[rng-tools] 2 patches from RHEL-6

Jiří Popelka jpopelka at fedoraproject.org
Thu Jan 12 14:27:26 UTC 2012 

commit 9012e9eef43110f082fd2db0a3366bb336c8fdac
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Thu Jan 12 15:21:54 2012 +0100

    2 patches from RHEL-6

 rng-tools-failures-disable.patch |  113 ++++++++++++++++++++++++++++++++++++++
 rng-tools-ignorefail.patch       |   89 ++++++++++++++++++++++++++++++
 rng-tools.spec                   |    8 +++
 3 files changed, 210 insertions(+), 0 deletions(-)
---
diff --git a/rng-tools-failures-disable.patch b/rng-tools-failures-disable.patch
new file mode 100644
index 0000000..abe6007
--- /dev/null
+++ b/rng-tools-failures-disable.patch
@@ -0,0 +1,113 @@
+commit 62838c656e342608ab7aa4e58c567987e4342a55
+Author: Jeff Garzik <jeff at garzik.org>
+Date:   Tue Aug 17 15:59:01 2010 -0400
+
+    Disable entropy source, if facing continued failures.
+    
+    If all entropy sources are disabled, exit.
+    
+    Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
+
+diff --git a/rngd.c b/rngd.c
+index 6ebef64..6a7f120 100644
+--- a/rngd.c
++++ b/rngd.c
+@@ -111,16 +111,12 @@ static struct rng rng_default = {
+ 	.rng_name	= "/dev/hw_random",
+ 	.rng_fd		= -1,
+ 	.xread		= xread,
+-	.fipsctx	= NULL,
+-	.next		= NULL,
+ };
+ 
+ static struct rng rng_tpm = {
+ 	.rng_name	= "/dev/tpm0",
+ 	.rng_fd		= -1,
+ 	.xread		= xread_tpm,
+-	.fipsctx	= NULL,
+-	.next		= NULL,
+ };
+ 
+ struct rng *rng_list;
+@@ -207,18 +203,46 @@ static void do_loop(int random_step, double poll_timeout)
+ {
+ 	unsigned char buf[FIPS_RNG_BUFFER_SIZE];
+ 	int retval;
++	int no_work = 0;
+ 
+-	for (;;) {
++	while (no_work < 100) {
+ 		struct rng *iter;
++		bool work_done;
++
++		work_done = false;
+ 		for (iter = rng_list; iter; iter = iter->next)
+ 		{
++			int rc;
++
++			if (iter->disabled)
++				continue;	/* failed, no work */
++
+ 			retval = iter->xread(buf, sizeof buf, iter);
+-			if (retval == 0)
+-				update_kernel_random(random_step,
+-						     poll_timeout, buf,
+-						     iter->fipsctx);
++			if (retval)
++				continue;	/* failed, no work */
++
++			work_done = true;
++
++			rc = update_kernel_random(random_step,
++					     poll_timeout, buf,
++					     iter->fipsctx);
++			if (rc == 0)
++				continue;	/* succeeded, work done */
++
++			iter->failures++;
++			if (iter->failures == MAX_RNG_FAILURES) {
++				message(LOG_DAEMON|LOG_ERR,
++					"too many FIPS failures, disabling entropy source\n");
++				iter->disabled = true;
++			}
+ 		}
++
++		if (!work_done)
++			no_work++;
+ 	}
++
++	message(LOG_DAEMON|LOG_ERR,
++		"No entropy sources working, exiting rngd\n");
+ }
+ 
+ int main(int argc, char **argv)
+diff --git a/rngd.h b/rngd.h
+index 6e7e83f..bcc6f59 100644
+--- a/rngd.h
++++ b/rngd.h
+@@ -27,11 +27,16 @@
+ 
+ #include <unistd.h>
+ #include <stdint.h>
++#include <stdbool.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ 
+ #include "fips.h"
+ 
++enum {
++	MAX_RNG_FAILURES		= 25,
++};
++
+ /* Command line arguments and processing */
+ struct arguments {
+ 	char *random_name;
+@@ -49,6 +54,8 @@ extern struct arguments *arguments;
+ struct rng {
+ 	char *rng_name;
+ 	int rng_fd;
++	bool disabled;
++	int failures;
+ 
+ 	int (*xread) (void *buf, size_t size, struct rng *ent_src);
+ 	fips_ctx_t *fipsctx;
diff --git a/rng-tools-ignorefail.patch b/rng-tools-ignorefail.patch
new file mode 100644
index 0000000..f8fd520
--- /dev/null
+++ b/rng-tools-ignorefail.patch
@@ -0,0 +1,89 @@
+diff -up rng-tools-3/rngd.8.in.ignorefail rng-tools-3/rngd.8.in
+--- rng-tools-3/rngd.8.in.ignorefail	2012-01-12 15:14:06.181307658 +0100
++++ rng-tools-3/rngd.8.in	2012-01-12 15:14:06.237306958 +0100
+@@ -9,6 +9,7 @@ rngd \- Check and feed random data from
+ .B rngd
+ [\fB\-b\fR, \fB\-\-background\fR]
+ [\fB\-f\fR, \fB\-\-foreground\fR]
++[\fB\-i\fR, \fB\-\-ignorefail\fR]
+ [\fB\-o\fR, \fB\-\-random-device=\fIfile\fR]
+ [\fB\-r\fR, \fB\-\-rng-device=\fIfile\fR]
+ [\fB\-s\fR, \fB\-\-random-step=\fInnn\fR]
+@@ -45,6 +46,9 @@ Become a daemon (default)
+ \fB\-f\fR, \fB\-\-foreground\fR
+ Do not fork and become a daemon
+ .TP
++\fB\-i\fR, \fB\-\-ignorefail\fR
++Ignore repeated fips failures
++.TP
+ \fB\-o\fI file\fR, \fB\-\-random-device=\fIfile\fR
+ Kernel device used for random number output
+ (default: /dev/random)
+diff -up rng-tools-3/rngd.c.ignorefail rng-tools-3/rngd.c
+--- rng-tools-3/rngd.c.ignorefail	2012-01-12 15:14:06.194307494 +0100
++++ rng-tools-3/rngd.c	2012-01-12 15:15:36.204182216 +0100
+@@ -58,6 +58,7 @@
+ 
+ /* Background/daemon mode */
+ int am_daemon;				/* Nonzero if we went daemon */
++int ignorefail;				/*Nonzero if we ignore MAX_RNG_FAILURES */
+ 
+ /* Command line arguments and processing */
+ const char *argp_program_version =
+@@ -75,6 +76,8 @@ static char doc[] =
+ static struct argp_option options[] = {
+ 	{ "foreground",	'f', 0, 0, "Do not fork and become a daemon" },
+ 
++	{ "ignorefail", 'i', 0, 0, "Ignore repeated fips failures" },
++
+ 	{ "background", 'b', 0, 0, "Become a daemon (default)" },
+ 
+ 	{ "random-device", 'o', "file", 0,
+@@ -103,6 +106,7 @@ static struct arguments default_argument
+ 	.random_step	= 64,
+ 	.fill_watermark	= 2048,
+ 	.daemon		= 1,
++	.ignorefail		= 0,
+ 	.enable_tpm	= 1,
+ };
+ struct arguments *arguments = &default_arguments;
+@@ -148,6 +152,9 @@ static error_t parse_opt (int key, char
+ 	case 'b':
+ 		arguments->daemon = 1;
+ 		break;
++	case 'i':
++		arguments->ignorefail = 1;
++		break;
+ 	case 's':
+ 		if (sscanf(arg, "%i", &arguments->random_step) == 0)
+ 			argp_usage(state);
+@@ -230,7 +237,7 @@ static void do_loop(int random_step, dou
+ 				continue;	/* succeeded, work done */
+ 
+ 			iter->failures++;
+-			if (iter->failures == MAX_RNG_FAILURES) {
++			if (iter->failures == MAX_RNG_FAILURES && (!ignorefail)) {
+ 				message(LOG_DAEMON|LOG_ERR,
+ 					"too many FIPS failures, disabling entropy source\n");
+ 				iter->disabled = true;
+@@ -281,6 +288,9 @@ int main(int argc, char **argv)
+ 		openlog("rngd", 0, LOG_DAEMON);
+ 	}
+ 
++	if (arguments->ignorefail)
++			ignorefail = 1;
++
+ 	do_loop(arguments->random_step,
+ 		arguments->poll_timeout ? : -1.0);
+ 
+diff -up rng-tools-3/rngd.h.ignorefail rng-tools-3/rngd.h
+--- rng-tools-3/rngd.h.ignorefail	2012-01-12 15:14:06.195307482 +0100
++++ rng-tools-3/rngd.h	2012-01-12 15:14:06.237306958 +0100
+@@ -46,6 +46,7 @@ struct arguments {
+ 	double poll_timeout;
+ 
+ 	int daemon;
++	int ignorefail;
+ 	int enable_tpm;
+ };
+ extern struct arguments *arguments;
diff --git a/rng-tools.spec b/rng-tools.spec
index b8fad18..f8827d0 100644
--- a/rng-tools.spec
+++ b/rng-tools.spec
@@ -13,6 +13,10 @@ Source1:        rngd.service
 
 # Man pages
 Patch0:         rng-tools-man.patch
+# bz#624530
+Patch1:         rng-tools-failures-disable.patch
+# bz#733452, bz#749629
+Patch2:         rng-tools-ignorefail.patch
 
 BuildRequires:  groff gettext
 BuildRequires:  systemd-units
@@ -27,6 +31,9 @@ Hardware random number generation tools.
 %setup -q
 
 %patch0 -p1 -b .man
+%patch1 -p1 -b .failures-disable
+%patch2 -p1 -b .ignorefail
+
 
 %build
 %configure
@@ -69,6 +76,7 @@ fi
 
 %changelog
 * Thu Jan 12 2012 Jiri Popelka <jpopelka at redhat.com> - 3-4
+- 2 patches from RHEL-6
 - systemd service
 - man page fixes
 - modernize spec file

More information about the scm-commits mailing list