diff options
-rw-r--r-- | sys-apps/rng-tools/Manifest | 1 | ||||
-rw-r--r-- | sys-apps/rng-tools/files/rngd-confd-6.7 | 90 | ||||
-rw-r--r-- | sys-apps/rng-tools/files/rngd-initd-6.7 | 64 | ||||
-rw-r--r-- | sys-apps/rng-tools/metadata.xml | 3 | ||||
-rw-r--r-- | sys-apps/rng-tools/rng-tools-6.7.ebuild | 89 |
5 files changed, 247 insertions, 0 deletions
diff --git a/sys-apps/rng-tools/Manifest b/sys-apps/rng-tools/Manifest index a941e025d1f0..d17b7055c3c1 100644 --- a/sys-apps/rng-tools/Manifest +++ b/sys-apps/rng-tools/Manifest @@ -6,4 +6,5 @@ DIST rng-tools-6.3.tar.gz 31474 BLAKE2B 4d3924b3ca85d31d1999ceb45908cf64e8d2978d DIST rng-tools-6.4.tar.gz 41248 BLAKE2B 16000e0779cf7aa25936a95661a0c40d4f0f12ed91fa36160924782d22a1057838bfb466f60614f91ef6c5576e0a29b6c1028bb72d5f5403c9a61d8f5ec16edd SHA512 12da9819b6e9a9ea688e82d1689642a690f6c9d78ad5fcf159a71b37a49f79120c8f62d4e1b8e81a496eac46a28137c5c87973499b31e1881a7866de99a168f0 DIST rng-tools-6.5.tar.gz 51484 BLAKE2B 92700cbe1b48244effeae4f058507c27f8c9714f9bb5435ee7c6c08e260ce57891084208ea62391ab68b6551a3d95997c91d88020e9541564488abcf2041e479 SHA512 ae356ae18cb8584a594519038789d17e0f1b3d30122c058f86f3919a9c5ebfe0c48f8d7bfa6154b37d4f92d89c8b8a4a91007de0d1262ce5b86af19248c57bd0 DIST rng-tools-6.6.tar.gz 51468 BLAKE2B 47231c60d78a48ade07855dfe8a807d6c10b8e27dc662ff7d98cf232b50e6c32f24197291a813d6ed6d15325a33fe9683d82943109a80cac1d9e348fc30cb849 SHA512 00bbe7f817d8f228f357a79ca270c27c62c0e588a99cd76917ecb7e88dfb627028c66497a59c9918205f3551aaf631963c8fd6504cb4198ddf57f714204c21c4 +DIST rng-tools-6.7.tar.gz 52792 BLAKE2B 3789aa4c6e2f024dcaef6b9b51521e206d65500a94ab456db61dc45c69ac5e4849a1e74abbe0f7640827ffb4bb20675c1f639a5be852d21d0d1a3c6b2e96bb5e SHA512 2f09edacb5448087041257326faf570c303b42f90bb695a1999b2c7543f20a28b15cdf705a2eca55cae8e9cf9fb5205c056fc26cfaf6af958bcda2cde1952b4d DIST rng-tools-6.tar.gz 26024 BLAKE2B a523328fcce56997e2847940cdc096abd5a539135f857f0a4cd3d782a1659f4d2978870149caac47b839c80788df6a3d891adcd39371d5968149dd29bc46bc62 SHA512 2aea947c4dba5e8c4df33396957f7224b62200be0e3d10aac08c84155fa473a67df5f49e07a07b2cbea4dfd772d90c1b194e8fce3d8eea762463a7f4a16d6ce4 diff --git a/sys-apps/rng-tools/files/rngd-confd-6.7 b/sys-apps/rng-tools/files/rngd-confd-6.7 new file mode 100644 index 000000000000..20aa3281d535 --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-confd-6.7 @@ -0,0 +1,90 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# /etc/conf.d/rngd +# Please see "/usr/sbin/rngd --help" and "man rngd" for more information + +# Space-delimited list of entropy sources to enable +# Note that some of the entropy sources may require certain USE flags +# to be enabled or require hardware support to function properly +# Entropy sources not specified here (or in the exclude list below) +# will be enabled/disabled based on rngd default behavior +# +# Choose from the list: +# hwrng: Hardware RNG Device +# tpm: TPM RNG Device (Deprecated) +# rdrand: Intel RDRAND Instruction RNG +# darn: Power9 DARN Instruction RNG +# nist: NIST Network Entropy Beacon +# (UNSAFE for cryptographic operations) +# jitter: JITTER Entropy Generator +# pkcs11: PKCS11 Entropy Generator +# +#INCLUDE_ENTROPY_SOURCES="hwrng tpm rdrand darn nist jitter pkcs11" + + +# Space-delimited list of entropy sources to disable +# This is useful for disabling certain entropy sources even +# when they are supported on the system +# +#EXCLUDE_ENTROPY_SOURCES="nist tpm" + + +# Entropy source specific options: +# +# +# hwrng device used for random number input: +# +#HWRNG_DEVICE="/dev/hwrng" +# +# +# rdrand options: +# use_aes:(BOOLEAN) +# +#RDRAND_OPTIONS="use_aes:1" +# +# +# darn options: +# use_aes:(BOOLEAN) +# +#DARN_OPTIONS="use_aes:1" +# +# +# jitter options: +# thread_count:(INTEGER) +# buffer_size:(INTEGER) +# refill_thresh:(INTEGER) +# retry_count:(INTEGER) +# retry_delay:(INTEGER) +# use_aes:(BOOLEAN) +# +#JITTER_OPTIONS="thread_count:4 buffer_size:16535 refill_thresh:16535" +#JITTER_OPTIONS="${JITTER_OPTIONS} retry_count:1 retry_delay:-1 use_aes:1" +# +# +# pkcs11 options: +# engine_path:(STRING) +# chunk_size:(INTEGER) +# +#PKCS11_OPTIONS="engine_path:/usr/lib64/opensc-pkcs11.so chunk_size:1" + + +# Kernel device used for random number output +# +#RANDOM_DEVICE="/dev/random" + + +# Random step (Number of bytes written to random-device at a time): +# +#STEP=64 + + +# Fill watermark +# 0 <= n <= `sysctl kernel.random.poolsize` +# +#WATERMARK=2048 + + +# Any extra arguments for rngd +# +#EXTRA_ARGS="" diff --git a/sys-apps/rng-tools/files/rngd-initd-6.7 b/sys-apps/rng-tools/files/rngd-initd-6.7 new file mode 100644 index 000000000000..e85581ba6cb4 --- /dev/null +++ b/sys-apps/rng-tools/files/rngd-initd-6.7 @@ -0,0 +1,64 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need localmount + after urandom + provide entropy +} + +command="/usr/sbin/rngd" +description="Check and feed random data from hardware device to kernel entropy pool." +pidfile="/var/run/${RC_SVCNAME}.pid" +command_args="" +command_args_background="--pid-file ${pidfile} --background" +start_stop_daemon_args="--wait 1000" +retry="SIGKILL/5000" + + +# Parse rngd confd file for extra command line arguments +start_pre() { + for entsrc in ${INCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -n ${entsrc}" + done + + for entsrc in ${EXCLUDE_ENTROPY_SOURCES}; do + command_args="${command_args} -x ${entsrc}" + done + + if [ "x${HWRNG_DEVICE}" != "x" ]; then + command_args="${command_args} --rng-device=${HWRNG_DEVICE}" + fi + + for entsrc_opt in ${RDRAND_OPTIONS}; do + command_args="${command_args} -O rdrand:${entsrc_opt}" + done + + for entsrc_opt in ${DARN_OPTIONS}; do + command_args="${command_args} -O darn:${entsrc_opt}" + done + + for entsrc_opt in ${JITTER_OPTIONS}; do + command_args="${command_args} -O jitter:${entsrc_opt}" + done + + for entsrc_opt in ${PKCS11_OPTIONS}; do + command_args="${command_args} -O pkcs11:${entsrc_opt}" + done + + if [ "x${RANDOM_DEVICE}" != "x" ]; then + command_args="${command_args} --random-device=${RANDOM_DEVICE}" + fi + + if [ "x${STEP}" != "x" ]; then + command_args="${command_args} --random-step=${STEP}" + fi + + if [ "x${WATERMARK}" != "x" ]; then + command_args="${command_args} --fill-watermark=${WATERMARK}" + fi + + command_args="${command_args} ${EXTRA_ARGS}" + return 0 +} diff --git a/sys-apps/rng-tools/metadata.xml b/sys-apps/rng-tools/metadata.xml index 911b7587f660..69907447109c 100644 --- a/sys-apps/rng-tools/metadata.xml +++ b/sys-apps/rng-tools/metadata.xml @@ -16,6 +16,9 @@ <flag name="nistbeacon"> Enable NIST beacon entropy support </flag> + <flag name="pkcs11"> + Enable PKCS11 entropy support + </flag> </use> <upstream> <remote-id type="github">nhorman/rng-tools</remote-id> diff --git a/sys-apps/rng-tools/rng-tools-6.7.ebuild b/sys-apps/rng-tools/rng-tools-6.7.ebuild new file mode 100644 index 000000000000..3259cb07f84b --- /dev/null +++ b/sys-apps/rng-tools/rng-tools-6.7.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools systemd readme.gentoo-r1 toolchain-funcs + +DESCRIPTION="Daemon to use hardware random number generators" +HOMEPAGE="https://github.com/nhorman/rng-tools" +SRC_URI="https://github.com/nhorman/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~x86" +IUSE="jitterentropy nistbeacon pkcs11 selinux" + +DEPEND="dev-libs/libgcrypt:0 + dev-libs/libgpg-error + sys-fs/sysfsutils + jitterentropy? ( + app-crypt/jitterentropy:= + ) + nistbeacon? ( + net-misc/curl[ssl] + dev-libs/libxml2:2= + dev-libs/openssl:0= + ) + pkcs11? ( + dev-libs/libp11:= + ) + elibc_musl? ( sys-libs/argp-standalone ) +" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-rngd )" +DEPEND="${DEPEND} + nistbeacon? ( + virtual/pkgconfig + ) +" + +PATCHES=( + "${FILESDIR}"/test-for-argp.patch + "${FILESDIR}"/${PN}-5-fix-textrels-on-PIC-x86.patch #469962 +) + +src_prepare() { + echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am || die + default + + mv README.md README || die + + eautoreconf + + sed -i '/^AR /d' Makefile.in || die + tc-export AR +} + +src_configure() { + local myeconfargs=( + $(use_enable jitterentropy) + $(use_with nistbeacon) + $(use_with pkcs11) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + newinitd "${FILESDIR}"/rngd-initd-6.7 rngd + newconfd "${FILESDIR}"/rngd-confd-6.7 rngd + systemd_dounit "${FILESDIR}"/rngd.service + + if use pkcs11; then + local DISABLE_AUTOFORMATTING=1 + local DOC_CONTENTS=" +The PKCS11 entropy source may require extra packages (e.g. 'dev-libs/opensc') +to support various smartcard readers. Make sure 'PKCS11_OPTIONS' in: + '${EROOT%/}/etc/conf.d/rngd' +reflects the correct PKCS11 engine path to be used by rngd. +" + readme.gentoo_create_doc + fi + +} + +pkg_postinst() { + use pkcs11 && readme.gentoo_print_elog +} |