pool/haveged
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 233562 from security

Browse Source 
- Disable randomly failing ENT test bnc#876674
- Added patches:
  * haveged-conditional-enttest.patch

- Threads seem not to fix the random testsuite fail.

- Fix "stop" of service, the daemon in foreground actually 
 exits with a weird exit code. workaround this misbehaviour
 in the service file.

- revert to non-forking service, "forking" services are racy
  and provided by systemd purely for compatibility with old daemons.
  see daemon(7) for the rationale. Only "simple" (default) and 
  "notify" services must be used if possible.
- Also, there is no haveged.conf around, neither such file
  is parsed by the daemon at all.
- Start the daemon as soon as the random device is available with
  the help of udev, as starting services while starved of entropy 
  is no good.

OBS-URL: https://build.opensuse.org/request/show/233562
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haveged?expand=0&rev=39
This commit is contained in:
Stephan Kulow 2014-05-14 08:26:09 +00:00 committed by Git OBS Bridge
commit 4aa9fcbf31
5 changed files with 74 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
90-haveged.rules Normal file
View File

@ -0,0 +1,2 @@
ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"

24
haveged-conditional-enttest.patch Normal file
View File

@ -0,0 +1,24 @@
diff -urN haveged-1.9.1/configure.ac haveged-1.9.1.new/configure.ac
--- haveged-1.9.1/configure.ac 2014-02-11 16:06:58.000000000 +0100
+++ haveged-1.9.1.new/configure.ac 2014-05-12 12:57:40.111268914 +0200
@@ -60,6 +60,11 @@
AS_HELP_STRING([--enable-nistest=[no/yes]],[Run NIST test suite [default=no]]),
, enable_nistest="no")
+## Make ent self-test configurable
+AC_ARG_ENABLE(enttest,
+ AS_HELP_STRING([--enable-enttest=[no/yes]],[Run ENT test suite [default=yes]]),
+ , enable_enttest="yes")
+
## Make self test features configurable
AC_ARG_ENABLE(olt,
AS_HELP_STRING([--enable-olt=[yes/no]],[Enable online tests [default=yes]]),
@@ -225,7 +230,7 @@
AM_CONDITIONAL(ENABLE_SYSTEMD, test "$init_type" = "systemd")
AM_CONDITIONAL(ENABLE_SYSTEMD_LOOKUP, test "$enable_initdir" = "?")
AM_CONDITIONAL(ENABLE_NOINIT, test "$init_type" = "none")
-AM_CONDITIONAL(ENABLE_ENT_TEST, test "yes" = "yes")
+AM_CONDITIONAL(ENABLE_ENT_TEST, test "$enable_enttest" = "yes")
AM_CONDITIONAL(ENABLE_NIST_TEST, test "$enable_nistest" = "yes")
## Set hardware dependent define for the build

34
haveged.changes
View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Mon May 12 10:55:20 UTC 2014 - tchvatal@suse.com
- Disable randomly failing ENT test bnc#876674
- Added patches:
* haveged-conditional-enttest.patch
-------------------------------------------------------------------
Mon May 12 10:49:09 UTC 2014 - tchvatal@suse.com
- Threads seem not to fix the random testsuite fail.
-------------------------------------------------------------------
Sat May 10 03:40:03 UTC 2014 - crrodriguez@opensuse.org
- Fix "stop" of service, the daemon in foreground actually
exits with a weird exit code. workaround this misbehaviour
in the service file.
-------------------------------------------------------------------
Sat May 10 02:34:26 UTC 2014 - crrodriguez@opensuse.org
- revert to non-forking service, "forking" services are racy
and provided by systemd purely for compatibility with old daemons.
see daemon(7) for the rationale. Only "simple" (default) and
"notify" services must be used if possible.
- Also, there is no haveged.conf around, neither such file
is parsed by the daemon at all.
- Start the daemon as soon as the random device is available with
the help of udev, as starting services while starved of entropy
is no good.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 7 09:12:26 UTC 2014 - tchvatal@suse.com Wed May 7 09:12:26 UTC 2014 - tchvatal@suse.com

6
haveged.service
View File

@ -3,12 +3,10 @@ Description=Entropy Daemon based on the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/ Documentation=man:haveged(8) http://www.issihosts.com/haveged/
[Service] [Service]
Type=forking ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F
EnvironmentFile=/etc/haveged.conf
PIDFile=/run/haveged.pid
ExecStart=/usr/sbin/haveged -w 1024 -v 0 -p /run/haveged.pid
CapabilityBoundingSet=CAP_SYS_ADMIN CapabilityBoundingSet=CAP_SYS_ADMIN
PrivateNetwork=yes PrivateNetwork=yes
SuccessExitStatus=137 143
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

15
haveged.spec
View File

@ -25,11 +25,15 @@ Group: System/Daemons
Url: http://www.issihosts.com/haveged/ Url: http://www.issihosts.com/haveged/
Source0: http://www.issihosts.com/haveged/%{name}-%{version}.tar.gz Source0: http://www.issihosts.com/haveged/%{name}-%{version}.tar.gz
Source2: %{name}.service Source2: %{name}.service
Source3: 90-haveged.rules
Patch0: ppc64le.patch Patch0: ppc64le.patch
# PATCH-FIX-UPSTREAM: ent tests randomly fail so make them conditional tchvatal@suse.cz bnc#876674
Patch1: haveged-conditional-enttest.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(udev)
Enhances: apache2 Enhances: apache2
Enhances: gpg2 Enhances: gpg2
Enhances: openssl Enhances: openssl
@ -38,6 +42,7 @@ Enhances: php5
Enhances: smtp_daemon Enhances: smtp_daemon
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires} %{?systemd_requires}
%{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir udev)/rules.d }
%description %description
The haveged daemon feeds the linux entropy pool with random The haveged daemon feeds the linux entropy pool with random
@ -68,15 +73,16 @@ algorithm and supporting features.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
autoreconf -fvi %patch1 -p1
%build %build
autoreconf -fvi
export CFLAGS="%{optflags} -fpie" export CFLAGS="%{optflags} -fpie"
export LDFLAGS="-Wl,-z,relro,-z,now -pie" export LDFLAGS="-Wl,-z,relro,-z,now -pie"
# Threads seem broken # ENT randomly fails so disable the test
%configure \ %configure \
--disable-static \ --disable-static \
--disable-threads \ --disable-enttest \
--enable-nistest \ --enable-nistest \
--enable-daemon \ --enable-daemon \
--enable-clock_gettime --enable-clock_gettime
@ -95,10 +101,12 @@ make %{?_smp_mflags} check
%install %install
make DESTDIR=%{buildroot} install %{?_smp_mflags} make DESTDIR=%{buildroot} install %{?_smp_mflags}
install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
install -D -m0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/90-haveged.rules
rm -f %{buildroot}%{_libdir}/libhavege.*a rm -f %{buildroot}%{_libdir}/libhavege.*a
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%post %post
%{?udev_rules_update:%udev_rules_update}
%service_add_post %{name}.service %service_add_post %{name}.service
%postun %postun
@ -121,6 +129,7 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%{_sbindir}/%{name} %{_sbindir}/%{name}
%doc %{_mandir}/man8/%{name}.8* %doc %{_mandir}/man8/%{name}.8*
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
%{_udevrulesdir}/90-haveged.rules
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)