More fixes to the init script if there is no device at all. Also fix handling of rdrand, as --no-drng=0 misbehaves.

(Portage version: 2.2.0_alpha149/cvs/Linux x86_64, signed Manifest commit with key 1CD13C8AD4301342)

2 files changed, 20 insertions, 19 deletions

diff --git a/sys-apps/rng-tools/files/rngd-confd-4.1 b/sys-apps/rng-tools/files/rngd-confd-4.1
index e46dfcc3e867..c4303ba5448a 100644
--- a/sys-apps/rng-tools/files/rngd-confd-4.1
+++ b/sys-apps/rng-tools/files/rngd-confd-4.1
@@ -3,25 +3,28 @@
 # Please see "/usr/sbin/rngd --help" and "man rngd" for more information
 
 # If a single device is preferred, then specify it here, otherwise we will
-# search for suitable devices. TPM is specified via a later option, not this
-# one.
+# search for suitable devices.
 #DEVICE=
-#TPM_DEVICE=
 
 # Random step (Number of bytes written to random-device at a time):
 STEP=64
 
 # Should TPM be avoided?
-NO_TPM=0
+# NO_TPM=0
 
-# Should RDRAND be avoided?
-NO_DRNG=0
+# Should RDRAND be avoided? Please note that unless this is commented
+# out, RDRAND _will_ be disabled, as any value will cause it to be
+# disabled.
+# NO_DRNG=1
 
 # Fill watermark
 # 0 <= n <= 4096
 WATERMARK=2048
 
-# Bug #292239: Remixing /dev/urandom back into /dev/random is considered a
-# security vulnerability in some cases where not enough entropy is present on
-# systems.
+# Bug #292239: Remixing /dev/urandom back into /dev/random is
+# considered a security vulnerability in some cases where not enough
+# entropy is present on systems. If you don't have a real random
+# hardware generator, you're suggested to use a software designed for
+# the particular task of creating new entropy, such as
+# sys-apps/haveged.
 DO_NOT_REMIX_URANDOM=1
diff --git a/sys-apps/rng-tools/files/rngd-initd-4.1 b/sys-apps/rng-tools/files/rngd-initd-4.1
index 1478c15fd7c3..b2b1026e764b 100644
--- a/sys-apps/rng-tools/files/rngd-initd-4.1
+++ b/sys-apps/rng-tools/files/rngd-initd-4.1
@@ -1,7 +1,7 @@
 #!/sbin/runscript
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/files/rngd-initd-4.1,v 1.1 2012/12/16 00:02:42 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/files/rngd-initd-4.1,v 1.2 2012/12/16 08:25:58 flameeyes Exp $
 
 depend() {
 	need localmount
@@ -14,19 +14,17 @@ DEFAULT_DEVICE="/dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng*"
 [ $DO_NOT_REMIX_URANDOM -eq 0 ] && DEFAULT_DEVICE="${DEFAULT_DEVICE} /dev/urandom"
 
 find_device() {
-	# The echo is to cause globbing
 	local d
-	for d in $* ; do
-		[ -e "${d}" ] && break
+	# The echo is to cause globbing
+	for d in $(echo ${DEFAULT_DEVICE}) ; do
+		[ -e "${d}" ] && echo "${d}"
 	done
-	echo "${d}"
 }
 
-find_rng_device() {
-	echo "$(find_device $(echo ${DEVICE:-${DEFAULT_DEVICE}}) /dev/null)"
-}
+RNG_DEVICE="${DEVICE:-$(find_device)}"
 
 command=/usr/sbin/rngd
 pidfile="/var/run/${SVCNAME}.pid"
-command_args="--pid-file ${pidfile} --background --random-step ${STEP:-64} --no-tpm=${NO_TPM:-0} --no-drng=${NO_DRNG:-0} --fill-watermark ${WATERMARK} --rng-device $(find_rng_device)"
-start_stop_daemon_args="--retry SIGKILL/5 --wait 1000"
+command_args="--pid-file ${pidfile} --background --random-step ${STEP:-64} --no-tpm=${NO_TPM:-0} ${NO_DRNG:+--no-drng=1} --fill-watermark ${WATERMARK} ${RNG_DEVICE:+--rng-device $(find_rng_device)}"
+start_stop_daemon_args="--wait 1000"
+retry="SIGKILL/5000"