diff options
Diffstat (limited to 'meta/recipes-support/rng-tools')
10 files changed, 109 insertions, 367 deletions
diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-If-the-libc-is-lacking-argp-use-libargp.patch b/meta/recipes-support/rng-tools/rng-tools/0001-If-the-libc-is-lacking-argp-use-libargp.patch deleted file mode 100644 index 4bd9d31c0e..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/0001-If-the-libc-is-lacking-argp-use-libargp.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 99679fda405e535a282f04a4decc2381154a749f Mon Sep 17 00:00:00 2001 -From: Christopher Larson <chris_larson@mentor.com> -Date: Mon, 15 Feb 2016 15:59:58 -0700 -Subject: [PATCH 1/2] If the libc is lacking argp, use libargp - -Patch pulled from Gentoo: - - On glibc systems, argp is provided by libc. However, on - uclibc and other systems which lack argp in their C library, - argp might be provided by a stand alone library, libargp. - This patch adds tests to the build system to find who provides - argp. - - X-Gentoo-Bug: 292191 - X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=292191 - Reported-by: Ed Wildgoose <gentoo@wildgooses.com> - Signed-off-by: Anthony G. Basile <blueness@gentoo.org> - -Upstream-Status: Pending -Signed-off-by: Christopher Larson <chris_larson@mentor.com> ---- - configure.ac | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 27a2dba..04fcd25 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -82,6 +82,28 @@ AS_IF( - ] - ) - -+dnl First check if we have argp available from libc -+AC_LINK_IFELSE( -+ [AC_LANG_PROGRAM( -+ [#include <argp.h>], -+ [int argc=1; char *argv[]={"test"}; argp_parse(0,argc,argv,0,0,0); return 0;] -+ )], -+ [libc_has_argp="true"], -+ [libc_has_argp="false"] -+) -+ -+dnl If libc doesn't provide argp, then test for libargp -+if test "$libc_has_argp" = "false" ; then -+ AC_MSG_WARN("libc does not have argp") -+ AC_CHECK_LIB([argp], [argp_parse], [have_argp="true"], [have_argp="false"]) -+ -+ if test "$have_argp" = "false"; then -+ AC_MSG_ERROR("no libargp found") -+ else -+ LIBS+=" -largp" -+ fi -+fi -+ - dnl ----------------- - dnl Configure options - dnl ----------------- --- -2.2.1 - diff --git a/meta/recipes-support/rng-tools/rng-tools/0002-Add-argument-to-control-the-libargp-dependency.patch b/meta/recipes-support/rng-tools/rng-tools/0002-Add-argument-to-control-the-libargp-dependency.patch deleted file mode 100644 index 1c8a79ce0b..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/0002-Add-argument-to-control-the-libargp-dependency.patch +++ /dev/null @@ -1,92 +0,0 @@ -From afc8712a9e6c72fbd03c36f84ecf8703e5d22a8c Mon Sep 17 00:00:00 2001 -From: Christopher Larson <chris_larson@mentor.com> -Date: Mon, 15 Feb 2016 16:11:32 -0700 -Subject: [PATCH 2/2] Add argument to control the libargp dependency - -This ensures that the builds are always deterministic. If the argument isn't -passed, the default behavior is to use libargp if the libc doesn't have argp. - -Upstream-Status: Pending -Signed-off-by: Christopher Larson <chris_larson@mentor.com> ---- - configure.ac | 55 ++++++++++++++++++++++++++++++++++++------------------- - 1 file changed, 36 insertions(+), 19 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 04fcd25..11a5321 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -32,6 +32,13 @@ AC_ARG_WITH([libgcrypt], - [with_libgcrypt=check] - ) - -+AC_ARG_WITH([libargp], -+ AS_HELP_STRING([--without-libargp], -+ [Disable libargp support. Systems whose libc lacks argp can use libargp instead. (Default: check if libc lacks argp)]), -+ [with_libargp=$withval], -+ [with_libargp=check] -+) -+ - dnl Make sure anyone changing configure.ac/Makefile.am has a clue - AM_MAINTAINER_MODE - -@@ -82,27 +89,37 @@ AS_IF( - ] - ) - --dnl First check if we have argp available from libc --AC_LINK_IFELSE( -- [AC_LANG_PROGRAM( -- [#include <argp.h>], -- [int argc=1; char *argv[]={"test"}; argp_parse(0,argc,argv,0,0,0); return 0;] -- )], -- [libc_has_argp="true"], -- [libc_has_argp="false"] -+dnl Determine if we need libargp: either user requested, or libc has no argp -+AS_IF( -+ [test "x$with_libargp" != "xyes"], -+ [ -+ AC_LINK_IFELSE( -+ [AC_LANG_PROGRAM( -+ [#include <argp.h>], -+ [int argc=1; char *argv[]={"test"}; argp_parse(0,argc,argv,0,0,0); return 0;] -+ )], -+ [need_libargp=no], -+ [need_libargp=yes -+ if test "x$with_libargp" = "xno"; then -+ AC_MSG_FAILURE([libargp disabled and libc does not have argp]) -+ fi] -+ ) -+ ], -+ [need_libargp=yes], - ) - --dnl If libc doesn't provide argp, then test for libargp --if test "$libc_has_argp" = "false" ; then -- AC_MSG_WARN("libc does not have argp") -- AC_CHECK_LIB([argp], [argp_parse], [have_argp="true"], [have_argp="false"]) -- -- if test "$have_argp" = "false"; then -- AC_MSG_ERROR("no libargp found") -- else -- LIBS+=" -largp" -- fi --fi -+dnl Check for libargp -+AS_IF( -+ [test "x$need_libargp" = "xyes"], -+ [ -+ AC_CHECK_LIB( -+ [argp], -+ [argp_parse], -+ [LIBS="$LIBS -largp"], -+ [AC_MSG_FAILURE([libargp not found])] -+ ) -+ ] -+) - - dnl ----------------- - dnl Configure options --- -2.2.1 - diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default index ab7cd9327f..b9f8e03635 100644 --- a/meta/recipes-support/rng-tools/rng-tools/default +++ b/meta/recipes-support/rng-tools/rng-tools/default @@ -1,2 +1 @@ -# Specify rng device -RNG_DEVICE=/dev/hwrng +EXTRA_ARGS="-r /dev/hwrng" diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init index 7cf78393a4..13f0ecd37c 100644 --- a/meta/recipes-support/rng-tools/rng-tools/init +++ b/meta/recipes-support/rng-tools/rng-tools/init @@ -1,26 +1,19 @@ -#! /bin/sh +#!/bin/sh # # This is an init script for openembedded -# Copy it to /etc/init.d/rng-tools and type +# Copy it to @SYSCONFDIR@/init.d/rng-tools and type # > update-rc.d rng-tools defaults 60 # -rngd=/usr/sbin/rngd +rngd=@SBINDIR@/rngd test -x "$rngd" || exit 1 -if [ -e /etc/default/rng-tools ]; then - . /etc/default/rng-tools -fi - -if [ -n "$RNG_DEVICE" ]; then - EXTRA_ARGS="-- -r $RNG_DEVICE" -fi - +[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools" case "$1" in start) echo -n "Starting random number generator daemon" - start-stop-daemon -S -q -x $rngd $EXTRA_ARGS + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS echo "." ;; stop) @@ -38,11 +31,11 @@ case "$1" in start-stop-daemon -K -q -n rngd echo "." echo -n "Starting random number generator daemon" - start-stop-daemon -S -q -x $rngd $EXTRA_ARGS + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS echo "." ;; *) - echo "Usage: /etc/init.d/rng-tools {start|stop|reload|restart|force-reload}" + echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" exit 1 esac diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools-5-fix-textrels-on-PIC-x86.patch b/meta/recipes-support/rng-tools/rng-tools/rng-tools-5-fix-textrels-on-PIC-x86.patch deleted file mode 100644 index 93a5864a49..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools-5-fix-textrels-on-PIC-x86.patch +++ /dev/null @@ -1,103 +0,0 @@ -From: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org> -Subject: [PATCH] Fix assemby textrels on rdrand_asm.S on PIC x86 - -This patch updates the fixes in the assembly in rdrand_asm.S in -sys-apps/rng-tools-5 so it won't generate textrels on PIC systems. -The main fixes are in the use of leal in SETPTR for such systems, the rest is -the usual PIC support stuff. - -This should fix Gentoo bug #469962 and help fix #518210 - -This patch is released under the GPLv2 or a higher version license as is the -original file as long as the author and the tester are credited. - -Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=469962 -Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=518210 -Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org> -Reported-by: cilly <cilly@cilly.mine.nu> -Reported-by: Manuel RĂ¼ger <mrueg@gentoo.org> -Tested-by: Anthony Basile <blueness@gentoo.org> - -Upstream-Status: Pending - -Index: rng-tools-5/rdrand_asm.S -=================================================================== ---- rng-tools-5.orig/rdrand_asm.S -+++ rng-tools-5/rdrand_asm.S -@@ -2,6 +2,7 @@ - * Copyright (c) 2011-2014, Intel Corporation - * Authors: Fenghua Yu <fenghua.yu@intel.com>, - * H. Peter Anvin <hpa@linux.intel.com> -+ * PIC code by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms and conditions of the GNU General Public License, -@@ -174,7 +175,19 @@ ENTRY(x86_rdseed_or_rdrand_bytes) - jmp 4b - ENDPROC(x86_rdseed_or_rdrand_bytes) - -+#if defined(__PIC__) -+#define INIT_PIC() \ -+ pushl %ebx ; \ -+ call __x86.get_pc_thunk.bx ; \ -+ addl $_GLOBAL_OFFSET_TABLE_, %ebx -+#define END_PIC() \ -+ popl %ebx -+#define SETPTR(var,ptr) leal (var)@GOTOFF(%ebx),ptr -+#else -+#define INIT_PIC() -+#define END_PIC() - #define SETPTR(var,ptr) movl $(var),ptr -+#endif - #define PTR0 %eax - #define PTR1 %edx - #define PTR2 %ecx -@@ -190,6 +203,7 @@ ENTRY(x86_aes_mangle) - movl 8(%ebp), %eax - movl 12(%ebp), %edx - push %esi -+ INIT_PIC() - #endif - movl $512, CTR3 /* Number of rounds */ - -@@ -280,6 +294,7 @@ offset = offset + 16 - movdqa %xmm7, (7*16)(PTR1) - - #ifdef __i386__ -+ END_PIC() - pop %esi - pop %ebp - #endif -@@ -294,6 +309,7 @@ ENTRY(x86_aes_expand_key) - push %ebp - mov %esp, %ebp - movl 8(%ebp), %eax -+ INIT_PIC() - #endif - - SETPTR(aes_round_keys, PTR1) -@@ -323,6 +339,7 @@ ENTRY(x86_aes_expand_key) - call 1f - - #ifdef __i386__ -+ END_PIC() - pop %ebp - #endif - ret -@@ -343,6 +360,16 @@ ENTRY(x86_aes_expand_key) - - ENDPROC(x86_aes_expand_key) - -+#if defined(__i386__) && defined(__PIC__) -+ .section .text.__x86.get_pc_thunk.bx,"axG",@progbits,__x86.get_pc_thunk.bx,comdat -+ .globl __x86.get_pc_thunk.bx -+ .hidden __x86.get_pc_thunk.bx -+ .type __x86.get_pc_thunk.bx, @function -+__x86.get_pc_thunk.bx: -+ movl (%esp), %ebx -+ ret -+#endif -+ - .bss - .balign 64 - aes_round_keys: diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service new file mode 100644 index 0000000000..5ae2fba215 --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service @@ -0,0 +1,32 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Daemon +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionVirtualization=!container + +[Service] +EnvironmentFile=-@SYSCONFDIR@/default/rng-tools +ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS +CapabilityBoundingSet=CAP_SYS_ADMIN +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service + +[Install] +WantedBy=sysinit.target diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service deleted file mode 100644 index b94ad50209..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/rngd.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Hardware RNG Entropy Gatherer Daemon - -[Service] -ExecStart=@SBINDIR@/rngd -f -r /dev/urandom -SuccessExitStatus=66 - -[Install] -WantedBy=multi-user.target diff --git a/meta/recipes-support/rng-tools/rng-tools/underquote.patch b/meta/recipes-support/rng-tools/rng-tools/underquote.patch deleted file mode 100644 index afd08d577f..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/underquote.patch +++ /dev/null @@ -1,33 +0,0 @@ -Fix underquoted m4 entry. This causes a failure if gcrypt isn't present: - -| configure: libgcrypt support disabled -| ../rng-tools-5/configure: line 4345: ac_fn_c_try_link: command not found -| configure: error: in `/media/build1/poky/build/tmp/work/i586-poky-linux/rng-tools/5-r0/build': - -RP -2016/2/16 - -Upstream-Status: Pending - -Index: rng-tools-5/configure.ac -=================================================================== ---- rng-tools-5.orig/configure.ac -+++ rng-tools-5/configure.ac -@@ -71,7 +71,7 @@ AS_IF( - [test "x$with_libgcrypt" != "xno"], - [ - AC_CHECK_HEADER([gcrypt.h], -- AC_CHECK_LIB( -+ [AC_CHECK_LIB( - [gcrypt], - [gcry_check_version], , - [ -@@ -80,7 +80,7 @@ AS_IF( - AC_MSG_NOTICE([libgcrypt support disabled]) - fi - ] -- ), -+ )], - [if test "x$with_libgcrypt" != "xcheck"; then - AC_MSG_FAILURE([libgcrypt headers not found]); else - AC_MSG_NOTICE([libgcrypt support disabled]) diff --git a/meta/recipes-support/rng-tools/rng-tools_5.bb b/meta/recipes-support/rng-tools/rng-tools_5.bb deleted file mode 100644 index 4a66bed643..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools_5.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "Random number generator daemon" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=0b6f033afe6db235e559456585dc8cdc" - -SRC_URI = "${SOURCEFORGE_MIRROR}/gkernel/${BP}.tar.gz \ - file://0001-If-the-libc-is-lacking-argp-use-libargp.patch \ - file://0002-Add-argument-to-control-the-libargp-dependency.patch \ - file://underquote.patch \ - file://rng-tools-5-fix-textrels-on-PIC-x86.patch \ - file://init \ - file://default \ - file://rngd.service \ -" - -SRC_URI[md5sum] = "6726cdc6fae1f5122463f24ae980dd68" -SRC_URI[sha256sum] = "60a102b6603bbcce2da341470cad42eeaa9564a16b4490e7867026ca11a3078e" - -# As the recipe doesn't inherit systemd.bbclass, we need to set this variable -# manually to avoid unnecessary postinst/preinst generated. -python () { - if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d): - d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1") -} - -inherit autotools update-rc.d systemd - -PACKAGECONFIG = "libgcrypt" -PACKAGECONFIG_libc-musl = "libargp" -PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," -PACKAGECONFIG[libgcrypt] = "--with-libgcrypt,--without-libgcrypt,libgcrypt," - -do_install_append() { - # Only install the init script when 'sysvinit' is in DISTRO_FEATURES. - if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then - install -d "${D}${sysconfdir}/init.d" - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools - sed -i -e 's,/etc/,${sysconfdir}/,' -e 's,/usr/sbin/,${sbindir}/,' \ - ${D}${sysconfdir}/init.d/rng-tools - - install -d "${D}${sysconfdir}/default" - install -m 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${systemd_unitdir}/system - install -m 644 ${WORKDIR}/rngd.service ${D}${systemd_unitdir}/system - sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/rngd.service - fi -} - -INITSCRIPT_NAME = "rng-tools" -INITSCRIPT_PARAMS = "start 30 2 3 4 5 . stop 30 0 6 1 ." - -SYSTEMD_SERVICE_${PN} = "rngd.service" diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb new file mode 100644 index 0000000000..10771a999d --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools_6.16.bb @@ -0,0 +1,69 @@ +SUMMARY = "Random number generator daemon" +DESCRIPTION = "Check and feed random data from hardware device to kernel" +HOMEPAGE = "https://github.com/nhorman/rng-tools" +BUGTRACKER = "https://github.com/nhorman/rng-tools/issues" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +DEPENDS = "openssl libcap" + +SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ + file://init \ + file://default \ + file://rng-tools.service \ + " +SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2" + +S = "${WORKDIR}/git" + +inherit autotools update-rc.d systemd pkgconfig + +EXTRA_OECONF = "--without-rtlsdr" + +PACKAGECONFIG ??= "libjitterentropy" +PACKAGECONFIG:libc-musl = "libargp libjitterentropy" + +PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," +PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" +PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" +PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2" +PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl" + +INITSCRIPT_PACKAGES = "${PN}-service" +INITSCRIPT_NAME:${PN}-service = "rng-tools" +INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ." + +SYSTEMD_PACKAGES = "${PN}-service" +SYSTEMD_SERVICE:${PN}-service = "rng-tools.service" + +CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER " + +PACKAGES =+ "${PN}-service" + +FILES:${PN}-service += " \ + ${sysconfdir}/init.d/rng-tools \ + ${sysconfdir}/default/rng-tools \ +" + +# Refer autogen.sh in rng-tools +do_configure:prepend() { + cp ${S}/README.md ${S}/README +} + +do_install:append() { + install -Dm 0644 ${UNPACKDIR}/default ${D}${sysconfdir}/default/rng-tools + install -Dm 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/rng-tools + install -Dm 0644 ${UNPACKDIR}/rng-tools.service \ + ${D}${systemd_system_unitdir}/rng-tools.service + sed -i \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${sysconfdir}/init.d/rng-tools \ + ${D}${systemd_system_unitdir}/rng-tools.service + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then + sed -i \ + -e '/^IPAddressDeny=any/d' \ + -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \ + ${D}${systemd_system_unitdir}/rng-tools.service + fi +} |