| Age | Commit message (Collapse) | Author |
|---|
|
This reverts commit d2b445384da3f3e6dab8577b6c56648b5244a788.
Revert this commit since:
- some systems using oe-core master may still be using kernels from
before 5.6 pulled in the rng-tools algorithm, and
- some hardware platforms may not have a hardware random number generator
and could therefore need to run rngd to avoid long boot-time initialization
due to a depleted entropy pool.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Nothing in oe-core depends on rng-tools anymore:
e7e1bc43ca rng-tools: splitting the rng-tools systemd/sysvinit serivce as a package
so move it to meta-oe for people who still want to run rngd
as a service for some reason or for those who want to run rng-test.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This package used to use libsysfs, but has been modified to read
the /sys file system directly. This build dependency is no longer
needed.
Signed-off-by: david d zuhn <david.zuhn@sonos.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
No longer used in generating packages
Also creates a possible confusion with the recipe maintainer
name.
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Since we removed the openssh dependency[1] on rng-tools, there are no package requiring
rng-tools in oe-core, meta-oe, meta-virt, and the /dev/random won't block anymore after
linux-5.6[2], one of the reasons for keeping rng-tools build into the image is that it
can be used to test[3], so splitting the rng-tools systemd/systvinit service as a package.
If someone needs rng-tools daemon service, they can enable the rng-tools-service package by
directly.
Reference:
[1] https://git.openembedded.org/openembedded-core/commit/?id=868dfb46d96a27ec9041cb902fb769330277257d
[2] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32
[3] https://linux.die.net/man/1/rngtest
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Adjust dependencies to match what is optional and what is not.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Delete dependency on dev-hwrng.device and systemd-udev-settle services
as they can be troublesome because difference devices may have different
devices to detect resulting in delayed boot.
do not run if included in a container image
Add EXTRA_ARGS via /etc/default/rng-tools e.g. if your device has
hw RNG then something like this
EXTRA_ARGS="-r /dev/hwrng"
You can also use drop-ins for enhacing systemd unit file from machine
layer via a bbappend and adding a fragment to systemd
/etc/systemd/system/rng-tools.service.d/10-hwrng.conf
where you can add
[Unit]
Requires=dev-hwrng.device
After=dev-hwrng.device
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The systemd-udev-settle service is listed as obsolete and does in
some cases result in a significant boot time. Replace that with a
specific wait for the random source hardware device to be loaded.
Before this change:
Startup finished in 4.025s (kernel) + 2min 13.236s (userspace) = 2min 17.262s
multi-user.target reached after 2min 8.153s in userspace
After this change:
Startup finished in 3.956s (kernel) + 13.294s (userspace) = 17.250s
multi-user.target reached after 9.522s in userspace
Signed-off-by: Drew Moseley <drew@moseleynet.net>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Change systemd service name from rngd -> rng-tools to avoid load twice
the service when sysvinit compatibility is enabled,
...
root@:~# ps | grep rng
23 root 0 SW [hwrng]
13109 root 3528 R /usr/sbin/rngd -f -r /dev/hwrng
13117 root 2348 S grep rng
29418 root 12756 S /usr/sbin/rngd -r /dev/hwrng
...
Signed-off-by: Aníbal Limón <limon.anibal@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_compile error :
| ../git/rngd_jitter.c: In function 'rngd_notime_start':
| ../git/rngd_jitter.c:56:45: error: invalid use of undefined type 'struct jent_notime_ctx'
| 56 | ret = -pthread_attr_init(&thread_ctx->notime_pthread_attr);
enable macro JENT_CONF_ENABLE_INTERNAL_TIMER to use struct jent_notime_ctx
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-Adding-ability-to-detect-non-posix-extensions-for-pt.patch
0002-Allow-for-use-of-either-pthread-affinity-set-methods.patch
removed since they're included in 6.15.
Changelog:
=========
Adjust rngtests for better behavior in travis
fix use of non-posix setaffinity call to allow building on strict posix (musl) systems
Add armv6l to list of detected arches for pkcs11
misc fixes to allow building on libc-musl
fix a deadlock in jitter shutdown sequence
minor warning fixups (unused variables)
improve cpu detection code
improve jitter cpu monopolization on small/single cpu systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Github has announced there will be no more git:// fetching from their servers:
https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git
and they're about to start having brownout periods to encourage people
to update. This runs the conversion script over OE-Core to update our
urls to use https instead of git.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
This update was made with the script added to contrib in this patch which
aims to help others convert other layers.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rngd needs to start after `systemd-udev-settle` in order for the kernel
modules of the random source hardware to be loaded before it is started.
However, since the `rngd.service` does not require or want
`systemd-udev-settle.service` it might not be scheduled for start and
the `After=systemd-udev-settle.service` there has no effect.
Adding `Wants=systemd-udev-settle.service` provides a weak requirement
to it, so that the `rngd` is started after it, if possible.
Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove backported patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Debug logs were only controlled by --debug flag while in --foreground mode.
In --daemon mode (the default for us) /var/log/message got stuffed with
details of entropy pool refilling, which is useless in production, and
hamful when log rotation then gets rid of the more useful logs.
This change makes the two modes consistently only produce debug logs when
--debug is specified.
Signed-off-by: Yann Dirson <yann@blade-group.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Whilst rngd has to run as root, we can significantly constrain its
permissions (network is only required if nistbeacon is enabled).
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rngd.service has a constraint of Before=sysinit.target, installing as
part of multi-user.target is an odd choice as unless it's pulled in by a
different dependency, an other target would not start it.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It do make sense to start rngd early in the boot process because
otherwise we would need to track every service that might need entropy
and explicitly configure it to start after rngd.
When used with systemd rngd blocked the shutdown process because it
simply missed the proper unit configuration. As the systemd
documentation explains, when using DefaultDependencies=no one also
have to explicitly configure the unit to properly stop at some point.
This is normaly achieved by having Before=shutdown.target and
Conflicts=shutdown.target set for the unit.
To have rngd started early again we reverte the changes done to
rngd.service in commit edf7606822 (rng-tools: fix rngd blocks system
shutdown). To have it properly stopped on shutdown we also add
Before=shutdown.target and Conflicts=shutdown.target.
Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
fix-rngd-fail-to-stop.patch is added to fix rngd blocks system shutdown
issue. But it causes rngd doesn't release CPU and causes 100% CPU
usage, so drop it.
The block shutdown issue is caused by comit [7cb64b9fe1 rng-tools: start
earlier in the boot process] which updated rngd.service. Revert the
modification of rngd.service.
Update sed expressions in do_install as well which fails to replace
second match in one line.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade rng-tools from 6.6 to latest commit 9fc873c which 26 commits
beyond release 6.7:
$ git describe 9fc873c5af0e39263
v6.7-26-g9fc873c
Because it includes some critical fixes such as configure fails and
'Import yocto fixes for 6.6'.
* remove local patches that all are merged by upstream
* backport patch to fix rngd fails to stop issue
* add PACKAGECONFIG libp11
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
this commit will permit to read the option from
/etc/default/rng-tools both from systemd and sysvinit unit file.
Signed-off-by: Nicola Lunghi <nick83ola@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- add missing DESCRIPTION, AUTHOR, HOMEPAGE
- cleanup DEPENDS
- fix variable ordering as per https://www.openembedded.org/wiki/Styleguide
- remove unneeded checks for systemd, sysvinit in do_install
Signed-off-by: Nicola Lunghi <nick83ola@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Downloading your randomness directly from the US government
is a rare usecase but adds heavy dependencies.
Make it optional and non-default.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
PACKAGECONFIG[libgcrypt] already adds it when necessary.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Fix typo of `--disable-jitterntropy' in both of PACKAGECONFIG and configure --help
- Enable jitterntropy for musl
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Update SRC_URI, previously upstream is dead, latest update is 2014
- Drop read_error_msg.patch
- Rework do_configure and do_compile
- Enable jitterentropy
License-Update: Upstream changed, but license is still gplv2
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since commit [f1dc9ac rng-tools: Fix crazy defaults] fixed
init based on sysvinit, this fix rngd.service based on systemd.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Entropy is needed earlier in the boot process in some cases, for example
connman can require it, and rgd doesn't require much, so move it earlier
in the boot process, 03 for sysvinit, and before sysinit for systemd.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was added as the recipe didn't inherit systemd, but it does inherit
systemd now.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Expand messages output if entropy data cannot
be read.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Feeding the output of /dev/urandom into /dev/random is pretty much insane
and not something we should encourage.
I can't really imagine a scenario where this would be a sensible idea since
/dev/urandom if effectively derived from /dev/random.
This changes the tool to default to /dev/hwrng which makes much more sense,
feeding hardware entropy into the random pool. In the QEMU case, this will
feed entropy from the host into the guests which is also what we want.
Yes, this change will cause rngd not to start if /dev/hwrng isn't present,
but it isn't needed if that isn't so I don't see this as a bad thing.
(https://wiki.archlinux.org/index.php/Rng-tools has a section in red which
agrees with the above, "this is a really bad idea, since you are simple
filling the kernel entropy pool with entropy coming from the kernel itself!")
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add systemd service file for rng-tools.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix a variety of spelling and format mistakes to improve the ease of reading the
tags programatically.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When testing core-image-sato with hardening flags, it fails with
SIGSEGV in libc.so during relocation time
This is due to relocations in .text [textrel]
build QA points it out clearly during qemux86 build as well
AssertionError: 2 != 0 : Log: /mnt/a/oe/build/tmp/work/qemux86-bec-linux-musl/core-image-sato/1.0-r0/dmesg_output.log
-----------------------
Central error: [ 19.043597] rngd[525]: segfault at 80098bb7 ip b77b14fc sp bfe9b380 error 7 in libc.so[b774c000+97000]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This also fixes upstream version check.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When using systemd as init rng-tools is causing a circular dependency
between units,
[ 7.706250] systemd[1]: basic.target: Found ordering cycle on
basic.target/start
[ 7.706934] systemd[1]: basic.target: Found dependency on
sysinit.target/start
[ 7.707795] systemd[1]: basic.target: Found dependency on
rng-tools.service/start
[ 7.708692] systemd[1]: basic.target: Found dependency on
basic.target/start
[ 7.709461] systemd[1]: basic.target: Breaking ordering cycle by
deleting job rng-tools.service/start
[ 7.710404] systemd[1]: rng-tools.service: Job rng-tools.service/start
deleted to break ordering cycle starting with basic.target/start
The problem is related to systemd running sysvinit scripts by default
add dependency of basic.target for sysvinit script so when sysvscript
is at rcS is added also as dependency of sysinit.target causing a
cirular dependency in this case: basic.target -> sysinit.target ->
rng-tools.service -> basic.target.
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Uclibc has its own argp implemented as libuargp. So, we add a new
option --enable-uclibc to select it.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The underquoted m4 caused build failures if libgcrypt wasn't present. The floating
dependency on libgcrypt was just plain incorrect, particularly given the incorrect
libgcrypt RDEPENDS. Change to use PACKAGECONFIG an default to on.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
musl doesn't provide argp, so we need argp-standalone, as we do for uclibc.
Rather than passing in -largp via the recipe, patch the configure script to
provide an argument for the libargp usage and check for it when needed, and
use PACKAGECONFIG. The initial patch to check for libargp and use it if
available came from Gentoo. The patches are kept separate despite the second
modifying what the first does, in order to keep the history/origin clear.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Randy MacLeod
david d zuhn
Michael Opdenacker
Xiangyu Chen
Alexander Kanavin
Khem Raj
Drew Moseley
Aníbal Limón
wangmy
Richard Purdie
Claudius Heine
zhengruoqin
Yi Zhao
Yann Dirson
Alex Kiernan
Wang Mingyu
Anuj Mittal
Bedel, Alban
Kai Kang
Nicola Lunghi
Adrian Bunk
Hongxu Jia
Christopher Larson
Joe Slater
Dengke Du
Ross Burton
Alexander Kanavin
Aníbal Limón
Maxin B. John