From patchwork Sun Feb 5 18:06:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6485 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4P8y5B3WmYz3wkQ for ; Sun, 5 Feb 2023 18:06:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4P8y581hZHz1wf; Sun, 5 Feb 2023 18:06:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4P8y576NdXz2xn6; Sun, 5 Feb 2023 18:06:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4P8y564wGxz2xSN for ; Sun, 5 Feb 2023 18:06:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4P8y554pl2zT0; Sun, 5 Feb 2023 18:06:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1675620393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=uGloqhcvq6TeodCPqwzwb5HuWiv7H/7wfuiM0sCLsE4=; b=xQDixS5qMdwIm8BHXU5v5eU7sENkaYFUi8SfD/XVjrxrcgTOitTpF84WKGnoyE58OYkw3l YJJCq7/RqJJ39vDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1675620393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=uGloqhcvq6TeodCPqwzwb5HuWiv7H/7wfuiM0sCLsE4=; b=YPLVXgiIliz3QpfzME2Ss6gh5hbbInA3x2ObP5lgWjJYBGZ6rk1aP/NpQwMAHM9XXb8w1b Rl1sjJIchO+YyOOV9ssNHOmnQ4+shyVTmAfEVWw4mC6HbRaJp0vXJq9vwAU7viMkRqIQ9Q b+6T0kvmftKjRsQ9E8UuZ2MMz/D5MRNdYLbsbczxpzyZ3hjK4zVNUI/pfIcV8BzIZNcNQX voJqo0XsA7Q3N8zsf295Gevrs6q1TjOgR10xuzo1Ii5lOidAG2fjSupPRWmjNGzAxX1crJ vJXXFxwTEx2lJjirD+EJmrXZ50vkVoWhcs7mF/JdZ1oESF45OoqJxK6goJCAgA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 1/2] rng-tools: Move from core package to addon - fixes bug 12900 Date: Sun, 5 Feb 2023 19:06:26 +0100 Message-Id: <20230205180627.3409158-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - This patch is to move the rng-tools package from a core package to an addon. With the kernel changes from 5.6 rngd is no longer needed to create the required kernel entropy. - The results from HRNG's via rngd are used with an XOR after the entropy is collected by the kernel. So the HWRNG output is used to dilute the kernel random number data, which is already merged from several sources. - Based on the above and @Paul's request in the bug report to have rng-tools kept as an addon this patch set is submitted for consideration to keep rng-tools but as an addon. - move rng-tools rootfile from common to packages - Modify rng-tools lfs from core package to addon package - Create rng-tools pak to install and uninstall - creating rc.d links for start & stop. - Move rngd initscript from system to packages directory. - Installed into my vm testbed and confirmed that it works. No rngd daemon installed from iso install. After addon install rngd is present and running. Added various files to be able to test the services wui page. rngd shows up and can be turned off and on Fixes: Bug#12900 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Reviewed-by: Bernhard Bitsch --- .../rootfiles/{common => packages}/rng-tools | 2 ++ lfs/rng-tools | 14 ++++++++- src/initscripts/{system => packages}/rngd | 0 src/paks/rng-tools/install.sh | 30 +++++++++++++++++++ src/paks/rng-tools/uninstall.sh | 28 +++++++++++++++++ src/paks/rng-tools/update.sh | 26 ++++++++++++++++ 6 files changed, 99 insertions(+), 1 deletion(-) rename config/rootfiles/{common => packages}/rng-tools (69%) rename src/initscripts/{system => packages}/rngd (100%) create mode 100644 src/paks/rng-tools/install.sh create mode 100644 src/paks/rng-tools/uninstall.sh create mode 100644 src/paks/rng-tools/update.sh diff --git a/config/rootfiles/common/rng-tools b/config/rootfiles/packages/rng-tools similarity index 69% rename from config/rootfiles/common/rng-tools rename to config/rootfiles/packages/rng-tools index 596a911c1..fbeda7800 100644 --- a/config/rootfiles/common/rng-tools +++ b/config/rootfiles/packages/rng-tools @@ -1,4 +1,6 @@ +usr/bin/randstat usr/bin/rngtest usr/sbin/rngd #usr/share/man/man1/rngtest.1 #usr/share/man/man8/rngd.8 +etc/rc.d/init.d/rngd diff --git a/lfs/rng-tools b/lfs/rng-tools index cafb1bcda..6a85a8482 100644 --- a/lfs/rng-tools +++ b/lfs/rng-tools @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,12 +25,19 @@ include Config VER = 6.14 +SUMMARY = This is a random number generator daemon THISAPP = rng-tools-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) +PROG = rng-tools +PAK_VER = 1 + +DEPS = + +SERVICES = rngd ############################################################################### # Top-level Rules @@ -50,6 +57,9 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects)) b2 : $(subst %,%_BLAKE2,$(objects)) +dist: + @$(PAK) + ############################################################################### # Downloading, checking, b2sum ############################################################################### @@ -77,5 +87,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --without-rtlsdr cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make $(EXTRA_INSTALL) install + #install initscript + $(call INSTALL_INITSCRIPTS,$(SERVICES)) @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/initscripts/system/rngd b/src/initscripts/packages/rngd similarity index 100% rename from src/initscripts/system/rngd rename to src/initscripts/packages/rngd diff --git a/src/paks/rng-tools/install.sh b/src/paks/rng-tools/install.sh new file mode 100644 index 000000000..a53ccc43c --- /dev/null +++ b/src/paks/rng-tools/install.sh @@ -0,0 +1,30 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2023 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +# create startlinks +ln -sf ../init.d/rngd /etc/rc.d/rc0.d/K35rngd +ln -sf ../init.d/rngd /etc/rc.d/rc3.d/S65rngd +ln -sf ../init.d/rngd /etc/rc.d/rc6.d/K35rngd +start_service --background rngd diff --git a/src/paks/rng-tools/uninstall.sh b/src/paks/rng-tools/uninstall.sh new file mode 100644 index 000000000..cc9fbb355 --- /dev/null +++ b/src/paks/rng-tools/uninstall.sh @@ -0,0 +1,28 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2023 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +stop_service rngd +remove_files +# Remove all start links. +rm -rf /etc/rc.d/rc*.d/*rngd diff --git a/src/paks/rng-tools/update.sh b/src/paks/rng-tools/update.sh new file mode 100644 index 000000000..83bd0ad98 --- /dev/null +++ b/src/paks/rng-tools/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2023 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh +./install.sh From patchwork Sun Feb 5 18:06:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6486 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4P8y5C4r45z3ww4 for ; Sun, 5 Feb 2023 18:06:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4P8y590n47z38B; Sun, 5 Feb 2023 18:06:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4P8y580Gm6z30GL; Sun, 5 Feb 2023 18:06:36 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4P8y565D7Nz2ySr for ; Sun, 5 Feb 2023 18:06:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4P8y563BJ7z17v; Sun, 5 Feb 2023 18:06:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1675620394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pgL93Xcz4wgPM2ZC3xKQ6sWPnCAlq/Uf/xNjOYU/OiM=; b=UFXc3vJFOI4kdDD0HbSRZHhov+vNk0ggeoYkf8fHtCjRizel7aWptDm/lVsKxe2E7J+v8Y QIA4y8v2fkfnWCCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1675620394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pgL93Xcz4wgPM2ZC3xKQ6sWPnCAlq/Uf/xNjOYU/OiM=; b=rdnblLZpumug16OIr/vVwynR58llxa0Ap4EzWk0bniP69FGiPAfkN+E6WkPQy/Yzhgqg67 n5wALzx0Y0L5EkfBVqt13NOvd4L5yppQzHct579gigy+Dan3eY7Q7eMPIuwhEKFJbXqAnv sMuWGKbLq+iPklurPhao8zDwYW0jv5stRAbdPVUcTxi+gGzo5S3KHO3rzmP/G2S08ffcZf FantyKBaAue+ZpBIKVIKT3ZrWXlJOIUFXh/Y5gPnTT05WAg3jWwUznGDgO17CLWDEGiG+Y jI6YXJqoC9D3pMM0TfMVKZc6ggYpdqGaqg4c98FPeBLltN0LEbWIpnprBDJTQg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/2] initscripts: Remove rngd from the core package initscripts Date: Sun, 5 Feb 2023 19:06:27 +0100 Message-Id: <20230205180627.3409158-2-adolf.belka@ipfire.org> In-Reply-To: <20230205180627.3409158-1-adolf.belka@ipfire.org> References: <20230205180627.3409158-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - rngd removed from initscripts lfs and rootfiles due to change of rng-tools to addon Fixes: Bug#12900 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Reviewed-by: Bernhard Bitsch --- config/rootfiles/common/aarch64/initscripts | 2 -- config/rootfiles/common/armv6l/initscripts | 2 -- config/rootfiles/common/x86_64/initscripts | 2 -- lfs/initscripts | 1 - 4 files changed, 7 deletions(-) diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index d0c01c006..dc6c0fd24 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -73,7 +73,6 @@ etc/rc.d/init.d/pakfire etc/rc.d/init.d/partresize etc/rc.d/init.d/rc etc/rc.d/init.d/reboot -etc/rc.d/init.d/rngd etc/rc.d/init.d/sendsignals etc/rc.d/init.d/setclock etc/rc.d/init.d/smartenabler @@ -185,7 +184,6 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock -etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/armv6l/initscripts b/config/rootfiles/common/armv6l/initscripts index d0c01c006..dc6c0fd24 100644 --- a/config/rootfiles/common/armv6l/initscripts +++ b/config/rootfiles/common/armv6l/initscripts @@ -73,7 +73,6 @@ etc/rc.d/init.d/pakfire etc/rc.d/init.d/partresize etc/rc.d/init.d/rc etc/rc.d/init.d/reboot -etc/rc.d/init.d/rngd etc/rc.d/init.d/sendsignals etc/rc.d/init.d/setclock etc/rc.d/init.d/smartenabler @@ -185,7 +184,6 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock -etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 628b59969..1848f8ebc 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -73,7 +73,6 @@ etc/rc.d/init.d/pakfire etc/rc.d/init.d/partresize etc/rc.d/init.d/rc etc/rc.d/init.d/reboot -etc/rc.d/init.d/rngd etc/rc.d/init.d/sendsignals etc/rc.d/init.d/setclock etc/rc.d/init.d/smartenabler @@ -184,7 +183,6 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock -etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init diff --git a/lfs/initscripts b/lfs/initscripts index c6a5f3835..55f0066e5 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -170,7 +170,6 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rcsysinit.d/S60setclock ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock - ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init