diff options
author | Dermot Bradley <dermot_bradley@yahoo.com> | 2021-01-08 16:28:55 +0000 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2021-01-16 00:51:43 +0000 |
commit | 19c2b4e9dc4d98e72e8485e8711b7c811a70503e (patch) | |
tree | 7228002545c628f54d6f3e704727854badec7892 | |
parent | c41dbe9d14f2e720a782e30457d9e10232cda818 (diff) |
main/rng-tools: upgrade to 6.11
Take over maintainership.
Remove unneeded patches.
DARN source no longer requires libgcrypt.
Overhaul conf.d file to give more flexibility in selecting features.
Add jitterentropy-library dependancy - jitter source now built into rngd.
Add patch to fix jitter compile warning.
Disable RTLSDR in rngd to remove various dependancies.
Add rng-tools-extra sub-package with more entropy sources compiled-in.
-rw-r--r-- | main/rng-tools/01-fix-jitter-format-warning.patch | 22 | ||||
-rw-r--r-- | main/rng-tools/APKBUILD | 104 | ||||
-rw-r--r-- | main/rng-tools/fix-encrypt-name-clash.patch | 22 | ||||
-rw-r--r-- | main/rng-tools/fix-textrels-on-PIC-x86.patch | 36 | ||||
-rw-r--r-- | main/rng-tools/rngd-extra.confd | 85 | ||||
-rw-r--r-- | main/rng-tools/rngd-extra.initd | 66 | ||||
-rw-r--r-- | main/rng-tools/rngd.confd | 73 | ||||
-rw-r--r-- | main/rng-tools/rngd.initd | 50 | ||||
-rw-r--r-- | main/rng-tools/stack.patch | 13 |
9 files changed, 369 insertions, 102 deletions
diff --git a/main/rng-tools/01-fix-jitter-format-warning.patch b/main/rng-tools/01-fix-jitter-format-warning.patch new file mode 100644 index 00000000000..1e1319a4385 --- /dev/null +++ b/main/rng-tools/01-fix-jitter-format-warning.patch @@ -0,0 +1,22 @@ +From: Dermot Bradley <dermot_bradley@yahoo.com> +Date: Wed, 13 Jan 2021 15:26 +0000 +Subject: [PATCH] rngd_jitter: fix format warning + +Fixes compile warning regarding type of an argument. + +This has been reported upstream as PR #115. + +--- + +diff -aur a/rngd_jitter.c b/rngd_jitter.c +--- a/rngd_jitter.c ++++ b/rngd_jitter.c +@@ -143,7 +143,7 @@ + size_t total; + try_again: + while (need) { +- message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "xread_jitter requests %d bytes from pipe\n", need); ++ message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "xread_jitter requests %ld bytes from pipe\n", need); + request = read(pipefds[0], &bptr[size-need], need); + if ((request < need) && ent_src->rng_options[JITTER_OPT_USE_AES].int_val) { + message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "xread_jitter falls back to AES\n"); diff --git a/main/rng-tools/APKBUILD b/main/rng-tools/APKBUILD index 455e7cc9133..b3d60995ff4 100644 --- a/main/rng-tools/APKBUILD +++ b/main/rng-tools/APKBUILD @@ -1,32 +1,43 @@ # Contributor: Dennis Przytarski <dennis@przytarski.com> -# Maintainer: ScrumpyJack <scrumypjack@st.ilet.to> +# Contributor: ScrumpyJack <scrumpyjack@st.ilet.to> +# Contributor: Dermot Bradley <dermot_bradley@yahoo.com> +# Maintainer: Dermot Bradley <dermot_bradley@yahoo.com> pkgname=rng-tools -pkgver=6.10 -pkgrel=2 -pkgdesc="A random number generator daemon" +pkgver=6.11 +pkgrel=0 +pkgdesc="Random number generator daemon" url="https://github.com/nhorman/rng-tools" arch="all" license="GPL-2.0-or-later" -makedepends="argp-standalone autoconf automake linux-headers libtool - sysfsutils-dev - openssl-dev +makedepends=" + argp-standalone + autoconf + automake + curl-dev + jansson-dev + jitterentropy-library-dev librtlsdr-dev + libtool + libxml2-dev + linux-headers + openssl-dev + sysfsutils-dev + " +options="!check" # No useful tests to be performed. +subpackages=" + $pkgname-doc + $pkgname-openrc + rng-tools-extra:extra + rng-tools-extra-openrc:extra_openrc " -subpackages="$pkgname-doc $pkgname-openrc" -source="rng-tools-$pkgver.tar.gz::https://github.com/nhorman/rng-tools/archive/v$pkgver.tar.gz - fix-textrels-on-PIC-x86.patch - fix-encrypt-name-clash.patch - stack.patch +source="rng-tools-$pkgver.tar.gz::https://github.com/nhorman/rng-tools/archive/V$pkgver.tar.gz rngd.confd rngd.initd + rngd-extra.confd + rngd-extra.initd + 01-fix-jitter-format-warning.patch " -# power DARN support requires libgcrypt -case "$CARCH" in - ppc64le) makedepends="$makedepends libgcrypt-dev";; - *) _flags="--without-libgcrypt";; -esac - prepare() { default_prepare ./autogen.sh @@ -35,9 +46,25 @@ prepare() { build() { export LIBS="-largp" - # NOTE: nistbeacon depends on libxml2 and libcurl, so it would - # significantly increase rng-tools' total size. - # Likewise for libgcrypt. + # Build rng-tools-extra version which has NIST and RTLSDR entropy + # sources enabled in addition to the "normal" set. + cp -r "$builddir" "$builddir"-extra + cd "$builddir"-extra + msg "Building $pkgname-extra" + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/rng-tools \ + --sysconfdir=/etc \ + --disable-silent-rules \ + --with-nistbeacon \ + --without-pkcs11 \ + --with-rtlsdr + make rngd rngtest + + # Build rng-tools normal version which has only a small + # set of entropy sources included. + cd "$builddir" + msg "Building $pkgname" ./configure \ --prefix=/usr \ --libexecdir=/usr/lib/rng-tools \ @@ -45,7 +72,7 @@ build() { --disable-silent-rules \ --without-nistbeacon \ --without-pkcs11 \ - $_flags + --without-rtlsdr make } @@ -56,9 +83,30 @@ package() { install -m 755 -D "$srcdir"/rngd.initd "$pkgdir"/etc/init.d/rngd } -sha512sums="b72d8918f709989ebc70cb9ea9c8b3dabf53041b24bc3f3a6de1bea318861dfd6c1a6110bd750041dc4819406db4a2b28f5137af5f5d5f2beb666f607913b389 rng-tools-6.10.tar.gz -241b56146ec8e55572711b7aa36fa2afbe7a9527d25f03098f35f4c52a9049933d9bc2a82b0e2e0dbc836409d7f650f3a88ef546d6c5a687f7be8fbe4a013b7e fix-textrels-on-PIC-x86.patch -c65d177b20948f88341b22149325011fca93da1137cb176f642ae1944ffc2110141e123518fcc1329346a21c57a51a6cf22f8f06f7d10337a7b1a50c243e97cf fix-encrypt-name-clash.patch -bd0a6caf5a44796c7efdacfa19fb725c2ea61951dec039607471382597fdc919d28640e159dd58db8df4d7f36e12318f86b078666fad1929816031061b13f677 stack.patch -363b5aa431a0da37fc9eb8c93cffed0b75f43064530318fb41c774acd8aab8a1e109cf6c294b77fa6b8f97aa355b2849f56e83d8b06bcd9e0e9f3aa4f3ba49ac rngd.confd -86a6a7446eda64c075e468bc304008314b710629e06146582c5ce3fcc307a6b4baf5f8e8a47b72f1bab0bb608d76f953f2712cddd35809abcb02b8320c682535 rngd.initd" +extra() { + pkgdesc="Random number generator daemon with extra entropy sources" + provides="rng-tools" + + cd "$builddir-extra" + mkdir -p "$subpkgdir" + make DESTDIR="$subpkgdir" install-binPROGRAMS install-sbinPROGRAMS +} + +extra_openrc() { + pkgdesc="Random number generator daemon with extra entropy sources (OpenRC init scripts)" + install_if="$pkgname-extra=$pkgver-r$pkgrel" + + mkdir -p \ + "$subpkgdir"/etc/conf.d \ + "$subpkgdir"/etc/init.d + + install -m 644 -D "$srcdir"/rngd-extra.confd "$subpkgdir"/etc/conf.d/rngd + install -m 755 -D "$srcdir"/rngd-extra.initd "$subpkgdir"/etc/init.d/rngd +} + +sha512sums="0058ca5d0c1ddb554284fe8e6b9c0b85f130e0b9e0b9f0f0219f434302766e07c321d4fc0c01bdeb59053d5cd14dab67dc1c306422ef35a62a267af9fbdf7deb rng-tools-6.11.tar.gz +7b7bd87ee64417c63ad174da805b01f7287c742af6116091be8ce320b3587db31c15537860cba591f7115bf187541d07ef59df7b726dafccb7d6c8ea64ba22ee rngd.confd +08d268b7c00ce5ec2ad69c1b75a53e24e43cabe1dca309c6d693f8681e84b09688bbb8e85594d456cf34b891172e7e6c4f22b5c96c4a76f1e73a6475d70acc1e rngd.initd +ee33fd5fbdb0bdad8cb4373f71dc2e2cfdbc554151516daef915f7e6c26e694befd982128794147fb73b15e2ebdbc530b85f9051545967674451cdef23aa1b3d rngd-extra.confd +63a8c2cc6aa9be1705ce356988b5f7458d576bb349ae2b388713c971083e407e4877507878f9216304221e99767853d5ca85ac87d2faac99b6e942670e44c891 rngd-extra.initd +9dbcf618d1cb1c4ec8941676d18979c8b221c2377c421d539e5a7104d6fc6c13f0744b467079d3caf21976a50fcde60a4879c5ebad9fb3e74e282970ab438fe0 01-fix-jitter-format-warning.patch" diff --git a/main/rng-tools/fix-encrypt-name-clash.patch b/main/rng-tools/fix-encrypt-name-clash.patch deleted file mode 100644 index 26677187f54..00000000000 --- a/main/rng-tools/fix-encrypt-name-clash.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/rngd_darn.c b/rngd_darn.c -index 35df7a1..9345895 100644 ---- a/rngd_darn.c -+++ b/rngd_darn.c -@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src) - return 0; - } - --int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, -+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, - unsigned char *iv, unsigned char *ciphertext) - { - int len; -@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src) - unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS]; - - /* Encrypt the plaintext */ -- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf, -+ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf, - ciphertext); - printf("Calling mangle with len %d\n", ciphertext_len); - if (!ciphertext_len) diff --git a/main/rng-tools/fix-textrels-on-PIC-x86.patch b/main/rng-tools/fix-textrels-on-PIC-x86.patch deleted file mode 100644 index ee6fe108b98..00000000000 --- a/main/rng-tools/fix-textrels-on-PIC-x86.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- a/rdrand_asm.S -+++ b/rdrand_asm.S -@@ -83,6 +83,7 @@ - jmp 4b - ENDPROC(x86_rdseed_or_rdrand_bytes) - -+#define INIT_PIC() - #define SETPTR(var,ptr) leaq var(%rip),ptr - #define PTR0 %rdi - #define PTR1 %rsi -@@ -180,6 +190,7 @@ - #define NPTR2 1 /* %rcx = %r1 */ - - #endif -+ INIT_PIC() - - ENTRY(x86_aes_mangle) - #ifdef __i386__ -@@ -283,6 +294,17 @@ - #endif - ret - ENDPROC(x86_aes_mangle) -+ -+#if defined(__i386__) && defined(__PIC__) -+ .section .gnu.linkonce.t.__i686.get_pc_thunk.bx,"ax",@progbits -+.globl __i686.get_pc_thunk.bx -+ .hidden __i686.get_pc_thunk.bx -+ .type __i686.get_pc_thunk.bx,@function -+__i686.get_pc_thunk.bx: -+ movl (%esp), %ebx -+ ret -+#endif -+ - - /* aeskeygenassist $imm,%xmm0,%xmm1 */ - #define AESKEYGENASSIST(imm) .byte 0x66,0x0f,0x3a,0xdf,0xc8,imm diff --git a/main/rng-tools/rngd-extra.confd b/main/rng-tools/rngd-extra.confd new file mode 100644 index 00000000000..86db4059a22 --- /dev/null +++ b/main/rng-tools/rngd-extra.confd @@ -0,0 +1,85 @@ +# Configuration for /etc/init.d/rngd + +# Space-delimited list of entropy sources to enable. +# No need to include any source that is enabled by default. +# +# Choose from list: +# nist: NIST radio beacon. Not recommended. +# tpm: Is deprecated, will be removed in future version. +# +INCLUDE_ENTROPY_SOURCES="" + +# Space-delimited list of entropy sources to disable. +# Useful for disabling certain entropy sources even when supported on system. +# +EXCLUDE_ENTROPY_SOURCES="" + + +# Number of entropy bits to support, 1 <= n <= 8. +# +#ENTROPY_COUNT=8 + +# Time in seconds to force adding entropy to random device. +# +#FORCE_RESEED=300 + +# Device used for random number input. +# +#HWRNG_DEVICE="/dev/hwrng" + +# Kernel device used for random number output. +# +#RANDOM_DEVICE="/dev/random" + +# Number of bytes written to random-device at a time. +# +#STEP=64 + +# Do not stop feeding entropy to random device until at least this +# many bits of entropy are available in pool. Value can be +# 0 <= n <= `sysctl kernel.random.poolsize`. +# +#WATERMARK=3072 + + +# Entropy source specific options: +# +# +# darn options: +# use_aes:(BOOLEAN) +# +#DARN_OPTIONS="use_aes:1" +# +# +# jitter options: +# thread_count:(INTEGER) +# buffer_size:(INTEGER) +# refill_thresh:(INTEGER) +# retry_count:(INTEGER) +# retry_delay:(INTEGER) +# use_aes:(BOOLEAN) +# +#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535" +#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1" +# +# +# rdrand options: +# use_aes:(BOOLEAN) +# +#RDRAND_OPTIONS="use_aes:0" +# +# +# rtlsdr options: +# device_id:(INTEGER) +# freq_min:(INTEGER) +# freq_max:(INTEGER) +# sample_min:(INTEGER) +# sample_max:(INTEGER) +# +#RTLSDR_OPTIONS="device_id:0 freq_min:90000000 freq_max:110000000" +#RTLSDR_OPTIONS="${RTLSDR_OPTIONS} sample_min:1000000 sample_max:2800000" + + +# Any extra arguments for rngd +# +EXTRA_ARGS="-q" diff --git a/main/rng-tools/rngd-extra.initd b/main/rng-tools/rngd-extra.initd new file mode 100644 index 00000000000..2f8131ea185 --- /dev/null +++ b/main/rng-tools/rngd-extra.initd @@ -0,0 +1,66 @@ +#!/sbin/openrc-run + +description="Random number generator daemon" + +pidfile="/run/$RC_SVCNAME.pid" +command="/usr/sbin/rngd" +command_args="-b -p $pidfile" +start_stop_daemon_args="--wait 5" + +depend() { + need localmount + after urandom + provide entropy +} + +start_pre() { + command_args="${command_args} ${EXTRA_ARGS}" + + for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -n ${entsrc}" + done + + for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -x ${entsrc}" + done + + if [ "x${ENTROPY_COUNT}" != "x" ]; then + command_args="${command_args} -e ${ENTROPY_COUNT}" + fi + + if [ "x${FORCE_RESEED}" != "x" ]; then + command_args="${command_args} -R ${FORCE_RESEED}" + fi + + if [ "x${HWRNG_DEVICE}" != "x" ]; then + command_args="${command_args} -r ${HWRNG_DEVICE}" + fi + + if [ "x${RANDOM_DEVICE}" != "x" ]; then + command_args="${command_args} -o ${RANDOM_DEVICE}" + fi + + if [ "x${STEP}" != "x" ]; then + command_args="${command_args} -s ${STEP}" + fi + + if [ "x${WATERMARK}" != "x" ]; then + command_args="${command_args} -W ${WATERMARK}" + fi + + for entsrc_opt in ${DARN_OPTIONS}; do + command_args="${command_args} -O darn:${entsrc_opt}" + done + + for entsrc_opt in ${JITTER_OPTIONS}; do + command_args="${command_args} -O jitter:${entsrc_opt}" + done + + for entsrc_opt in ${RDRAND_OPTIONS}; do + command_args="${command_args} -O rdrand:${entsrc_opt}" + done + + for entsrc_opt in ${RTLSDR_OPTIONS}; do + command_args="${command_args} -O rtlsdr:${entsrc_opt}" + done +} diff --git a/main/rng-tools/rngd.confd b/main/rng-tools/rngd.confd index 65187508df1..86fc4d853fa 100644 --- a/main/rng-tools/rngd.confd +++ b/main/rng-tools/rngd.confd @@ -1,4 +1,73 @@ # Configuration for /etc/init.d/rngd -# Additional options to pass into rngd(8). -# RNGD_OPTS="" +# Space-delimited list of entropy sources to enable. +# No need to include any source that is enabled by default. +# +# Choose from list: +# tpm: Is deprecated, will be removed in future version. +# +INCLUDE_ENTROPY_SOURCES="" + +# Space-delimited list of entropy sources to disable. +# Useful for disabling certain entropy sources even when supported on system. +# +EXCLUDE_ENTROPY_SOURCES="" + + +# Number of entropy bits to support, 1 <= n <= 8. +# +#ENTROPY_COUNT=8 + +# Time in seconds to force adding entropy to random device. +# +#FORCE_RESEED=300 + +# Device used for random number input. +# +#HWRNG_DEVICE="/dev/hwrng" + +# Kernel device used for random number output. +# +#RANDOM_DEVICE="/dev/random" + +# Number of bytes written to random-device at a time. +# +#STEP=64 + +# Do not stop feeding entropy to random device until at least this +# many bits of entropy are available in pool. Value can be +# 0 <= n <= `sysctl kernel.random.poolsize`. +# +#WATERMARK=3072 + + +# Entropy source specific options: +# +# +# darn options: +# use_aes:(BOOLEAN) +# +#DARN_OPTIONS="use_aes:1" +# +# +# jitter options: +# thread_count:(INTEGER) +# buffer_size:(INTEGER) +# refill_thresh:(INTEGER) +# retry_count:(INTEGER) +# retry_delay:(INTEGER) +# use_aes:(BOOLEAN) +# +#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535" +#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1" +# +# +# rdrand options: +# use_aes:(BOOLEAN) +# +#RDRAND_OPTIONS="use_aes:0" + + +# Any extra arguments for rngd +# +EXTRA_ARGS="-q" diff --git a/main/rng-tools/rngd.initd b/main/rng-tools/rngd.initd index 92ca90aa35a..7addf08fff9 100644 --- a/main/rng-tools/rngd.initd +++ b/main/rng-tools/rngd.initd @@ -4,7 +4,7 @@ description="Random number generator daemon" pidfile="/run/$RC_SVCNAME.pid" command="/usr/sbin/rngd" -command_args="--quiet --background --pid-file $pidfile $RNGD_OPTS" +command_args="-b -p $pidfile" start_stop_daemon_args="--wait 5" depend() { @@ -12,3 +12,51 @@ depend() { after urandom provide entropy } + +start_pre() { + command_args="${command_args} ${EXTRA_ARGS}" + + for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -n ${entsrc}" + done + + for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -x ${entsrc}" + done + + if [ "x${ENTROPY_COUNT}" != "x" ]; then + command_args="${command_args} -e ${ENTROPY_COUNT}" + fi + + if [ "x${FORCE_RESEED}" != "x" ]; then + command_args="${command_args} -R ${FORCE_RESEED}" + fi + + if [ "x${HWRNG_DEVICE}" != "x" ]; then + command_args="${command_args} -r ${HWRNG_DEVICE}" + fi + + if [ "x${RANDOM_DEVICE}" != "x" ]; then + command_args="${command_args} -o ${RANDOM_DEVICE}" + fi + + if [ "x${STEP}" != "x" ]; then + command_args="${command_args} -s ${STEP}" + fi + + if [ "x${WATERMARK}" != "x" ]; then + command_args="${command_args} -W ${WATERMARK}" + fi + + for entsrc_opt in ${DARN_OPTIONS}; do + command_args="${command_args} -O darn:${entsrc_opt}" + done + + for entsrc_opt in ${JITTER_OPTIONS}; do + command_args="${command_args} -O jitter:${entsrc_opt}" + done + + for entsrc_opt in ${RDRAND_OPTIONS}; do + command_args="${command_args} -O rdrand:${entsrc_opt}" + done +} diff --git a/main/rng-tools/stack.patch b/main/rng-tools/stack.patch deleted file mode 100644 index a6a60fa1902..00000000000 --- a/main/rng-tools/stack.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/rngd_rtlsdr.c b/rngd_rtlsdr.c -index eca0ada..fed1f88 100644 ---- a/rngd_rtlsdr.c -+++ b/rngd_rtlsdr.c -@@ -180,7 +180,7 @@ static size_t condition_buffer(unsigned char *in, unsigned char *out, size_t ins - * Finalise the encryption. Further ciphertext bytes may be written at - * this stage. - */ -- if(1 != EVP_EncryptFinal_ex(ctx, out + len, &len)) -+ if(1 != EVP_EncryptFinal_ex(ctx, out, &len)) - return 0; - ciphertext_len += len; - |