From 2cfe111027aaffc4892f21a4f8046abe5e20e848 Mon Sep 17 00:00:00 2001 From: Diego Elio Pettenò Date: Fri, 8 Apr 2011 02:39:28 +0000 Subject: Merge ekey-egd-linux daemon (and init script) within ekeyd, and suggest using it for heavy-loaded machines; the ekeyd init script provides entropy if (and only if) it is not set to provide EGD sockets; add a warning about using the userland USB access method; fix the only warning that was still present (false positive on format strings). (Portage version: 2.2.0_alpha29/cvs/Linux x86_64) --- app-crypt/ekeyd/ChangeLog | 14 +- app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild | 168 ------------------- app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild | 177 -------------------- app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild | 214 +++++++++++++++++++++++++ app-crypt/ekeyd/files/ekey-egd-linux.conf | 12 ++ app-crypt/ekeyd/files/ekey-egd-linux.init | 40 +++++ app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch | 26 +++ app-crypt/ekeyd/files/ekeyd.init | 13 +- app-crypt/ekeyd/metadata.xml | 5 + 9 files changed, 321 insertions(+), 348 deletions(-) delete mode 100644 app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild delete mode 100644 app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild create mode 100644 app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild create mode 100644 app-crypt/ekeyd/files/ekey-egd-linux.conf create mode 100644 app-crypt/ekeyd/files/ekey-egd-linux.init create mode 100644 app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch (limited to 'app-crypt/ekeyd') diff --git a/app-crypt/ekeyd/ChangeLog b/app-crypt/ekeyd/ChangeLog index ca56bf790c5f..ddcbd8b0872f 100644 --- a/app-crypt/ekeyd/ChangeLog +++ b/app-crypt/ekeyd/ChangeLog @@ -1,6 +1,18 @@ # ChangeLog for app-crypt/ekeyd # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ChangeLog,v 1.21 2011/04/01 12:34:42 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ChangeLog,v 1.22 2011/04/08 02:39:28 flameeyes Exp $ + +*ekeyd-1.1.3-r4 (08 Apr 2011) + + 08 Apr 2011; Diego E. Pettenò -ekeyd-1.1.3-r2.ebuild, + -ekeyd-1.1.3-r3.ebuild, +ekeyd-1.1.3-r4.ebuild, + +files/ekeyd-1.1.3-format.patch, +files/ekey-egd-linux.conf, + +files/ekey-egd-linux.init, files/ekeyd.init, metadata.xml: + Merge ekey-egd-linux daemon (and init script) within ekeyd, and suggest using + it for heavy-loaded machines; the ekeyd init script provides entropy if (and + only if) it is not set to provide EGD sockets; add a warning about using the + userland USB access method; fix the only warning that was still present + (false positive on format strings). *ekeyd-1.1.3-r3 (01 Apr 2011) diff --git a/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild b/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild deleted file mode 100644 index d08331746113..000000000000 --- a/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild +++ /dev/null @@ -1,168 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r2.ebuild,v 1.2 2011/03/27 22:13:47 flameeyes Exp $ - -EAPI=2 - -inherit multilib linux-info toolchain-funcs - -DESCRIPTION="Entropy Key userspace daemon" -HOMEPAGE="http://www.entropykey.co.uk/" -SRC_URI="http://www.entropykey.co.uk/res/download/${P}.tar.gz" - -LICENSE="as-is" # yes, truly - -SLOT="0" - -KEYWORDS="~amd64 ~x86" - -IUSE="usb kernel_linux" - -RDEPEND="dev-lang/lua - usb? ( virtual/libusb:0 )" -DEPEND="${RDEPEND}" -RDEPEND="${RDEPEND} - dev-lua/luasocket - kernel_linux? ( sys-fs/udev ) - usb? ( !kernel_linux? ( sys-apps/usbutils ) )" - -CONFIG_CHECK="~USB_ACM" - -pkg_setup() { - if use kernel_linux && ! use usb && linux_config_exists; then - check_extra_config - fi -} - -src_prepare() { - # - avoid using -Werror; - # - don't gzip the man pages, this will also stop it from - # installing them, so we'll do it by hand. - sed -i \ - -e 's:-Werror::' \ - -e '/gzip/d' \ - daemon/Makefile || die - - epatch "${FILESDIR}"/${PN}-1.1.1-earlyboot.patch - epatch "${FILESDIR}"/${P}-libusb_compat.patch - epatch "${FILESDIR}"/${P}-slashes.patch - - # Stupid multilib hack; remove it once Gentoo has sane paths for - # udev directories. - if [[ $(get_libdir) != lib ]]; then - sed -i -e "s:/lib/udev/:/$(get_libdir)/udev/:" \ - doc/*.rules || die - fi - - # We moved the binaries around - sed -i -e 's:$BINPATH/ekey-ulusbd:/usr/libexec/ekey-ulusbd:' \ - doc/ekeyd-udev || die -} - -src_compile() { - local osname - - # Override automatic detection: upstream provides this with uname, - # we don't like using uname. - case ${CHOST} in - *-linux-*) - osname=linux;; - *-freebsd*) - osname=freebsd;; - *-kfrebsd-gnu) - osname=gnukfreebsd;; - *-openbsd*) - osname=openbsd;; - *) - die "Unsupported operating system!" - ;; - esac - - # We don't slot LUA so we don't really need to have the variables - # set at all. - emake -C daemon \ - CC="$(tc-getCC)" \ - LUA_V= LUA_INC= \ - OSNAME=${osname} \ - OPT="${CFLAGS}" \ - BUILD_ULUSBD=$(use usb && echo yes || echo no) \ - || die "emake failed" -} - -src_install() { - emake -C daemon \ - DESTDIR="${D}" \ - BUILD_ULUSBD=$(use usb && echo yes || echo no) \ - install || die "emake install failed" - - # We move the daemons around to avoid polluting the available - # commands. - dodir /usr/libexec - mv "${D}"/usr/sbin/ekey*d "${D}"/usr/libexec - - # Install them manually because we don't want them gzipped - doman daemon/{ekeyd,ekey-setkey,ekey-rekey,ekeydctl}.8 \ - daemon/ekeyd.conf.5 || die - - newinitd "${FILESDIR}"/${PN}.init ${PN} || die - - if use usb; then - if ! use kernel_linux; then - newinitd "${FILESDIR}"/ekey-ulusbd.init ekey-ulusbd || die - newconfd "${FILESDIR}"/ekey-ulusbd.conf ekey-ulusbd || die - fi - doman daemon/ekey-ulusbd.8 || die - fi - - dodoc daemon/README* AUTHORS WARNING ChangeLog || die - - if use kernel_linux; then - local rules=doc/60-UDEKEY01.rules - use usb && rules=doc/60-UDEKEY01-UDS.rules - - insinto /$(get_libdir)/udev/rules.d - newins ${rules} 70-${PN}.rules || die - - exeinto /$(get_libdir)/udev - doexe doc/ekeyd-udev || die - fi -} - -pkg_postinst() { - elog "To make use of your entropykey, make sure to execute ekey-rekey" - elog "the first time, and then start the ekeyd service." - elog "" - elog "The service supports multiplexing if you wish to use multiple" - elog "keys, just symlink /etc/init.d/ekeyd → /etc/init.d/ekeyd.identifier" - elog "and it'll be looking for /etc/entropykey/identifier.conf" - elog "" - elog "If you intend on providing entropy for more than your running host" - elog "you'll have to set the ekeyd daemon into EGD-server mode, and install" - elog "on both the ekey host and the clients the app-crypt/ekey-egd-linux" - elog "package that connects to the egd socket to receive entropy." - elog "" - - if use usb; then - if use kernel_linux; then - elog "You're going to use the userland USB daemon, the udev rules" - elog "will be used accordingly. If you want to use the CDC driver" - elog "please disable the usb USE flag." - else - elog "You're going to use the userland USB daemon, since your OS" - elog "does not support udev, you should start the ekey-ulusbd" - elog "service before ekeyd." - fi - else - if use kernel_linux; then - elog "Some versions of Linux have a faulty CDC ACM driver that stops" - elog "EntropyKey from working properly; please check the compatibility" - elog "table at http://www.entropykey.co.uk/download/" - else - elog "Make sure your operating system supports the CDC ACM driver" - elog "or otherwise you won't be able to use the EntropyKey." - fi - elog "" - elog "If you're unsure about the working state of the CDC ACM driver" - elog "enable the usb USE flag and use the userland USB daemon" - fi -} diff --git a/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild b/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild deleted file mode 100644 index 2182265f92f7..000000000000 --- a/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild +++ /dev/null @@ -1,177 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r3.ebuild,v 1.1 2011/04/01 12:34:42 flameeyes Exp $ - -EAPI=2 - -inherit multilib linux-info toolchain-funcs - -DESCRIPTION="Entropy Key userspace daemon" -HOMEPAGE="http://www.entropykey.co.uk/" -SRC_URI="http://www.entropykey.co.uk/res/download/${P}.tar.gz" - -LICENSE="as-is" # yes, truly - -SLOT="0" - -KEYWORDS="~amd64 ~x86" - -IUSE="usb kernel_linux munin" - -RDEPEND="dev-lang/lua - usb? ( virtual/libusb:0 )" -DEPEND="${RDEPEND}" -RDEPEND="${RDEPEND} - dev-lua/luasocket - kernel_linux? ( sys-fs/udev ) - usb? ( !kernel_linux? ( sys-apps/usbutils ) ) - munin? ( net-analyzer/munin )" - -CONFIG_CHECK="~USB_ACM" - -pkg_setup() { - if use kernel_linux && ! use usb && linux_config_exists; then - check_extra_config - fi -} - -src_prepare() { - # - avoid using -Werror; - # - don't gzip the man pages, this will also stop it from - # installing them, so we'll do it by hand. - sed -i \ - -e 's:-Werror::' \ - -e '/gzip/d' \ - daemon/Makefile || die - - epatch "${FILESDIR}"/${PN}-1.1.1-earlyboot.patch - epatch "${FILESDIR}"/${P}-libusb_compat.patch - epatch "${FILESDIR}"/${P}-slashes.patch - - # Stupid multilib hack; remove it once Gentoo has sane paths for - # udev directories. - if [[ $(get_libdir) != lib ]]; then - sed -i -e "s:/lib/udev/:/$(get_libdir)/udev/:" \ - doc/*.rules || die - fi - - # We moved the binaries around - sed -i -e 's:$BINPATH/ekey-ulusbd:/usr/libexec/ekey-ulusbd:' \ - doc/ekeyd-udev || die -} - -src_compile() { - local osname - - # Override automatic detection: upstream provides this with uname, - # we don't like using uname. - case ${CHOST} in - *-linux-*) - osname=linux;; - *-freebsd*) - osname=freebsd;; - *-kfrebsd-gnu) - osname=gnukfreebsd;; - *-openbsd*) - osname=openbsd;; - *) - die "Unsupported operating system!" - ;; - esac - - # We don't slot LUA so we don't really need to have the variables - # set at all. - emake -C daemon \ - CC="$(tc-getCC)" \ - LUA_V= LUA_INC= \ - OSNAME=${osname} \ - OPT="${CFLAGS}" \ - BUILD_ULUSBD=$(use usb && echo yes || echo no) \ - || die "emake failed" -} - -src_install() { - emake -C daemon \ - DESTDIR="${D}" \ - BUILD_ULUSBD=$(use usb && echo yes || echo no) \ - install || die "emake install failed" - - # We move the daemons around to avoid polluting the available - # commands. - dodir /usr/libexec - mv "${D}"/usr/sbin/ekey*d "${D}"/usr/libexec - - # Install them manually because we don't want them gzipped - doman daemon/{ekeyd,ekey-setkey,ekey-rekey,ekeydctl}.8 \ - daemon/ekeyd.conf.5 || die - - newinitd "${FILESDIR}"/${PN}.init ${PN} || die - - if use usb; then - if ! use kernel_linux; then - newinitd "${FILESDIR}"/ekey-ulusbd.init ekey-ulusbd || die - newconfd "${FILESDIR}"/ekey-ulusbd.conf ekey-ulusbd || die - fi - doman daemon/ekey-ulusbd.8 || die - fi - - dodoc daemon/README* AUTHORS WARNING ChangeLog || die - - if use kernel_linux; then - local rules=doc/60-UDEKEY01.rules - use usb && rules=doc/60-UDEKEY01-UDS.rules - - insinto /$(get_libdir)/udev/rules.d - newins ${rules} 70-${PN}.rules || die - - exeinto /$(get_libdir)/udev - doexe doc/ekeyd-udev || die - fi - - if use munin; then - exeinto /usr/libexec/munin/plugins - doexe munin/ekeyd_stat_ - - insinto /etc/munin/plugin-conf.d - newins munin/plugin-conf.d_ekeyd ekeyd - fi -} - -pkg_postinst() { - elog "To make use of your entropykey, make sure to execute ekey-rekey" - elog "the first time, and then start the ekeyd service." - elog "" - elog "The service supports multiplexing if you wish to use multiple" - elog "keys, just symlink /etc/init.d/ekeyd → /etc/init.d/ekeyd.identifier" - elog "and it'll be looking for /etc/entropykey/identifier.conf" - elog "" - elog "If you intend on providing entropy for more than your running host" - elog "you'll have to set the ekeyd daemon into EGD-server mode, and install" - elog "on both the ekey host and the clients the app-crypt/ekey-egd-linux" - elog "package that connects to the egd socket to receive entropy." - elog "" - - if use usb; then - if use kernel_linux; then - elog "You're going to use the userland USB daemon, the udev rules" - elog "will be used accordingly. If you want to use the CDC driver" - elog "please disable the usb USE flag." - else - elog "You're going to use the userland USB daemon, since your OS" - elog "does not support udev, you should start the ekey-ulusbd" - elog "service before ekeyd." - fi - else - if use kernel_linux; then - elog "Some versions of Linux have a faulty CDC ACM driver that stops" - elog "EntropyKey from working properly; please check the compatibility" - elog "table at http://www.entropykey.co.uk/download/" - else - elog "Make sure your operating system supports the CDC ACM driver" - elog "or otherwise you won't be able to use the EntropyKey." - fi - elog "" - elog "If you're unsure about the working state of the CDC ACM driver" - elog "enable the usb USE flag and use the userland USB daemon" - fi -} diff --git a/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild b/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild new file mode 100644 index 000000000000..a9a3967c769d --- /dev/null +++ b/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild @@ -0,0 +1,214 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/ekeyd-1.1.3-r4.ebuild,v 1.1 2011/04/08 02:39:28 flameeyes Exp $ + +EAPI=4 + +inherit multilib linux-info toolchain-funcs + +DESCRIPTION="Entropy Key userspace daemon" +HOMEPAGE="http://www.entropykey.co.uk/" +SRC_URI="http://www.entropykey.co.uk/res/download/${P}.tar.gz" + +LICENSE="as-is" # yes, truly + +SLOT="0" + +KEYWORDS="~amd64 ~x86" + +IUSE="usb kernel_linux munin minimal" + +EKEYD_RDEPEND="dev-lang/lua + usb? ( virtual/libusb:0 )" +EKEYD_DEPEND="${EKEYD_RDEPEND}" +EKEYD_RDEPEND="${EKEYD_RDEPEND} + dev-lua/luasocket + kernel_linux? ( sys-fs/udev ) + usb? ( !kernel_linux? ( sys-apps/usbutils ) ) + munin? ( net-analyzer/munin )" + +RDEPEND="!minimal? ( ${EKEYD_RDEPEND} ) + !app-crypt/ekey-egd-linux" +DEPEND="${EKEYD_DEPEND}" + +CONFIG_CHECK="~USB_ACM" + +REQUIRED_USE="minimal? ( !munin !usb )" + +pkg_setup() { + if ! use minimal && use kernel_linux && ! use usb && linux_config_exists; then + check_extra_config + fi +} + +src_prepare() { + # - avoid using -Werror; + sed -i \ + -e 's:-Werror::' \ + daemon/Makefile || die + + epatch "${FILESDIR}"/${PN}-1.1.1-earlyboot.patch + epatch "${FILESDIR}"/${P}-libusb_compat.patch + epatch "${FILESDIR}"/${P}-slashes.patch + epatch "${FILESDIR}"/${P}-format.patch + + # Stupid multilib hack; remove it once Gentoo has sane paths for + # udev directories. + if [[ $(get_libdir) != lib ]]; then + sed -i -e "s:/lib/udev/:/$(get_libdir)/udev/:" \ + doc/*.rules || die + fi + + # We moved the binaries around + sed -i -e 's:$BINPATH/ekey-ulusbd:/usr/libexec/ekey-ulusbd:' \ + doc/ekeyd-udev || die +} + +src_compile() { + local osname + + # Override automatic detection: upstream provides this with uname, + # we don't like using uname. + case ${CHOST} in + *-linux-*) + osname=linux;; + *-freebsd*) + osname=freebsd;; + *-kfrebsd-gnu) + osname=gnukfreebsd;; + *-openbsd*) + osname=openbsd;; + *) + die "Unsupported operating system!" + ;; + esac + + # We don't slot LUA so we don't really need to have the variables + # set at all. + emake -C daemon \ + CC="$(tc-getCC)" \ + LUA_V= LUA_INC= \ + OSNAME=${osname} \ + OPT="${CFLAGS}" \ + BUILD_ULUSBD=$(use usb && echo yes || echo no) \ + $(use minimal && echo egd-linux) \ + || die "emake failed" +} + +src_install() { + exeinto /usr/libexec + newexe "${S}"/daemon/egd-linux ekey-egd-linux || die + doman daemon/ekey-egd-linux.8 || die + + newconfd "${FILESDIR}"/ekey-egd-linux.conf ekey-egd-linux || die + newinitd "${FILESDIR}"/ekey-egd-linux.init ekey-egd-linux || die + + use minimal && return + # from here on, install everything that is not part of the minimal + # support. + + emake -C daemon \ + DESTDIR="${D}" \ + BUILD_ULUSBD=$(use usb && echo yes || echo no) \ + MANZCMD=cat MANZEXT= \ + install || die "emake install failed" + + # We move the daemons around to avoid polluting the available + # commands. + dodir /usr/libexec + mv "${D}"/usr/sbin/ekey*d "${D}"/usr/libexec + + newinitd "${FILESDIR}"/${PN}.init ${PN} || die + + if use usb; then + if ! use kernel_linux; then + newinitd "${FILESDIR}"/ekey-ulusbd.init ekey-ulusbd || die + newconfd "${FILESDIR}"/ekey-ulusbd.conf ekey-ulusbd || die + fi + doman daemon/ekey-ulusbd.8 || die + fi + + dodoc daemon/README* AUTHORS WARNING ChangeLog || die + + if use kernel_linux; then + local rules=doc/60-UDEKEY01.rules + use usb && rules=doc/60-UDEKEY01-UDS.rules + + insinto /$(get_libdir)/udev/rules.d + newins ${rules} 70-${PN}.rules || die + + exeinto /$(get_libdir)/udev + doexe doc/ekeyd-udev || die + fi + + if use munin; then + exeinto /usr/libexec/munin/plugins + doexe munin/ekeyd_stat_ + + insinto /etc/munin/plugin-conf.d + newins munin/plugin-conf.d_ekeyd ekeyd + fi +} + +pkg_postinst() { + elog "${CATEGORY}/${PN} now install also the EGD client service ekey-egd-linux." + elog "To use this service, you need enable EGDTCPSocket for the ekeyd service" + elog "managing the key(s)." + elog "" + elog "The daemon will send more entropy to the kernel once the available pool" + elog "falls below the value set in the kernel.random.write_wakeup_threshold" + elog "sysctl entry." + elog "" + elog "You can change the watermark in /etc/conf.d/ekey-egd-linux; if you do" + elog "it will require write access to the kernel's sysctl." + + use minimal && return + # from here on, document everything that is not part of the minimal + # support. + + elog "" + elog "To make use of your EntropyKey, make sure to execute ekey-rekey" + elog "the first time, and then start the ekeyd service." + elog "" + elog "By default ekeyd will feed the entropy directly to the kernel's pool;" + elog "if your system has jumps in load average, you might prefer using the" + elog "EGD compatibility mode, by enabling EGDTCPSocket for ekeyd and then" + elog "starting the ekey-egd-linux service." + elog "" + elog "The same applies if you intend to provide entropy for multiple hosts" + elog "over the network. If you want to have the ekey-egd-linux service on" + elog "other hosts, you can enable the 'minimal' USE flag." + elog "" + elog "The service supports multiplexing if you wish to use multiple" + elog "keys, just symlink /etc/init.d/ekeyd → /etc/init.d/ekeyd.identifier" + elog "and it'll be looking for /etc/entropykey/identifier.conf" + elog "" + + if use usb; then + if use kernel_linux; then + elog "You're going to use the userland USB daemon, the udev rules" + elog "will be used accordingly. If you want to use the CDC driver" + elog "please disable the usb USE flag." + else + elog "You're going to use the userland USB daemon, since your OS" + elog "does not support udev, you should start the ekey-ulusbd" + elog "service before ekeyd." + fi + + ewarn "The userland USB daemon has multiple known issues. If you can," + ewarn "please consider disabling the 'usb' USE flag and instead use the" + ewarn "CDC-ACM access method." + else + if use kernel_linux; then + elog "Some versions of Linux have a faulty CDC ACM driver that stops" + elog "EntropyKey from working properly; please check the compatibility" + elog "table at http://www.entropykey.co.uk/download/" + else + elog "Make sure your operating system supports the CDC ACM driver" + elog "or otherwise you won't be able to use the EntropyKey." + fi + elog "" + elog "If you're unsure about the working state of the CDC ACM driver" + elog "enable the usb USE flag and use the userland USB daemon" + fi +} diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.conf b/app-crypt/ekeyd/files/ekey-egd-linux.conf new file mode 100644 index 000000000000..0f72288ac534 --- /dev/null +++ b/app-crypt/ekeyd/files/ekey-egd-linux.conf @@ -0,0 +1,12 @@ +# Configuration file for ekey-egd-linux + +# Hostname or IP address to connect to. +#HOST="localhost" +# Port number to connect to. +#PORT="8888" +# Time between reconnect attempts. +#RECONNECTINTERVAL=10 +# Set the number of 1024 bit blocks to request each time +#BLOCKS=2 +# Low level entropy to trigger egd-linux entropy read +WATERMARK=1024 diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.init b/app-crypt/ekeyd/files/ekey-egd-linux.init new file mode 100644 index 000000000000..c3a2a9914ba6 --- /dev/null +++ b/app-crypt/ekeyd/files/ekey-egd-linux.init @@ -0,0 +1,40 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekey-egd-linux.init,v 1.1 2011/04/08 02:39:27 flameeyes Exp $ + +: ${HOST:=localhost} +: ${PORT:=8888} +: ${RECONNECTINTERVAL:=10} +: ${BLOCKS:=2} + +depend() { + use net + after ekeyd + + provide entropy +} + +start() { + ebegin "Starting EntropyKey EGD client" + start-stop-daemon \ + --start --pidfile "/var/run/${SVCNAME}.pid" \ + --exec /usr/libexec/ekey-egd-linux -- \ + -H ${HOST} -p ${PORT} \ + -r ${RECONNECTINTERVAL} \ + -b ${BLOCKS} \ + -D "/var/run/${SVCNAME}.pid" + + [ -n "${WATERMARK}" ] && \ + sysctl "kernel.random.write_wakeup_threshold=$WATERMARK" >/dev/null 2>&1 + + eend $? +} + +stop() { + ebegin "Stopping EntropyKey EGD client" + start-stop-daemon \ + --stop --pidfile "/var/run/${SVCNAME}.pid" \ + --exec /usr/libexec/ekey-egd-linux + eend $? +} diff --git a/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch new file mode 100644 index 000000000000..a705dd503e0c --- /dev/null +++ b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch @@ -0,0 +1,26 @@ +Index: ekeyd-1.1.3/daemon/ekeyd.c +=================================================================== +--- ekeyd-1.1.3.orig/daemon/ekeyd.c ++++ ekeyd-1.1.3/daemon/ekeyd.c +@@ -203,7 +203,7 @@ open_foldback_output(void) + return (output_stream != NULL); + } + +-static const char *usage= ++static const char usage[]= + "Usage: %s [-f ] [-p ] [-v] [-h]\n" + "Entropy Key Daemon\n\n" + "\t-f Read configuration from configfile\n" +Index: ekeyd-1.1.3/daemon/ekey-setkey.c +=================================================================== +--- ekeyd-1.1.3.orig/daemon/ekey-setkey.c ++++ ekeyd-1.1.3/daemon/ekey-setkey.c +@@ -79,7 +79,7 @@ calc_mac(uint8_t *snum, uint8_t *mkey, u + return mac; + } + +-static const char *usage = ++static const char usage[] = + "Usage: %s [-d] [-h] [-n] [-f ] [-m ]\n" + " [-s ] \n" + "Entropy key device long term session key tool\n\n" diff --git a/app-crypt/ekeyd/files/ekeyd.init b/app-crypt/ekeyd/files/ekeyd.init index 528a8d32ab7d..897f3ac77e95 100644 --- a/app-crypt/ekeyd/files/ekeyd.init +++ b/app-crypt/ekeyd/files/ekeyd.init @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 2009 Gentoo Foundation +# Copyright 2009-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.3 2009/10/04 11:43:34 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.4 2011/04/08 02:39:27 flameeyes Exp $ INSTANCE="${SVCNAME#*.}" if [ -z "${INSTANCE}" ] || [ "${SVCNAME}" = "ekeyd" ]; then @@ -11,6 +11,15 @@ fi depend() { use udev ekey-ulusbd need localmount + + local cfgfile="/etc/entropykey/${INSTANCE}.conf" + config "${cfgfile}" + + # quickly parse the configuration file; we only provide entropy + # if we're not using the egd server/client split method. + if sed -e 's:--.*::' "${cfgfile}" | grep -q SetOutputToKernel; then + provide entropy + fi } start() { diff --git a/app-crypt/ekeyd/metadata.xml b/app-crypt/ekeyd/metadata.xml index 3f212cc6178a..4a06c4f07dd8 100644 --- a/app-crypt/ekeyd/metadata.xml +++ b/app-crypt/ekeyd/metadata.xml @@ -18,5 +18,10 @@ Install a plugin for net-analyzer/munin to graph statistical data from ekeyd. + + + Only install the ekey-egd-linux service rather than the full + ekeyd package. + -- cgit v1.2.3-65-gdbad