diff --git a/90-haveged.rules b/90-haveged.rules new file mode 100644 index 0000000..a5df8a5 --- /dev/null +++ b/90-haveged.rules @@ -0,0 +1,2 @@ +ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service" + diff --git a/haveged-dracut.module b/haveged-dracut.module new file mode 100644 index 0000000..d2bdb78 --- /dev/null +++ b/haveged-dracut.module @@ -0,0 +1,25 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +# called by dracut +depends() { + return 0 +} + +installkernel() { + return 0 +} + +# called by dracut +install() { + inst_multiple -o \ + /usr/sbin/haveged \ + $systemdsystemunitdir/haveged.service \ + $systemdsystemunitdir/haveged-switch-root.service + mkdir -p "$initdir/$systemdsystemunitdir/sysinit.target.wants" + mkdir -p "$initdir/$systemdsystemunitdir/initrd-switch-root.target.wants" + mkdir -p "$initdir/$systemdsystemunitdir/systemd-journald.service.wants" + ln_r "$systemdsystemunitdir/haveged.service" "$systemdsystemunitdir/systemd-journald.service.wants/haveged.service" + ln_r "$systemdsystemunitdir/haveged-switch-root.service" "$systemdsystemunitdir/initrd-switch-root.target.wants/haveged-switch-root.service" +} diff --git a/haveged-switch-root.service b/haveged-switch-root.service new file mode 100644 index 0000000..89438e9 --- /dev/null +++ b/haveged-switch-root.service @@ -0,0 +1,17 @@ +[Unit] +Description=Tell haveged about new root +DefaultDependencies=no +ConditionPathExists=/etc/initrd-release +Before=initrd-switch-root.service +JoinsNamespaceOf=haveged.service + +[Service] +ExecStart=-/usr/sbin/haveged -c root=/sysroot +PrivateNetwork=yes +Type=oneshot +StandardInput=null +StandardOutput=null +StandardError=null + +[Install] +WantedBy=initrd-switch-root.target diff --git a/haveged.changes b/haveged.changes index 8a2e574..6cb7eee 100644 --- a/haveged.changes +++ b/haveged.changes @@ -1,11 +1,3 @@ -------------------------------------------------------------------- -Mon Oct 11 13:26:52 UTC 2021 - Cristian Rodríguez - -- Improvements on the linux kernel random subsystem have made - the haveged service/daemon obsolete, remove the service files, - initrd modules and udev rules, the other components - are still useful. - ------------------------------------------------------------------- Mon Jan 4 08:28:40 UTC 2021 - Paolo Stivanin diff --git a/haveged.service b/haveged.service new file mode 100644 index 0000000..7b0b04f --- /dev/null +++ b/haveged.service @@ -0,0 +1,19 @@ +[Unit] +Description=Entropy Daemon based on the HAVEGE algorithm +Documentation=man:haveged(8) http://www.issihosts.com/haveged/ +DefaultDependencies=no +ConditionVirtualization=!container +#Conflicts=shutdown.target +# Don't wait for systemd-random-seed.service, leads to deadlock with fips=1 +#After=systemd-random-seed.service +Before=sysinit.target shutdown.target systemd-journald.service + +[Service] +ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT +PrivateNetwork=yes +Restart=always +SuccessExitStatus=137 143 + +[Install] +WantedBy=sysinit.target diff --git a/haveged.spec b/haveged.spec index d6f0393..79ecabb 100644 --- a/haveged.spec +++ b/haveged.spec @@ -25,6 +25,10 @@ License: GPL-3.0-only Group: System/Daemons URL: https://github.com/jirka-h/haveged Source0: https://github.com/jirka-h/haveged/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source2: %{name}.service +Source3: 90-haveged.rules +Source4: haveged-dracut.module +Source5: %{name}-switch-root.service Patch0: ppc64le.patch # PATCH-FIX-UPSTREAM: don't write to syslog at startup to avoid deadlocks psimons@suse.com bnc#959237 Patch2: haveged-no-syslog.patch @@ -35,7 +39,14 @@ BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(udev) Requires(post): coreutils -Requires(postun):coreutils +Requires(postun): coreutils +Enhances: apache2 +Enhances: gpg2 +Enhances: openssl +Enhances: openvpn +Enhances: php5 +Enhances: smtp_daemon +Enhances: systemd %{?systemd_requires} %description @@ -76,6 +87,7 @@ export LDFLAGS="-Wl,-z,relro,-z,now -pie" --disable-static \ --disable-enttest \ --enable-nistest \ + --enable-daemon \ --enable-clock_gettime make %{?_smp_mflags} @@ -91,15 +103,54 @@ make %{?_smp_mflags} check %install %make_install +install -Dpm 0644 %{SOURCE2} \ + %{buildroot}%{_unitdir}/%{name}.service +install -Dpm 0644 %{SOURCE3} \ + %{buildroot}%{_udevrulesdir}/90-%{name}.rules +install -Dpm 0644 %{SOURCE5} \ + %{buildroot}%{_unitdir}/%{name}-switch-root.service +install -Dpm 0755 %{SOURCE4} \ + %{buildroot}%{_prefix}/lib/dracut/modules.d/98%{name}/module-setup.sh rm -f %{buildroot}%{_libdir}/libhavege.*a +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} + +%post +%{?udev_rules_update:%udev_rules_update} +%service_add_post %{name}.service +%service_add_post %{name}-switch-root.service +%{?regenerate_initrd_post} + +%postun +%service_del_postun %{name}.service +%service_del_postun %{name}-switch-root.service +%{?regenerate_initrd_post} + +%posttrans +%{?regenerate_initrd_posttrans} + +%pre +%service_add_pre %{name}.service +%service_add_pre %{name}-switch-root.service + +%preun +%service_del_preun %{name}.service +%service_del_preun %{name}-switch-root.service %post -n libhavege2 -p /sbin/ldconfig %postun -n libhavege2 -p /sbin/ldconfig %files %license COPYING +%{_sbindir}/rc%{name} %{_sbindir}/%{name} %{_mandir}/man8/%{name}.8%{?ext_man} +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}-switch-root.service +%{_udevrulesdir}/90-%{name}.rules +%dir %{_prefix}/lib/dracut +%dir %{_prefix}/lib/dracut/modules.d +%dir %{_prefix}/lib/dracut/modules.d/98%{name} +%{_prefix}/lib/dracut/modules.d/98%{name}/module-setup.sh %files devel %license COPYING