pool/haveged
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Add haveged-no-syslog.patch to remedy the potential for deadlocks

Browse Source 
when booting the system: journald reads from /dev/random, which
  receives entropy from haveged, which in turn logs to syslog
  before providing any. Ideally, haveged would provide a proper
  command-line flag to disable use of syslog. Will work with
  upstream to resolve this in a cleaner way. (bnc#959237)
  
- Remove "After=systemd-random-seed.service" from systemd service
  file to avoid the potential for deadlocks when booting the
  system: systemd-random-seed needs /var to read its previous
  state; mounting /var needs journald; journald needs entropy; and
  entropy is provided by haveged, which needs systemd-random-seed.
  (bnc#959237)

OBS-URL: https://build.opensuse.org/package/show/security/haveged?expand=0&rev=109
This commit is contained in:
Peter Simons 2016-06-17 14:37:51 +00:00 committed by Git OBS Bridge
parent 8de79979ae
commit 8143361db9
4 changed files with 62 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
haveged-no-syslog.patch Normal file
View File

@ -0,0 +1,39 @@
Index: haveged-1.9.1/src/haveged.c
===================================================================
--- haveged-1.9.1.orig/src/haveged.c
+++ haveged-1.9.1/src/haveged.c
@@ -361,8 +361,10 @@ static void daemonize( /* RETURN: no
void) /* IN: nothing */
{
FILE *fh;
+#if 0
openlog(params->daemon, LOG_CONS, LOG_DAEMON);
syslog(LOG_NOTICE, "%s starting up", params->daemon);
+#endif
if (daemon(0, 0) == -1)
error_exit("Cannot fork into the background");
fh = fopen(params->pid_file, "w");
@@ -499,7 +501,9 @@ static void error_exit( /* RETURN: no
#ifndef NO_DAEMON
if (params->detached!=0) {
unlink(params->pid_file);
+#if 0
syslog(LOG_INFO, "%s: %s", params->daemon, buffer);
+#endif
}
else
#endif
@@ -609,11 +613,13 @@ static void print_msg( /* RETURN: no
va_list ap;
va_start(ap, format);
snprintf(buffer, sizeof(buffer), "%s: %s", params->daemon, format);
+#if 0
#ifndef NO_DAEMON
if (params->detached != 0)
vsyslog(LOG_INFO, buffer, ap);
else
#endif
+#endif
vfprintf(stderr, buffer, ap);
va_end(ap);
}

17
haveged.changes
View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Fri Jun 17 14:15:05 UTC 2016 - psimons@suse.com
- Add haveged-no-syslog.patch to remedy the potential for deadlocks
when booting the system: journald reads from /dev/random, which
receives entropy from haveged, which in turn logs to syslog
before providing any. Ideally, haveged would provide a proper
command-line flag to disable use of syslog. Will work with
upstream to resolve this in a cleaner way. (bnc#959237)
- Remove "After=systemd-random-seed.service" from systemd service
file to avoid the potential for deadlocks when booting the
system: systemd-random-seed needs /var to read its previous
state; mounting /var needs journald; journald needs entropy; and
entropy is provided by haveged, which needs systemd-random-seed.
(bnc#959237)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Dec 10 16:20:27 CET 2015 - tiwai@suse.de Thu Dec 10 16:20:27 CET 2015 - tiwai@suse.de

3
haveged.service
View File

@ -4,7 +4,8 @@ Documentation=man:haveged(8) http://www.issihosts.com/haveged/
DefaultDependencies=no DefaultDependencies=no
ConditionVirtualization=!container ConditionVirtualization=!container
#Conflicts=shutdown.target #Conflicts=shutdown.target
After=systemd-random-seed.service # Don't wait for systemd-random-seed.service, leads to deadlock with fips=1
#After=systemd-random-seed.service
Before=sysinit.target shutdown.target systemd-journald.service Before=sysinit.target shutdown.target systemd-journald.service
[Service] [Service]

5
haveged.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package haveged # spec file for package haveged
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -32,6 +32,8 @@ Patch0: ppc64le.patch
Patch1: haveged-conditional-enttest.patch Patch1: haveged-conditional-enttest.patch
# PATCH-FIX-OPENSUSE: ignore clock-gettime enablement on generic architectures # PATCH-FIX-OPENSUSE: ignore clock-gettime enablement on generic architectures
Patch2: fix-enforced-clock-gettime.patch Patch2: fix-enforced-clock-gettime.patch
# PATCH-FIX-UPSTREAM: don't write to syslog at startup to avoid deadlocks psimons@suse.com bnc#959237
Patch3: haveged-no-syslog.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libtool BuildRequires: libtool
@ -81,6 +83,7 @@ algorithm and supporting features.
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 %patch2
%patch3 -p1
%build %build
autoreconf -fvi autoreconf -fvi