diff options
Diffstat (limited to 'app-crypt')
-rw-r--r-- | app-crypt/ekeyd/ChangeLog | 14 | ||||
-rw-r--r-- | app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild | 168 | ||||
-rw-r--r-- | app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild (renamed from app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild) | 79 | ||||
-rw-r--r-- | app-crypt/ekeyd/files/ekey-egd-linux.conf | 12 | ||||
-rw-r--r-- | app-crypt/ekeyd/files/ekey-egd-linux.init | 40 | ||||
-rw-r--r-- | app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch | 26 | ||||
-rw-r--r-- | app-crypt/ekeyd/files/ekeyd.init | 13 | ||||
-rw-r--r-- | app-crypt/ekeyd/metadata.xml | 5 |
8 files changed, 165 insertions, 192 deletions
diff --git a/app-crypt/ekeyd/ChangeLog b/app-crypt/ekeyd/ChangeLog index ca56bf790c5f..ddcbd8b0872f 100644 --- a/app-crypt/ekeyd/ChangeLog +++ b/app-crypt/ekeyd/ChangeLog @@ -1,6 +1,18 @@ # ChangeLog for app-crypt/ekeyd # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ChangeLog,v 1.21 2011/04/01 12:34:42 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ChangeLog,v 1.22 2011/04/08 02:39:28 flameeyes Exp $ + +*ekeyd-1.1.3-r4 (08 Apr 2011) + + 08 Apr 2011; Diego E. Pettenò <flameeyes@gentoo.org> -ekeyd-1.1.3-r2.ebuild, + -ekeyd-1.1.3-r3.ebuild, +ekeyd-1.1.3-r4.ebuild, + +files/ekeyd-1.1.3-format.patch, +files/ekey-egd-linux.conf, + +files/ekey-egd-linux.init, files/ekeyd.init, metadata.xml: + Merge ekey-egd-linux daemon (and init script) within ekeyd, and suggest using + it for heavy-loaded machines; the ekeyd init script provides entropy if (and + only if) it is not set to provide EGD sockets; add a warning about using the + userland USB access method; fix the only warning that was still present + (false positive on format strings). *ekeyd-1.1.3-r3 (01 Apr 2011) diff --git a/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild b/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild deleted file mode 100644 index d08331746113..000000000000 --- a/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild +++ /dev/null @@ -1,168 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild,v 1.2 2011/03/27 22:13:47 flameeyes Exp $ - -EAPI=2 - -inherit multilib linux-info toolchain-funcs - -DESCRIPTION="Entropy Key userspace daemon" -HOMEPAGE="http://www.entropykey.co.uk/" -SRC_URI="http://www.entropykey.co.uk/res/download/${P}.tar.gz" - -LICENSE="as-is" # yes, truly - -SLOT="0" - -KEYWORDS="~amd64 ~x86" - -IUSE="usb kernel_linux" - -RDEPEND="dev-lang/lua - usb? ( virtual/libusb:0 )" -DEPEND="${RDEPEND}" -RDEPEND="${RDEPEND} - dev-lua/luasocket - kernel_linux? ( sys-fs/udev ) - usb? ( !kernel_linux? ( sys-apps/usbutils ) )" - -CONFIG_CHECK="~USB_ACM" - -pkg_setup() { - if use kernel_linux && ! use usb && linux_config_exists; then - check_extra_config - fi -} - -src_prepare() { - # - avoid using -Werror; - # - don't gzip the man pages, this will also stop it from - # installing them, so we'll do it by hand. - sed -i \ - -e 's:-Werror::' \ - -e '/gzip/d' \ - daemon/Makefile || die - - epatch "${FILESDIR}"/${PN}-1.1.1-earlyboot.patch - epatch "${FILESDIR}"/${P}-libusb_compat.patch - epatch "${FILESDIR}"/${P}-slashes.patch - - # Stupid multilib hack; remove it once Gentoo has sane paths for - # udev directories. - if [[ $(get_libdir) != lib ]]; then - sed -i -e "s:/lib/udev/:/$(get_libdir)/udev/:" \ - doc/*.rules || die - fi - - # We moved the binaries around - sed -i -e 's:$BINPATH/ekey-ulusbd:/usr/libexec/ekey-ulusbd:' \ - doc/ekeyd-udev || die -} - -src_compile() { - local osname - - # Override automatic detection: upstream provides this with uname, - # we don't like using uname. - case ${CHOST} in - *-linux-*) - osname=linux;; - *-freebsd*) - osname=freebsd;; - *-kfrebsd-gnu) - osname=gnukfreebsd;; - *-openbsd*) - osname=openbsd;; - *) - die "Unsupported operating system!" - ;; - esac - - # We don't slot LUA so we don't really need to have the variables - # set at all. - emake -C daemon \ - CC="$(tc-getCC)" \ - LUA_V= LUA_INC= \ - OSNAME=${osname} \ - OPT="${CFLAGS}" \ - BUILD_ULUSBD=$(use usb && echo yes || echo no) \ - || die "emake failed" -} - -src_install() { - emake -C daemon \ - DESTDIR="${D}" \ - BUILD_ULUSBD=$(use usb && echo yes || echo no) \ - install || die "emake install failed" - - # We move the daemons around to avoid polluting the available - # commands. - dodir /usr/libexec - mv "${D}"/usr/sbin/ekey*d "${D}"/usr/libexec - - # Install them manually because we don't want them gzipped - doman daemon/{ekeyd,ekey-setkey,ekey-rekey,ekeydctl}.8 \ - daemon/ekeyd.conf.5 || die - - newinitd "${FILESDIR}"/${PN}.init ${PN} || die - - if use usb; then - if ! use kernel_linux; then - newinitd "${FILESDIR}"/ekey-ulusbd.init ekey-ulusbd || die - newconfd "${FILESDIR}"/ekey-ulusbd.conf ekey-ulusbd || die - fi - doman daemon/ekey-ulusbd.8 || die - fi - - dodoc daemon/README* AUTHORS WARNING ChangeLog || die - - if use kernel_linux; then - local rules=doc/60-UDEKEY01.rules - use usb && rules=doc/60-UDEKEY01-UDS.rules - - insinto /$(get_libdir)/udev/rules.d - newins ${rules} 70-${PN}.rules || die - - exeinto /$(get_libdir)/udev - doexe doc/ekeyd-udev || die - fi -} - -pkg_postinst() { - elog "To make use of your entropykey, make sure to execute ekey-rekey" - elog "the first time, and then start the ekeyd service." - elog "" - elog "The service supports multiplexing if you wish to use multiple" - elog "keys, just symlink /etc/init.d/ekeyd → /etc/init.d/ekeyd.identifier" - elog "and it'll be looking for /etc/entropykey/identifier.conf" - elog "" - elog "If you intend on providing entropy for more than your running host" - elog "you'll have to set the ekeyd daemon into EGD-server mode, and install" - elog "on both the ekey host and the clients the app-crypt/ekey-egd-linux" - elog "package that connects to the egd socket to receive entropy." - elog "" - - if use usb; then - if use kernel_linux; then - elog "You're going to use the userland USB daemon, the udev rules" - elog "will be used accordingly. If you want to use the CDC driver" - elog "please disable the usb USE flag." - else - elog "You're going to use the userland USB daemon, since your OS" - elog "does not support udev, you should start the ekey-ulusbd" - elog "service before ekeyd." - fi - else - if use kernel_linux; then - elog "Some versions of Linux have a faulty CDC ACM driver that stops" - elog "EntropyKey from working properly; please check the compatibility" - elog "table at http://www.entropykey.co.uk/download/" - else - elog "Make sure your operating system supports the CDC ACM driver" - elog "or otherwise you won't be able to use the EntropyKey." - fi - elog "" - elog "If you're unsure about the working state of the CDC ACM driver" - elog "enable the usb USE flag and use the userland USB daemon" - fi -} diff --git a/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild b/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild index 2182265f92f7..a9a3967c769d 100644 --- a/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild +++ b/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild @@ -1,8 +1,8 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild,v 1.1 2011/04/01 12:34:42 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild,v 1.1 2011/04/08 02:39:28 flameeyes Exp $ -EAPI=2 +EAPI=4 inherit multilib linux-info toolchain-funcs @@ -16,37 +16,41 @@ SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="usb kernel_linux munin" +IUSE="usb kernel_linux munin minimal" -RDEPEND="dev-lang/lua - usb? ( virtual/libusb:0 )" -DEPEND="${RDEPEND}" -RDEPEND="${RDEPEND} +EKEYD_RDEPEND="dev-lang/lua + usb? ( virtual/libusb:0 )" +EKEYD_DEPEND="${EKEYD_RDEPEND}" +EKEYD_RDEPEND="${EKEYD_RDEPEND} dev-lua/luasocket kernel_linux? ( sys-fs/udev ) usb? ( !kernel_linux? ( sys-apps/usbutils ) ) munin? ( net-analyzer/munin )" +RDEPEND="!minimal? ( ${EKEYD_RDEPEND} ) + !app-crypt/ekey-egd-linux" +DEPEND="${EKEYD_DEPEND}" + CONFIG_CHECK="~USB_ACM" +REQUIRED_USE="minimal? ( !munin !usb )" + pkg_setup() { - if use kernel_linux && ! use usb && linux_config_exists; then + if ! use minimal && use kernel_linux && ! use usb && linux_config_exists; then check_extra_config fi } src_prepare() { # - avoid using -Werror; - # - don't gzip the man pages, this will also stop it from - # installing them, so we'll do it by hand. sed -i \ -e 's:-Werror::' \ - -e '/gzip/d' \ daemon/Makefile || die epatch "${FILESDIR}"/${PN}-1.1.1-earlyboot.patch epatch "${FILESDIR}"/${P}-libusb_compat.patch epatch "${FILESDIR}"/${P}-slashes.patch + epatch "${FILESDIR}"/${P}-format.patch # Stupid multilib hack; remove it once Gentoo has sane paths for # udev directories. @@ -87,13 +91,26 @@ src_compile() { OSNAME=${osname} \ OPT="${CFLAGS}" \ BUILD_ULUSBD=$(use usb && echo yes || echo no) \ + $(use minimal && echo egd-linux) \ || die "emake failed" } src_install() { + exeinto /usr/libexec + newexe "${S}"/daemon/egd-linux ekey-egd-linux || die + doman daemon/ekey-egd-linux.8 || die + + newconfd "${FILESDIR}"/ekey-egd-linux.conf ekey-egd-linux || die + newinitd "${FILESDIR}"/ekey-egd-linux.init ekey-egd-linux || die + + use minimal && return + # from here on, install everything that is not part of the minimal + # support. + emake -C daemon \ DESTDIR="${D}" \ BUILD_ULUSBD=$(use usb && echo yes || echo no) \ + MANZCMD=cat MANZEXT= \ install || die "emake install failed" # We move the daemons around to avoid polluting the available @@ -101,10 +118,6 @@ src_install() { dodir /usr/libexec mv "${D}"/usr/sbin/ekey*d "${D}"/usr/libexec - # Install them manually because we don't want them gzipped - doman daemon/{ekeyd,ekey-setkey,ekey-rekey,ekeydctl}.8 \ - daemon/ekeyd.conf.5 || die - newinitd "${FILESDIR}"/${PN}.init ${PN} || die if use usb; then @@ -138,18 +151,38 @@ src_install() { } pkg_postinst() { - elog "To make use of your entropykey, make sure to execute ekey-rekey" + elog "${CATEGORY}/${PN} now install also the EGD client service ekey-egd-linux." + elog "To use this service, you need enable EGDTCPSocket for the ekeyd service" + elog "managing the key(s)." + elog "" + elog "The daemon will send more entropy to the kernel once the available pool" + elog "falls below the value set in the kernel.random.write_wakeup_threshold" + elog "sysctl entry." + elog "" + elog "You can change the watermark in /etc/conf.d/ekey-egd-linux; if you do" + elog "it will require write access to the kernel's sysctl." + + use minimal && return + # from here on, document everything that is not part of the minimal + # support. + + elog "" + elog "To make use of your EntropyKey, make sure to execute ekey-rekey" elog "the first time, and then start the ekeyd service." elog "" + elog "By default ekeyd will feed the entropy directly to the kernel's pool;" + elog "if your system has jumps in load average, you might prefer using the" + elog "EGD compatibility mode, by enabling EGDTCPSocket for ekeyd and then" + elog "starting the ekey-egd-linux service." + elog "" + elog "The same applies if you intend to provide entropy for multiple hosts" + elog "over the network. If you want to have the ekey-egd-linux service on" + elog "other hosts, you can enable the 'minimal' USE flag." + elog "" elog "The service supports multiplexing if you wish to use multiple" elog "keys, just symlink /etc/init.d/ekeyd → /etc/init.d/ekeyd.identifier" elog "and it'll be looking for /etc/entropykey/identifier.conf" elog "" - elog "If you intend on providing entropy for more than your running host" - elog "you'll have to set the ekeyd daemon into EGD-server mode, and install" - elog "on both the ekey host and the clients the app-crypt/ekey-egd-linux" - elog "package that connects to the egd socket to receive entropy." - elog "" if use usb; then if use kernel_linux; then @@ -161,6 +194,10 @@ pkg_postinst() { elog "does not support udev, you should start the ekey-ulusbd" elog "service before ekeyd." fi + + ewarn "The userland USB daemon has multiple known issues. If you can," + ewarn "please consider disabling the 'usb' USE flag and instead use the" + ewarn "CDC-ACM access method." else if use kernel_linux; then elog "Some versions of Linux have a faulty CDC ACM driver that stops" diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.conf b/app-crypt/ekeyd/files/ekey-egd-linux.conf new file mode 100644 index 000000000000..0f72288ac534 --- /dev/null +++ b/app-crypt/ekeyd/files/ekey-egd-linux.conf @@ -0,0 +1,12 @@ +# Configuration file for ekey-egd-linux + +# Hostname or IP address to connect to. +#HOST="localhost" +# Port number to connect to. +#PORT="8888" +# Time between reconnect attempts. +#RECONNECTINTERVAL=10 +# Set the number of 1024 bit blocks to request each time +#BLOCKS=2 +# Low level entropy to trigger egd-linux entropy read +WATERMARK=1024 diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.init b/app-crypt/ekeyd/files/ekey-egd-linux.init new file mode 100644 index 000000000000..c3a2a9914ba6 --- /dev/null +++ b/app-crypt/ekeyd/files/ekey-egd-linux.init @@ -0,0 +1,40 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekey-egd-linux.init,v 1.1 2011/04/08 02:39:27 flameeyes Exp $ + +: ${HOST:=localhost} +: ${PORT:=8888} +: ${RECONNECTINTERVAL:=10} +: ${BLOCKS:=2} + +depend() { + use net + after ekeyd + + provide entropy +} + +start() { + ebegin "Starting EntropyKey EGD client" + start-stop-daemon \ + --start --pidfile "/var/run/${SVCNAME}.pid" \ + --exec /usr/libexec/ekey-egd-linux -- \ + -H ${HOST} -p ${PORT} \ + -r ${RECONNECTINTERVAL} \ + -b ${BLOCKS} \ + -D "/var/run/${SVCNAME}.pid" + + [ -n "${WATERMARK}" ] && \ + sysctl "kernel.random.write_wakeup_threshold=$WATERMARK" >/dev/null 2>&1 + + eend $? +} + +stop() { + ebegin "Stopping EntropyKey EGD client" + start-stop-daemon \ + --stop --pidfile "/var/run/${SVCNAME}.pid" \ + --exec /usr/libexec/ekey-egd-linux + eend $? +} diff --git a/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch new file mode 100644 index 000000000000..a705dd503e0c --- /dev/null +++ b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch @@ -0,0 +1,26 @@ +Index: ekeyd-1.1.3/daemon/ekeyd.c +=================================================================== +--- ekeyd-1.1.3.orig/daemon/ekeyd.c ++++ ekeyd-1.1.3/daemon/ekeyd.c +@@ -203,7 +203,7 @@ open_foldback_output(void) + return (output_stream != NULL); + } + +-static const char *usage= ++static const char usage[]= + "Usage: %s [-f <configfile>] [-p <pidfile>] [-v] [-h]\n" + "Entropy Key Daemon\n\n" + "\t-f Read configuration from configfile\n" +Index: ekeyd-1.1.3/daemon/ekey-setkey.c +=================================================================== +--- ekeyd-1.1.3.orig/daemon/ekey-setkey.c ++++ ekeyd-1.1.3/daemon/ekey-setkey.c +@@ -79,7 +79,7 @@ calc_mac(uint8_t *snum, uint8_t *mkey, u + return mac; + } + +-static const char *usage = ++static const char usage[] = + "Usage: %s [-d] [-h] [-n] [-f <keyring>] [-m <master>]\n" + " [-s <serial>] <path>\n" + "Entropy key device long term session key tool\n\n" diff --git a/app-crypt/ekeyd/files/ekeyd.init b/app-crypt/ekeyd/files/ekeyd.init index 528a8d32ab7d..897f3ac77e95 100644 --- a/app-crypt/ekeyd/files/ekeyd.init +++ b/app-crypt/ekeyd/files/ekeyd.init @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 2009 Gentoo Foundation +# Copyright 2009-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.3 2009/10/04 11:43:34 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.4 2011/04/08 02:39:27 flameeyes Exp $ INSTANCE="${SVCNAME#*.}" if [ -z "${INSTANCE}" ] || [ "${SVCNAME}" = "ekeyd" ]; then @@ -11,6 +11,15 @@ fi depend() { use udev ekey-ulusbd need localmount + + local cfgfile="/etc/entropykey/${INSTANCE}.conf" + config "${cfgfile}" + + # quickly parse the configuration file; we only provide entropy + # if we're not using the egd server/client split method. + if sed -e 's:--.*::' "${cfgfile}" | grep -q SetOutputToKernel; then + provide entropy + fi } start() { diff --git a/app-crypt/ekeyd/metadata.xml b/app-crypt/ekeyd/metadata.xml index 3f212cc6178a..4a06c4f07dd8 100644 --- a/app-crypt/ekeyd/metadata.xml +++ b/app-crypt/ekeyd/metadata.xml @@ -18,5 +18,10 @@ Install a plugin for <pkg>net-analyzer/munin</pkg> to graph statistical data from ekeyd. </flag> + + <flag name='minimal'> + Only install the ekey-egd-linux service rather than the full + ekeyd package. + </flag> </use> </pkgmetadata> |