Message ID | 20240110202501.1554379-1-Randy.MacLeod@windriver.com |
---|---|
State | Accepted, archived |
Commit | 9a651e5bc2492cf864261e8f17e4cbe34d6d48ce |
Headers | show |
Series | rng-tools: move to meta-oe | expand |
This is breaking meta-agl-core until this gets into meta-oe: https://autobuilder.yoctoproject.org/typhoon/#/builders/120/builds/3849/steps/14/logs/stdio On 10/01/2024 15:25:01-0500, Randy MacLeod via lists.openembedded.org wrote: > From: Randy MacLeod <Randy.MacLeod@windriver.com> > > Nothing in oe-core depends on rng-tools anymore: > e7e1bc43ca rng-tools: splitting the rng-tools systemd/sysvinit serivce as a package > so move it to meta-oe for people who still want to run rngd > as a service for some reason or for those who want to run rng-test. > > Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> > --- > meta/conf/distro/include/maintainers.inc | 1 - > .../rng-tools/rng-tools/default | 1 - > meta/recipes-support/rng-tools/rng-tools/init | 42 ----------- > .../rng-tools/rng-tools/rng-tools.service | 32 --------- > .../rng-tools/rng-tools_6.16.bb | 69 ------------------- > 5 files changed, 145 deletions(-) > delete mode 100644 meta/recipes-support/rng-tools/rng-tools/default > delete mode 100644 meta/recipes-support/rng-tools/rng-tools/init > delete mode 100644 meta/recipes-support/rng-tools/rng-tools/rng-tools.service > delete mode 100644 meta/recipes-support/rng-tools/rng-tools_6.16.bb > > diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc > index 8dc63b138e..31023021ac 100644 > --- a/meta/conf/distro/include/maintainers.inc > +++ b/meta/conf/distro/include/maintainers.inc > @@ -739,7 +739,6 @@ RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>" > RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>" > RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>" > RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>" > -RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal <anuj.mittal@intel.com>" > RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>" > RECIPE_MAINTAINER:pn-rpm = "Unassigned <unassigned@yoctoproject.org>" > RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>" > diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default > deleted file mode 100644 > index b9f8e03635..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools/default > +++ /dev/null > @@ -1 +0,0 @@ > -EXTRA_ARGS="-r /dev/hwrng" > diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init > deleted file mode 100644 > index 13f0ecd37c..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools/init > +++ /dev/null > @@ -1,42 +0,0 @@ > -#!/bin/sh > -# > -# This is an init script for openembedded > -# Copy it to @SYSCONFDIR@/init.d/rng-tools and type > -# > update-rc.d rng-tools defaults 60 > -# > - > -rngd=@SBINDIR@/rngd > -test -x "$rngd" || exit 1 > - > -[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools" > - > -case "$1" in > - start) > - echo -n "Starting random number generator daemon" > - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > - echo "." > - ;; > - stop) > - echo -n "Stopping random number generator daemon" > - start-stop-daemon -K -q -n rngd > - echo "." > - ;; > - reload|force-reload) > - echo -n "Signalling rng daemon restart" > - start-stop-daemon -K -q -s 1 -x $rngd > - start-stop-daemon -K -q -s 1 -x $rngd > - ;; > - restart) > - echo -n "Stopping random number generator daemon" > - start-stop-daemon -K -q -n rngd > - echo "." > - echo -n "Starting random number generator daemon" > - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > - echo "." > - ;; > - *) > - echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" > - exit 1 > -esac > - > -exit 0 > diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service > deleted file mode 100644 > index 5ae2fba215..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service > +++ /dev/null > @@ -1,32 +0,0 @@ > -[Unit] > -Description=Hardware RNG Entropy Gatherer Daemon > -DefaultDependencies=no > -Conflicts=shutdown.target > -Before=sysinit.target shutdown.target > -ConditionVirtualization=!container > - > -[Service] > -EnvironmentFile=-@SYSCONFDIR@/default/rng-tools > -ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS > -CapabilityBoundingSet=CAP_SYS_ADMIN > -IPAddressDeny=any > -LockPersonality=yes > -MemoryDenyWriteExecute=yes > -NoNewPrivileges=yes > -PrivateTmp=yes > -ProtectControlGroups=yes > -ProtectHome=yes > -ProtectHostname=yes > -ProtectKernelModules=yes > -ProtectKernelLogs=yes > -ProtectSystem=strict > -RestrictAddressFamilies=AF_UNIX > -RestrictNamespaces=yes > -RestrictRealtime=yes > -RestrictSUIDSGID=yes > -SystemCallArchitectures=native > -SystemCallErrorNumber=EPERM > -SystemCallFilter=@system-service > - > -[Install] > -WantedBy=sysinit.target > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb > deleted file mode 100644 > index f0aa3ff93f..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools_6.16.bb > +++ /dev/null > @@ -1,69 +0,0 @@ > -SUMMARY = "Random number generator daemon" > -DESCRIPTION = "Check and feed random data from hardware device to kernel" > -HOMEPAGE = "https://github.com/nhorman/rng-tools" > -BUGTRACKER = "https://github.com/nhorman/rng-tools/issues" > -LICENSE = "GPL-2.0-only" > -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > -DEPENDS = "openssl libcap" > - > -SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ > - file://init \ > - file://default \ > - file://rng-tools.service \ > - " > -SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2" > - > -S = "${WORKDIR}/git" > - > -inherit autotools update-rc.d systemd pkgconfig > - > -EXTRA_OECONF = "--without-rtlsdr" > - > -PACKAGECONFIG ??= "libjitterentropy" > -PACKAGECONFIG:libc-musl = "libargp libjitterentropy" > - > -PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," > -PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" > -PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" > -PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2" > -PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl" > - > -INITSCRIPT_PACKAGES = "${PN}-service" > -INITSCRIPT_NAME:${PN}-service = "rng-tools" > -INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ." > - > -SYSTEMD_PACKAGES = "${PN}-service" > -SYSTEMD_SERVICE:${PN}-service = "rng-tools.service" > - > -CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER " > - > -PACKAGES =+ "${PN}-service" > - > -FILES:${PN}-service += " \ > - ${sysconfdir}/init.d/rng-tools \ > - ${sysconfdir}/default/rng-tools \ > -" > - > -# Refer autogen.sh in rng-tools > -do_configure:prepend() { > - cp ${S}/README.md ${S}/README > -} > - > -do_install:append() { > - install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools > - install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools > - install -Dm 0644 ${WORKDIR}/rng-tools.service \ > - ${D}${systemd_system_unitdir}/rng-tools.service > - sed -i \ > - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ > - -e 's,@SBINDIR@,${sbindir},g' \ > - ${D}${sysconfdir}/init.d/rng-tools \ > - ${D}${systemd_system_unitdir}/rng-tools.service > - > - if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then > - sed -i \ > - -e '/^IPAddressDeny=any/d' \ > - -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \ > - ${D}${systemd_system_unitdir}/rng-tools.service > - fi > -} > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#193523): https://lists.openembedded.org/g/openembedded-core/message/193523 > Mute This Topic: https://lists.openembedded.org/mt/103649050/3617179 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On 2024-01-15 11:58 a.m., Alexandre Belloni via lists.openembedded.org wrote: > This is breaking meta-agl-core until this gets into meta-oe: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/120/builds/3849/steps/14/logs/stdio Thanks Alexandre. Stephane, Jan-Simon, Is rng-tools actually still a requirement for meta-agl ? It was added back in 2018 but the kernel algorithm improved as of 5.6: https://lists.openembedded.org/g/openembedded-core/message/178518 ../Randy commit c55cb9e43a4ff26224cd917f91c057f15535ee3b Author: Stephane Desneux <stephane.desneux@iot.bzh> Date: Thu Sep 6 17:53:26 2018 agl-profile-core/packagegroup-agl-core-boot: add rng-tools On some boards (typically Minnowboard Max), the kernel's random number entropy pool may fill too slowly. As a consequence, if many processes ask for random data at the same time, the reads on /dev/random are blocked until the entropy pool has been filled. This patch adds rng-tools in the core images: the rngd daemon will start at boot and fill the entropy pool. Bug-AGL: SPEC-1655 Change-Id: Icbcf6a9ea685774dd13e33597689a3fd05aaadf4 Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh> > > On 10/01/2024 15:25:01-0500, Randy MacLeod via lists.openembedded.org wrote: >> From: Randy MacLeod<Randy.MacLeod@windriver.com> >> >> Nothing in oe-core depends on rng-tools anymore: >> e7e1bc43ca rng-tools: splitting the rng-tools systemd/sysvinit serivce as a package >> so move it to meta-oe for people who still want to run rngd >> as a service for some reason or for those who want to run rng-test. >> >> Signed-off-by: Randy MacLeod<Randy.MacLeod@windriver.com> >> --- >> meta/conf/distro/include/maintainers.inc | 1 - >> .../rng-tools/rng-tools/default | 1 - >> meta/recipes-support/rng-tools/rng-tools/init | 42 ----------- >> .../rng-tools/rng-tools/rng-tools.service | 32 --------- >> .../rng-tools/rng-tools_6.16.bb | 69 ------------------- >> 5 files changed, 145 deletions(-) >> delete mode 100644 meta/recipes-support/rng-tools/rng-tools/default >> delete mode 100644 meta/recipes-support/rng-tools/rng-tools/init >> delete mode 100644 meta/recipes-support/rng-tools/rng-tools/rng-tools.service >> delete mode 100644 meta/recipes-support/rng-tools/rng-tools_6.16.bb >> >> diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc >> index 8dc63b138e..31023021ac 100644 >> --- a/meta/conf/distro/include/maintainers.inc >> +++ b/meta/conf/distro/include/maintainers.inc >> @@ -739,7 +739,6 @@ RECIPE_MAINTAINER:pn-repo = "Unassigned<unassigned@yoctoproject.org>" >> RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi<Qi.Chen@windriver.com>" >> RECIPE_MAINTAINER:pn-rgb = "Unassigned<unassigned@yoctoproject.org>" >> RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia<hongxu.jia@windriver.com>" >> -RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal<anuj.mittal@intel.com>" >> RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj<raj.khem@gmail.com>" >> RECIPE_MAINTAINER:pn-rpm = "Unassigned<unassigned@yoctoproject.org>" >> RECIPE_MAINTAINER:pn-rsync = "Yi Zhao<yi.zhao@windriver.com>" >> diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default >> deleted file mode 100644 >> index b9f8e03635..0000000000 >> --- a/meta/recipes-support/rng-tools/rng-tools/default >> +++ /dev/null >> @@ -1 +0,0 @@ >> -EXTRA_ARGS="-r /dev/hwrng" >> diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init >> deleted file mode 100644 >> index 13f0ecd37c..0000000000 >> --- a/meta/recipes-support/rng-tools/rng-tools/init >> +++ /dev/null >> @@ -1,42 +0,0 @@ >> -#!/bin/sh >> -# >> -# This is an init script for openembedded >> -# Copy it to @SYSCONFDIR@/init.d/rng-tools and type >> -# > update-rc.d rng-tools defaults 60 >> -# >> - >> -rngd=@SBINDIR@/rngd >> -test -x "$rngd" || exit 1 >> - >> -[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools" >> - >> -case "$1" in >> - start) >> - echo -n "Starting random number generator daemon" >> - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS >> - echo "." >> - ;; >> - stop) >> - echo -n "Stopping random number generator daemon" >> - start-stop-daemon -K -q -n rngd >> - echo "." >> - ;; >> - reload|force-reload) >> - echo -n "Signalling rng daemon restart" >> - start-stop-daemon -K -q -s 1 -x $rngd >> - start-stop-daemon -K -q -s 1 -x $rngd >> - ;; >> - restart) >> - echo -n "Stopping random number generator daemon" >> - start-stop-daemon -K -q -n rngd >> - echo "." >> - echo -n "Starting random number generator daemon" >> - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS >> - echo "." >> - ;; >> - *) >> - echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" >> - exit 1 >> -esac >> - >> -exit 0 >> diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service >> deleted file mode 100644 >> index 5ae2fba215..0000000000 >> --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service >> +++ /dev/null >> @@ -1,32 +0,0 @@ >> -[Unit] >> -Description=Hardware RNG Entropy Gatherer Daemon >> -DefaultDependencies=no >> -Conflicts=shutdown.target >> -Before=sysinit.target shutdown.target >> -ConditionVirtualization=!container >> - >> -[Service] >> -EnvironmentFile=-@SYSCONFDIR@/default/rng-tools >> -ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS >> -CapabilityBoundingSet=CAP_SYS_ADMIN >> -IPAddressDeny=any >> -LockPersonality=yes >> -MemoryDenyWriteExecute=yes >> -NoNewPrivileges=yes >> -PrivateTmp=yes >> -ProtectControlGroups=yes >> -ProtectHome=yes >> -ProtectHostname=yes >> -ProtectKernelModules=yes >> -ProtectKernelLogs=yes >> -ProtectSystem=strict >> -RestrictAddressFamilies=AF_UNIX >> -RestrictNamespaces=yes >> -RestrictRealtime=yes >> -RestrictSUIDSGID=yes >> -SystemCallArchitectures=native >> -SystemCallErrorNumber=EPERM >> -SystemCallFilter=@system-service >> - >> -[Install] >> -WantedBy=sysinit.target >> diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb >> deleted file mode 100644 >> index f0aa3ff93f..0000000000 >> --- a/meta/recipes-support/rng-tools/rng-tools_6.16.bb >> +++ /dev/null >> @@ -1,69 +0,0 @@ >> -SUMMARY = "Random number generator daemon" >> -DESCRIPTION = "Check and feed random data from hardware device to kernel" >> -HOMEPAGE ="https://github.com/nhorman/rng-tools" >> -BUGTRACKER ="https://github.com/nhorman/rng-tools/issues" >> -LICENSE = "GPL-2.0-only" >> -LIC_FILES_CHKSUM ="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" >> -DEPENDS = "openssl libcap" >> - >> -SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ >> -file://init \ >> -file://default \ >> -file://rng-tools.service \ >> - " >> -SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2" >> - >> -S = "${WORKDIR}/git" >> - >> -inherit autotools update-rc.d systemd pkgconfig >> - >> -EXTRA_OECONF = "--without-rtlsdr" >> - >> -PACKAGECONFIG ??= "libjitterentropy" >> -PACKAGECONFIG:libc-musl = "libargp libjitterentropy" >> - >> -PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," >> -PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" >> -PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" >> -PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2" >> -PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl" >> - >> -INITSCRIPT_PACKAGES = "${PN}-service" >> -INITSCRIPT_NAME:${PN}-service = "rng-tools" >> -INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ." >> - >> -SYSTEMD_PACKAGES = "${PN}-service" >> -SYSTEMD_SERVICE:${PN}-service = "rng-tools.service" >> - >> -CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER " >> - >> -PACKAGES =+ "${PN}-service" >> - >> -FILES:${PN}-service += " \ >> - ${sysconfdir}/init.d/rng-tools \ >> - ${sysconfdir}/default/rng-tools \ >> -" >> - >> -# Refer autogen.sh in rng-tools >> -do_configure:prepend() { >> - cp ${S}/README.md ${S}/README >> -} >> - >> -do_install:append() { >> - install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools >> - install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools >> - install -Dm 0644 ${WORKDIR}/rng-tools.service \ >> - ${D}${systemd_system_unitdir}/rng-tools.service >> - sed -i \ >> - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ >> - -e 's,@SBINDIR@,${sbindir},g' \ >> - ${D}${sysconfdir}/init.d/rng-tools \ >> - ${D}${systemd_system_unitdir}/rng-tools.service >> - >> - if ["${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then >> - sed -i \ >> - -e '/^IPAddressDeny=any/d' \ >> - -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \ >> - ${D}${systemd_system_unitdir}/rng-tools.service >> - fi >> -} >> -- >> 2.34.1 >> >> > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#193691):https://lists.openembedded.org/g/openembedded-core/message/193691 > Mute This Topic:https://lists.openembedded.org/mt/103649050/3616765 > Group Owner:openembedded-core+owner@lists.openembedded.org > Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Mon, Jan 15, 2024 at 12:20 PM Randy MacLeod via lists.openembedded.org <randy.macleod=windriver.com@lists.openembedded.org> wrote: > > On 2024-01-15 11:58 a.m., Alexandre Belloni via lists.openembedded.org wrote: > > This is breaking meta-agl-core until this gets into meta-oe: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/120/builds/3849/steps/14/logs/stdio > Thanks for reporting, this patch should be in master meta-openembedded with today's update lot. > Thanks Alexandre. > > > Stephane, Jan-Simon, > > Is rng-tools actually still a requirement for meta-agl ? > It was added back in 2018 but the kernel algorithm improved as of 5.6: > https://lists.openembedded.org/g/openembedded-core/message/178518 > > ../Randy > > commit c55cb9e43a4ff26224cd917f91c057f15535ee3b > Author: Stephane Desneux <stephane.desneux@iot.bzh> > Date: Thu Sep 6 17:53:26 2018 > > agl-profile-core/packagegroup-agl-core-boot: add rng-tools > > On some boards (typically Minnowboard Max), the kernel's random number entropy > pool may fill too slowly. As a consequence, if many processes ask for random > data at the same time, the reads on /dev/random are blocked until the entropy > pool has been filled. > > This patch adds rng-tools in the core images: the rngd daemon will start at boot > and fill the entropy pool. > > Bug-AGL: SPEC-1655 > > Change-Id: Icbcf6a9ea685774dd13e33597689a3fd05aaadf4 > Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh> > > > On 10/01/2024 15:25:01-0500, Randy MacLeod via lists.openembedded.org wrote: > > From: Randy MacLeod <Randy.MacLeod@windriver.com> > > Nothing in oe-core depends on rng-tools anymore: > e7e1bc43ca rng-tools: splitting the rng-tools systemd/sysvinit serivce as a package > so move it to meta-oe for people who still want to run rngd > as a service for some reason or for those who want to run rng-test. > > Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> > --- > meta/conf/distro/include/maintainers.inc | 1 - > .../rng-tools/rng-tools/default | 1 - > meta/recipes-support/rng-tools/rng-tools/init | 42 ----------- > .../rng-tools/rng-tools/rng-tools.service | 32 --------- > .../rng-tools/rng-tools_6.16.bb | 69 ------------------- > 5 files changed, 145 deletions(-) > delete mode 100644 meta/recipes-support/rng-tools/rng-tools/default > delete mode 100644 meta/recipes-support/rng-tools/rng-tools/init > delete mode 100644 meta/recipes-support/rng-tools/rng-tools/rng-tools.service > delete mode 100644 meta/recipes-support/rng-tools/rng-tools_6.16.bb > > diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc > index 8dc63b138e..31023021ac 100644 > --- a/meta/conf/distro/include/maintainers.inc > +++ b/meta/conf/distro/include/maintainers.inc > @@ -739,7 +739,6 @@ RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>" > RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>" > RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>" > RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>" > -RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal <anuj.mittal@intel.com>" > RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>" > RECIPE_MAINTAINER:pn-rpm = "Unassigned <unassigned@yoctoproject.org>" > RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>" > diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default > deleted file mode 100644 > index b9f8e03635..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools/default > +++ /dev/null > @@ -1 +0,0 @@ > -EXTRA_ARGS="-r /dev/hwrng" > diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init > deleted file mode 100644 > index 13f0ecd37c..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools/init > +++ /dev/null > @@ -1,42 +0,0 @@ > -#!/bin/sh > -# > -# This is an init script for openembedded > -# Copy it to @SYSCONFDIR@/init.d/rng-tools and type > -# > update-rc.d rng-tools defaults 60 > -# > - > -rngd=@SBINDIR@/rngd > -test -x "$rngd" || exit 1 > - > -[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools" > - > -case "$1" in > - start) > - echo -n "Starting random number generator daemon" > - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > - echo "." > - ;; > - stop) > - echo -n "Stopping random number generator daemon" > - start-stop-daemon -K -q -n rngd > - echo "." > - ;; > - reload|force-reload) > - echo -n "Signalling rng daemon restart" > - start-stop-daemon -K -q -s 1 -x $rngd > - start-stop-daemon -K -q -s 1 -x $rngd > - ;; > - restart) > - echo -n "Stopping random number generator daemon" > - start-stop-daemon -K -q -n rngd > - echo "." > - echo -n "Starting random number generator daemon" > - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > - echo "." > - ;; > - *) > - echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" > - exit 1 > -esac > - > -exit 0 > diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service > deleted file mode 100644 > index 5ae2fba215..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service > +++ /dev/null > @@ -1,32 +0,0 @@ > -[Unit] > -Description=Hardware RNG Entropy Gatherer Daemon > -DefaultDependencies=no > -Conflicts=shutdown.target > -Before=sysinit.target shutdown.target > -ConditionVirtualization=!container > - > -[Service] > -EnvironmentFile=-@SYSCONFDIR@/default/rng-tools > -ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS > -CapabilityBoundingSet=CAP_SYS_ADMIN > -IPAddressDeny=any > -LockPersonality=yes > -MemoryDenyWriteExecute=yes > -NoNewPrivileges=yes > -PrivateTmp=yes > -ProtectControlGroups=yes > -ProtectHome=yes > -ProtectHostname=yes > -ProtectKernelModules=yes > -ProtectKernelLogs=yes > -ProtectSystem=strict > -RestrictAddressFamilies=AF_UNIX > -RestrictNamespaces=yes > -RestrictRealtime=yes > -RestrictSUIDSGID=yes > -SystemCallArchitectures=native > -SystemCallErrorNumber=EPERM > -SystemCallFilter=@system-service > - > -[Install] > -WantedBy=sysinit.target > diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb > deleted file mode 100644 > index f0aa3ff93f..0000000000 > --- a/meta/recipes-support/rng-tools/rng-tools_6.16.bb > +++ /dev/null > @@ -1,69 +0,0 @@ > -SUMMARY = "Random number generator daemon" > -DESCRIPTION = "Check and feed random data from hardware device to kernel" > -HOMEPAGE = "https://github.com/nhorman/rng-tools" > -BUGTRACKER = "https://github.com/nhorman/rng-tools/issues" > -LICENSE = "GPL-2.0-only" > -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" > -DEPENDS = "openssl libcap" > - > -SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ > - file://init \ > - file://default \ > - file://rng-tools.service \ > - " > -SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2" > - > -S = "${WORKDIR}/git" > - > -inherit autotools update-rc.d systemd pkgconfig > - > -EXTRA_OECONF = "--without-rtlsdr" > - > -PACKAGECONFIG ??= "libjitterentropy" > -PACKAGECONFIG:libc-musl = "libargp libjitterentropy" > - > -PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," > -PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" > -PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" > -PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2" > -PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl" > - > -INITSCRIPT_PACKAGES = "${PN}-service" > -INITSCRIPT_NAME:${PN}-service = "rng-tools" > -INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ." > - > -SYSTEMD_PACKAGES = "${PN}-service" > -SYSTEMD_SERVICE:${PN}-service = "rng-tools.service" > - > -CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER " > - > -PACKAGES =+ "${PN}-service" > - > -FILES:${PN}-service += " \ > - ${sysconfdir}/init.d/rng-tools \ > - ${sysconfdir}/default/rng-tools \ > -" > - > -# Refer autogen.sh in rng-tools > -do_configure:prepend() { > - cp ${S}/README.md ${S}/README > -} > - > -do_install:append() { > - install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools > - install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools > - install -Dm 0644 ${WORKDIR}/rng-tools.service \ > - ${D}${systemd_system_unitdir}/rng-tools.service > - sed -i \ > - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ > - -e 's,@SBINDIR@,${sbindir},g' \ > - ${D}${sysconfdir}/init.d/rng-tools \ > - ${D}${systemd_system_unitdir}/rng-tools.service > - > - if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then > - sed -i \ > - -e '/^IPAddressDeny=any/d' \ > - -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \ > - ${D}${systemd_system_unitdir}/rng-tools.service > - fi > -} > -- > 2.34.1 > > > > > > -- > # Randy MacLeod > # Wind River Linux > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#193798): https://lists.openembedded.org/g/openembedded-core/message/193798 > Mute This Topic: https://lists.openembedded.org/mt/103649050/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Mon, 15 Jan 2024, Randy MacLeod via lists.openembedded.org wrote: > On 2024-01-15 11:58 a.m., Alexandre Belloni via lists.openembedded.org wrote: > > This is breaking meta-agl-core until this gets into meta-oe: > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/120/builds/3849/steps/14/logs/stdio > > Thanks Alexandre. > > > Stephane, Jan-Simon, > > Is rng-tools actually still a requirement for meta-agl ? > It was added back in 2018 but the kernel algorithm improved as of 5.6: > https://lists.openembedded.org/g/openembedded-core/message/178518 The kernel no longer blocking does mean things won't get stuck on boot, but it seems like any distro with an eye towards security still needs either rngd or haveged present to feed in entropy on hardware that does not have a hardware RNG (and potentially even when there is a hardware RNG to improve the quality of the pool). We definitely support some platforms in AGL that do not have a hardware RNG, so we'll have to work out whether we're going to need to eat making meta-oe a hard requirement for using meta-agl-core or do something else. Scott
On 2024-01-15 4:50 p.m., Scott Murray wrote: > On Mon, 15 Jan 2024, Randy MacLeod via lists.openembedded.org wrote: > >> On 2024-01-15 11:58 a.m., Alexandre Belloni via lists.openembedded.org wrote: >>> This is breaking meta-agl-core until this gets into meta-oe: >>> >>> https://autobuilder.yoctoproject.org/typhoon/#/builders/120/builds/3849/steps/14/logs/stdio >> Thanks Alexandre. >> >> >> Stephane, Jan-Simon, >> >> Is rng-tools actually still a requirement for meta-agl ? >> It was added back in 2018 but the kernel algorithm improved as of 5.6: >> https://lists.openembedded.org/g/openembedded-core/message/178518 > The kernel no longer blocking does mean things won't get stuck on boot, > but it seems like any distro with an eye towards security still needs > either rngd or haveged present to feed in entropy on hardware that does > not have a hardware RNG (and potentially even when there is a hardware > RNG to improve the quality of the pool). We definitely support some > platforms in AGL that do not have a hardware RNG, so we'll have to work > out whether we're going to need to eat making meta-oe a hard requirement > for using meta-agl-core or do something else. For anyone who missed it... We restored rng-tools in oe-core as described here: https://git.openembedded.org/openembedded-core/commit/?id=828afafb3bff54079fcba9bdab2ec87ac13e4ce6 Scott, Any news on a qemu/HW boot test case? Testing randomness is a little different as described in my notes below. If anyone has some expertise in this area, please help! There are a few tests in rng-tools, that could be wrapped in ptest: ❯ ls tests/ Makefile.am rngtestjitter.sh rngtesturandom.sh rngtestzero.sh I haven't played with rngtest much but I was wondering how we'd even construct a test of randomness that would *always* pass. The example below shows that if you run runtest with a blockcount of 10,000, and do that 10 times, you get failures some of the time: ❯ for i in `seq 10`; do cat /dev/urandom | rngtest -c 10000 --pipe 2>&1 >/dev/null |rg failures; done rngtest: FIPS 140-2 failures: 6 rngtest: FIPS 140-2 failures: 5 rngtest: FIPS 140-2 failures: 9 rngtest: FIPS 140-2 failures: 4 rngtest: FIPS 140-2 failures: 6 rngtest: FIPS 140-2 failures: 8 rngtest: FIPS 140-2 failures: 9 rngtest: FIPS 140-2 failures: 11 rngtest: FIPS 140-2 failures: 9 rngtest: FIPS 140-2 failures: 5 We could say that we accept up to 20 failures but even then, there would be a chance that the YP AB would occasionally see that fail due the the inherit randomness being tested. If I run the test 1000 times you can see that on my laptop (6.6.10), 20 failures never happens: ❯ cut -d":" -f3 /tmp/rt.log | sort -n | uniq -c 3 1 7 2 34 3 54 4 101 5 131 6 138 7 124 8 114 9 101 10 75 11 48 12 36 13 16 14 10 15 6 16 1 17 1 19 and on an older headless server running 5.15 with fewer process and likely less entropy available: 2 1 12 2 29 3 60 4 95 5 117 6 133 7 121 8 139 9 99 10 81 11 50 12 28 13 14 14 9 15 5 16 4 17 2 20 I guess we could raise the limit to ~30 (42!) and failures would be extremely unlikely. We would have a similar problem with measuring the boot time that is dependent on the entropy pool not being depleted since we can't completely rule out a boot sequence taking 3x as long as the average time and it would be worse in qemu given that it's competing with other processes on the YP AB machines! ../Randy "It's a good day because I made some graphs to understand a problem." MacLeod > > Scott >
On Thu, 8 Feb 2024, Randy MacLeod via lists.openembedded.org wrote: > On 2024-01-15 4:50 p.m., Scott Murray wrote: > > On Mon, 15 Jan 2024, Randy MacLeod via lists.openembedded.org wrote: > > > >> On 2024-01-15 11:58 a.m., Alexandre Belloni via lists.openembedded.org > >> wrote: > >>> This is breaking meta-agl-core until this gets into meta-oe: > >>> > >>> https://autobuilder.yoctoproject.org/typhoon/#/builders/120/builds/3849/steps/14/logs/stdio > >> Thanks Alexandre. > >> > >> > >> Stephane, Jan-Simon, > >> > >> Is rng-tools actually still a requirement for meta-agl ? > >> It was added back in 2018 but the kernel algorithm improved as of 5.6: > >> https://lists.openembedded.org/g/openembedded-core/message/178518 > > The kernel no longer blocking does mean things won't get stuck on boot, > > but it seems like any distro with an eye towards security still needs > > either rngd or haveged present to feed in entropy on hardware that does > > not have a hardware RNG (and potentially even when there is a hardware > > RNG to improve the quality of the pool). We definitely support some > > platforms in AGL that do not have a hardware RNG, so we'll have to work > > out whether we're going to need to eat making meta-oe a hard requirement > > for using meta-agl-core or do something else. > > For anyone who missed it... > > We restored rng-tools in oe-core as described here: > https://git.openembedded.org/openembedded-core/commit/?id=828afafb3bff54079fcba9bdab2ec87ac13e4ce6 > > > Scott, > > Any news on a qemu/HW boot test case? Not really. Both Jan-Simon and myself have looked into it some, but as you've seen, characterizing the Linux RNG behavior is not simple, and it is not obvious that even a particularly convoluted test environment (i.e. without passing a RNG via QEMU, trying to minimize I/O by avoiding disk boot, etc.) can yield a simple yes/no without running a perhaps lengthy test to that tries to quantify the RNG quality with an exhausted entropy pool. > Testing randomness is a little different as described in my notes below. > If anyone has some expertise in this area, please help! > > > There are a few tests in rng-tools, that could be wrapped in ptest: > ❯ ls tests/ > Makefile.am rngtestjitter.sh rngtesturandom.sh rngtestzero.sh > > I haven't played with rngtest much but I was wondering how we'd even construct > a test of randomness that would *always* pass. > > The example below shows that if you run runtest with a blockcount of 10,000, > and do that 10 times, you get failures some of the time: > > ❯ for i in `seq 10`; do cat /dev/urandom | rngtest -c 10000 --pipe 2>&1 > >/dev/null |rg failures; done > rngtest: FIPS 140-2 failures: 6 > rngtest: FIPS 140-2 failures: 5 > rngtest: FIPS 140-2 failures: 9 > rngtest: FIPS 140-2 failures: 4 > rngtest: FIPS 140-2 failures: 6 > rngtest: FIPS 140-2 failures: 8 > rngtest: FIPS 140-2 failures: 9 > rngtest: FIPS 140-2 failures: 11 > rngtest: FIPS 140-2 failures: 9 > rngtest: FIPS 140-2 failures: 5 > > > We could say that we accept up to 20 failures but even then, there would be a > chance that the YP AB would > occasionally see that fail due the the inherit randomness being tested. > > If I run the test 1000 times you can see that on my laptop (6.6.10), 20 > failures never happens: > ❯ cut -d":" -f3 /tmp/rt.log | sort -n | uniq -c > 3 1 > 7 2 > 34 3 > 54 4 > 101 5 > 131 6 > 138 7 > 124 8 > 114 9 > 101 10 > 75 11 > 48 12 > 36 13 > 16 14 > 10 15 > 6 16 > 1 17 > 1 19 > > and on an older headless server running 5.15 with fewer process and likely > less entropy available: > 2 1 > 12 2 > 29 3 > 60 4 > 95 5 > 117 6 > 133 7 > 121 8 > 139 9 > 99 10 > 81 11 > 50 12 > 28 13 > 14 14 > 9 15 > 5 16 > 4 17 > 2 20 > > > I guess we could raise the limit to ~30 (42!) and failures would be extremely > unlikely. I have seen anecdotal statements that seeing significantly more than 10 failures from "rngtest -c 1000" is a sign of not enough entropy, so booting with the QEMU RNG disabled and checking for <= 20 with a single "rng-test -c 1000" is probably a test that is unlikely to fail. That's perhaps true even without running rngd since booting from a disk image is possibly likely to seed the entropy pool enough for it. That's what I've seen here on the hardware platform's I have that do not have a h/w RNG. I did start looking at what the dieharder utility measures (see https://webhome.phy.duke.edu/~rgb/General/dieharder.php), but then we're well and truly outside of the realm of a simple ptest. > We would have a similar problem with measuring the boot time that is dependent > on the entropy pool not being depleted > since we can't completely rule out a boot sequence taking 3x as long as the > average time > and it would be worse in qemu given that it's competing with other processes > on the YP AB machines! I suspect a useful boot time test is infeasible, especially with newer kernels. In addition to the non-blocking /dev/random changed in 5.10, there was a significant redo of the entropy pool mixing scheme in 5.18. Together, I suspect it's unlikely the entropy pool will be particularly low on boot without going to significant lengths. Overall, with modern kernels the need for running rngd seems to now be more about handling a quite significant demand for true random numbers in server usecases. That does circle back around to whether it's worth keeping in oe-core or not. Since there still are < 5.10 LTS kernels that have EOLs in the Scarthgap timeframe (e.g. 5.4 is Dec 2025), it does seem worth keeping it for users potentially stuck with BSPs with those kernels. If keeping it absolutely requires a test, we'll likely have to try to experiment with what behavior looks like when running inside QEMU on the AB per your experiments... > ../Randy "It's a good day because I made some graphs to understand a > problem." MacLeod ;) Scott
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 8dc63b138e..31023021ac 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -739,7 +739,6 @@ RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>" RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>" -RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>" RECIPE_MAINTAINER:pn-rpm = "Unassigned <unassigned@yoctoproject.org>" RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>" diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default deleted file mode 100644 index b9f8e03635..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/default +++ /dev/null @@ -1 +0,0 @@ -EXTRA_ARGS="-r /dev/hwrng" diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init deleted file mode 100644 index 13f0ecd37c..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/init +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# -# This is an init script for openembedded -# Copy it to @SYSCONFDIR@/init.d/rng-tools and type -# > update-rc.d rng-tools defaults 60 -# - -rngd=@SBINDIR@/rngd -test -x "$rngd" || exit 1 - -[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools" - -case "$1" in - start) - echo -n "Starting random number generator daemon" - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS - echo "." - ;; - stop) - echo -n "Stopping random number generator daemon" - start-stop-daemon -K -q -n rngd - echo "." - ;; - reload|force-reload) - echo -n "Signalling rng daemon restart" - start-stop-daemon -K -q -s 1 -x $rngd - start-stop-daemon -K -q -s 1 -x $rngd - ;; - restart) - echo -n "Stopping random number generator daemon" - start-stop-daemon -K -q -n rngd - echo "." - echo -n "Starting random number generator daemon" - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS - echo "." - ;; - *) - echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" - exit 1 -esac - -exit 0 diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service deleted file mode 100644 index 5ae2fba215..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service +++ /dev/null @@ -1,32 +0,0 @@ -[Unit] -Description=Hardware RNG Entropy Gatherer Daemon -DefaultDependencies=no -Conflicts=shutdown.target -Before=sysinit.target shutdown.target -ConditionVirtualization=!container - -[Service] -EnvironmentFile=-@SYSCONFDIR@/default/rng-tools -ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS -CapabilityBoundingSet=CAP_SYS_ADMIN -IPAddressDeny=any -LockPersonality=yes -MemoryDenyWriteExecute=yes -NoNewPrivileges=yes -PrivateTmp=yes -ProtectControlGroups=yes -ProtectHome=yes -ProtectHostname=yes -ProtectKernelModules=yes -ProtectKernelLogs=yes -ProtectSystem=strict -RestrictAddressFamilies=AF_UNIX -RestrictNamespaces=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes -SystemCallArchitectures=native -SystemCallErrorNumber=EPERM -SystemCallFilter=@system-service - -[Install] -WantedBy=sysinit.target diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb deleted file mode 100644 index f0aa3ff93f..0000000000 --- a/meta/recipes-support/rng-tools/rng-tools_6.16.bb +++ /dev/null @@ -1,69 +0,0 @@ -SUMMARY = "Random number generator daemon" -DESCRIPTION = "Check and feed random data from hardware device to kernel" -HOMEPAGE = "https://github.com/nhorman/rng-tools" -BUGTRACKER = "https://github.com/nhorman/rng-tools/issues" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -DEPENDS = "openssl libcap" - -SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \ - file://init \ - file://default \ - file://rng-tools.service \ - " -SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2" - -S = "${WORKDIR}/git" - -inherit autotools update-rc.d systemd pkgconfig - -EXTRA_OECONF = "--without-rtlsdr" - -PACKAGECONFIG ??= "libjitterentropy" -PACKAGECONFIG:libc-musl = "libargp libjitterentropy" - -PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," -PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" -PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" -PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2" -PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl" - -INITSCRIPT_PACKAGES = "${PN}-service" -INITSCRIPT_NAME:${PN}-service = "rng-tools" -INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ." - -SYSTEMD_PACKAGES = "${PN}-service" -SYSTEMD_SERVICE:${PN}-service = "rng-tools.service" - -CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER " - -PACKAGES =+ "${PN}-service" - -FILES:${PN}-service += " \ - ${sysconfdir}/init.d/rng-tools \ - ${sysconfdir}/default/rng-tools \ -" - -# Refer autogen.sh in rng-tools -do_configure:prepend() { - cp ${S}/README.md ${S}/README -} - -do_install:append() { - install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools - install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools - install -Dm 0644 ${WORKDIR}/rng-tools.service \ - ${D}${systemd_system_unitdir}/rng-tools.service - sed -i \ - -e 's,@SYSCONFDIR@,${sysconfdir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${sysconfdir}/init.d/rng-tools \ - ${D}${systemd_system_unitdir}/rng-tools.service - - if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then - sed -i \ - -e '/^IPAddressDeny=any/d' \ - -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \ - ${D}${systemd_system_unitdir}/rng-tools.service - fi -}