pool/haveged
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 49430 from security

Browse Source 
Copy from security/haveged based on submit request 49430 from user elvigia

OBS-URL: https://build.opensuse.org/request/show/49430
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haveged?expand=0&rev=1
This commit is contained in:
OBS User autobuild 2010-10-02 00:11:18 +00:00 committed by Git OBS Bridge
commit 7be6390a5a
8 changed files with 418 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

68
haveged-0.9-cloexec.patch Normal file
View File

@ -0,0 +1,68 @@
Index: src/haveged.c
===================================================================
--- src/haveged.c.orig 2009-09-02 18:58:14.000000000 +0200
+++ src/haveged.c 2010-07-26 17:14:35.334236000 +0200
@@ -83,7 +83,7 @@ void daemonize(struct hperf *perf)
signal(SIGTERM, tidy_exit);
if (daemon(0, 0) == -1)
error_exit("Cannot fork into the background");
- fh = fopen(params->pid_file, "w");
+ fh = fopen(params->pid_file, "we");
if (!fh)
error_exit("Couldn't open PID file \"%s\" for writing: %m.", params->pid_file);
fprintf(fh, "%i", getpid());
@@ -147,12 +147,12 @@ int get_poolsize()
int max_bits,major,minor;
if (params->run_level==0) {
- poolsize_fh = fopen(params->poolsize, "rb");
+ poolsize_fh = fopen(params->poolsize, "rbe");
if (poolsize_fh) {
if (fscanf(poolsize_fh, "%d", &max_bits)!=1)
max_bits = -1;
fclose(poolsize_fh);
- osrel_fh = fopen(params->os_rel, "rb");
+ osrel_fh = fopen(params->os_rel, "rbe");
if (osrel_fh) {
if (fscanf(osrel_fh,"%d.%d", &major, &minor)<2)
major = minor = 0;
@@ -263,7 +263,7 @@ void run(int poolsize, struct rand_pool_
daemonize(perf);
if (params->low_water>0)
set_watermark(params->low_water);
- random_fd = open(params->random_device, O_RDWR);
+ random_fd = open(params->random_device, O_RDWR | O_CLOEXEC);
if (random_fd == -1)
error_exit("Couldn't open random device: %m");
break;
@@ -272,7 +272,7 @@ void run(int poolsize, struct rand_pool_
return;
default:
ct = params->sample_size*1024;
- if (!(fout = fopen (params->sample_out, "wb")))
+ if (!(fout = fopen (params->sample_out, "wbe")))
error_exit("Cannot open file <%s> for writing.\n", params->sample_out);
fprintf(stderr, "Writing %d byte sample\n",ct);
}
@@ -334,7 +334,7 @@ void set_watermark(int level)
{
FILE *wm_fh;
- wm_fh = fopen(params->watermark, "w");
+ wm_fh = fopen(params->watermark, "we");
if (wm_fh) {
fprintf(wm_fh, "%d\n", level);
fclose(wm_fh);
Index: configure.ac
===================================================================
--- configure.ac.orig 2009-09-02 01:22:33.000000000 +0200
+++ configure.ac 2010-07-26 17:20:58.745701000 +0200
@@ -8,7 +8,7 @@ AC_CONFIG_AUX_DIR(config)
AC_CONFIG_HEADER([config.h])
AM_INIT_AUTOMAKE
AC_CONFIG_SRCDIR([/src/haveged.c])
-
+AC_USE_SYSTEM_EXTENSIONS
## Make nist self-test configurable
AC_ARG_ENABLE(nistest, AS_HELP_STRING([--enable-nistest=[no/yes]],[Run NIST test suite [default=no]]),, enable_nistest="no")
if test "x$enable_nistest" = "xyes"; then

3
haveged-0.9.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b94fdb1c0891aaf8b7a00faa0b426e1a6c93a0665c60cd8db510ca4d87ea834d
size 166681

58
haveged-capabilties.patch Normal file
View File

@ -0,0 +1,58 @@
--- configure.ac.orig 2010-09-24 18:13:42.282707000 +0200
+++ configure.ac 2010-09-24 18:13:42.311704000 +0200
@@ -68,7 +68,7 @@ AC_FUNC_MALLOC
AC_FUNC_SELECT_ARGTYPES
AC_TYPE_SIGNAL
AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt])
-
+LIBCAP_NG_PATH
# Sets hardware depedent define for the build
AC_SUBST(HA_CPPFLAGS,$HA_CPPFLAGS)
--- src/Makefile.am.orig 2009-09-01 22:45:25.000000000 +0200
+++ src/Makefile.am 2010-09-24 18:13:42.319719000 +0200
@@ -4,5 +4,5 @@ AM_CFLAGS=-Wall
AM_CPPFLAGS = @HA_CPPFLAGS@
haveged_SOURCES = haveged.c havege.c havegedef.h haveged.h havege.h oneiteration.h loopbody.h
-
+haveged_LDADD = @CAPNG_LDADD@
MAINTAINERCLEANFILES = Makefile.in
--- src/haveged.c.orig 2010-09-24 18:13:42.276714000 +0200
+++ src/haveged.c 2010-09-24 18:14:41.605757000 +0200
@@ -16,6 +16,11 @@
** You should have received a copy of the GNU General Public License
** along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdlib.h>
#include <stdio.h>
#include <math.h>
@@ -37,6 +42,10 @@
#include <linux/random.h>
#include <errno.h>
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
+
#include "havege.h"
/**
* Parameters
@@ -170,6 +179,12 @@ int get_poolsize()
*/
int main(int argc, char **argv)
{
+#ifdef HAVE_LIBCAP_NG
+ /* Drop capabilities */
+ capng_clear(CAPNG_SELECT_BOTH);
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif
static const char* cmds[] = {
"d", "data", "1", "Data cache size [KB]",
"i", "inst", "1", "Instruction cache size [KB]",

53
haveged.changes Normal file
View File

@ -0,0 +1,53 @@
-------------------------------------------------------------------
Fri Sep 24 16:14:20 UTC 2010 - cristian.rodriguez@opensuse.org
- Drop as much capabilitites as possible using libcap-ng
-------------------------------------------------------------------
Sat Jul 31 23:55:20 UTC 2010 - cristian.rodriguez@opensuse.org
- I meant Enhances not Supplements
-------------------------------------------------------------------
Fri Jul 30 22:18:23 UTC 2010 - cristian.rodriguez@opensuse.org
- Implement hack to start by default only in VMs
-------------------------------------------------------------------
Tue Jul 27 22:02:20 UTC 2010 - cristian.rodriguez@opensuse.org
- Run the complete test suite (for the paranoid)
- use O_CLOEXEC on fds
-------------------------------------------------------------------
Tue Jul 20 21:27:49 UTC 2010 - cristian.rodriguez@opensuse.org
- enable daemon by default
- add a few Supplements so the it gets installed automatically.
-------------------------------------------------------------------
Sun Jul 18 21:25:16 UTC 2010 - cristian.rodriguez@opensuse.org
- add proper Requires(pre)
-------------------------------------------------------------------
Fri Jul 16 17:30:31 UTC 2010 - cristian.rodriguez@opensuse.org
- build with no optimization, there are reports saying it
may crash with -O1 like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563938
-------------------------------------------------------------------
Thu Jul 15 17:37:11 UTC 2010 - cristian.rodriguez@opensuse.org
- move deamon to /sbin
- tune the spec file
- add a SUSE standard init script
-------------------------------------------------------------------
Fri May 28 14:03:54 CEST 2010 - meissner@suse.de
- haveged 0.9
Gather entropy by doing calculation and looking
at secondary high resolution processor information
(tsc, cache misses etc.)

113
haveged.init Normal file
View File

@ -0,0 +1,113 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: haveged
# Required-Start: $syslog $local_fs
# Required-Stop: $syslog $local_fs
# Default-Start: 2 3 5
# Default-Stop:
# Short-Description: Daemon to feed entropy into /dev/urandom
# Description: The haveged daemon uses the timing variations that occur in executing a fixed loop
# to generate random numbers that are fed into the random pool.
### END INIT INFO
HAVEGED_BIN=/sbin/haveged
HAVEGED_PARAMS="-w 1024 -v 1"
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
. /etc/rc.status
# First reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - misc error
# 2 - invalid or excess args
# 3 - unimplemented feature (e.g. reload)
# 4 - insufficient privilege
# 5 - program not installed
# 6 - program not configured
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
case "$1" in
start)
echo -n "Starting haveged daemon "
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
# startproc should return 0, even if service is
# already running to match LSB spec.
startproc $HAVEGED_BIN $HAVEGED_PARAMS
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down haveged daemon "
killproc -TERM $HAVEGED_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart | force-reload)
$0 stop
$0 start
;;
reload)
## Like force-reload, but if daemon does not support
## signaling, do nothing (!)
rc_failed 3
rc_status -v
;;
status)
echo -n "Checking for haveged daemon "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc $HAVEGED_BIN
rc_status -v
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 1
;;
esac
rc_exit
# vim: set sw=4 ts=4 et:

99
haveged.spec Normal file
View File

@ -0,0 +1,99 @@
#
# spec file for package haveged (Version 0.9)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: haveged
Version: 0.9
Release: 1
License: GPLv3
Group: System/Daemons
Summary: Feed entropy into random pool
Url: http://www.issihosts.com/haveged/
Source0: http://www.issihosts.com/haveged/haveged-%{version}.tar.bz2
Source1: haveged.init
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires(pre): %insserv_prereq
Requires(post): grep util-linux
Enhances: openssl gpg2 php5 apache2 openvpn smtp_daemon
Patch: haveged-0.9-cloexec.patch
Patch1: haveged-capabilties.patch
BuildRequires: libcap-ng-devel
%description
The haveged daemon feeds the linux entropy pool with random
numbers generated from hidden processor state.
For more informations see http://www.issihosts.com/haveged/
%prep
%setup -q
%patch
%patch1
%build
autoreconf -fiv
CFLAGS="$RPM_OPT_FLAGS -O0"
%configure --with-libcap-ng=yes --sbindir=/sbin --enable-nistest=yes
make %{?smp_flags}
%check
make %{?smp_flags} check
%install
make DESTDIR=$RPM_BUILD_ROOT install
%{__install} -m0755 %{S:1} %{buildroot}/etc/init.d/haveged
%{__mkdir_p} %{buildroot}%{_sbindir}
%{__ln_s} -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
%clean
rm -rf $RPM_BUILD_ROOT
%post
## brace for impact...
%if 0%{?sles_version}
if [ -x /usr/bin/lscpu ]; then
if /usr/bin/lscpu | grep -q "Virtualization type" ; then
## Is a VM
%{fillup_and_insserv -fy %{name}}
else
## it isnt.
%{fillup_and_insserv -f %{name}}
fi
else
##there is no lscpu! shouldnt happend...
%{fillup_and_insserv -f %{name}}
fi
%else
%{fillup_and_insserv -fy %{name}}
%endif
%postun
%restart_on_update %{name}
%{insserv_cleanup}
%preun
%stop_on_removal %{name}
%files
%defattr(-,root,root)
%{_sbindir}/rc%{name}
/sbin/haveged
%config /etc/init.d/haveged
%{_mandir}/man8/haveged.8.gz
%changelog