summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/ekeyd/ChangeLog14
-rw-r--r--app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild168
-rw-r--r--app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild (renamed from app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild)79
-rw-r--r--app-crypt/ekeyd/files/ekey-egd-linux.conf12
-rw-r--r--app-crypt/ekeyd/files/ekey-egd-linux.init40
-rw-r--r--app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch26
-rw-r--r--app-crypt/ekeyd/files/ekeyd.init13
-rw-r--r--app-crypt/ekeyd/metadata.xml5
8 files changed, 165 insertions, 192 deletions
diff --git a/app-crypt/ekeyd/ChangeLog b/app-crypt/ekeyd/ChangeLog
index ca56bf790c5f..ddcbd8b0872f 100644
--- a/app-crypt/ekeyd/ChangeLog
+++ b/app-crypt/ekeyd/ChangeLog
@@ -1,6 +1,18 @@
# ChangeLog for app-crypt/ekeyd
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ChangeLog,v 1.21 2011/04/01 12:34:42 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ChangeLog,v 1.22 2011/04/08 02:39:28 flameeyes Exp $
+
+*ekeyd-1.1.3-r4 (08 Apr 2011)
+
+ 08 Apr 2011; Diego E. Pettenò <flameeyes@gentoo.org> -ekeyd-1.1.3-r2.ebuild,
+ -ekeyd-1.1.3-r3.ebuild, +ekeyd-1.1.3-r4.ebuild,
+ +files/ekeyd-1.1.3-format.patch, +files/ekey-egd-linux.conf,
+ +files/ekey-egd-linux.init, files/ekeyd.init, metadata.xml:
+ Merge ekey-egd-linux daemon (and init script) within ekeyd, and suggest using
+ it for heavy-loaded machines; the ekeyd init script provides entropy if (and
+ only if) it is not set to provide EGD sockets; add a warning about using the
+ userland USB access method; fix the only warning that was still present
+ (false positive on format strings).
*ekeyd-1.1.3-r3 (01 Apr 2011)
diff --git a/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild b/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild
deleted file mode 100644
index d08331746113..000000000000
--- a/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild
+++ /dev/null
@@ -1,168 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild,v 1.2 2011/03/27 22:13:47 flameeyes Exp $
-
-EAPI=2
-
-inherit multilib linux-info toolchain-funcs
-
-DESCRIPTION="Entropy Key userspace daemon"
-HOMEPAGE="http://www.entropykey.co.uk/"
-SRC_URI="http://www.entropykey.co.uk/res/download/${P}.tar.gz"
-
-LICENSE="as-is" # yes, truly
-
-SLOT="0"
-
-KEYWORDS="~amd64 ~x86"
-
-IUSE="usb kernel_linux"
-
-RDEPEND="dev-lang/lua
- usb? ( virtual/libusb:0 )"
-DEPEND="${RDEPEND}"
-RDEPEND="${RDEPEND}
- dev-lua/luasocket
- kernel_linux? ( sys-fs/udev )
- usb? ( !kernel_linux? ( sys-apps/usbutils ) )"
-
-CONFIG_CHECK="~USB_ACM"
-
-pkg_setup() {
- if use kernel_linux && ! use usb && linux_config_exists; then
- check_extra_config
- fi
-}
-
-src_prepare() {
- # - avoid using -Werror;
- # - don't gzip the man pages, this will also stop it from
- # installing them, so we'll do it by hand.
- sed -i \
- -e 's:-Werror::' \
- -e '/gzip/d' \
- daemon/Makefile || die
-
- epatch "${FILESDIR}"/${PN}-1.1.1-earlyboot.patch
- epatch "${FILESDIR}"/${P}-libusb_compat.patch
- epatch "${FILESDIR}"/${P}-slashes.patch
-
- # Stupid multilib hack; remove it once Gentoo has sane paths for
- # udev directories.
- if [[ $(get_libdir) != lib ]]; then
- sed -i -e "s:/lib/udev/:/$(get_libdir)/udev/:" \
- doc/*.rules || die
- fi
-
- # We moved the binaries around
- sed -i -e 's:$BINPATH/ekey-ulusbd:/usr/libexec/ekey-ulusbd:' \
- doc/ekeyd-udev || die
-}
-
-src_compile() {
- local osname
-
- # Override automatic detection: upstream provides this with uname,
- # we don't like using uname.
- case ${CHOST} in
- *-linux-*)
- osname=linux;;
- *-freebsd*)
- osname=freebsd;;
- *-kfrebsd-gnu)
- osname=gnukfreebsd;;
- *-openbsd*)
- osname=openbsd;;
- *)
- die "Unsupported operating system!"
- ;;
- esac
-
- # We don't slot LUA so we don't really need to have the variables
- # set at all.
- emake -C daemon \
- CC="$(tc-getCC)" \
- LUA_V= LUA_INC= \
- OSNAME=${osname} \
- OPT="${CFLAGS}" \
- BUILD_ULUSBD=$(use usb && echo yes || echo no) \
- || die "emake failed"
-}
-
-src_install() {
- emake -C daemon \
- DESTDIR="${D}" \
- BUILD_ULUSBD=$(use usb && echo yes || echo no) \
- install || die "emake install failed"
-
- # We move the daemons around to avoid polluting the available
- # commands.
- dodir /usr/libexec
- mv "${D}"/usr/sbin/ekey*d "${D}"/usr/libexec
-
- # Install them manually because we don't want them gzipped
- doman daemon/{ekeyd,ekey-setkey,ekey-rekey,ekeydctl}.8 \
- daemon/ekeyd.conf.5 || die
-
- newinitd "${FILESDIR}"/${PN}.init ${PN} || die
-
- if use usb; then
- if ! use kernel_linux; then
- newinitd "${FILESDIR}"/ekey-ulusbd.init ekey-ulusbd || die
- newconfd "${FILESDIR}"/ekey-ulusbd.conf ekey-ulusbd || die
- fi
- doman daemon/ekey-ulusbd.8 || die
- fi
-
- dodoc daemon/README* AUTHORS WARNING ChangeLog || die
-
- if use kernel_linux; then
- local rules=doc/60-UDEKEY01.rules
- use usb && rules=doc/60-UDEKEY01-UDS.rules
-
- insinto /$(get_libdir)/udev/rules.d
- newins ${rules} 70-${PN}.rules || die
-
- exeinto /$(get_libdir)/udev
- doexe doc/ekeyd-udev || die
- fi
-}
-
-pkg_postinst() {
- elog "To make use of your entropykey, make sure to execute ekey-rekey"
- elog "the first time, and then start the ekeyd service."
- elog ""
- elog "The service supports multiplexing if you wish to use multiple"
- elog "keys, just symlink /etc/init.d/ekeyd → /etc/init.d/ekeyd.identifier"
- elog "and it'll be looking for /etc/entropykey/identifier.conf"
- elog ""
- elog "If you intend on providing entropy for more than your running host"
- elog "you'll have to set the ekeyd daemon into EGD-server mode, and install"
- elog "on both the ekey host and the clients the app-crypt/ekey-egd-linux"
- elog "package that connects to the egd socket to receive entropy."
- elog ""
-
- if use usb; then
- if use kernel_linux; then
- elog "You're going to use the userland USB daemon, the udev rules"
- elog "will be used accordingly. If you want to use the CDC driver"
- elog "please disable the usb USE flag."
- else
- elog "You're going to use the userland USB daemon, since your OS"
- elog "does not support udev, you should start the ekey-ulusbd"
- elog "service before ekeyd."
- fi
- else
- if use kernel_linux; then
- elog "Some versions of Linux have a faulty CDC ACM driver that stops"
- elog "EntropyKey from working properly; please check the compatibility"
- elog "table at http://www.entropykey.co.uk/download/"
- else
- elog "Make sure your operating system supports the CDC ACM driver"
- elog "or otherwise you won't be able to use the EntropyKey."
- fi
- elog ""
- elog "If you're unsure about the working state of the CDC ACM driver"
- elog "enable the usb USE flag and use the userland USB daemon"
- fi
-}
diff --git a/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild b/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild
index 2182265f92f7..a9a3967c769d 100644
--- a/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild
+++ b/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild
@@ -1,8 +1,8 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild,v 1.1 2011/04/01 12:34:42 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild,v 1.1 2011/04/08 02:39:28 flameeyes Exp $
-EAPI=2
+EAPI=4
inherit multilib linux-info toolchain-funcs
@@ -16,37 +16,41 @@ SLOT="0"
KEYWORDS="~amd64 ~x86"
-IUSE="usb kernel_linux munin"
+IUSE="usb kernel_linux munin minimal"
-RDEPEND="dev-lang/lua
- usb? ( virtual/libusb:0 )"
-DEPEND="${RDEPEND}"
-RDEPEND="${RDEPEND}
+EKEYD_RDEPEND="dev-lang/lua
+ usb? ( virtual/libusb:0 )"
+EKEYD_DEPEND="${EKEYD_RDEPEND}"
+EKEYD_RDEPEND="${EKEYD_RDEPEND}
dev-lua/luasocket
kernel_linux? ( sys-fs/udev )
usb? ( !kernel_linux? ( sys-apps/usbutils ) )
munin? ( net-analyzer/munin )"
+RDEPEND="!minimal? ( ${EKEYD_RDEPEND} )
+ !app-crypt/ekey-egd-linux"
+DEPEND="${EKEYD_DEPEND}"
+
CONFIG_CHECK="~USB_ACM"
+REQUIRED_USE="minimal? ( !munin !usb )"
+
pkg_setup() {
- if use kernel_linux && ! use usb && linux_config_exists; then
+ if ! use minimal && use kernel_linux && ! use usb && linux_config_exists; then
check_extra_config
fi
}
src_prepare() {
# - avoid using -Werror;
- # - don't gzip the man pages, this will also stop it from
- # installing them, so we'll do it by hand.
sed -i \
-e 's:-Werror::' \
- -e '/gzip/d' \
daemon/Makefile || die
epatch "${FILESDIR}"/${PN}-1.1.1-earlyboot.patch
epatch "${FILESDIR}"/${P}-libusb_compat.patch
epatch "${FILESDIR}"/${P}-slashes.patch
+ epatch "${FILESDIR}"/${P}-format.patch
# Stupid multilib hack; remove it once Gentoo has sane paths for
# udev directories.
@@ -87,13 +91,26 @@ src_compile() {
OSNAME=${osname} \
OPT="${CFLAGS}" \
BUILD_ULUSBD=$(use usb && echo yes || echo no) \
+ $(use minimal && echo egd-linux) \
|| die "emake failed"
}
src_install() {
+ exeinto /usr/libexec
+ newexe "${S}"/daemon/egd-linux ekey-egd-linux || die
+ doman daemon/ekey-egd-linux.8 || die
+
+ newconfd "${FILESDIR}"/ekey-egd-linux.conf ekey-egd-linux || die
+ newinitd "${FILESDIR}"/ekey-egd-linux.init ekey-egd-linux || die
+
+ use minimal && return
+ # from here on, install everything that is not part of the minimal
+ # support.
+
emake -C daemon \
DESTDIR="${D}" \
BUILD_ULUSBD=$(use usb && echo yes || echo no) \
+ MANZCMD=cat MANZEXT= \
install || die "emake install failed"
# We move the daemons around to avoid polluting the available
@@ -101,10 +118,6 @@ src_install() {
dodir /usr/libexec
mv "${D}"/usr/sbin/ekey*d "${D}"/usr/libexec
- # Install them manually because we don't want them gzipped
- doman daemon/{ekeyd,ekey-setkey,ekey-rekey,ekeydctl}.8 \
- daemon/ekeyd.conf.5 || die
-
newinitd "${FILESDIR}"/${PN}.init ${PN} || die
if use usb; then
@@ -138,18 +151,38 @@ src_install() {
}
pkg_postinst() {
- elog "To make use of your entropykey, make sure to execute ekey-rekey"
+ elog "${CATEGORY}/${PN} now install also the EGD client service ekey-egd-linux."
+ elog "To use this service, you need enable EGDTCPSocket for the ekeyd service"
+ elog "managing the key(s)."
+ elog ""
+ elog "The daemon will send more entropy to the kernel once the available pool"
+ elog "falls below the value set in the kernel.random.write_wakeup_threshold"
+ elog "sysctl entry."
+ elog ""
+ elog "You can change the watermark in /etc/conf.d/ekey-egd-linux; if you do"
+ elog "it will require write access to the kernel's sysctl."
+
+ use minimal && return
+ # from here on, document everything that is not part of the minimal
+ # support.
+
+ elog ""
+ elog "To make use of your EntropyKey, make sure to execute ekey-rekey"
elog "the first time, and then start the ekeyd service."
elog ""
+ elog "By default ekeyd will feed the entropy directly to the kernel's pool;"
+ elog "if your system has jumps in load average, you might prefer using the"
+ elog "EGD compatibility mode, by enabling EGDTCPSocket for ekeyd and then"
+ elog "starting the ekey-egd-linux service."
+ elog ""
+ elog "The same applies if you intend to provide entropy for multiple hosts"
+ elog "over the network. If you want to have the ekey-egd-linux service on"
+ elog "other hosts, you can enable the 'minimal' USE flag."
+ elog ""
elog "The service supports multiplexing if you wish to use multiple"
elog "keys, just symlink /etc/init.d/ekeyd → /etc/init.d/ekeyd.identifier"
elog "and it'll be looking for /etc/entropykey/identifier.conf"
elog ""
- elog "If you intend on providing entropy for more than your running host"
- elog "you'll have to set the ekeyd daemon into EGD-server mode, and install"
- elog "on both the ekey host and the clients the app-crypt/ekey-egd-linux"
- elog "package that connects to the egd socket to receive entropy."
- elog ""
if use usb; then
if use kernel_linux; then
@@ -161,6 +194,10 @@ pkg_postinst() {
elog "does not support udev, you should start the ekey-ulusbd"
elog "service before ekeyd."
fi
+
+ ewarn "The userland USB daemon has multiple known issues. If you can,"
+ ewarn "please consider disabling the 'usb' USE flag and instead use the"
+ ewarn "CDC-ACM access method."
else
if use kernel_linux; then
elog "Some versions of Linux have a faulty CDC ACM driver that stops"
diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.conf b/app-crypt/ekeyd/files/ekey-egd-linux.conf
new file mode 100644
index 000000000000..0f72288ac534
--- /dev/null
+++ b/app-crypt/ekeyd/files/ekey-egd-linux.conf
@@ -0,0 +1,12 @@
+# Configuration file for ekey-egd-linux
+
+# Hostname or IP address to connect to.
+#HOST="localhost"
+# Port number to connect to.
+#PORT="8888"
+# Time between reconnect attempts.
+#RECONNECTINTERVAL=10
+# Set the number of 1024 bit blocks to request each time
+#BLOCKS=2
+# Low level entropy to trigger egd-linux entropy read
+WATERMARK=1024
diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.init b/app-crypt/ekeyd/files/ekey-egd-linux.init
new file mode 100644
index 000000000000..c3a2a9914ba6
--- /dev/null
+++ b/app-crypt/ekeyd/files/ekey-egd-linux.init
@@ -0,0 +1,40 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekey-egd-linux.init,v 1.1 2011/04/08 02:39:27 flameeyes Exp $
+
+: ${HOST:=localhost}
+: ${PORT:=8888}
+: ${RECONNECTINTERVAL:=10}
+: ${BLOCKS:=2}
+
+depend() {
+ use net
+ after ekeyd
+
+ provide entropy
+}
+
+start() {
+ ebegin "Starting EntropyKey EGD client"
+ start-stop-daemon \
+ --start --pidfile "/var/run/${SVCNAME}.pid" \
+ --exec /usr/libexec/ekey-egd-linux -- \
+ -H ${HOST} -p ${PORT} \
+ -r ${RECONNECTINTERVAL} \
+ -b ${BLOCKS} \
+ -D "/var/run/${SVCNAME}.pid"
+
+ [ -n "${WATERMARK}" ] && \
+ sysctl "kernel.random.write_wakeup_threshold=$WATERMARK" >/dev/null 2>&1
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping EntropyKey EGD client"
+ start-stop-daemon \
+ --stop --pidfile "/var/run/${SVCNAME}.pid" \
+ --exec /usr/libexec/ekey-egd-linux
+ eend $?
+}
diff --git a/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch
new file mode 100644
index 000000000000..a705dd503e0c
--- /dev/null
+++ b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch
@@ -0,0 +1,26 @@
+Index: ekeyd-1.1.3/daemon/ekeyd.c
+===================================================================
+--- ekeyd-1.1.3.orig/daemon/ekeyd.c
++++ ekeyd-1.1.3/daemon/ekeyd.c
+@@ -203,7 +203,7 @@ open_foldback_output(void)
+ return (output_stream != NULL);
+ }
+
+-static const char *usage=
++static const char usage[]=
+ "Usage: %s [-f <configfile>] [-p <pidfile>] [-v] [-h]\n"
+ "Entropy Key Daemon\n\n"
+ "\t-f Read configuration from configfile\n"
+Index: ekeyd-1.1.3/daemon/ekey-setkey.c
+===================================================================
+--- ekeyd-1.1.3.orig/daemon/ekey-setkey.c
++++ ekeyd-1.1.3/daemon/ekey-setkey.c
+@@ -79,7 +79,7 @@ calc_mac(uint8_t *snum, uint8_t *mkey, u
+ return mac;
+ }
+
+-static const char *usage =
++static const char usage[] =
+ "Usage: %s [-d] [-h] [-n] [-f <keyring>] [-m <master>]\n"
+ " [-s <serial>] <path>\n"
+ "Entropy key device long term session key tool\n\n"
diff --git a/app-crypt/ekeyd/files/ekeyd.init b/app-crypt/ekeyd/files/ekeyd.init
index 528a8d32ab7d..897f3ac77e95 100644
--- a/app-crypt/ekeyd/files/ekeyd.init
+++ b/app-crypt/ekeyd/files/ekeyd.init
@@ -1,7 +1,7 @@
#!/sbin/runscript
-# Copyright 2009 Gentoo Foundation
+# Copyright 2009-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.3 2009/10/04 11:43:34 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.4 2011/04/08 02:39:27 flameeyes Exp $
INSTANCE="${SVCNAME#*.}"
if [ -z "${INSTANCE}" ] || [ "${SVCNAME}" = "ekeyd" ]; then
@@ -11,6 +11,15 @@ fi
depend() {
use udev ekey-ulusbd
need localmount
+
+ local cfgfile="/etc/entropykey/${INSTANCE}.conf"
+ config "${cfgfile}"
+
+ # quickly parse the configuration file; we only provide entropy
+ # if we're not using the egd server/client split method.
+ if sed -e 's:--.*::' "${cfgfile}" | grep -q SetOutputToKernel; then
+ provide entropy
+ fi
}
start() {
diff --git a/app-crypt/ekeyd/metadata.xml b/app-crypt/ekeyd/metadata.xml
index 3f212cc6178a..4a06c4f07dd8 100644
--- a/app-crypt/ekeyd/metadata.xml
+++ b/app-crypt/ekeyd/metadata.xml
@@ -18,5 +18,10 @@
Install a plugin for <pkg>net-analyzer/munin</pkg> to graph
statistical data from ekeyd.
</flag>
+
+ <flag name='minimal'>
+ Only install the ekey-egd-linux service rather than the full
+ ekeyd package.
+ </flag>
</use>
</pkgmetadata>