Accepting request 924659 from home:elvigia:branches:security

- Improvements on the linux kernel random subsystem have made 
  the haveged service/daemon obsolete, remove the service files,
  initrd modules and udev rules, the other components
  are still useful.

OBS-URL: https://build.opensuse.org/request/show/924659
OBS-URL: https://build.opensuse.org/package/show/security/haveged?expand=0&rev=135

90-haveged.rules

@@ -1,2 +0,0 @@
-ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
-

haveged-dracut.module

@@ -1,25 +0,0 @@
-#!/bin/bash
-# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
-# ex: ts=8 sw=4 sts=4 et filetype=sh
-
-# called by dracut
-depends() {
-    return 0
-}
-
-installkernel() {
-    return 0
-}
-
-# called by dracut
-install() {
-    inst_multiple -o \
-        /usr/sbin/haveged \
-        $systemdsystemunitdir/haveged.service \
-        $systemdsystemunitdir/haveged-switch-root.service
-    mkdir -p "$initdir/$systemdsystemunitdir/sysinit.target.wants"
-    mkdir -p "$initdir/$systemdsystemunitdir/initrd-switch-root.target.wants"
-    mkdir -p "$initdir/$systemdsystemunitdir/systemd-journald.service.wants"
-    ln_r "$systemdsystemunitdir/haveged.service" "$systemdsystemunitdir/systemd-journald.service.wants/haveged.service"
-    ln_r "$systemdsystemunitdir/haveged-switch-root.service" "$systemdsystemunitdir/initrd-switch-root.target.wants/haveged-switch-root.service"
-}

haveged-switch-root.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Tell haveged about new root
-DefaultDependencies=no
-ConditionPathExists=/etc/initrd-release
-Before=initrd-switch-root.service
-JoinsNamespaceOf=haveged.service
-
-[Service]
-ExecStart=-/usr/sbin/haveged -c root=/sysroot
-PrivateNetwork=yes
-Type=oneshot
-StandardInput=null
-StandardOutput=null
-StandardError=null
-
-[Install]
-WantedBy=initrd-switch-root.target

haveged.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Oct 11 13:26:52 UTC 2021 - Cristian Rodríguez <crrodriguez@opensuse.org>
+
+- Improvements on the linux kernel random subsystem have made 
+  the haveged service/daemon obsolete, remove the service files,
+  initrd modules and udev rules, the other components
+  are still useful.
+
 -------------------------------------------------------------------
 Mon Jan  4 08:28:40 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
 

haveged.service

@@ -1,19 +0,0 @@
-[Unit]
-Description=Entropy Daemon based on the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-DefaultDependencies=no
-ConditionVirtualization=!container
-#Conflicts=shutdown.target
-# Don't wait for systemd-random-seed.service, leads to deadlock with fips=1
-#After=systemd-random-seed.service
-Before=sysinit.target shutdown.target systemd-journald.service
-
-[Service]
-ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
-PrivateNetwork=yes
-Restart=always
-SuccessExitStatus=137 143
-
-[Install]
-WantedBy=sysinit.target

haveged.spec

@@ -25,10 +25,6 @@ License:        GPL-3.0-only
 Group:          System/Daemons
 URL:            https://github.com/jirka-h/haveged
 Source0:        https://github.com/jirka-h/haveged/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source2:        %{name}.service
-Source3:        90-haveged.rules
-Source4:        haveged-dracut.module
-Source5:        %{name}-switch-root.service
 Patch0:         ppc64le.patch
 # PATCH-FIX-UPSTREAM: don't write to syslog at startup to avoid deadlocks psimons@suse.com bnc#959237
 Patch2:         haveged-no-syslog.patch
@@ -39,14 +35,7 @@ BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(systemd)
 BuildRequires:  pkgconfig(udev)
 Requires(post): coreutils
-Requires(postun): coreutils
+Requires(postun):coreutils
-Enhances:       apache2
-Enhances:       gpg2
-Enhances:       openssl
-Enhances:       openvpn
-Enhances:       php5
-Enhances:       smtp_daemon
-Enhances:       systemd
 %{?systemd_requires}
 
 %description
@@ -87,7 +76,6 @@ export LDFLAGS="-Wl,-z,relro,-z,now -pie"
     --disable-static \
     --disable-enttest \
     --enable-nistest \
-    --enable-daemon \
     --enable-clock_gettime
 make %{?_smp_mflags}
 
@@ -103,54 +91,15 @@ make %{?_smp_mflags} check
 
 %install
 %make_install
-install -Dpm 0644 %{SOURCE2} \
-  %{buildroot}%{_unitdir}/%{name}.service
-install -Dpm 0644 %{SOURCE3} \
-  %{buildroot}%{_udevrulesdir}/90-%{name}.rules
-install -Dpm 0644 %{SOURCE5} \
-  %{buildroot}%{_unitdir}/%{name}-switch-root.service
-install -Dpm 0755 %{SOURCE4} \
-  %{buildroot}%{_prefix}/lib/dracut/modules.d/98%{name}/module-setup.sh
 rm -f %{buildroot}%{_libdir}/libhavege.*a
-ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
-
-%post
-%{?udev_rules_update:%udev_rules_update}
-%service_add_post %{name}.service
-%service_add_post %{name}-switch-root.service
-%{?regenerate_initrd_post}
-
-%postun
-%service_del_postun %{name}.service
-%service_del_postun %{name}-switch-root.service
-%{?regenerate_initrd_post}
-
-%posttrans
-%{?regenerate_initrd_posttrans}
-
-%pre
-%service_add_pre %{name}.service
-%service_add_pre %{name}-switch-root.service
-
-%preun
-%service_del_preun %{name}.service
-%service_del_preun %{name}-switch-root.service
 
 %post -n libhavege2 -p /sbin/ldconfig
 %postun -n libhavege2 -p /sbin/ldconfig
 
 %files
 %license COPYING
-%{_sbindir}/rc%{name}
 %{_sbindir}/%{name}
 %{_mandir}/man8/%{name}.8%{?ext_man}
-%{_unitdir}/%{name}.service
-%{_unitdir}/%{name}-switch-root.service
-%{_udevrulesdir}/90-%{name}.rules
-%dir %{_prefix}/lib/dracut
-%dir %{_prefix}/lib/dracut/modules.d
-%dir %{_prefix}/lib/dracut/modules.d/98%{name}
-%{_prefix}/lib/dracut/modules.d/98%{name}/module-setup.sh
 
 %files devel
 %license COPYING