summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio Pettenò <flameeyes@gentoo.org>2012-12-16 00:02:42 +0000
committerDiego Elio Pettenò <flameeyes@gentoo.org>2012-12-16 00:02:42 +0000
commit57c8fec2d0897cc0892ee29b72398dd6f66709f7 (patch)
tree6d2ddee31ed3bc9acab0939930dbe1fcbca6fbc0 /sys-apps/rng-tools
parentDev channel bump. Use system harfbuzz. Re-enable nacl (no pnacl yet). Remove ... (diff)
downloadgentoo-2-57c8fec2d0897cc0892ee29b72398dd6f66709f7.tar.gz
gentoo-2-57c8fec2d0897cc0892ee29b72398dd6f66709f7.tar.bz2
gentoo-2-57c8fec2d0897cc0892ee29b72398dd6f66709f7.zip
Update init script so that OpenRC can check on the daemon, also fix stop with rdrand-capable CPUs (bug #442238), and disallow /dev/urandom mixin by default (bug #292239). The init script no longer tries to second-guess the configuration parameters, leaving the erroring out for missing sources to rngd itself, as it was broken and would have caused more trouble when rdrand is present.
(Portage version: 2.2.0_alpha148/cvs/Linux x86_64, signed Manifest commit with key 1CD13C8AD4301342)
Diffstat (limited to 'sys-apps/rng-tools')
-rw-r--r--sys-apps/rng-tools/ChangeLog13
-rw-r--r--sys-apps/rng-tools/files/rngd-confd-4.127
-rw-r--r--sys-apps/rng-tools/files/rngd-initd-4.132
-rw-r--r--sys-apps/rng-tools/rng-tools-4-r2.ebuild31
4 files changed, 102 insertions, 1 deletions
diff --git a/sys-apps/rng-tools/ChangeLog b/sys-apps/rng-tools/ChangeLog
index 3561af23a613..65fc7d90ae9c 100644
--- a/sys-apps/rng-tools/ChangeLog
+++ b/sys-apps/rng-tools/ChangeLog
@@ -1,6 +1,17 @@
# ChangeLog for sys-apps/rng-tools
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.33 2012/11/11 06:24:22 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.34 2012/12/16 00:02:42 flameeyes Exp $
+
+*rng-tools-4-r2 (16 Dec 2012)
+
+ 16 Dec 2012; Diego E. Pettenò <flameeyes@gentoo.org> +files/rngd-confd-4.1,
+ +files/rngd-initd-4.1, +rng-tools-4-r2.ebuild:
+ Update init script so that OpenRC can check on the daemon, also fix stop with
+ rdrand-capable CPUs (bug #442238), and disallow /dev/urandom mixin by default
+ (bug #292239). The init script no longer tries to second-guess the
+ configuration parameters, leaving the erroring out for missing sources to rngd
+ itself, as it was broken and would have caused more trouble when rdrand is
+ present.
*rng-tools-4-r1 (11 Nov 2012)
diff --git a/sys-apps/rng-tools/files/rngd-confd-4.1 b/sys-apps/rng-tools/files/rngd-confd-4.1
new file mode 100644
index 000000000000..e46dfcc3e867
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-confd-4.1
@@ -0,0 +1,27 @@
+# /etc/conf.d/rngd
+
+# Please see "/usr/sbin/rngd --help" and "man rngd" for more information
+
+# If a single device is preferred, then specify it here, otherwise we will
+# search for suitable devices. TPM is specified via a later option, not this
+# one.
+#DEVICE=
+#TPM_DEVICE=
+
+# Random step (Number of bytes written to random-device at a time):
+STEP=64
+
+# Should TPM be avoided?
+NO_TPM=0
+
+# Should RDRAND be avoided?
+NO_DRNG=0
+
+# Fill watermark
+# 0 <= n <= 4096
+WATERMARK=2048
+
+# Bug #292239: Remixing /dev/urandom back into /dev/random is considered a
+# security vulnerability in some cases where not enough entropy is present on
+# systems.
+DO_NOT_REMIX_URANDOM=1
diff --git a/sys-apps/rng-tools/files/rngd-initd-4.1 b/sys-apps/rng-tools/files/rngd-initd-4.1
new file mode 100644
index 000000000000..1478c15fd7c3
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-initd-4.1
@@ -0,0 +1,32 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/files/rngd-initd-4.1,v 1.1 2012/12/16 00:02:42 flameeyes Exp $
+
+depend() {
+ need localmount
+ after random
+ provide entropy
+}
+
+# Do NOT add /dev/tpm to this.
+DEFAULT_DEVICE="/dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng*"
+[ $DO_NOT_REMIX_URANDOM -eq 0 ] && DEFAULT_DEVICE="${DEFAULT_DEVICE} /dev/urandom"
+
+find_device() {
+ # The echo is to cause globbing
+ local d
+ for d in $* ; do
+ [ -e "${d}" ] && break
+ done
+ echo "${d}"
+}
+
+find_rng_device() {
+ echo "$(find_device $(echo ${DEVICE:-${DEFAULT_DEVICE}}) /dev/null)"
+}
+
+command=/usr/sbin/rngd
+pidfile="/var/run/${SVCNAME}.pid"
+command_args="--pid-file ${pidfile} --background --random-step ${STEP:-64} --no-tpm=${NO_TPM:-0} --no-drng=${NO_DRNG:-0} --fill-watermark ${WATERMARK} --rng-device $(find_rng_device)"
+start_stop_daemon_args="--retry SIGKILL/5 --wait 1000"
diff --git a/sys-apps/rng-tools/rng-tools-4-r2.ebuild b/sys-apps/rng-tools/rng-tools-4-r2.ebuild
new file mode 100644
index 000000000000..65180662f579
--- /dev/null
+++ b/sys-apps/rng-tools/rng-tools-4-r2.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/rng-tools-4-r2.ebuild,v 1.1 2012/12/16 00:02:42 flameeyes Exp $
+
+EAPI="4"
+
+inherit eutils autotools toolchain-funcs
+
+DESCRIPTION="Daemon to use hardware random number generators"
+HOMEPAGE="http://gkernel.sourceforge.net/"
+SRC_URI="mirror://sourceforge/gkernel/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~x86"
+IUSE=""
+
+src_prepare() {
+ echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am
+ epatch "${FILESDIR}"/test-for-argp.patch
+ eautoreconf
+
+ sed -i '/^AR /d' Makefile.in
+ tc-export AR
+}
+
+src_install() {
+ default
+ newinitd "${FILESDIR}"/rngd-initd-4.1 rngd
+ newconfd "${FILESDIR}"/rngd-confd-4.1 rngd
+}