From 2aa45beb753b7401fedcbfa3ccd0a4b005510f56 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Nov 02 2017 14:59:51 +0000 Subject: Resolves: bz1490632 --- diff --git a/0001-If-device-is-not-found-exit-immediately.patch b/0001-If-device-is-not-found-exit-immediately.patch deleted file mode 100644 index 51dd2d9..0000000 --- a/0001-If-device-is-not-found-exit-immediately.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 74f1926a81b80ce8719c92b688737c51ece2cb4b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 18 Oct 2016 10:50:42 -0400 -Subject: [PATCH] If device is not found, exit immediately - -This avoids stupid warnings in the logs: -rng[961]: read error -rng[961]: read error -... - -https://bugzilla.redhat.com/show_bug.cgi?id=892178 ---- - rngd.c | 4 +--- - rngd_entsource.c | 38 +++++++++++++++++++++++++++----------- - 2 files changed, 28 insertions(+), 14 deletions(-) - -diff --git a/rngd.c b/rngd.c -index cd5bc8a40b..7755651f1c 100644 ---- a/rngd.c -+++ b/rngd.c -@@ -315,9 +315,7 @@ int main(int argc, char **argv) - if (rc_rng && rc_drng && rc_tpm) { - if (!arguments->quiet) { - message(LOG_DAEMON|LOG_ERR, -- "can't open any entropy source"); -- message(LOG_DAEMON|LOG_ERR, -- "Maybe RNG device modules are not loaded\n"); -+ "No entropy sources found, exiting"); - } - return 66; - } -diff --git a/rngd_entsource.c b/rngd_entsource.c -index f0e219d7af..468ad1cfc6 100644 ---- a/rngd_entsource.c -+++ b/rngd_entsource.c -@@ -63,8 +63,13 @@ int xread(void *buf, size_t size, struct rng *ent_src) - size -= r; - } - -+ if (errno == ENODEV) { -+ message(LOG_DAEMON|LOG_ERR, "%s: %m", ent_src->rng_name); -+ return -ENODEV; -+ } -+ - if (size) { -- message(LOG_DAEMON|LOG_ERR, "read error\n"); -+ message(LOG_DAEMON|LOG_ERR, "%s: %m", ent_src->rng_name); - return -1; - } - return 0; -@@ -89,14 +94,14 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src) - - ent_src->rng_fd = open(ent_src->rng_name, O_RDWR); - if (ent_src->rng_fd == -1) { -- message(LOG_ERR|LOG_INFO,"Unable to open file: %s",ent_src->rng_name); -+ message(LOG_ERR|LOG_INFO,"%s: %m",ent_src->rng_name); - return -1; - } - - temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD); - memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD)); - if (temp_buf == NULL) { -- message(LOG_ERR|LOG_INFO,"No memory"); -+ message(LOG_ERR|LOG_INFO,"%m"); - close(ent_src->rng_fd); - return -1; - } -@@ -114,7 +119,7 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src) - sizeof(rng_cmd) - r); - if (retval < 0) { - message(LOG_ERR|LOG_INFO, -- "Error writing %s\n", -+ "Error writing %s", - ent_src->rng_name); - retval = -1; - goto error_out; -@@ -123,7 +128,7 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src) - } - if (r < sizeof(rng_cmd)) { - message(LOG_ERR|LOG_INFO, -- "Error writing %s\n", ent_src->rng_name); -+ "Error writing %s", ent_src->rng_name); - retval = -1; - goto error_out; - } -@@ -152,22 +157,27 @@ error_out: - } - - /* Initialize entropy source */ --static int discard_initial_data(struct rng *ent_src) -+static int discard_initial_data(struct rng *ent_src, int *data) - { - /* Trash 32 bits of what is probably stale (non-random) -- * initial state from the RNG. For Intel's, 8 bits would -+ * initial state from the RNG. For Intel's, 8 bits would - * be enough, but since AMD's generates 32 bits at a time... - * - * The kernel drivers should be doing this at device powerup, - * but at least up to 2.4.24, it doesn't. */ - unsigned char tempbuf[4]; -- xread(tempbuf, sizeof(tempbuf), ent_src); -+ int r; -+ -+ r = xread(tempbuf, sizeof(tempbuf), ent_src); -+ if (r < 0) -+ return r; - - /* Return 32 bits of bootstrap data */ - xread(tempbuf, sizeof(tempbuf), ent_src); - -- return tempbuf[0] | (tempbuf[1] << 8) | -+ *data = tempbuf[0] | (tempbuf[1] << 8) | - (tempbuf[2] << 16) | (tempbuf[3] << 24); -+ return 0; - } - - /* -@@ -175,14 +185,20 @@ static int discard_initial_data(struct rng *ent_src) - */ - int init_entropy_source(struct rng *ent_src) - { -+ int data; -+ - ent_src->rng_fd = open(ent_src->rng_name, O_RDONLY); - if (ent_src->rng_fd == -1) { - return 1; - } -+ if (discard_initial_data(ent_src, &data)) { -+ return 1; -+ } -+ - src_list_add(ent_src); - /* Bootstrap FIPS tests */ - ent_src->fipsctx = malloc(sizeof(fips_ctx_t)); -- fips_init(ent_src->fipsctx, discard_initial_data(ent_src)); -+ fips_init(ent_src->fipsctx, data); - return 0; - } - -@@ -193,7 +209,7 @@ int init_tpm_entropy_source(struct rng *ent_src) - { - ent_src->rng_fd = open(ent_src->rng_name, O_RDWR); - if (ent_src->rng_fd == -1) { -- message(LOG_ERR|LOG_INFO,"Unable to open file: %s",ent_src->rng_name); -+ message(LOG_ERR|LOG_INFO,"%s: %m",ent_src->rng_name); - return 1; - } - src_list_add(ent_src); --- -2.9.0 - diff --git a/check-rng-entropy b/check-rng-entropy deleted file mode 100755 index 3c29b8b..0000000 --- a/check-rng-entropy +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -rngd --list > /dev/null 2>&1 - -if [ $? -eq 0 ] -then - systemctl enable rngd.service - systemctl start rngd.service -fi - -exit 0 diff --git a/entropy-check.service b/entropy-check.service deleted file mode 100644 index 0d38976..0000000 --- a/entropy-check.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Checker to look for entropy sources and enable rngd -DefaultDependencies=no -Conflicts=shutdown.target -After=systemd-remount-fs.service -Before=systemd-sysusers.service sysinit.target shutdown.target -ConditionFirstBoot=yes - -[Service] -Type=oneshot -ExecStart=/usr/bin/check-rng-entropy -StandardOutput=null -StandardError=null - -[Install] -WantedBy=sysinit.target - diff --git a/rng-tools.spec b/rng-tools.spec index 8542fe5..b9d8379 100644 --- a/rng-tools.spec +++ b/rng-tools.spec @@ -10,8 +10,8 @@ License: GPLv2+ URL: https://github.com/nhorman/rng-tools Source0: https://github.com/nhorman/rng-tools/archive/rng-tools-%{version}.tar.gz Source1: rngd.service -Source2: check-rng-entropy -Source3: entropy-check.service + +Patch0: rngd-exit-code-for-list.patch # https://sourceforge.net/p/gkernel/patches/111/ @@ -44,19 +44,27 @@ Hardware random number generation tools. # install systemd unit file install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} -install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2} -install -Dt %{buildroot}%{_bindir} -m0755 %{SOURCE3} + %post %systemd_post rngd.service -%systemd_post entropy-check.service + +# Check to ensure there is at least one entropy source +# If there are none, disable the service +/usr/sbin/rngd --list -f > /dev/null 2>&1 +if [ $? -eq 0 ] +then +systemctl --no-reload enable --now rngd.service > /dev/null 2>&1 +else +#Disable the service if there is no entropy source +systemctl --no-reload disable --now rngd.service > /dev/null 2>&1 +fi + %preun %systemd_preun rngd.service -%systemd_preun entropy-check.service %postun %systemd_postun_with_restart rngd.service -%systemd_postun_with_restart entropy-check.service %files %{!?_licensedir:%global license %%doc} @@ -69,8 +77,8 @@ install -Dt %{buildroot}%{_bindir} -m0755 %{SOURCE3} %attr(0644,root,root) %{_unitdir}/rngd.service %changelog -* Fri Oct 26 2017 Neil Horman - 6.1-2 -- Conditionally enable rngd on entropy src availability (bz 1490632) +* Thu Nov 02 2017 Neil Horman - 6.1-2 +- Enable rngd on entropy src availability (bz 1490632) * Tue Oct 10 2017 Neil Horman - 6.1-1 - update to latest upstream diff --git a/rngd-exit-code.patch b/rngd-exit-code.patch deleted file mode 100644 index 2cda08e..0000000 --- a/rngd-exit-code.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up rng-tools-5/rngd.c.rfail rng-tools-5/rngd.c ---- rng-tools-5/rngd.c.rfail 2014-12-10 09:18:25.333873892 +0100 -+++ rng-tools-5/rngd.c 2014-12-10 09:19:06.096070334 +0100 -@@ -319,7 +319,7 @@ int main(int argc, char **argv) - message(LOG_DAEMON|LOG_ERR, - "Maybe RNG device modules are not loaded\n"); - } -- return 1; -+ return 66; - } - - if (arguments->verbose) { diff --git a/rngd-extern-darn-init.patch b/rngd-extern-darn-init.patch deleted file mode 100644 index 663a353..0000000 --- a/rngd-extern-darn-init.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/rngd_entsource.h b/rngd_entsource.h -index 3ba6820..f2407c1 100644 ---- a/rngd_entsource.h -+++ b/rngd_entsource.h -@@ -36,7 +36,13 @@ extern fips_ctx_t tpm_fipsctx; /* Context for the tpm FIPS tests */ - * sourcedev is the path to the entropy source - */ - extern int init_entropy_source(struct rng *); -+#ifdef HAVE_RDRAND - extern int init_drng_entropy_source(struct rng *); -+#endif -+#ifdef HAVE_DARN -+extern int init_darn_entropy_source(struct rng *); -+#endif -+ - extern int init_tpm_entropy_source(struct rng *); - - /* Read data from the entropy source */ diff --git a/rngd-formatting.patch b/rngd-formatting.patch deleted file mode 100644 index e77aaed..0000000 --- a/rngd-formatting.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/rngd.c b/rngd.c -index 9873c46..418feeb 100644 ---- a/rngd.c -+++ b/rngd.c -@@ -191,11 +191,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) - case 'x': - idx = strtol(arg, NULL, 10); - if ((idx == LONG_MAX) || (idx > ENT_MAX)) { -- printf("exclude index is out of range: %d\n", idx); -+ printf("exclude index is out of range: %lu\n", idx); - return -ERANGE; - } - entropy_sources[idx].disabled = true; -- printf("Disabling %d: %s\n", idx, entropy_sources[idx].rng_name); -+ printf("Disabling %lu: %s\n", idx, entropy_sources[idx].rng_name); - break; - case 'l': - arguments->list = true;