Accepting request 233306 from home:elvigia:branches:security

- Fix "stop" of service, the daemon in foreground actually exits with a weird exit code. workaround this misbehaviour in the service file. - revert to non-forking service, "forking" services are racy and provided by systemd purely for compatibility with old daemons. see daemon(7) for the rationale. Only "simple" (default) and "notify" services must be used if possible. - Also, there is no haveged.conf around, neither such file is parsed by the daemon at all. - Start the daemon as soon as the random device is available with the help of udev, as starting services while starved of entropy is no good. OBS-URL: https://build.opensuse.org/request/show/233306 OBS-URL: https://build.opensuse.org/package/show/security/haveged?expand=0&rev=92
2014-05-12 08:39:42 +00:00 · 2014-05-12 08:39:42 +00:00 · 5638d8ef8d
commit 5638d8ef8d
parent d41d862a9d
4 changed files with 33 additions and 5 deletions
--- a/90-haveged.rules
+++ b/90-haveged.rules
@ -0,0 +1,2 @@
+ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
+
--- a/haveged.changes
+++ b/haveged.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Sat May 10 03:40:03 UTC 2014 - crrodriguez@opensuse.org
+
+- Fix "stop" of service, the daemon in foreground actually 
+ exits with a weird exit code. workaround this misbehaviour
+ in the service file.
+
+-------------------------------------------------------------------
+Sat May 10 02:34:26 UTC 2014 - crrodriguez@opensuse.org
+
+- revert to non-forking service, "forking" services are racy
+  and provided by systemd purely for compatibility with old daemons.
+  see daemon(7) for the rationale. Only "simple" (default) and 
+  "notify" services must be used if possible.
+
+- Also, there is no haveged.conf around, neither such file
+  is parsed by the daemon at all.
+
+- Start the daemon as soon as the random device is available with
+  the help of udev, as starting services while starved of entropy 
+  is no good.
+
 -------------------------------------------------------------------
 Wed May  7 09:12:26 UTC 2014 - tchvatal@suse.com

--- a/haveged.service
+++ b/haveged.service
@ -3,12 +3,10 @@ Description=Entropy Daemon based on the HAVEGE algorithm
 Documentation=man:haveged(8) http://www.issihosts.com/haveged/

 [Service]
-Type=forking
-EnvironmentFile=/etc/haveged.conf
-PIDFile=/run/haveged.pid
-ExecStart=/usr/sbin/haveged -w 1024 -v 0 -p /run/haveged.pid
+ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F
 CapabilityBoundingSet=CAP_SYS_ADMIN
 PrivateNetwork=yes
+SuccessExitStatus=137 143

 [Install]
 WantedBy=multi-user.target
--- a/haveged.spec
+++ b/haveged.spec
@ -25,11 +25,13 @@ Group:          System/Daemons
 Url:            http://www.issihosts.com/haveged/
 Source0:        http://www.issihosts.com/haveged/%{name}-%{version}.tar.gz
 Source2:        %{name}.service
+Source3:        90-haveged.rules
 Patch0:         ppc64le.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  pkgconfig(systemd)
+BuildRequires:  pkgconfig(udev)
 Enhances:       apache2
 Enhances:       gpg2
 Enhances:       openssl
@ -38,6 +40,7 @@ Enhances:       php5
 Enhances:       smtp_daemon
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{?systemd_requires}
+%{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir udev)/rules.d }

 %description
 The haveged daemon feeds the linux entropy pool with random
@ -68,9 +71,9 @@ algorithm and supporting features.
 %prep
 %setup -q
 %patch0 -p1
-autoreconf -fvi

 %build
+autoreconf -fvi
 export CFLAGS="%{optflags} -fpie"
 export LDFLAGS="-Wl,-z,relro,-z,now -pie"
 # Threads seem broken
@ -95,10 +98,12 @@ make %{?_smp_mflags} check
 %install
 make DESTDIR=%{buildroot} install %{?_smp_mflags}
 install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
+install -D -m0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/90-haveged.rules
 rm -f %{buildroot}%{_libdir}/libhavege.*a
 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

 %post
+%{?udev_rules_update:%udev_rules_update}
 %service_add_post %{name}.service

 %postun
@ -121,6 +126,7 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 %{_sbindir}/%{name}
 %doc %{_mandir}/man8/%{name}.8*
 %{_unitdir}/%{name}.service
+%{_udevrulesdir}/90-haveged.rules

 %files devel
 %defattr(-,root,root)
				`@ -0,0 +1,2 @@`
				`ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"`