- Remove haveged-once.service.

Service is no longer required exactly as of version 1.9.19, because the fix for it was merged upstream (synchronize haveged instances during switch root). - Revert a change in haveged-dracut.module, as haveged should be required by systemd-journald.service, not sysinit.target. OBS-URL: https://build.opensuse.org/package/show/security/haveged?expand=0&rev=152
2024-10-30 11:55:03 +00:00 · 2024-10-30 11:55:03 +00:00 · f4e1452fd8
commit f4e1452fd8
parent f3e5d1945b
4 changed files with 18 additions and 43 deletions
--- a/haveged-dracut.module
+++ b/haveged-dracut.module
@ -15,6 +15,6 @@ installkernel() {
 # called by dracut
 install() {
    inst_multiple -o /usr/sbin/haveged $systemdsystemunitdir/haveged-once.service
-    mkdir -p "$initdir/$systemdsystemunitdir/sysinit.target.wants"
-    ln_r "$systemdsystemunitdir/haveged-once.service" "$systemdsystemunitdir/sysinit.target.wants/haveged-once.service"
+    mkdir -p "$initdir/$systemdsystemunitdir/systemd-journald.service.wants"
+    ln_r "$systemdsystemunitdir/haveged-once.service" "$systemdsystemunitdir/systemd-journald.service.wants/haveged-once.service"
 }
--- a/haveged-once.service
+++ b/haveged-once.service
@ -1,28 +0,0 @@
-[Unit]
-Description=Entropy Daemon based on the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-ConditionVirtualization=!container
-
-[Service]
-Type=oneshot
-ExecStart=/usr/sbin/haveged -w 1024 -v 1 -F --once
-SuccessExitStatus=137 143
-
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
-PrivateNetwork=yes
-SecureBits=noroot-locked
-# Don't set PrivateTmp=true as it can cause an ordering cycle
-PrivateTmp=false
-
-# added automatically, for details please see
-# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
-ProtectSystem=full
-ProtectHome=true
-PrivateDevices=true
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-RestrictRealtime=true
-# end of automatic additions 
--- a/haveged.changes
+++ b/haveged.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Oct 30 11:39:54 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
+
+- Remove haveged-once.service.
+  Service is no longer required exactly as of version 1.9.19, because
+  the fix for it was merged upstream (synchronize haveged instances
+  during switch root).
+- Revert a change in haveged-dracut.module, as haveged should be
+  required by systemd-journald.service, not sysinit.target.
+
 -------------------------------------------------------------------
 Tue Oct 29 18:28:04 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>

--- a/haveged.spec
+++ b/haveged.spec
@ -25,10 +25,9 @@ License:        GPL-3.0-only
 Group:          System/Daemons
 URL:            https://github.com/jirka-h/haveged
 Source0:        https://github.com/jirka-h/haveged/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source2:        %{name}.service
-Source3:        %{name}-once.service
-Source4:        90-haveged.rules
-Source5:        haveged-dracut.module
+Source1:        %{name}.service
+Source2:        90-haveged.rules
+Source3:        haveged-dracut.module
 Patch0:         ppc64le.patch
 # PATCH-FIX-UPSTREAM: don't write to syslog at startup to avoid deadlocks psimons@suse.com bnc#959237
 Patch2:         haveged-no-syslog.patch
@ -104,22 +103,19 @@ make %{?_smp_mflags} check

 %install
 %make_install
-install -Dpm 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
-install -Dpm 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}-once.service
-install -Dpm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/90-%{name}.rules
-install -Dpm 0755 %{SOURCE5} %{buildroot}%{_prefix}/lib/dracut/modules.d/98%{name}/module-setup.sh
+install -Dpm 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
+install -Dpm 0644 %{SOURCE2} %{buildroot}%{_udevrulesdir}/90-%{name}.rules
+install -Dpm 0755 %{SOURCE3} %{buildroot}%{_prefix}/lib/dracut/modules.d/98%{name}/module-setup.sh
 rm -f %{buildroot}%{_libdir}/libhavege.*a
 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

 %post
 %{?udev_rules_update:%udev_rules_update}
 %service_add_post %{name}.service
-%service_add_post %{name}-once.service
 %{?regenerate_initrd_post}

 %postun
 %service_del_postun %{name}.service
-%service_del_postun %{name}-once.service
 %{?regenerate_initrd_post}

 %posttrans
@ -127,11 +123,9 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}

 %pre
 %service_add_pre %{name}.service
-%service_add_pre %{name}-once.service

 %preun
 %service_del_preun %{name}.service
-%service_del_preun %{name}-once.service

 %post -n libhavege2 -p /sbin/ldconfig
 %postun -n libhavege2 -p /sbin/ldconfig
@ -142,7 +136,6 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 %{_sbindir}/%{name}
 %{_mandir}/man8/%{name}.8%{?ext_man}
 %{_unitdir}/%{name}.service
-%{_unitdir}/%{name}-once.service
 %{_udevrulesdir}/90-%{name}.rules
 %dir %{_prefix}/lib/dracut
 %dir %{_prefix}/lib/dracut/modules.d