[rng-tools] 2 patches from RHEL-6
Jiří Popelka
jpopelka at fedoraproject.org
Thu Jan 12 14:27:26 UTC 2012
commit 9012e9eef43110f082fd2db0a3366bb336c8fdac
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Thu Jan 12 15:21:54 2012 +0100
2 patches from RHEL-6
rng-tools-failures-disable.patch | 113 ++++++++++++++++++++++++++++++++++++++
rng-tools-ignorefail.patch | 89 ++++++++++++++++++++++++++++++
rng-tools.spec | 8 +++
3 files changed, 210 insertions(+), 0 deletions(-)
---
diff --git a/rng-tools-failures-disable.patch b/rng-tools-failures-disable.patch
new file mode 100644
index 0000000..abe6007
--- /dev/null
+++ b/rng-tools-failures-disable.patch
@@ -0,0 +1,113 @@
+commit 62838c656e342608ab7aa4e58c567987e4342a55
+Author: Jeff Garzik <jeff at garzik.org>
+Date: Tue Aug 17 15:59:01 2010 -0400
+
+ Disable entropy source, if facing continued failures.
+
+ If all entropy sources are disabled, exit.
+
+ Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
+
+diff --git a/rngd.c b/rngd.c
+index 6ebef64..6a7f120 100644
+--- a/rngd.c
++++ b/rngd.c
+@@ -111,16 +111,12 @@ static struct rng rng_default = {
+ .rng_name = "/dev/hw_random",
+ .rng_fd = -1,
+ .xread = xread,
+- .fipsctx = NULL,
+- .next = NULL,
+ };
+
+ static struct rng rng_tpm = {
+ .rng_name = "/dev/tpm0",
+ .rng_fd = -1,
+ .xread = xread_tpm,
+- .fipsctx = NULL,
+- .next = NULL,
+ };
+
+ struct rng *rng_list;
+@@ -207,18 +203,46 @@ static void do_loop(int random_step, double poll_timeout)
+ {
+ unsigned char buf[FIPS_RNG_BUFFER_SIZE];
+ int retval;
++ int no_work = 0;
+
+- for (;;) {
++ while (no_work < 100) {
+ struct rng *iter;
++ bool work_done;
++
++ work_done = false;
+ for (iter = rng_list; iter; iter = iter->next)
+ {
++ int rc;
++
++ if (iter->disabled)
++ continue; /* failed, no work */
++
+ retval = iter->xread(buf, sizeof buf, iter);
+- if (retval == 0)
+- update_kernel_random(random_step,
+- poll_timeout, buf,
+- iter->fipsctx);
++ if (retval)
++ continue; /* failed, no work */
++
++ work_done = true;
++
++ rc = update_kernel_random(random_step,
++ poll_timeout, buf,
++ iter->fipsctx);
++ if (rc == 0)
++ continue; /* succeeded, work done */
++
++ iter->failures++;
++ if (iter->failures == MAX_RNG_FAILURES) {
++ message(LOG_DAEMON|LOG_ERR,
++ "too many FIPS failures, disabling entropy source\n");
++ iter->disabled = true;
++ }
+ }
++
++ if (!work_done)
++ no_work++;
+ }
++
++ message(LOG_DAEMON|LOG_ERR,
++ "No entropy sources working, exiting rngd\n");
+ }
+
+ int main(int argc, char **argv)
+diff --git a/rngd.h b/rngd.h
+index 6e7e83f..bcc6f59 100644
+--- a/rngd.h
++++ b/rngd.h
+@@ -27,11 +27,16 @@
+
+ #include <unistd.h>
+ #include <stdint.h>
++#include <stdbool.h>
+ #include <stdio.h>
+ #include <syslog.h>
+
+ #include "fips.h"
+
++enum {
++ MAX_RNG_FAILURES = 25,
++};
++
+ /* Command line arguments and processing */
+ struct arguments {
+ char *random_name;
+@@ -49,6 +54,8 @@ extern struct arguments *arguments;
+ struct rng {
+ char *rng_name;
+ int rng_fd;
++ bool disabled;
++ int failures;
+
+ int (*xread) (void *buf, size_t size, struct rng *ent_src);
+ fips_ctx_t *fipsctx;
diff --git a/rng-tools-ignorefail.patch b/rng-tools-ignorefail.patch
new file mode 100644
index 0000000..f8fd520
--- /dev/null
+++ b/rng-tools-ignorefail.patch
@@ -0,0 +1,89 @@
+diff -up rng-tools-3/rngd.8.in.ignorefail rng-tools-3/rngd.8.in
+--- rng-tools-3/rngd.8.in.ignorefail 2012-01-12 15:14:06.181307658 +0100
++++ rng-tools-3/rngd.8.in 2012-01-12 15:14:06.237306958 +0100
+@@ -9,6 +9,7 @@ rngd \- Check and feed random data from
+ .B rngd
+ [\fB\-b\fR, \fB\-\-background\fR]
+ [\fB\-f\fR, \fB\-\-foreground\fR]
++[\fB\-i\fR, \fB\-\-ignorefail\fR]
+ [\fB\-o\fR, \fB\-\-random-device=\fIfile\fR]
+ [\fB\-r\fR, \fB\-\-rng-device=\fIfile\fR]
+ [\fB\-s\fR, \fB\-\-random-step=\fInnn\fR]
+@@ -45,6 +46,9 @@ Become a daemon (default)
+ \fB\-f\fR, \fB\-\-foreground\fR
+ Do not fork and become a daemon
+ .TP
++\fB\-i\fR, \fB\-\-ignorefail\fR
++Ignore repeated fips failures
++.TP
+ \fB\-o\fI file\fR, \fB\-\-random-device=\fIfile\fR
+ Kernel device used for random number output
+ (default: /dev/random)
+diff -up rng-tools-3/rngd.c.ignorefail rng-tools-3/rngd.c
+--- rng-tools-3/rngd.c.ignorefail 2012-01-12 15:14:06.194307494 +0100
++++ rng-tools-3/rngd.c 2012-01-12 15:15:36.204182216 +0100
+@@ -58,6 +58,7 @@
+
+ /* Background/daemon mode */
+ int am_daemon; /* Nonzero if we went daemon */
++int ignorefail; /*Nonzero if we ignore MAX_RNG_FAILURES */
+
+ /* Command line arguments and processing */
+ const char *argp_program_version =
+@@ -75,6 +76,8 @@ static char doc[] =
+ static struct argp_option options[] = {
+ { "foreground", 'f', 0, 0, "Do not fork and become a daemon" },
+
++ { "ignorefail", 'i', 0, 0, "Ignore repeated fips failures" },
++
+ { "background", 'b', 0, 0, "Become a daemon (default)" },
+
+ { "random-device", 'o', "file", 0,
+@@ -103,6 +106,7 @@ static struct arguments default_argument
+ .random_step = 64,
+ .fill_watermark = 2048,
+ .daemon = 1,
++ .ignorefail = 0,
+ .enable_tpm = 1,
+ };
+ struct arguments *arguments = &default_arguments;
+@@ -148,6 +152,9 @@ static error_t parse_opt (int key, char
+ case 'b':
+ arguments->daemon = 1;
+ break;
++ case 'i':
++ arguments->ignorefail = 1;
++ break;
+ case 's':
+ if (sscanf(arg, "%i", &arguments->random_step) == 0)
+ argp_usage(state);
+@@ -230,7 +237,7 @@ static void do_loop(int random_step, dou
+ continue; /* succeeded, work done */
+
+ iter->failures++;
+- if (iter->failures == MAX_RNG_FAILURES) {
++ if (iter->failures == MAX_RNG_FAILURES && (!ignorefail)) {
+ message(LOG_DAEMON|LOG_ERR,
+ "too many FIPS failures, disabling entropy source\n");
+ iter->disabled = true;
+@@ -281,6 +288,9 @@ int main(int argc, char **argv)
+ openlog("rngd", 0, LOG_DAEMON);
+ }
+
++ if (arguments->ignorefail)
++ ignorefail = 1;
++
+ do_loop(arguments->random_step,
+ arguments->poll_timeout ? : -1.0);
+
+diff -up rng-tools-3/rngd.h.ignorefail rng-tools-3/rngd.h
+--- rng-tools-3/rngd.h.ignorefail 2012-01-12 15:14:06.195307482 +0100
++++ rng-tools-3/rngd.h 2012-01-12 15:14:06.237306958 +0100
+@@ -46,6 +46,7 @@ struct arguments {
+ double poll_timeout;
+
+ int daemon;
++ int ignorefail;
+ int enable_tpm;
+ };
+ extern struct arguments *arguments;
diff --git a/rng-tools.spec b/rng-tools.spec
index b8fad18..f8827d0 100644
--- a/rng-tools.spec
+++ b/rng-tools.spec
@@ -13,6 +13,10 @@ Source1: rngd.service
# Man pages
Patch0: rng-tools-man.patch
+# bz#624530
+Patch1: rng-tools-failures-disable.patch
+# bz#733452, bz#749629
+Patch2: rng-tools-ignorefail.patch
BuildRequires: groff gettext
BuildRequires: systemd-units
@@ -27,6 +31,9 @@ Hardware random number generation tools.
%setup -q
%patch0 -p1 -b .man
+%patch1 -p1 -b .failures-disable
+%patch2 -p1 -b .ignorefail
+
%build
%configure
@@ -69,6 +76,7 @@ fi
%changelog
* Thu Jan 12 2012 Jiri Popelka <jpopelka at redhat.com> - 3-4
+- 2 patches from RHEL-6
- systemd service
- man page fixes
- modernize spec file
More information about the scm-commits
mailing list