aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDermot Bradley <dermot_bradley@yahoo.com>2021-01-08 16:28:55 +0000
committerLeo <thinkabit.ukim@gmail.com>2021-01-16 00:51:43 +0000
commit19c2b4e9dc4d98e72e8485e8711b7c811a70503e (patch)
tree7228002545c628f54d6f3e704727854badec7892
parentc41dbe9d14f2e720a782e30457d9e10232cda818 (diff)
main/rng-tools: upgrade to 6.11
Take over maintainership. Remove unneeded patches. DARN source no longer requires libgcrypt. Overhaul conf.d file to give more flexibility in selecting features. Add jitterentropy-library dependancy - jitter source now built into rngd. Add patch to fix jitter compile warning. Disable RTLSDR in rngd to remove various dependancies. Add rng-tools-extra sub-package with more entropy sources compiled-in.
-rw-r--r--main/rng-tools/01-fix-jitter-format-warning.patch22
-rw-r--r--main/rng-tools/APKBUILD104
-rw-r--r--main/rng-tools/fix-encrypt-name-clash.patch22
-rw-r--r--main/rng-tools/fix-textrels-on-PIC-x86.patch36
-rw-r--r--main/rng-tools/rngd-extra.confd85
-rw-r--r--main/rng-tools/rngd-extra.initd66
-rw-r--r--main/rng-tools/rngd.confd73
-rw-r--r--main/rng-tools/rngd.initd50
-rw-r--r--main/rng-tools/stack.patch13
9 files changed, 369 insertions, 102 deletions
diff --git a/main/rng-tools/01-fix-jitter-format-warning.patch b/main/rng-tools/01-fix-jitter-format-warning.patch
new file mode 100644
index 00000000000..1e1319a4385
--- /dev/null
+++ b/main/rng-tools/01-fix-jitter-format-warning.patch
@@ -0,0 +1,22 @@
+From: Dermot Bradley <dermot_bradley@yahoo.com>
+Date: Wed, 13 Jan 2021 15:26 +0000
+Subject: [PATCH] rngd_jitter: fix format warning
+
+Fixes compile warning regarding type of an argument.
+
+This has been reported upstream as PR #115.
+
+---
+
+diff -aur a/rngd_jitter.c b/rngd_jitter.c
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -143,7 +143,7 @@
+ size_t total;
+ try_again:
+ while (need) {
+- message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "xread_jitter requests %d bytes from pipe\n", need);
++ message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "xread_jitter requests %ld bytes from pipe\n", need);
+ request = read(pipefds[0], &bptr[size-need], need);
+ if ((request < need) && ent_src->rng_options[JITTER_OPT_USE_AES].int_val) {
+ message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "xread_jitter falls back to AES\n");
diff --git a/main/rng-tools/APKBUILD b/main/rng-tools/APKBUILD
index 455e7cc9133..b3d60995ff4 100644
--- a/main/rng-tools/APKBUILD
+++ b/main/rng-tools/APKBUILD
@@ -1,32 +1,43 @@
# Contributor: Dennis Przytarski <dennis@przytarski.com>
-# Maintainer: ScrumpyJack <scrumypjack@st.ilet.to>
+# Contributor: ScrumpyJack <scrumpyjack@st.ilet.to>
+# Contributor: Dermot Bradley <dermot_bradley@yahoo.com>
+# Maintainer: Dermot Bradley <dermot_bradley@yahoo.com>
pkgname=rng-tools
-pkgver=6.10
-pkgrel=2
-pkgdesc="A random number generator daemon"
+pkgver=6.11
+pkgrel=0
+pkgdesc="Random number generator daemon"
url="https://github.com/nhorman/rng-tools"
arch="all"
license="GPL-2.0-or-later"
-makedepends="argp-standalone autoconf automake linux-headers libtool
- sysfsutils-dev
- openssl-dev
+makedepends="
+ argp-standalone
+ autoconf
+ automake
+ curl-dev
+ jansson-dev
+ jitterentropy-library-dev
librtlsdr-dev
+ libtool
+ libxml2-dev
+ linux-headers
+ openssl-dev
+ sysfsutils-dev
+ "
+options="!check" # No useful tests to be performed.
+subpackages="
+ $pkgname-doc
+ $pkgname-openrc
+ rng-tools-extra:extra
+ rng-tools-extra-openrc:extra_openrc
"
-subpackages="$pkgname-doc $pkgname-openrc"
-source="rng-tools-$pkgver.tar.gz::https://github.com/nhorman/rng-tools/archive/v$pkgver.tar.gz
- fix-textrels-on-PIC-x86.patch
- fix-encrypt-name-clash.patch
- stack.patch
+source="rng-tools-$pkgver.tar.gz::https://github.com/nhorman/rng-tools/archive/V$pkgver.tar.gz
rngd.confd
rngd.initd
+ rngd-extra.confd
+ rngd-extra.initd
+ 01-fix-jitter-format-warning.patch
"
-# power DARN support requires libgcrypt
-case "$CARCH" in
- ppc64le) makedepends="$makedepends libgcrypt-dev";;
- *) _flags="--without-libgcrypt";;
-esac
-
prepare() {
default_prepare
./autogen.sh
@@ -35,9 +46,25 @@ prepare() {
build() {
export LIBS="-largp"
- # NOTE: nistbeacon depends on libxml2 and libcurl, so it would
- # significantly increase rng-tools' total size.
- # Likewise for libgcrypt.
+ # Build rng-tools-extra version which has NIST and RTLSDR entropy
+ # sources enabled in addition to the "normal" set.
+ cp -r "$builddir" "$builddir"-extra
+ cd "$builddir"-extra
+ msg "Building $pkgname-extra"
+ ./configure \
+ --prefix=/usr \
+ --libexecdir=/usr/lib/rng-tools \
+ --sysconfdir=/etc \
+ --disable-silent-rules \
+ --with-nistbeacon \
+ --without-pkcs11 \
+ --with-rtlsdr
+ make rngd rngtest
+
+ # Build rng-tools normal version which has only a small
+ # set of entropy sources included.
+ cd "$builddir"
+ msg "Building $pkgname"
./configure \
--prefix=/usr \
--libexecdir=/usr/lib/rng-tools \
@@ -45,7 +72,7 @@ build() {
--disable-silent-rules \
--without-nistbeacon \
--without-pkcs11 \
- $_flags
+ --without-rtlsdr
make
}
@@ -56,9 +83,30 @@ package() {
install -m 755 -D "$srcdir"/rngd.initd "$pkgdir"/etc/init.d/rngd
}
-sha512sums="b72d8918f709989ebc70cb9ea9c8b3dabf53041b24bc3f3a6de1bea318861dfd6c1a6110bd750041dc4819406db4a2b28f5137af5f5d5f2beb666f607913b389 rng-tools-6.10.tar.gz
-241b56146ec8e55572711b7aa36fa2afbe7a9527d25f03098f35f4c52a9049933d9bc2a82b0e2e0dbc836409d7f650f3a88ef546d6c5a687f7be8fbe4a013b7e fix-textrels-on-PIC-x86.patch
-c65d177b20948f88341b22149325011fca93da1137cb176f642ae1944ffc2110141e123518fcc1329346a21c57a51a6cf22f8f06f7d10337a7b1a50c243e97cf fix-encrypt-name-clash.patch
-bd0a6caf5a44796c7efdacfa19fb725c2ea61951dec039607471382597fdc919d28640e159dd58db8df4d7f36e12318f86b078666fad1929816031061b13f677 stack.patch
-363b5aa431a0da37fc9eb8c93cffed0b75f43064530318fb41c774acd8aab8a1e109cf6c294b77fa6b8f97aa355b2849f56e83d8b06bcd9e0e9f3aa4f3ba49ac rngd.confd
-86a6a7446eda64c075e468bc304008314b710629e06146582c5ce3fcc307a6b4baf5f8e8a47b72f1bab0bb608d76f953f2712cddd35809abcb02b8320c682535 rngd.initd"
+extra() {
+ pkgdesc="Random number generator daemon with extra entropy sources"
+ provides="rng-tools"
+
+ cd "$builddir-extra"
+ mkdir -p "$subpkgdir"
+ make DESTDIR="$subpkgdir" install-binPROGRAMS install-sbinPROGRAMS
+}
+
+extra_openrc() {
+ pkgdesc="Random number generator daemon with extra entropy sources (OpenRC init scripts)"
+ install_if="$pkgname-extra=$pkgver-r$pkgrel"
+
+ mkdir -p \
+ "$subpkgdir"/etc/conf.d \
+ "$subpkgdir"/etc/init.d
+
+ install -m 644 -D "$srcdir"/rngd-extra.confd "$subpkgdir"/etc/conf.d/rngd
+ install -m 755 -D "$srcdir"/rngd-extra.initd "$subpkgdir"/etc/init.d/rngd
+}
+
+sha512sums="0058ca5d0c1ddb554284fe8e6b9c0b85f130e0b9e0b9f0f0219f434302766e07c321d4fc0c01bdeb59053d5cd14dab67dc1c306422ef35a62a267af9fbdf7deb rng-tools-6.11.tar.gz
+7b7bd87ee64417c63ad174da805b01f7287c742af6116091be8ce320b3587db31c15537860cba591f7115bf187541d07ef59df7b726dafccb7d6c8ea64ba22ee rngd.confd
+08d268b7c00ce5ec2ad69c1b75a53e24e43cabe1dca309c6d693f8681e84b09688bbb8e85594d456cf34b891172e7e6c4f22b5c96c4a76f1e73a6475d70acc1e rngd.initd
+ee33fd5fbdb0bdad8cb4373f71dc2e2cfdbc554151516daef915f7e6c26e694befd982128794147fb73b15e2ebdbc530b85f9051545967674451cdef23aa1b3d rngd-extra.confd
+63a8c2cc6aa9be1705ce356988b5f7458d576bb349ae2b388713c971083e407e4877507878f9216304221e99767853d5ca85ac87d2faac99b6e942670e44c891 rngd-extra.initd
+9dbcf618d1cb1c4ec8941676d18979c8b221c2377c421d539e5a7104d6fc6c13f0744b467079d3caf21976a50fcde60a4879c5ebad9fb3e74e282970ab438fe0 01-fix-jitter-format-warning.patch"
diff --git a/main/rng-tools/fix-encrypt-name-clash.patch b/main/rng-tools/fix-encrypt-name-clash.patch
deleted file mode 100644
index 26677187f54..00000000000
--- a/main/rng-tools/fix-encrypt-name-clash.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/rngd_darn.c b/rngd_darn.c
-index 35df7a1..9345895 100644
---- a/rngd_darn.c
-+++ b/rngd_darn.c
-@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src)
- return 0;
- }
-
--int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
-+static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
- unsigned char *iv, unsigned char *ciphertext)
- {
- int len;
-@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src)
- unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS];
-
- /* Encrypt the plaintext */
-- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf,
-+ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf,
- ciphertext);
- printf("Calling mangle with len %d\n", ciphertext_len);
- if (!ciphertext_len)
diff --git a/main/rng-tools/fix-textrels-on-PIC-x86.patch b/main/rng-tools/fix-textrels-on-PIC-x86.patch
deleted file mode 100644
index ee6fe108b98..00000000000
--- a/main/rng-tools/fix-textrels-on-PIC-x86.patch
+++ /dev/null
@@ -1,36 +0,0 @@
---- a/rdrand_asm.S
-+++ b/rdrand_asm.S
-@@ -83,6 +83,7 @@
- jmp 4b
- ENDPROC(x86_rdseed_or_rdrand_bytes)
-
-+#define INIT_PIC()
- #define SETPTR(var,ptr) leaq var(%rip),ptr
- #define PTR0 %rdi
- #define PTR1 %rsi
-@@ -180,6 +190,7 @@
- #define NPTR2 1 /* %rcx = %r1 */
-
- #endif
-+ INIT_PIC()
-
- ENTRY(x86_aes_mangle)
- #ifdef __i386__
-@@ -283,6 +294,17 @@
- #endif
- ret
- ENDPROC(x86_aes_mangle)
-+
-+#if defined(__i386__) && defined(__PIC__)
-+ .section .gnu.linkonce.t.__i686.get_pc_thunk.bx,"ax",@progbits
-+.globl __i686.get_pc_thunk.bx
-+ .hidden __i686.get_pc_thunk.bx
-+ .type __i686.get_pc_thunk.bx,@function
-+__i686.get_pc_thunk.bx:
-+ movl (%esp), %ebx
-+ ret
-+#endif
-+
-
- /* aeskeygenassist $imm,%xmm0,%xmm1 */
- #define AESKEYGENASSIST(imm) .byte 0x66,0x0f,0x3a,0xdf,0xc8,imm
diff --git a/main/rng-tools/rngd-extra.confd b/main/rng-tools/rngd-extra.confd
new file mode 100644
index 00000000000..86db4059a22
--- /dev/null
+++ b/main/rng-tools/rngd-extra.confd
@@ -0,0 +1,85 @@
+# Configuration for /etc/init.d/rngd
+
+# Space-delimited list of entropy sources to enable.
+# No need to include any source that is enabled by default.
+#
+# Choose from list:
+# nist: NIST radio beacon. Not recommended.
+# tpm: Is deprecated, will be removed in future version.
+#
+INCLUDE_ENTROPY_SOURCES=""
+
+# Space-delimited list of entropy sources to disable.
+# Useful for disabling certain entropy sources even when supported on system.
+#
+EXCLUDE_ENTROPY_SOURCES=""
+
+
+# Number of entropy bits to support, 1 <= n <= 8.
+#
+#ENTROPY_COUNT=8
+
+# Time in seconds to force adding entropy to random device.
+#
+#FORCE_RESEED=300
+
+# Device used for random number input.
+#
+#HWRNG_DEVICE="/dev/hwrng"
+
+# Kernel device used for random number output.
+#
+#RANDOM_DEVICE="/dev/random"
+
+# Number of bytes written to random-device at a time.
+#
+#STEP=64
+
+# Do not stop feeding entropy to random device until at least this
+# many bits of entropy are available in pool. Value can be
+# 0 <= n <= `sysctl kernel.random.poolsize`.
+#
+#WATERMARK=3072
+
+
+# Entropy source specific options:
+#
+#
+# darn options:
+# use_aes:(BOOLEAN)
+#
+#DARN_OPTIONS="use_aes:1"
+#
+#
+# jitter options:
+# thread_count:(INTEGER)
+# buffer_size:(INTEGER)
+# refill_thresh:(INTEGER)
+# retry_count:(INTEGER)
+# retry_delay:(INTEGER)
+# use_aes:(BOOLEAN)
+#
+#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535"
+#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1"
+#
+#
+# rdrand options:
+# use_aes:(BOOLEAN)
+#
+#RDRAND_OPTIONS="use_aes:0"
+#
+#
+# rtlsdr options:
+# device_id:(INTEGER)
+# freq_min:(INTEGER)
+# freq_max:(INTEGER)
+# sample_min:(INTEGER)
+# sample_max:(INTEGER)
+#
+#RTLSDR_OPTIONS="device_id:0 freq_min:90000000 freq_max:110000000"
+#RTLSDR_OPTIONS="${RTLSDR_OPTIONS} sample_min:1000000 sample_max:2800000"
+
+
+# Any extra arguments for rngd
+#
+EXTRA_ARGS="-q"
diff --git a/main/rng-tools/rngd-extra.initd b/main/rng-tools/rngd-extra.initd
new file mode 100644
index 00000000000..2f8131ea185
--- /dev/null
+++ b/main/rng-tools/rngd-extra.initd
@@ -0,0 +1,66 @@
+#!/sbin/openrc-run
+
+description="Random number generator daemon"
+
+pidfile="/run/$RC_SVCNAME.pid"
+command="/usr/sbin/rngd"
+command_args="-b -p $pidfile"
+start_stop_daemon_args="--wait 5"
+
+depend() {
+ need localmount
+ after urandom
+ provide entropy
+}
+
+start_pre() {
+ command_args="${command_args} ${EXTRA_ARGS}"
+
+ for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do
+ command_args="${command_args} -n ${entsrc}"
+ done
+
+ for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do
+ command_args="${command_args} -x ${entsrc}"
+ done
+
+ if [ "x${ENTROPY_COUNT}" != "x" ]; then
+ command_args="${command_args} -e ${ENTROPY_COUNT}"
+ fi
+
+ if [ "x${FORCE_RESEED}" != "x" ]; then
+ command_args="${command_args} -R ${FORCE_RESEED}"
+ fi
+
+ if [ "x${HWRNG_DEVICE}" != "x" ]; then
+ command_args="${command_args} -r ${HWRNG_DEVICE}"
+ fi
+
+ if [ "x${RANDOM_DEVICE}" != "x" ]; then
+ command_args="${command_args} -o ${RANDOM_DEVICE}"
+ fi
+
+ if [ "x${STEP}" != "x" ]; then
+ command_args="${command_args} -s ${STEP}"
+ fi
+
+ if [ "x${WATERMARK}" != "x" ]; then
+ command_args="${command_args} -W ${WATERMARK}"
+ fi
+
+ for entsrc_opt in ${DARN_OPTIONS}; do
+ command_args="${command_args} -O darn:${entsrc_opt}"
+ done
+
+ for entsrc_opt in ${JITTER_OPTIONS}; do
+ command_args="${command_args} -O jitter:${entsrc_opt}"
+ done
+
+ for entsrc_opt in ${RDRAND_OPTIONS}; do
+ command_args="${command_args} -O rdrand:${entsrc_opt}"
+ done
+
+ for entsrc_opt in ${RTLSDR_OPTIONS}; do
+ command_args="${command_args} -O rtlsdr:${entsrc_opt}"
+ done
+}
diff --git a/main/rng-tools/rngd.confd b/main/rng-tools/rngd.confd
index 65187508df1..86fc4d853fa 100644
--- a/main/rng-tools/rngd.confd
+++ b/main/rng-tools/rngd.confd
@@ -1,4 +1,73 @@
# Configuration for /etc/init.d/rngd
-# Additional options to pass into rngd(8).
-# RNGD_OPTS=""
+# Space-delimited list of entropy sources to enable.
+# No need to include any source that is enabled by default.
+#
+# Choose from list:
+# tpm: Is deprecated, will be removed in future version.
+#
+INCLUDE_ENTROPY_SOURCES=""
+
+# Space-delimited list of entropy sources to disable.
+# Useful for disabling certain entropy sources even when supported on system.
+#
+EXCLUDE_ENTROPY_SOURCES=""
+
+
+# Number of entropy bits to support, 1 <= n <= 8.
+#
+#ENTROPY_COUNT=8
+
+# Time in seconds to force adding entropy to random device.
+#
+#FORCE_RESEED=300
+
+# Device used for random number input.
+#
+#HWRNG_DEVICE="/dev/hwrng"
+
+# Kernel device used for random number output.
+#
+#RANDOM_DEVICE="/dev/random"
+
+# Number of bytes written to random-device at a time.
+#
+#STEP=64
+
+# Do not stop feeding entropy to random device until at least this
+# many bits of entropy are available in pool. Value can be
+# 0 <= n <= `sysctl kernel.random.poolsize`.
+#
+#WATERMARK=3072
+
+
+# Entropy source specific options:
+#
+#
+# darn options:
+# use_aes:(BOOLEAN)
+#
+#DARN_OPTIONS="use_aes:1"
+#
+#
+# jitter options:
+# thread_count:(INTEGER)
+# buffer_size:(INTEGER)
+# refill_thresh:(INTEGER)
+# retry_count:(INTEGER)
+# retry_delay:(INTEGER)
+# use_aes:(BOOLEAN)
+#
+#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535"
+#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1"
+#
+#
+# rdrand options:
+# use_aes:(BOOLEAN)
+#
+#RDRAND_OPTIONS="use_aes:0"
+
+
+# Any extra arguments for rngd
+#
+EXTRA_ARGS="-q"
diff --git a/main/rng-tools/rngd.initd b/main/rng-tools/rngd.initd
index 92ca90aa35a..7addf08fff9 100644
--- a/main/rng-tools/rngd.initd
+++ b/main/rng-tools/rngd.initd
@@ -4,7 +4,7 @@ description="Random number generator daemon"
pidfile="/run/$RC_SVCNAME.pid"
command="/usr/sbin/rngd"
-command_args="--quiet --background --pid-file $pidfile $RNGD_OPTS"
+command_args="-b -p $pidfile"
start_stop_daemon_args="--wait 5"
depend() {
@@ -12,3 +12,51 @@ depend() {
after urandom
provide entropy
}
+
+start_pre() {
+ command_args="${command_args} ${EXTRA_ARGS}"
+
+ for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do
+ command_args="${command_args} -n ${entsrc}"
+ done
+
+ for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do
+ command_args="${command_args} -x ${entsrc}"
+ done
+
+ if [ "x${ENTROPY_COUNT}" != "x" ]; then
+ command_args="${command_args} -e ${ENTROPY_COUNT}"
+ fi
+
+ if [ "x${FORCE_RESEED}" != "x" ]; then
+ command_args="${command_args} -R ${FORCE_RESEED}"
+ fi
+
+ if [ "x${HWRNG_DEVICE}" != "x" ]; then
+ command_args="${command_args} -r ${HWRNG_DEVICE}"
+ fi
+
+ if [ "x${RANDOM_DEVICE}" != "x" ]; then
+ command_args="${command_args} -o ${RANDOM_DEVICE}"
+ fi
+
+ if [ "x${STEP}" != "x" ]; then
+ command_args="${command_args} -s ${STEP}"
+ fi
+
+ if [ "x${WATERMARK}" != "x" ]; then
+ command_args="${command_args} -W ${WATERMARK}"
+ fi
+
+ for entsrc_opt in ${DARN_OPTIONS}; do
+ command_args="${command_args} -O darn:${entsrc_opt}"
+ done
+
+ for entsrc_opt in ${JITTER_OPTIONS}; do
+ command_args="${command_args} -O jitter:${entsrc_opt}"
+ done
+
+ for entsrc_opt in ${RDRAND_OPTIONS}; do
+ command_args="${command_args} -O rdrand:${entsrc_opt}"
+ done
+}
diff --git a/main/rng-tools/stack.patch b/main/rng-tools/stack.patch
deleted file mode 100644
index a6a60fa1902..00000000000
--- a/main/rng-tools/stack.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/rngd_rtlsdr.c b/rngd_rtlsdr.c
-index eca0ada..fed1f88 100644
---- a/rngd_rtlsdr.c
-+++ b/rngd_rtlsdr.c
-@@ -180,7 +180,7 @@ static size_t condition_buffer(unsigned char *in, unsigned char *out, size_t ins
- * Finalise the encryption. Further ciphertext bytes may be written at
- * this stage.
- */
-- if(1 != EVP_EncryptFinal_ex(ctx, out + len, &len))
-+ if(1 != EVP_EncryptFinal_ex(ctx, out, &len))
- return 0;
- ciphertext_len += len;
-