diff options
author | Randy MacLeod <Randy.MacLeod@windriver.com> | 2024-01-18 11:59:35 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-01-19 11:53:56 +0000 |
commit | 828afafb3bff54079fcba9bdab2ec87ac13e4ce6 (patch) | |
tree | 30e22b29d557e1afb4b188f130d89050542e6ac4 | |
parent | 4bc0eb4bd90e6e6e46581a8ed367212bdd910a26 (diff) | |
download | openembedded-core-828afafb3bff54079fcba9bdab2ec87ac13e4ce6.tar.gz |
rng-tools: Revert "rng-tools: move to meta-oe"
This reverts commit d2b445384da3f3e6dab8577b6c56648b5244a788.
Revert this commit since:
- some systems using oe-core master may still be using kernels from
before 5.6 pulled in the rng-tools algorithm, and
- some hardware platforms may not have a hardware random number generator
and could therefore need to run rngd to avoid long boot-time initialization
due to a depleted entropy pool.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/conf/distro/include/maintainers.inc | 1 | ||||
-rw-r--r-- | meta/recipes-support/rng-tools/rng-tools/default | 1 | ||||
-rw-r--r-- | meta/recipes-support/rng-tools/rng-tools/init | 42 | ||||
-rw-r--r-- | meta/recipes-support/rng-tools/rng-tools/rng-tools.service | 32 | ||||
-rw-r--r-- | meta/recipes-support/rng-tools/rng-tools_6.16.bb | 69 |
5 files changed, 145 insertions, 0 deletions
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 31023021ac..8dc63b138e 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -739,6 +739,7 @@ RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>" RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>" +RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-rpm = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>" diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default new file mode 100644 index 0000000000..b9f8e03635 --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/default @@ -0,0 +1 @@ +EXTRA_ARGS="-r /dev/hwrng" diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init new file mode 100644 index 0000000000..13f0ecd37c --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/init @@ -0,0 +1,42 @@ +#!/bin/sh +# +# This is an init script for openembedded +# Copy it to @SYSCONFDIR@/init.d/rng-tools and type +# > update-rc.d rng-tools defaults 60 +# + +rngd=@SBINDIR@/rngd +test -x "$rngd" || exit 1 + +[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools" + +case "$1" in + start) + echo -n "Starting random number generator daemon" + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS + echo "." + ;; + stop) + echo -n "Stopping random number generator daemon" + start-stop-daemon -K -q -n rngd + echo "." + ;; + reload|force-reload) + echo -n "Signalling rng daemon restart" + start-stop-daemon -K -q -s 1 -x $rngd + start-stop-daemon -K -q -s 1 -x $rngd + ;; + restart) + echo -n "Stopping random number generator daemon" + start-stop-daemon -K -q -n rngd + echo "." + echo -n "Starting random number generator daemon" + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS + echo "." + ;; + *) + echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" + exit 1 +esac + +exit 0 diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service new file mode 100644 index 0000000000..5ae2fba215 --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service @@ -0,0 +1,32 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Daemon +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionVirtualization=!container + +[Service] +EnvironmentFile=-@SYSCONFDIR@/default/rng-tools +ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS +CapabilityBoundingSet=CAP_SYS_ADMIN +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service + +[Install] +WantedBy=sysinit.target diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb new file mode 100644 index 0000000000..f0aa3ff93f --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools_6.16.bb @@ -0,0 +1,69 @@ +SUMMARY = "Random number generator daemon" +DESCRIPTION = "Check and feed random data from hardware device to kernel" +HOMEPAGE = "https://github.com/nhorman/rng-tools" +BUGTRACKER = "https://github.com/nhorman/rng-tools/issues" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +DEPENDS = "openssl libcap" + +SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ + file://init \ + file://default \ + file://rng-tools.service \ + " +SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2" + +S = "${WORKDIR}/git" + +inherit autotools update-rc.d systemd pkgconfig + +EXTRA_OECONF = "--without-rtlsdr" + +PACKAGECONFIG ??= "libjitterentropy" +PACKAGECONFIG:libc-musl = "libargp libjitterentropy" + +PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," +PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" +PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" +PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2" +PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl" + +INITSCRIPT_PACKAGES = "${PN}-service" +INITSCRIPT_NAME:${PN}-service = "rng-tools" +INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ." + +SYSTEMD_PACKAGES = "${PN}-service" +SYSTEMD_SERVICE:${PN}-service = "rng-tools.service" + +CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER " + +PACKAGES =+ "${PN}-service" + +FILES:${PN}-service += " \ + ${sysconfdir}/init.d/rng-tools \ + ${sysconfdir}/default/rng-tools \ +" + +# Refer autogen.sh in rng-tools +do_configure:prepend() { + cp ${S}/README.md ${S}/README +} + +do_install:append() { + install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools + install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools + install -Dm 0644 ${WORKDIR}/rng-tools.service \ + ${D}${systemd_system_unitdir}/rng-tools.service + sed -i \ + -e 's,@SYSCONFDIR@,${sysconfdir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${sysconfdir}/init.d/rng-tools \ + ${D}${systemd_system_unitdir}/rng-tools.service + + if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then + sed -i \ + -e '/^IPAddressDeny=any/d' \ + -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \ + ${D}${systemd_system_unitdir}/rng-tools.service + fi +} |