Accepting request 286508 from home:msmeissn:branches:security

- haveged-dracut.module: include haveged into the initrd for
  randomness generation.
- haveged.service: adjust so it is started before journald
  and also make sure it is shutdown quite late.
- regenerate initrd on installation.

OBS-URL: https://build.opensuse.org/request/show/286508
OBS-URL: https://build.opensuse.org/package/show/security/haveged?expand=0&rev=100

haveged-dracut.module

@@ -0,0 +1,19 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# called by dracut
+depends() {
+    return 0
+}
+
+installkernel() {
+    return 0
+}
+
+# called by dracut
+install() {
+    inst_multiple -o \
+        /usr/sbin/haveged \
+        $systemdsystemunitdir/haveged.service
+}

haveged.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Feb 17 12:53:42 UTC 2015 - meissner@suse.com
+
+- haveged-dracut.module: include haveged into the initrd for
+  randomness generation.
+- haveged.service: adjust so it is started before journald
+  and also make sure it is shutdown quite late.
+- regenerate initrd on installation.
+
 -------------------------------------------------------------------
 Fri Aug 29 07:23:34 UTC 2014 - tchvatal@suse.com
 

haveged.service

@@ -3,9 +3,9 @@ Description=Entropy Daemon based on the HAVEGE algorithm
 Documentation=man:haveged(8) http://www.issihosts.com/haveged/
 DefaultDependencies=no
 ConditionVirtualization=!container
-Conflicts=shutdown.target
+#Conflicts=shutdown.target
 After=systemd-random-seed.service
-Before=sysinit.target shutdown.target
+Before=sysinit.target shutdown.target systemd-journald.service
 
 [Service]
 ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F

haveged.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package haveged
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,6 +26,7 @@ Url:            http://www.issihosts.com/haveged/
 Source0:        http://www.issihosts.com/haveged/%{name}-%{version}.tar.gz
 Source2:        %{name}.service
 Source3:        90-haveged.rules
+Source4:        haveged-dracut.module
 Patch0:         ppc64le.patch
 # PATCH-FIX-UPSTREAM: ent tests randomly fail so make them conditional tchvatal@suse.cz bnc#876674
 Patch1:         haveged-conditional-enttest.patch
@@ -40,6 +41,7 @@ Enhances:       openssl
 Enhances:       openvpn
 Enhances:       php5
 Enhances:       smtp_daemon
+Enhances:       systemd
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{?systemd_requires}
 %{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir udev)/rules.d }
@@ -105,12 +107,20 @@ install -D -m0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/90-haveged.rules
 rm -f %{buildroot}%{_libdir}/libhavege.*a
 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 
+install -d -m0755 %{buildroot}/usr/lib/dracut/modules.d/98haveged
+install -m0644 %{SOURCE4} %{buildroot}/usr/lib/dracut/modules.d/98haveged/modules-setup.sh
+
 %post
 %{?udev_rules_update:%udev_rules_update}
 %service_add_post %{name}.service
+%{?regenerate_initrd_post}
 
 %postun
 %service_del_postun %{name}.service
+%{?regenerate_initrd_post}
+
+%posttrans
+%{?regenerate_initrd_posttrans}
 
 %pre
 %service_add_pre %{name}.service
@@ -130,6 +140,10 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 %doc %{_mandir}/man8/%{name}.8*
 %{_unitdir}/%{name}.service
 %{_udevrulesdir}/90-haveged.rules
+%dir /usr/lib/dracut
+%dir /usr/lib/dracut/modules.d
+%dir /usr/lib/dracut/modules.d/98haveged
+/usr/lib/dracut/modules.d/98haveged/modules-setup.sh
 
 %files devel
 %defattr(-,root,root)