From fe2705c5b2668c3e484eee4f1e4054f4b937f058 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 26 Nov 2024 19:10:59 +0300 Subject: [PATCH] import rng-tools-6.17-3.el10 --- .gitignore | 1 + .rng-tools.metadata | 1 + SOURCES/1-rt-comment-out-have-aesni.patch | 42 ++++++++ SOURCES/2-rt-revert-build-randstat.patch | 26 +++++ SOURCES/rngd.service | 13 +++ SOURCES/rngd.sysconfig | 3 + SPECS/rng-tools.spec | 121 ++++++++++++++++++++++ 7 files changed, 207 insertions(+) create mode 100644 .gitignore create mode 100644 .rng-tools.metadata create mode 100644 SOURCES/1-rt-comment-out-have-aesni.patch create mode 100644 SOURCES/2-rt-revert-build-randstat.patch create mode 100644 SOURCES/rngd.service create mode 100644 SOURCES/rngd.sysconfig create mode 100644 SPECS/rng-tools.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..40d81d8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/rng-tools-6.17.tar.gz diff --git a/.rng-tools.metadata b/.rng-tools.metadata new file mode 100644 index 0000000..1904b4d --- /dev/null +++ b/.rng-tools.metadata @@ -0,0 +1 @@ +c950c97cf54d902559df02458ae205d9c7bb4fa6 SOURCES/rng-tools-6.17.tar.gz diff --git a/SOURCES/1-rt-comment-out-have-aesni.patch b/SOURCES/1-rt-comment-out-have-aesni.patch new file mode 100644 index 0000000..8661e6e --- /dev/null +++ b/SOURCES/1-rt-comment-out-have-aesni.patch @@ -0,0 +1,42 @@ +From 86a66ed41390fa5f98aade60a55376269fd163b0 Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Fri, 17 Sep 2021 01:04:51 +0200 +Subject: [PATCH] Comment out an unused assignment + +Covscan warns about an unused value. Comment it out. + +Defect type: UNUSED_VALUE: covscan warning: +rng-tools-6.13/rngd_rdrand.c:260: assigned_value: Assigning value +from "!!(info.ecx & 0x2000000U)" to "have_aesni" here, but that +stored value is overwritten before it can be used. + +Signed-off-by: Vladis Dronov +--- + rngd_rdrand.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git rngd_rdrand.c rngd_rdrand.c +index caa9d05..ea7b8fa 100644 +--- rngd_rdrand.c ++++ rngd_rdrand.c +@@ -239,7 +239,7 @@ int init_drng_entropy_source(struct rng *ent_src) + struct cpuid info; + /* We need RDRAND, but AESni is optional */ + const uint32_t features_ecx1_rdrand = 1 << 30; +- const uint32_t features_ecx1_aesni = 1 << 25; ++ //const uint32_t features_ecx1_aesni = 1 << 25; + const uint32_t features_ebx7_rdseed = 1 << 18; + uint32_t max_cpuid_leaf; + unsigned char xkey[AES_BLOCK]; /* Material to XOR into the key */ +@@ -257,7 +257,7 @@ int init_drng_entropy_source(struct rng *ent_src) + if (!(info.ecx & features_ecx1_rdrand)) + return 1; + +- have_aesni = !!(info.ecx & features_ecx1_aesni); ++ //have_aesni = !!(info.ecx & features_ecx1_aesni); + have_aesni = 0; /* BACK OUT NH */ + have_rdseed = 0; + if (max_cpuid_leaf >= 7) { +-- +2.26.3 + diff --git a/SOURCES/2-rt-revert-build-randstat.patch b/SOURCES/2-rt-revert-build-randstat.patch new file mode 100644 index 0000000..001450c --- /dev/null +++ b/SOURCES/2-rt-revert-build-randstat.patch @@ -0,0 +1,26 @@ +From de2ee0d8b7e8ad2915165ef941a6ec37442a2fdc Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Tue, 6 Jul 2021 14:36:46 +0200 +Subject: [PATCH] Revert "Build randstat binary" + +We do not want new and mostly useless randstat binary. +This reverts commit 2ce93190cb0111fcab2f622a539689d70960643a. + +Signed-off-by: Vladis Dronov +--- + contrib/Makefile.am | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git contrib/Makefile.am contrib/Makefile.am +index a81fb0e..18c4fbc 100644 +--- contrib/Makefile.am ++++ contrib/Makefile.am +@@ -1,2 +1,3 @@ +-bin_PROGRAMS = randstat +-randstat_SOURCES = randstat.c ++ ++EXTRA_DIST = randstat.c ++ +-- +2.26.3 + diff --git a/SOURCES/rngd.service b/SOURCES/rngd.service new file mode 100644 index 0000000..ffa8901 --- /dev/null +++ b/SOURCES/rngd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Daemon +ConditionVirtualization=!container +ConditionKernelCommandLine=!fips=1 + +# The "-f" option is required for the systemd service rngd to work with Type=simple +[Service] +Type=simple +EnvironmentFile=/etc/sysconfig/rngd +ExecStart=/usr/sbin/rngd -f $RNGD_ARGS + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/rngd.sysconfig b/SOURCES/rngd.sysconfig new file mode 100644 index 0000000..17f63ee --- /dev/null +++ b/SOURCES/rngd.sysconfig @@ -0,0 +1,3 @@ +# Optional arguments passed to rngd. See rngd(8) and +# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21 +RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -x namedpipe -D daemon:daemon" diff --git a/SPECS/rng-tools.spec b/SPECS/rng-tools.spec new file mode 100644 index 0000000..1127298 --- /dev/null +++ b/SPECS/rng-tools.spec @@ -0,0 +1,121 @@ +%global _hardened_build 1 + +# this is a correct if, bcond_with actually means without and vice versa +%if 0%{?rhel} && 0%{?rhel} >= 9 +%bcond_with pkcs11 +%bcond_with rtlsdr +%else +%bcond_without pkcs11 +%bcond_without rtlsdr +%endif + +Summary: Random number generator related utilities +Name: rng-tools +Version: 6.17 +Release: 3%{?dist} +License: GPL-2.0-or-later +URL: https://github.com/nhorman/rng-tools +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +Source1: rngd.service +Source2: rngd.sysconfig + +BuildRequires: gcc make binutils +BuildRequires: gettext +BuildRequires: systemd systemd-rpm-macros +BuildRequires: autoconf >= 2.57, automake >= 1.7 +BuildRequires: libgcrypt-devel libcurl-devel +BuildRequires: libxml2-devel openssl-devel +BuildRequires: jitterentropy-devel +BuildRequires: jansson-devel +BuildRequires: libcap-devel +%if %{with rtlsdr} +BuildRequires: rtl-sdr-devel +%endif +%if %{with pkcs11} +BuildRequires: libp11-devel +Suggests: opensc +%endif + +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +# This ensures that the selinux-policy package and all its dependencies +# are not pulled into containers and other systems that do not use SELinux. +Requires: (selinux-policy >= 36.5 if selinux-policy) + +Patch0: 1-rt-comment-out-have-aesni.patch +Patch1: 2-rt-revert-build-randstat.patch + +%description +This is a random number generator daemon and its tools. It monitors +a set of entropy sources present on a system (like /dev/hwrng, RDRAND, +TPM, jitter) and supplies entropy from them to a kernel entropy pool. + +%prep +%autosetup -p0 + +%build +%if !%{with pkcs11} +%define _without_pkcs11 --without-pkcs11 +%endif +%if !%{with rtlsdr} +%define _without_rtlsdr --without-rtlsdr +%endif + +./autogen.sh +# a dirty hack to force PIC for a PIC-aware assembly code for i686 +# /usr/lib/rpm/redhat/redhat-hardened-cc1 in Koji/Brew does not +# force PIC for assembly sources as of now +%ifarch i386 i686 +sed -i -e '/^#define RDRAND_RETRY_LIMIT\t10/a#define __PIC__ 1' rdrand_asm.S +%endif +# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS +sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in +%configure %{?_without_pkcs11} %{?_without_rtlsdr} +%make_build + +%install +%make_install + +# install systemd unit file +install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} +# install sysconfig file +install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd + +%post +%systemd_post rngd.service + +%preun +%systemd_preun rngd.service + +%postun +%systemd_postun_with_restart rngd.service + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc AUTHORS README.md +%{_bindir}/rngtest +%{_sbindir}/rngd +%{_mandir}/man1/rngtest.1.* +%{_mandir}/man8/rngd.8.* +%attr(0644,root,root) %{_unitdir}/rngd.service +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/rngd + +%changelog +* Mon Jun 24 2024 Troy Dawson - 6.17-3 +- Bump release for June 2024 mass rebuild + +* Wed Jun 19 2024 Vladis Dronov - 6.17-2 +- Add Intel CET IBT instrumentation to assembly code +- Update to the upstream v6.17 @ ac43f912 (RHEL-36771) + +* Wed Jun 05 2024 Vladis Dronov - 6.17-1 +- Update to the upstream v6.17 @ 2160b9c3 (RHEL-36771) + +* Sat Mar 30 2024 Vladis Dronov - 6.16-7 +- Update to the upstream v6.16 + tip of origin/master @ 98cf8d63 + +* Fri Jan 26 2024 Vladis Dronov - 6.16-6 +- Initial import from Fedora 40