://github.com/jirka-h/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Requires(post): systemd Requires(preun): systemd Requires(postun): systemd -# SystemV -> SystemD conversion -# This is actually needed for the %%triggerun script but Requires(triggerun) -# is not valid. We can use %%post because this particular %%triggerun script -# should fire just after this package is installed. -Requires(post): systemd-sysv -# SystemV -> SystemD conversion - - -BuildRequires: automake gdb coreutils glibc-common +BuildRequires: gcc +BuildRequires: automake coreutils glibc-common systemd-units +Enhances: apache2 gpg2 openssl openvpn php5 smtp_daemon systemd %description A Linux entropy source using the HAVEGE algorithm @@ -41,7 +32,6 @@ %package devel Summary: Headers and shared development libraries for HAVEGE algorithm -Group: Development/Libraries Requires: %{name} = %{version}-%{release} %description devel @@ -68,39 +58,57 @@ chmod 0644 COPYING README ChangeLog AUTHORS #Install systemd service file -rm -rf %{buildroot}/etc/init.d -pushd $RPM_BUILD_ROOT -mkdir -p .%{_unitdir} -install -p -m644 %{SOURCE1} .%{_unitdir}/haveged.service -popd +sed -e 's:@SBIN_DIR@:%{_sbindir}:g' -i init.d/service.fedora +install -Dpm 0644 init.d/service.fedora %{buildroot}%{_unitdir}/%{name}.service # We don't ship .la files. rm -rf %{buildroot}%{_libdir}/libhavege.*a -%clean -rm -rf %{buildroot} +mkdir -p %{buildroot}%{_defaultdocdir}/%{name} +cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot}%{_defaultdocdir}/%{name} %post -/sbin/ldconfig +/sbin/ldconfig +%if 0%{?systemd_post:1} %systemd_post haveged.service +%else +if [ $1 = 1 ]; then + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi +%endif %preun +%if 0%{?systemd_preun:1} %systemd_preun haveged.service +%else +if [ $1 = 0 ]; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable haveged.service >/dev/null 2>&1 || : + /bin/systemctl stop haveged.service >/dev/null 2>&1 || : +fi +%endif %postun -/sbin/ldconfig +%if 0%{?systemd_postun_with_restart:1} %systemd_postun_with_restart haveged.service +%else +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ]; then + # Package upgrade, not uninstall + /bin/systemctl try-restart haveged.service >/dev/null 2>&1 || : +fi +%endif +/sbin/ldconfig %files -%defattr(-, root, root, -) %{_mandir}/man8/haveged.8* %{_sbindir}/haveged %{_unitdir}/haveged.service %{_libdir}/*so.* -%doc COPYING README ChangeLog AUTHORS +%{_defaultdocdir}/* %files devel -%defattr(-, root, root, -) %{_mandir}/man3/libhavege.3* %dir %{_includedir}/%{name} %{_includedir}/%{name}/havege.h @@ -109,9 +117,85 @@ %changelog -* Sun Jan 13 2013 Jirka Hladky <[email protected]> - 1.7h-0 -- Couple of minor updates -* Sat Jan 12 2013 Jirka Hladky <[email protected]> - 1.7g-0 +* Sun Jun 28 2020 Jirka Hladky <[email protected]> - 1.9.13-1 + - Update to 1.9.13 + +* Thu Jun 18 2020 Jirka Hladky <[email protected]> - 1.9.12-1 + - Update to 1.9.12 + +* Fri Jun 12 2020 Jirka Hladky <[email protected]> - 1.9.11-1 + - Update to 1.9.11 + +* Thu Jun 11 2020 Jirka Hladky <[email protected]> - 1.9.10-1 + - Update to 1.9.10 + +* Thu Jun 11 2020 Jirka Hladky <[email protected]> - 1.9.9-2 + - Fixed haveged.service file + +* Tue Jun 09 2020 Jirka Hladky <[email protected]> - 1.9.9-1 + - Update to 1.9.9 + +* Wed Jan 29 2020 Fedora Release Engineering <[email protected]> - 1.9.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Sep 30 2019 Jirka Hladky <[email protected]> - 1.9.8-1 + - Update to 1.9.8 + +* Mon Aug 26 2019 Jirka Hladky <[email protected]> - 1.9.6-1 + - Update to 1.9.6 + +* Thu Jul 25 2019 Fedora Release Engineering <[email protected]> - 1.9.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering <[email protected]> - 1.9.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering <[email protected]> - 1.9.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering <[email protected]> - 1.9.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering <[email protected]> - 1.9.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering <[email protected]> - 1.9.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering <[email protected]> - 1.9.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering <[email protected]> - 1.9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering <[email protected]> - 1.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Aug 16 2014 Fedora Release Engineering <[email protected]> - 1.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering <[email protected]> - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Feb 13 2014 Jirka Hladky <[email protected]> - 1.9.1-1 +- Update to 1.9.1 + +* Sat Jan 04 2014 Jirka Hladky <[email protected]> - 1.8-1 +- Unversioned docdir change, more info on + https://fedoraproject.org/wiki/Changes/UnversionedDocdirs + +* Fri Jan 03 2014 Jirka Hladky <[email protected]> - 1.8-0 +- Updated to the version 1.8 +- Improvement to systemd service file +- Fixed exit status + +* Sat Aug 03 2013 Fedora Release Engineering <[email protected]> - 1.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering <[email protected]> - 1.7-1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Jan 19 2013 Jirka Hladky <[email protected]> - 1.7-0 - Updated to the version 1.7 - Version 1.7 brings developement libraries - Added devel package diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/init.d/service.fedora new/haveged-1.9.13/init.d/service.fedora --- old/haveged-1.9.8/init.d/service.fedora 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/init.d/service.fedora 2020-06-28 04:17:52.000000000 +0200 @@ -6,13 +6,30 @@ Before=sysinit.target shutdown.target systemd-journald.service [Service] -ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground +ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground Restart=always SuccessExitStatus=137 143 + +SecureBits=noroot-locked CapabilityBoundingSet=CAP_SYS_ADMIN +# We can *not* set PrivateTmp=true as it can cause an ordering cycle. +PrivateTmp=false PrivateDevices=true PrivateNetwork=true ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +RestrictNamespaces=true +RestrictRealtime=true + +LockPersonality=true +MemoryDenyWriteExecute=true +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@mount +SystemCallErrorNumber=EPERM [Install] WantedBy=sysinit.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/init.d/sysv.redhat new/haveged-1.9.13/init.d/sysv.redhat --- old/haveged-1.9.8/init.d/sysv.redhat 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/init.d/sysv.redhat 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2011-2012 Jirka Hladky hladky_dot_jiri_at_gmail_com +# Copyright 2011-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com # Copyright 2011-2012 Gary Wuertz [email protected] # # This program is free software: you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havege.c new/haveged-1.9.13/src/havege.c --- old/haveged-1.9.8/src/havege.c 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havege.c 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** Copyright 2011-2012 BenEleventh Consulting [email protected] ** @@ -178,6 +179,19 @@ havege_ndsetup(h); return h; } + +void havege_reparent( + H_PTR hptr) +{ +#if NUMBER_CORES>1 + H_THREAD *t = (H_THREAD *)hptr->threads; + if (0 == t) + return; /* single-threaded */ + + t->main = getpid(); +#endif +} + /** * Destructor. In a multi-collector build, this method should be called from a signal handler * to avoid creating processes. @@ -197,7 +211,7 @@ free(temp); } #ifdef ONLINE_TESTS_ENABLE - else if (0 != (temp=hptr->testData)) { + if (0 != (temp=hptr->testData)) { double *g = ((procShared *)temp)->G; hptr->testData = 0; if (0 != g) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havege.h new/haveged-1.9.13/src/havege.h --- old/haveged-1.9.8/src/havege.h 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havege.h 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** Copyright 2011-2012 BenEleventh Consulting [email protected] ** @@ -28,9 +29,9 @@ #endif /** * header/package version as a numeric major, minor, patch triple. See havege_version() - * below for useage. + * below for usage. */ -#define HAVEGE_PREP_VERSION "1.9.8" +#define HAVEGE_PREP_VERSION "1.9.13" /** * Basic types */ @@ -238,6 +239,14 @@ * H_NOINIT */ H_PTR havege_create(H_PARAMS *params); + +/** + * haveger_create() remembers parent pid and uses it to identify deallocating thread. + * daemonize() forks parent and effectively loses parent thread. + * havege_reparent(void) allows recovering new parent pid before havege_run() is started. + */ +void havege_reparent(H_PTR hptr); + /** * Frees all allocated anchor resources. If the multi-core option is used, this * method should be called from a signal handler to prevent zombie processes. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegecmd.c new/haveged-1.9.13/src/havegecmd.c --- old/haveged-1.9.8/src/havegecmd.c 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegecmd.c 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Provide HAVEGE socket communication API ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2018 Werner Fink <[email protected]> ** ** This program is free software: you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegecmd.h new/haveged-1.9.13/src/havegecmd.h --- old/haveged-1.9.8/src/havegecmd.h 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegecmd.h 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Provide HAVEGE socket communication API ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2018 Werner Fink <[email protected]> ** ** This program is free software: you can redistribute it and/or modify @@ -33,6 +34,14 @@ #define HAVEGED_SOCKET_PATH "\0/sys/entropy/haveged" #define MAGIC_CHROOT 'R' + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + +#ifndef SOCK_NONBLOCK +#define SOCK_NONBLOCK 0 +#endif /** * Open and listen on a UNIX socket to get command from there diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegecollect.c new/haveged-1.9.13/src/havegecollect.c --- old/haveged-1.9.8/src/havegecollect.c 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegecollect.c 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** Copyright 2011-2012 BenEleventh Consulting [email protected] ** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegecollect.h new/haveged-1.9.13/src/havegecollect.h --- old/haveged-1.9.8/src/havegecollect.h 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegecollect.h 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** Copyright 2011-2012 BenEleventh Consulting [email protected] ** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/haveged.c new/haveged-1.9.13/src/haveged.c --- old/haveged-1.9.8/src/haveged.c 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/haveged.c 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** Copyright 2011-2012 BenEleventh Consulting [email protected] ** @@ -51,6 +52,18 @@ #define STRZ(a) #a #define SETTINGL(msg,val) STRZ(val) msg #define SETTINGR(msg,val) msg STRZ(val) + +// {{{ VERSION_TEXT +static const char* VERSION_TEXT = + "haveged %s\n\n" + "Copyright (C) 2018-2020 Jirka Hladky <[email protected]>\n" + "Copyright (C) 2009-2014 Gary Wuertz <[email protected]>\n" + "Copyright (C) 2011-2012 BenEleventh Consulting <[email protected]>\n\n" + "License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.\n" + "This is free software: you are free to change and redistribute it.\n" + "There is NO WARRANTY, to the extent permitted by law.\n"; +// }}} VERSION_TEXT + /** * Parameters */ @@ -141,6 +154,7 @@ #endif "v", "verbose", "1", "Verbose mask 0=none,1=summary,2=retries,4=timing,8=loop,16=code,32=test", "w", "write", "1", "Set write_wakeup_threshold [bits]", + "V", "version", "0", "Print version information and exit", "h", "help", "0", "This help" }; static int nopts = sizeof(cmds)/(4*sizeof(char *)); @@ -314,6 +328,9 @@ case '?': case 'h': usage(0, nopts, long_options, cmds); + case 'V': + printf(VERSION_TEXT, HAVEGE_PREP_VERSION); + exit(EXIT_SUCCESS); case -1: break; } @@ -384,12 +401,17 @@ else { socket_fd = cmd_listen(params); if (socket_fd >= 0) - fprintf(stderr, "%s: listening socket at %d\n", params->daemon, socket_fd); - else if (socket_fd == -2) - fprintf(stderr, "%s: command socket already in use\n", params->daemon); - else - fprintf(stderr, "%s: can not initialize command socket: %m\n", params->daemon); + fprintf(stderr, "%s: command socket is listening at fd %d\n", params->daemon, socket_fd); + else { + if (socket_fd == -2) { + fprintf(stderr, "%s: command socket already in use\n", params->daemon); + fprintf(stderr, "%s: please check if there is another instance of haveged running\n", params->daemon); + fprintf(stderr, "%s: disabling command mode for this instance\n", params->daemon); + } else { + fprintf(stderr, "%s: can not initialize command socket: %m\n", params->daemon); + } } + } #endif if (params->tests_config == 0) params->tests_config = (0 != (params->setup & RUN_AS_APP))? TESTS_DEFAULT_APP : TESTS_DEFAULT_RUN; @@ -448,7 +470,7 @@ if (params->run_level==1) anchor_info(handle); else if (0==(params->setup&(INJECT|CAPTURE))) { - /* must specify range with --nunber or --run > 1 but not both */ + /* must specify range with --number or --run > 1 but not both */ if (params->run_level>1) { if (0==(params->setup&RANGE_SPEC)) { /* --run specified */ bufct = params->run_level/sizeof(H_UINT); @@ -538,8 +560,10 @@ anchor_info(h); return; } - if (params->foreground==0) + if (params->foreground==0) { daemonize(); + havege_reparent(handle); + } else printf ("%s starting up\n", params->daemon); if (0 != havege_run(h)) error_exit("Couldn't initialize HAVEGE rng %d", h->error); @@ -574,27 +598,36 @@ FD_ZERO(&write_fd); #ifndef NO_COMMAND_MODE - FD_ZERO(&read_fd); + if (socket_fd >= 0) { + FD_ZERO(&read_fd); + } #endif FD_SET(random_fd, &write_fd); if (random_fd > max) max = random_fd; #ifndef NO_COMMAND_MODE - FD_SET(socket_fd, &read_fd); - if (socket_fd > max) - max = socket_fd; - if (conn_fd >= 0) { - FD_SET(conn_fd, &read_fd); - if (conn_fd > max) - max = conn_fd; - } + if (socket_fd >= 0) { + FD_SET(socket_fd, &read_fd); + if (socket_fd > max) + max = socket_fd; + if (conn_fd >= 0) { + FD_SET(conn_fd, &read_fd); + if (conn_fd > max) + max = conn_fd; + } + } #endif for(;;) { struct timespec two = {2, 0}; + int rc; #ifndef NO_COMMAND_MODE - int rc = pselect(max+1, &read_fd, &write_fd, NULL, &two, &omask); + if (socket_fd >= 0) { + rc = pselect(max+1, &read_fd, &write_fd, NULL, &two, &omask); + } else { + rc = pselect(max+1, NULL, &write_fd, NULL, &two, &omask); + } #else - int rc = pselect(max+1, NULL, &write_fd, NULL, &two, &omask); + rc = pselect(max+1, NULL, &write_fd, NULL, &two, &omask); #endif if (rc >= 0) break; if (params->exit_code > 128) @@ -606,7 +639,7 @@ continue; #ifndef NO_COMMAND_MODE - if (FD_ISSET(socket_fd, &read_fd) && conn_fd < 0) { + if ( socket_fd >= 0 && FD_ISSET(socket_fd, &read_fd) && conn_fd < 0) { # ifdef HAVE_ACCEPT4 conn_fd = accept4(socket_fd, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK); if (conn_fd < 0 && (errno == ENOSYS || errno == ENOTSUP)) { @@ -774,7 +807,7 @@ /** * Pretty print the collection size */ -static char *ppSize( /* RETURN: the formated size */ +static char *ppSize( /* RETURN: the formatted size */ char *buffer, /* IN: work space */ double sz) /* IN: the size */ { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/haveged.h new/haveged-1.9.13/src/haveged.h --- old/haveged-1.9.8/src/haveged.h 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/haveged.h 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** ** This program is free software: you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegetest.c new/haveged-1.9.13/src/havegetest.c --- old/haveged-1.9.8/src/havegetest.c 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegetest.c 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2012-2014 Gary Wuertz [email protected] ** Copyright 2012 BenEleventh Consulting [email protected] ** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegetest.h new/haveged-1.9.13/src/havegetest.h --- old/haveged-1.9.8/src/havegetest.h 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegetest.h 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2012-2014 Gary Wuertz [email protected] ** Copyright 2012 BenEleventh Consulting [email protected] ** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegetune.c new/haveged-1.9.13/src/havegetune.c --- old/haveged-1.9.8/src/havegetune.c 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegetune.c 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Determine HAVEGE environment ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** Copyright 2011-2012 BenEleventh Consulting [email protected] ** @@ -187,7 +188,7 @@ *bp++ = BUILD_CPUID; #endif #if NUMBER_CORES>1 - *bp++ = BUILD_THREAD; + *bp++ = BUILD_THREADS; #endif #ifdef ONLINE_TESTS_ENABLE *bp++ = BUILD_OLT; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/havegetune.h new/haveged-1.9.13/src/havegetune.h --- old/haveged-1.9.8/src/havegetune.h 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/havegetune.h 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2014 Gary Wuertz [email protected] ** ** This program is free software: you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.8/src/oneiteration.h new/haveged-1.9.13/src/oneiteration.h --- old/haveged-1.9.8/src/oneiteration.h 2019-09-30 19:38:46.000000000 +0200 +++ new/haveged-1.9.13/src/oneiteration.h 2020-06-28 04:17:52.000000000 +0200 @@ -1,6 +1,7 @@ /** ** Simple entropy harvester based upon the havege RNG ** + ** Copyright 2018-2020 Jirka Hladky hladky DOT jiri AT gmail DOT com ** Copyright 2009-2013 Gary Wuertz [email protected] ** ** This program is free software: you can redistribute it and/or modify
