Hi,
glib2 and Mozilla's NSS are voracious consumers of /dev/urandom. These
patches makes them use /dev/arandom instead - it is faster and we already
consider its output sufficiently strong for use by OpenSSL.
There are probably quite a few other ports that could be similarly adapted.
Ok?
-d
? w-glib-2.12.12
Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/glib2/Makefile,v
retrieving revision 1.36
diff -u -p -r1.36 Makefile
--- Makefile 27 Jul 2007 10:09:51 -0000 1.36
+++ Makefile 12 Sep 2007 23:06:16 -0000
@@ -5,7 +5,7 @@ COMMENT-docs= "glib2 documentation"
VERSION= 2.12.12
DISTNAME= glib-${VERSION}
-PKGNAME-main= glib2-${VERSION}p1
+PKGNAME-main= glib2-${VERSION}p2
PKGNAME-docs= glib2-docs-${VERSION}
CATEGORIES= devel
Index: patches/patch-glib_grand_c
===================================================================
RCS file: patches/patch-glib_grand_c
diff -N patches/patch-glib_grand_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-glib_grand_c 12 Sep 2007 23:06:16 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- glib/grand.c.orig Thu Sep 13 09:01:56 2007
++++ glib/grand.c Thu Sep 13 09:02:35 2007
+@@ -173,7 +173,7 @@ g_rand_new (void)
+ do
+ {
+ errno = 0;
+- dev_urandom = fopen("/dev/urandom", "rb");
++ dev_urandom = fopen("/dev/arandom", "rb");
+ }
+ while G_UNLIKELY (errno == EINTR);
+
? w-nss-3.11.7
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/nss/Makefile,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile
--- Makefile 1 Aug 2007 21:16:10 -0000 1.7
+++ Makefile 12 Sep 2007 23:01:08 -0000
@@ -5,7 +5,7 @@ SHARED_ONLY= Yes
COMMENT= "libraries to support development of security-enabled
apps"
VERSION= 3.11.7
-DISTNAME= nss-${VERSION}
+DISTNAME= nss-${VERSION}p0
SO_VERSION= 20.0
.for _lib in freebl3 nss3 nssckbi smime3 softokn3 ssl3
SHARED_LIBS+= ${_lib} ${SO_VERSION}
Index: patches/patch-mozilla_security_nss_lib_freebl_unix_rand_c
===================================================================
RCS file:
/cvs/ports/security/nss/patches/patch-mozilla_security_nss_lib_freebl_unix_rand_c,v
retrieving revision 1.2
diff -u -p -r1.2 patch-mozilla_security_nss_lib_freebl_unix_rand_c
--- patches/patch-mozilla_security_nss_lib_freebl_unix_rand_c 1 Aug 2007
21:16:10 -0000 1.2
+++ patches/patch-mozilla_security_nss_lib_freebl_unix_rand_c 12 Sep 2007
23:01:08 -0000
@@ -1,6 +1,6 @@
$OpenBSD: patch-mozilla_security_nss_lib_freebl_unix_rand_c,v 1.2 2007/08/01
21:16:10 kurt Exp $
---- mozilla/security/nss/lib/freebl/unix_rand.c.orig Wed Feb 14 20:48:36 2007
-+++ mozilla/security/nss/lib/freebl/unix_rand.c Wed Jul 25 12:51:08 2007
+--- mozilla/security/nss/lib/freebl/unix_rand.c.orig Thu Feb 15 12:48:36 2007
++++ mozilla/security/nss/lib/freebl/unix_rand.c Thu Sep 13 08:57:09 2007
@@ -859,7 +859,8 @@ safe_pclose(FILE *fp)
/* if the child hasn't exited, kill it -- we're done with its output */
while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
@@ -19,3 +19,21 @@ $OpenBSD: patch-mozilla_security_nss_lib
void RNG_SystemInfoForRNG(void)
{
+@@ -956,7 +956,7 @@ for the small amount of entropy it provides.
+ GiveSystemInfo();
+
+ /* grab some data from system's PRNG before any other files. */
+- bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
++ bytes = RNG_FileUpdate("/dev/arandom", SYSTEM_RNG_SEED_COUNT);
+
+ /* If the user points us to a random file, pass it through the rng */
+ randfile = getenv("NSRANDFILE");
+@@ -1139,7 +1139,7 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
+ size_t fileBytes = 0;
+ unsigned char *buffer = dest;
+
+- file = fopen("/dev/urandom", "r");
++ file = fopen("/dev/arandom", "r");
+ if (file == NULL) {
+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+ return fileBytes;
