gentoo resync : 19.03.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-03-19 11:37:34 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-03-19 11:37:34 +0000
commit: b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch)
tree: 9fd110f9fc996e8a4213eeda994a8c112491b86d /sys-apps/rng-tools/files
parent: 066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff)
7 files changed, 154 insertions, 193 deletions
diff --git a/sys-apps/rng-tools/files/rng-tools-6.1-fix-nistbeacon-validation-on-x86.patch b/sys-apps/rng-tools/files/rng-tools-6.1-fix-nistbeacon-validation-on-x86.patch
deleted file mode 100644
index 1872444bc4a8..000000000000
--- a/sys-apps/rng-tools/files/rng-tools-6.1-fix-nistbeacon-validation-on-x86.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From e8d7ea04e39f1209a79c003f3b62c9f1761dec0e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org>
-Date: Thu, 19 Apr 2018 05:29:01 -0400
-Subject: [PATCH] rngd_nistbeacon: fix the size of frequency and timestamp on
- x86_32
-
-The members "frequency" and "timestamp" of struct nist_data_block are
-defined as int and long, respectively. On x86_64, their sizes
-correctly correspond to 4 and 8 bytes. However, on 32-bit x86
-architectures, both int and long are defined as 4 bytes, causing the
-digest verification to fail. Fix it by using uint32_t and uint64_t
-explicitly.
----
- rngd_nistbeacon.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/rngd_nistbeacon.c b/rngd_nistbeacon.c
-index fbebc53..eadde39 100644
---- a/rngd_nistbeacon.c
-+++ b/rngd_nistbeacon.c
-@@ -97,8 +97,8 @@ BIO *bfp;
- 
- struct nist_data_block {
- 	char *version;
--	int frequency;
--	long timestamp;
-+	uint32_t frequency;
-+	uint64_t timestamp;
- 	char *seedvalue;
- 	size_t seedvaluelen;
- 	char *previoushash;
-@@ -355,8 +355,8 @@ static int validate_nist_block()
- 
- 
- 	EVP_VerifyUpdate(mdctx, block.version, strlen(block.version));
--	EVP_VerifyUpdate(mdctx, &block.frequency, sizeof(int));
--	EVP_VerifyUpdate(mdctx, &block.timestamp, sizeof(long));
-+	EVP_VerifyUpdate(mdctx, &block.frequency, sizeof(uint32_t));
-+	EVP_VerifyUpdate(mdctx, &block.timestamp, sizeof(uint64_t));
- 	EVP_VerifyUpdate(mdctx, block.seedvalue, block.seedvaluelen);
- 	EVP_VerifyUpdate(mdctx, block.previoushash, block.previoushashlen);
- 	EVP_VerifyUpdate(mdctx, &block.errorcode, block.errorcodelen);
--- 
-2.13.6
-
diff --git a/sys-apps/rng-tools/files/rng-tools-6.3-jitterentropy-linking-fix.patch b/sys-apps/rng-tools/files/rng-tools-6.3-jitterentropy-linking-fix.patch
deleted file mode 100644
index f7b87c88715d..000000000000
--- a/sys-apps/rng-tools/files/rng-tools-6.3-jitterentropy-linking-fix.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From c9f795da2dbeb0e85025f6264321aef1ba12059e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org>
-Date: Fri, 6 Jul 2018 17:20:28 -0400
-Subject: [PATCH] Makefile.am: use the libjitterentropy available on the system
-
----
- Makefile.am | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index b80e9a0..5d33aaf 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -2,9 +2,7 @@
- ## Toplevel Makefile.am for rng-tools
- ##
- if JITTER
-- JSUBDIR = jitterentropy-library
-- JSUBLIB = ./jitterentropy-library/libjitterentropy.a
-- AM_CPPFLAGS = -I./jitterentropy-library
-+ jitterentropy_LIBS = -ljitterentropy
- endif
- 
- SUBDIRS		= contrib tests $(JSUBDIR) 
-@@ -33,7 +31,7 @@ if JITTER
- rngd_SOURCES	+= rngd_jitter.c
- endif
- 
--rngd_LDADD	= librngd.a -lsysfs $(JSUBLIB) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS}
-+rngd_LDADD	= librngd.a -lsysfs $(jitterentropy_LIBS) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS}
- 
- rngd_CFLAGS	= ${libxml2_CFLAGS} ${openssl_CFLAGS}
- 
--- 
-2.17.0
-
diff --git a/sys-apps/rng-tools/files/rng-tools-6.4-jitterentropy-linking-fix.patch b/sys-apps/rng-tools/files/rng-tools-6.4-jitterentropy-linking-fix.patch
deleted file mode 100644
index e6cf95d13f32..000000000000
--- a/sys-apps/rng-tools/files/rng-tools-6.4-jitterentropy-linking-fix.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From ac00de69665a14bc1884be90ec83f8e8bc4d69f0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org>
-Date: Wed, 19 Sep 2018 16:45:37 -0400
-Subject: [PATCH] Makefile.am: use the libjitterentropy available on the system
-
----
- Makefile.am | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index fa8ecca..abc759a 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -2,9 +2,7 @@
- ## Toplevel Makefile.am for rng-tools
- ##
- if JITTER
-- JSUBDIR = jitterentropy-library
-- JSUBLIB = ./jitterentropy-library/libjitterentropy.a
-- AM_CPPFLAGS = -I./jitterentropy-library
-+ jitterentropy_LIBS = -ljitterentropy
- endif
- 
- SUBDIRS		= contrib tests $(JSUBDIR) 
-@@ -33,7 +31,7 @@ if JITTER
- rngd_SOURCES	+= rngd_jitter.c
- endif
- 
--rngd_LDADD	= librngd.a -lsysfs $(JSUBLIB) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
-+rngd_LDADD	= librngd.a -lsysfs $(jitterentropy_LIBS) ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
- 
- rngd_CFLAGS	= ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
- rngd_LDFLAGS	= $(PTHREAD_CFLAGS)
--- 
-2.19.0
-
diff --git a/sys-apps/rng-tools/files/rng-tools-6.5-jitterentropy-automagic-detection-fix.patch b/sys-apps/rng-tools/files/rng-tools-6.5-jitterentropy-automagic-detection-fix.patch
deleted file mode 100644
index b03960180ed9..000000000000
--- a/sys-apps/rng-tools/files/rng-tools-6.5-jitterentropy-automagic-detection-fix.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 76cfc06afb69019dcf0bbd9938f6378168e37411 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=B6kt=C3=BCrk=20Y=C3=BCksek?= <gokturk@gentoo.org>
-Date: Wed, 26 Sep 2018 13:32:39 -0400
-Subject: [PATCH] configure.ac: control jitterentropy support using
- --with-jitter
-
-Replace automagic detection of jitterentropy DSO with an AC_ARG_WITH
-macro so that rngd can be compiled without jitter support even when
-the jitterentropy library is available on the system.
----
- configure.ac | 26 +++++++++++++++++++-------
- 1 file changed, 19 insertions(+), 7 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index b1544d9..1e58184 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -40,6 +40,13 @@ AC_ARG_WITH([nistbeacon],
- 	[with_nistbeacon=check]
- )
- 
-+AC_ARG_WITH([jitter],
-+	AS_HELP_STRING([--without-jitter],
-+		[Disable jitter entropy library support. ]),
-+	[],
-+	[with_jitter=check]
-+)
-+
- dnl Make sure anyone changing configure.ac/Makefile.am has a clue
- AM_MAINTAINER_MODE
- AM_PROG_AS
-@@ -61,13 +68,18 @@ AS_IF([test $target_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])]
- 
- AM_CONDITIONAL([JITTER], [false])
- AM_CONDITIONAL([JITTER_DSO], [false])
--AS_IF([test -f jitterentropy-library/Makefile],
--		[AM_CONDITIONAL([JITTER], [true])
--		 AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])],
--		[AC_SEARCH_LIBS(jent_version,jitterentropy,
--			[AM_CONDITIONAL([JITTER_DSO], [true])
--			 AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])],
--			[AC_MSG_NOTICE([Disabling JITTER entropy source])])])
-+AS_IF(
-+	[ test "x$with_jitter" != "xno" ],
-+	[
-+		AS_IF([test -f jitterentropy-library/Makefile],
-+				[AM_CONDITIONAL([JITTER], [true])
-+				 AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])],
-+				[AC_SEARCH_LIBS(jent_version,jitterentropy,
-+					[AM_CONDITIONAL([JITTER_DSO], [true])
-+					 AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])],
-+					[AC_MSG_NOTICE([Disabling JITTER entropy source])])])
-+	]
-+)
- 
- #AM_CONDITIONAL([JITTER], [test -f jitterentropy-library/Makefile])
- #AS_IF([test -f jitterentropy-library/Makefile], [AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])],[AC_MSG_NOTICE([Disabling JITTER entropy source])])
--- 
-2.19.0
-
diff --git a/sys-apps/rng-tools/files/rngd-confd-6.7 b/sys-apps/rng-tools/files/rngd-confd-6.7
new file mode 100644
index 000000000000..20aa3281d535
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-confd-6.7
@@ -0,0 +1,90 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# /etc/conf.d/rngd
+# Please see "/usr/sbin/rngd --help" and "man rngd" for more information
+
+# Space-delimited list of entropy sources to enable
+# Note that some of the entropy sources may require certain USE flags
+# to be enabled or require hardware support to function properly
+# Entropy sources not specified here (or in the exclude list below)
+# will be enabled/disabled based on rngd default behavior
+#
+# Choose from the list:
+#         hwrng:  Hardware RNG Device
+#         tpm:    TPM RNG Device (Deprecated)
+#         rdrand: Intel RDRAND Instruction RNG
+#         darn:   Power9 DARN Instruction RNG
+#         nist:   NIST Network Entropy Beacon
+#                 (UNSAFE for cryptographic operations)
+#         jitter: JITTER Entropy Generator
+#         pkcs11: PKCS11 Entropy Generator
+#
+#INCLUDE_ENTROPY_SOURCES="hwrng tpm rdrand darn nist jitter pkcs11"
+
+
+# Space-delimited list of entropy sources to disable
+# This is useful for disabling certain entropy sources even
+# when they are supported on the system
+#
+#EXCLUDE_ENTROPY_SOURCES="nist tpm"
+
+
+# Entropy source specific options:
+#
+#
+# hwrng device used for random number input:
+#
+#HWRNG_DEVICE="/dev/hwrng"
+#
+#
+# rdrand options:
+#         use_aes:(BOOLEAN)
+#
+#RDRAND_OPTIONS="use_aes:1"
+#
+#
+# darn options:
+#         use_aes:(BOOLEAN)
+#
+#DARN_OPTIONS="use_aes:1"
+#
+#
+# jitter options:
+#         thread_count:(INTEGER)
+#         buffer_size:(INTEGER)
+#         refill_thresh:(INTEGER)
+#         retry_count:(INTEGER)
+#         retry_delay:(INTEGER)
+#         use_aes:(BOOLEAN)
+#
+#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535"
+#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1"
+#
+#
+# pkcs11 options:
+#         engine_path:(STRING)
+#         chunk_size:(INTEGER)
+#
+#PKCS11_OPTIONS="engine_path:/usr/lib64/opensc-pkcs11.so chunk_size:1"
+
+
+# Kernel device used for random number output
+#
+#RANDOM_DEVICE="/dev/random"
+
+
+# Random step (Number of bytes written to random-device at a time):
+#
+#STEP=64
+
+
+# Fill watermark
+# 0 <= n <= `sysctl kernel.random.poolsize`
+#
+#WATERMARK=2048
+
+
+# Any extra arguments for rngd
+#
+#EXTRA_ARGS=""
diff --git a/sys-apps/rng-tools/files/rngd-initd-6 b/sys-apps/rng-tools/files/rngd-initd-6
deleted file mode 100644
index c3b48bf22099..000000000000
--- a/sys-apps/rng-tools/files/rngd-initd-6
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
-	need localmount
-	after urandom
-	provide entropy
-}
-
-command=/usr/sbin/rngd
-pidfile="/var/run/${SVCNAME}.pid"
-command_args="--pid-file ${pidfile} --background --random-step ${STEP:-64} ${NO_TPM:+-x 1} \
-	${NO_DRNG:+-x 2} --fill-watermark ${WATERMARK} ${DEVICE:+--rng-device ${DEVICE}}"
-start_stop_daemon_args="--wait 1000"
-retry="SIGKILL/5000"
diff --git a/sys-apps/rng-tools/files/rngd-initd-6.7 b/sys-apps/rng-tools/files/rngd-initd-6.7
new file mode 100644
index 000000000000..e85581ba6cb4
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-initd-6.7
@@ -0,0 +1,64 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need localmount
+	after urandom
+	provide entropy
+}
+
+command="/usr/sbin/rngd"
+description="Check and feed random data from hardware device to kernel entropy pool."
+pidfile="/var/run/${RC_SVCNAME}.pid"
+command_args=""
+command_args_background="--pid-file ${pidfile} --background"
+start_stop_daemon_args="--wait 1000"
+retry="SIGKILL/5000"
+
+
+# Parse rngd confd file for extra command line arguments
+start_pre() {
+    for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do
+	command_args="${command_args} -n ${entsrc}"
+    done
+
+    for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do
+	command_args="${command_args} -x ${entsrc}"
+    done
+
+    if [ "x${HWRNG_DEVICE}" != "x" ]; then
+	command_args="${command_args} --rng-device=${HWRNG_DEVICE}"
+    fi
+
+    for entsrc_opt in ${RDRAND_OPTIONS}; do
+	command_args="${command_args} -O rdrand:${entsrc_opt}"
+    done
+
+    for entsrc_opt in ${DARN_OPTIONS}; do
+	command_args="${command_args} -O darn:${entsrc_opt}"
+    done
+
+    for entsrc_opt in ${JITTER_OPTIONS}; do
+	command_args="${command_args} -O jitter:${entsrc_opt}"
+    done
+
+    for entsrc_opt in ${PKCS11_OPTIONS}; do
+	command_args="${command_args} -O pkcs11:${entsrc_opt}"
+    done
+
+    if [ "x${RANDOM_DEVICE}" != "x" ]; then
+	command_args="${command_args} --random-device=${RANDOM_DEVICE}"
+    fi
+
+    if [ "x${STEP}" != "x" ]; then
+	command_args="${command_args} --random-step=${STEP}"
+    fi
+
+    if [ "x${WATERMARK}" != "x" ]; then
+	command_args="${command_args} --fill-watermark=${WATERMARK}"
+    fi
+
+    command_args="${command_args} ${EXTRA_ARGS}"
+    return 0
+}
author	V3n3RiX <venerix@redcorelinux.org>	2019-03-19 11:37:34 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-03-19 11:37:34 +0000
commit	b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch)
tree	9fd110f9fc996e8a4213eeda994a8c112491b86d /sys-apps/rng-tools/files
parent	066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff)