Accepting request 233562 from security

- Disable randomly failing ENT test bnc#876674
- Added patches:
  * haveged-conditional-enttest.patch

- Threads seem not to fix the random testsuite fail.

- Fix "stop" of service, the daemon in foreground actually 
 exits with a weird exit code. workaround this misbehaviour
 in the service file.

- revert to non-forking service, "forking" services are racy
  and provided by systemd purely for compatibility with old daemons.
  see daemon(7) for the rationale. Only "simple" (default) and 
  "notify" services must be used if possible.
- Also, there is no haveged.conf around, neither such file
  is parsed by the daemon at all.
- Start the daemon as soon as the random device is available with
  the help of udev, as starting services while starved of entropy 
  is no good.

OBS-URL: https://build.opensuse.org/request/show/233562
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haveged?expand=0&rev=39

90-haveged.rules

@@ -0,0 +1,2 @@
+ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
+

haveged-conditional-enttest.patch

@@ -0,0 +1,24 @@
+diff -urN haveged-1.9.1/configure.ac haveged-1.9.1.new/configure.ac
+--- haveged-1.9.1/configure.ac	2014-02-11 16:06:58.000000000 +0100
++++ haveged-1.9.1.new/configure.ac	2014-05-12 12:57:40.111268914 +0200
+@@ -60,6 +60,11 @@
+    AS_HELP_STRING([--enable-nistest=[no/yes]],[Run NIST test suite [default=no]]),
+    , enable_nistest="no")
+ 
++## Make ent self-test configurable
++AC_ARG_ENABLE(enttest,
++   AS_HELP_STRING([--enable-enttest=[no/yes]],[Run ENT test suite [default=yes]]),
++   , enable_enttest="yes")
++
+ ## Make self test features configurable
+ AC_ARG_ENABLE(olt,
+    AS_HELP_STRING([--enable-olt=[yes/no]],[Enable online tests [default=yes]]),
+@@ -225,7 +230,7 @@
+ AM_CONDITIONAL(ENABLE_SYSTEMD, test "$init_type" = "systemd")
+ AM_CONDITIONAL(ENABLE_SYSTEMD_LOOKUP, test "$enable_initdir" = "?")
+ AM_CONDITIONAL(ENABLE_NOINIT, test "$init_type" = "none")
+-AM_CONDITIONAL(ENABLE_ENT_TEST, test "yes" = "yes")
++AM_CONDITIONAL(ENABLE_ENT_TEST, test "$enable_enttest" = "yes")
+ AM_CONDITIONAL(ENABLE_NIST_TEST, test "$enable_nistest" = "yes")
+ 
+ ## Set hardware dependent define for the build

haveged.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Mon May 12 10:55:20 UTC 2014 - tchvatal@suse.com
+
+- Disable randomly failing ENT test bnc#876674
+- Added patches:
+  * haveged-conditional-enttest.patch
+
+-------------------------------------------------------------------
+Mon May 12 10:49:09 UTC 2014 - tchvatal@suse.com
+
+- Threads seem not to fix the random testsuite fail.
+
+-------------------------------------------------------------------
+Sat May 10 03:40:03 UTC 2014 - crrodriguez@opensuse.org
+
+- Fix "stop" of service, the daemon in foreground actually 
+ exits with a weird exit code. workaround this misbehaviour
+ in the service file.
+
+-------------------------------------------------------------------
+Sat May 10 02:34:26 UTC 2014 - crrodriguez@opensuse.org
+
+- revert to non-forking service, "forking" services are racy
+  and provided by systemd purely for compatibility with old daemons.
+  see daemon(7) for the rationale. Only "simple" (default) and 
+  "notify" services must be used if possible.
+
+- Also, there is no haveged.conf around, neither such file
+  is parsed by the daemon at all.
+
+- Start the daemon as soon as the random device is available with
+  the help of udev, as starting services while starved of entropy 
+  is no good.
+
 -------------------------------------------------------------------
 Wed May  7 09:12:26 UTC 2014 - tchvatal@suse.com
 

haveged.service

@@ -3,12 +3,10 @@ Description=Entropy Daemon based on the HAVEGE algorithm
 Documentation=man:haveged(8) http://www.issihosts.com/haveged/
 
 [Service]
-Type=forking
-EnvironmentFile=/etc/haveged.conf
-PIDFile=/run/haveged.pid
-ExecStart=/usr/sbin/haveged -w 1024 -v 0 -p /run/haveged.pid
+ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F
 CapabilityBoundingSet=CAP_SYS_ADMIN
 PrivateNetwork=yes
+SuccessExitStatus=137 143
 
 [Install]
 WantedBy=multi-user.target

haveged.spec

@@ -25,11 +25,15 @@ Group:          System/Daemons
 Url:            http://www.issihosts.com/haveged/
 Source0:        http://www.issihosts.com/haveged/%{name}-%{version}.tar.gz
 Source2:        %{name}.service
+Source3:        90-haveged.rules
 Patch0:         ppc64le.patch
+# PATCH-FIX-UPSTREAM: ent tests randomly fail so make them conditional tchvatal@suse.cz bnc#876674
+Patch1:         haveged-conditional-enttest.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  pkgconfig(systemd)
+BuildRequires:  pkgconfig(udev)
 Enhances:       apache2
 Enhances:       gpg2
 Enhances:       openssl
@@ -38,6 +42,7 @@ Enhances:       php5
 Enhances:       smtp_daemon
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{?systemd_requires}
+%{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir udev)/rules.d }
 
 %description
 The haveged daemon feeds the linux entropy pool with random
@@ -68,15 +73,16 @@ algorithm and supporting features.
 %prep
 %setup -q
 %patch0 -p1
-autoreconf -fvi
+%patch1 -p1
 
 %build
+autoreconf -fvi
 export CFLAGS="%{optflags} -fpie"
 export LDFLAGS="-Wl,-z,relro,-z,now -pie"
-# Threads seem broken
+# ENT randomly fails so disable the test
 %configure \
     --disable-static \
-    --disable-threads \
+    --disable-enttest \
     --enable-nistest \
     --enable-daemon \
     --enable-clock_gettime
@@ -95,10 +101,12 @@ make %{?_smp_mflags} check
 %install
 make DESTDIR=%{buildroot} install %{?_smp_mflags}
 install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
+install -D -m0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/90-haveged.rules
 rm -f %{buildroot}%{_libdir}/libhavege.*a
 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 
 %post
+%{?udev_rules_update:%udev_rules_update}
 %service_add_post %{name}.service
 
 %postun
@@ -121,6 +129,7 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 %{_sbindir}/%{name}
 %doc %{_mandir}/man8/%{name}.8*
 %{_unitdir}/%{name}.service
+%{_udevrulesdir}/90-haveged.rules
 
 %files devel
 %defattr(-,root,root)