124 lines
4.6 KiB
RPMSpec
124 lines
4.6 KiB
RPMSpec
#
|
|
# spec file for package perl-Crypt-Random-Seed
|
|
#
|
|
# Copyright (c) 2024 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define cpan_name Crypt-Random-Seed
|
|
Name: perl-Crypt-Random-Seed
|
|
Version: 0.30.0
|
|
Release: 0
|
|
# 0.03 -> normalize -> 0.30.0
|
|
%define cpan_version 0.03
|
|
License: Artistic-1.0 OR GPL-1.0-or-later
|
|
Summary: Provide strong randomness for seeding
|
|
URL: https://metacpan.org/release/%{cpan_name}
|
|
Source0: https://cpan.metacpan.org/authors/id/D/DA/DANAJ/%{cpan_name}-%{cpan_version}.tar.gz
|
|
Source100: README.md
|
|
BuildArch: noarch
|
|
BuildRequires: perl
|
|
BuildRequires: perl-macros
|
|
BuildRequires: perl(Crypt::Random::TESHA2)
|
|
Requires: perl(Crypt::Random::TESHA2)
|
|
Provides: perl(Crypt::Random::Seed) = %{version}
|
|
%undefine __perllib_provides
|
|
%{perl_requires}
|
|
|
|
%description
|
|
A simple mechanism to get strong randomness. The main purpose of this
|
|
module is to provide a simple way to generate a seed for a PRNG such as
|
|
Math::Random::ISAAC, for use in cryptographic key generation, or as the
|
|
seed for an upstream module such as Bytes::Random::Secure. Flags for
|
|
requiring non-blocking sources are allowed, as well as a very simple method
|
|
for plugging in a source.
|
|
|
|
The randomness sources used are, in order:
|
|
|
|
* User supplied.
|
|
|
|
If the constructor is called with a Source defined, then it is used. It is
|
|
not checked vs. other flags (NonBlocking, Never, Only).
|
|
|
|
* Win32 Crypto API.
|
|
|
|
This will use 'CryptGenRandom' on Windows 2000 and 'RtlGenRand' on Windows
|
|
XP and newer. According to MSDN, these are well-seeded CSPRNGs (FIPS 186-2
|
|
or AES-CTR), so will be non-blocking.
|
|
|
|
* EGD / PRNGD.
|
|
|
|
This looks for sockets that speak the at http://egd.sourceforge.net/
|
|
protocol, including at http://prngd.sourceforge.net/. These are userspace
|
|
entropy daemons that are commonly used by OpenSSL, OpenSSH, and GnuGP. The
|
|
locations searched are '/var/run/egd-pool', '/dev/egd-pool',
|
|
'/etc/egd-pool', and '/etc/entropy'. EGD is blocking, while PRNGD is
|
|
non-blocking (like the Win32 API, it is really a seeded CSPRNG). However
|
|
there is no way to tell them apart, so we treat it as blocking. If your O/S
|
|
supports /dev/random, consider at http://www.issihosts.com/haveged/ as an
|
|
alternative (a system daemon that refills /dev/random as needed).
|
|
|
|
* /dev/random.
|
|
|
|
The strong source of randomness on most UNIX-like systems. Cygwin uses
|
|
this, though it maps to the Win32 API. On almost all systems this is a
|
|
blocking source of randomness -- if it runs out of estimated entropy, it
|
|
will hang until more has come into the system. If this is an issue, which
|
|
it often is on embedded devices, running a tool such as at
|
|
http://www.issihosts.com/haveged/ will help immensely.
|
|
|
|
* /dev/urandom.
|
|
|
|
A nonblocking source of randomness that we label as weak, since it will
|
|
continue providing output even if the actual entropy has been exhausted.
|
|
|
|
* TESHA2.
|
|
|
|
Crypt::Random::TESHA2 is a Perl module that generates random bytes from an
|
|
entropy pool fed with timer/scheduler variations. Measurements and tests
|
|
are performed on installation to determine whether the source is considered
|
|
strong or weak. This is entirely in portable userspace, which is good for
|
|
ease of use, but really requires user verification that it is working as
|
|
expected if we expect it to be strong. The concept is similar to
|
|
Math::TrulyRandom though updated to something closer to what TrueRand 2.1
|
|
does vs. the obsolete version 1 that Math::TrulyRandom implements. It is
|
|
very slow and has wide speed variability across platforms : I've seen
|
|
numbers ranging from 40 to 150,000 bits per second.
|
|
|
|
A source can also be supplied in the constructor. Each of these sources
|
|
will have its debatable points about perceived strength. E.g. Why is
|
|
/dev/urandom considered weak while Win32 is strong? Can any userspace
|
|
method such as TrueRand or TESHA2 be considered strong?
|
|
|
|
%prep
|
|
%autosetup -n %{cpan_name}-%{cpan_version}
|
|
|
|
%build
|
|
perl Makefile.PL INSTALLDIRS=vendor
|
|
%make_build
|
|
|
|
%check
|
|
make test
|
|
|
|
%install
|
|
%perl_make_install
|
|
%perl_process_packlist
|
|
%perl_gen_filelist
|
|
|
|
%files -f %{name}.files
|
|
%doc Changes examples README TODO
|
|
%license LICENSE
|
|
|
|
%changelog
|