Update init script so that OpenRC can check on the daemon, also fix stop with rdrand-capable CPUs (bug #442238), and disallow /dev/urandom mixin by default (bug #292239). The init script no longer tries to second-guess the configuration parameters, leaving the erroring out for missing sources to rngd itself, as it was broken and would have caused more trouble when rdrand is present.

Package-Manager: portage-2.2.0_alpha148/cvs/Linux x86_64
Manifest-Sign-Key: 0x1CD13C8AD4301342

5 files changed, 114 insertions, 16 deletions

diff --git a/sys-apps/rng-tools/ChangeLog b/sys-apps/rng-tools/ChangeLog
index 3561af23a613..65fc7d90ae9c 100644
--- a/sys-apps/rng-tools/ChangeLog
+++ b/sys-apps/rng-tools/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for sys-apps/rng-tools
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.33 2012/11/11 06:24:22 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.34 2012/12/16 00:02:42 flameeyes Exp $
+
+*rng-tools-4-r2 (16 Dec 2012)
+
+  16 Dec 2012; Diego E. Pettenò <flameeyes@gentoo.org> +files/rngd-confd-4.1,
+  +files/rngd-initd-4.1, +rng-tools-4-r2.ebuild:
+  Update init script so that OpenRC can check on the daemon, also fix stop with
+  rdrand-capable CPUs (bug #442238), and disallow /dev/urandom mixin by default
+  (bug #292239). The init script no longer tries to second-guess the
+  configuration parameters, leaving the erroring out for missing sources to rngd
+  itself, as it was broken and would have caused more trouble when rdrand is
+  present.
 
 *rng-tools-4-r1 (11 Nov 2012)
 
diff --git a/sys-apps/rng-tools/Manifest b/sys-apps/rng-tools/Manifest
index e306ef0a8f52..af8d64e8858a 100644
--- a/sys-apps/rng-tools/Manifest
+++ b/sys-apps/rng-tools/Manifest
@@ -5,32 +5,29 @@ AUX 2/rngd 1488 SHA256 00f8d05292565feb750d20af4ff6ff8ee20a14ae09c0164ec7b6b4b1e
 AUX 2/rngd-conf 259 SHA256 4dff7a0c8406f5344f71d236e755877388e93ff6728eedfdfe6921b3de41d137 SHA512 68e08ff2dbcbb6b4dc6235ba86070b296aa6439f17dbf61d8d992e08790a57d52cece0fc2c3b384b10df66868676ae2202621eb2fc18154eb2c7ba2cd8f74ee5 WHIRLPOOL 58f6e9e8975bf8abee0ef944ce48e4eced5c0d06e157b3e3fafdb55dee218399a47d2f7bbd04376e6d4d20e426ec7d2f75e1729f854e8062c997b3a972d801e8
 AUX rngd-confd-3 714 SHA256 542ef931152a71888b8d1ebb2c1f5d43edefcd2902d616d635e1d15a0e742519 SHA512 398c31775d10e8f54717c05228bfc9166d260ae51e90c9819109ffd6086d41c7b48236e3c56dd71e0dacb6f10a881349bb14cf02e942933093fd15ca0068bd0a WHIRLPOOL 0e2d71c005452c865dee38bded6a9ddea048e28c09ee17160fd7da51913987d38e7a96d4ff517105b567e6f25783441834ca4621f590227747a4b55e29519b85
 AUX rngd-confd-4 625 SHA256 f2d91a9a3ae1d765bf705a5498cbb201427f9ef475e3eb31aa43b1eb8b88af42 SHA512 9a0f938e7df70a4dbc5eaed48fe6f7713fae17b32993da500bc3066e9b55e9e59b646eb2c730e5cd57ce7f966d90c4a91a046d070c456f0dcb7f7032ef61ef80 WHIRLPOOL 2b8e9a9a157a922837e525fdca398f0c5de63e9fe3dfe7673320731d5bf359ada4b47cfb05f37b3e7fdb3099c334101a9fb0147a46cb7e4f6d11955b076a2ef1
+AUX rngd-confd-4.1 664 SHA256 fb7e1c00f604e8cf285503a1b2aa1073aa14f9cab64e21846820bb48072ef5af SHA512 1bf1b43b2e5d8a9e160559922800cf21993062d4524568d61a22d137f470bcdc4d7ce0b602936221cb64a573474b8274746cc751d3df1e0a32288301086d1a85 WHIRLPOOL cd9e1b5c13648d5966f4b1831c3c3db4dbfd3c2aeadbe7e65b517fca18e87688e938b6692cf763e9f44718f452a84e8031be56500f2446cd438bd0cec1481b37
 AUX rngd-initd-3 1822 SHA256 39ddbbe1caaa1404799b535ef2af63ccefc9150aa0cfa7ae43716f7f890f84fd SHA512 f21b850db5098cdf64dbfdba3c22198bfbd3d513db9c217c6a3242c85d6374d8c66697b61aef4f7536e95dce8f639ee224d0a517f2d85cddae661419e7b1f5b7 WHIRLPOOL d99393693d6034b6d2a49c3d0ae2cff7bf14632e132a69470dc2a339efaa53ac8f600410b50c2f744d0dd17fa90271f72fcae04da437f23af9efe872a7127af3
 AUX rngd-initd-4 1598 SHA256 3984d71b14ec46ea15a14fa5a05f821b2d7dbd76059617e77964326a5c62060e SHA512 c5bc6753a055af0f94966eedcd4289fe5cd5d82fbe96f731e5f0f80f6d2deb9818913843f8adfa8b38b6b67f71ef03544c3ed79865decaf54cb96c24104dc6a7 WHIRLPOOL 8be1f62c4cf8d5f9929a515bbcf7b29f28c809624e940561121f9f1d0feb1659278fab9be4e721c70b43ec2b2c6fa6355df83f537e9cc51c95d155c4428da03a
+AUX rngd-initd-4.1 1006 SHA256 5990cb34af1815ccccf7a50055c428346ba5977356d7848efb9f18d243335760 SHA512 606ecab082884801e838631f54fe4eed88955294373a333dc301421a88362ae7d7dfb397e9a1545cecd3bcb454e98ba3d365728f31ce1d966c4db79804479077 WHIRLPOOL afb8a3b4336f1512cf584f48ee4e94f703d30f1b4ebf3b7d19a3e2ce2a6270a2c93f299d3ce14a1418ee778fdcc091c8544789802ff68f55e0f456cab6646fce
 AUX test-for-argp.patch 1318 SHA256 222ee3b8bfbe4827140a67af4b8d170aaa135d5317e3a40b236f8d79a06c4274 SHA512 9418bea246052391e9dab1583a7e44c47f87c34d39860c76bf11090fd397ea70ec76cb7e4c91afbe1f18a19c6f8767e0e6ceec02fbd7ef8204e8ab168f3077d8 WHIRLPOOL a54d1e8f4d3e1070cda067120318d775f0a768836984c831cc84929801d29e5f7c694e90e96926e52af57d509a52d4340c3cf9ee847782927d3dfa16fa3f758b
-DIST rng-tools-2.tar.gz 86429 SHA256 1126f0ecc8cab3af14a562cddc5d8ffeef47df7eba34a7aadcdee35a25ec2b1e
+DIST rng-tools-2.tar.gz 86429 SHA256 1126f0ecc8cab3af14a562cddc5d8ffeef47df7eba34a7aadcdee35a25ec2b1e SHA512 9a4835c0a9f1e9cef05ebaad98658bd4a405b3cd644f7330a308958337d089263409a5920f7533bf24c0b4d9edf7cc809152cc954148832c31896c1084fa93b1 WHIRLPOOL 8a4e9d054405ac93be6df1b1ae6c63f1bfad8082bd0515100d87a8f49b54d913fc8363d2d7d513ace506096961cbbb66cf18f1191c8561c8c613c1ba345d7ecf
 DIST rng-tools-3.tar.gz 102366 SHA256 27f8041836f74342268aed4acdc28bcc0438b8461695d277cb81096d7ecaf4cc SHA512 37818c4c77627828e7d6527d18b7fb3a810dc68e6c2138bbccd470ceba0e497e91d2f1b96af2264494f36216eb81efd79a1eb35f3134dca9928d838db585e295 WHIRLPOOL 716258c1fb24ac129e7041d619560029bf0b1a68d1587374e8057af429d08b58f0563d2ea693980185a2828b67a24bc9b4febf4d3279e22710948c817678f96e
 DIST rng-tools-4.tar.gz 110943 SHA256 b71bdfd4222c05e8316001556be90e1606f2a1bac3efde60153bd84e873cc195 SHA512 328627a9ede924026c7a7c391b04be05f098d713d35f7f38d939d52b794853b4f6db3ae125568710ab5a59640236b343f3e9fc0f735806b020cc675c02f80b08 WHIRLPOOL da58bc7d3b7d9cdf6d83d258717f22ba3552482a690311fa2c820e4ce125a5e6c6e498e0b63461ed6c9dc16dff77b2cb47377933845fb9397efa205183346e5b
 EBUILD rng-tools-2-r1.ebuild 780 SHA256 c807a02a07216dfbe879742ae75cc33d3870d11f07cc8a9c5de43da0b8c98e21 SHA512 0eafa1f6f50d319d0d093c4ffad98cbae9d654a45da5923670537c19e54f2d6d373a8922cb61007efbeb413d15d61b8b71db1cfafbecbd241891d68dd28da7d2 WHIRLPOOL 1732fc34c476d647f3e456a0aeed96df9e4fb62567d21fadbbb00beca4f95913b8654a65353bdfed5d8970c8820922560d03bfe8c377153275a4f4609a7af53f
 EBUILD rng-tools-3-r1.ebuild 812 SHA256 2dfc702529144467a9c468fc82c9c4dc95dd5cd78d321564db48af0ae2bc18c4 SHA512 d5fb6c4eb68514a2a0aabe64179485593b39ec97bd3b9e861868c31ea9a625240740f7c897a4063ec6b6a82c33951be89045424cc2254e529cc9d628b2aec430 WHIRLPOOL 5a771061b9ce65f25a799719110e49e95a7e2b76528e2ad7be61778f8e605c0759cf030fc101a7c47f54649a94ff7fdab64ed9da97a04089548501a206641f80
 EBUILD rng-tools-3.ebuild 760 SHA256 643394e8733c3004af0326658d6a0795f69d9fa65b39ee9e63ed0ce19a472206 SHA512 254406e4647b4ea176bc12e822916e2b807852731c7ab932181e7c65dbb447b827840fe7f8bdf79f450cb261d6e1a3226e923110ea20c547d1907e2ff21ba21b WHIRLPOOL 08e6099eb5194ab5e28ba7ac8af7ed5907bb8c374fd9a28b53e2c42c64c2a20d9814d3c50b44a858827fc8fc8d52b3e6551353ac992cba657a7a3f3868c02105
 EBUILD rng-tools-4-r1.ebuild 792 SHA256 38f15cf03a21bf6360a66fcdb346767d361f5f1f6dafdf517f168e0310294324 SHA512 ab99f62ca397099fa2953759e4528729cf78e5c701d8689a9fbe41f3015f5c2d35196e2729e77916bef376f6b2697458b196a4b5dac240e590fadeff6d7c28f4 WHIRLPOOL 66e403e660ef5a144698237c27da8f5a16ca700898080cd285ef99ab4ac9e83b97ca873d7c4ad9479ce1e6d715be1da7bc2482782a8fff19e0d98043ffc8ec99
-MISC ChangeLog 4850 SHA256 e72d1c2e8ba99778d4c8a4db61d58f4bf3370ddcccd9bc9cadaa536dd8b32e16 SHA512 f27a4ff949a8fa43606c96b7bf7f2d432428325030cccc2146352c6b6b0b0ce7e762685ebb15feb844c1882c59b68390cbe03a643c1b318a6b534b4731fc9b2a WHIRLPOOL 399219f75ad2809fd0061046c6e3d568bac8e467b7f4ec758c346f51da377d18f7d92e9ce6ffa30b7a530d3bd326ad05ddba6b01e49cb42e8fdda5b9da173f4d
+EBUILD rng-tools-4-r2.ebuild 799 SHA256 d55db51c2dfe203e3c6b45a00d67652f9c992e35e3e7313c41c12031e0b476b0 SHA512 49e27812705ad150d88f5a8e652973d9504c500b523af28462059a5f713ccb28a4d6872012029336aee8e2b6115aeb14f539a59a253bbe7b3b1c4a1c64f94c8a WHIRLPOOL 49e16c1962eb95c82a718dffe40ee74588a56b1a568846d6c762a4971a637a3879c032179bc2832bd025e650ef276276a2958a057f9d34ee2cf745581b4bfdeb
+MISC ChangeLog 5411 SHA256 a377839b48bf424b11e3420c8b6a59f8d69eb998acfef90ab8f1aacdc30dc4db SHA512 9927f2cd69000d6fdcf9a82da652719e5dfae59510ba47f089e0c16b1a4a2432fa68677ab94588f72ec8d4752df641cab5bf7caae46b99a4b17b4dfa1173e356 WHIRLPOOL 8d374f20b98d3efc447e66da34f09367dc67e3b0d3b6bed81bc96d41deae946b7cd9b97d4a9a8dc4535d5d77b556d4158f6bac3601b2ee16b3bd763fd79d66d1
 MISC metadata.xml 231 SHA256 c9a6ce79e19aa9257b980bda6f6b6332d0fcb81f50800bb12c1a1c6d2f5cd443 SHA512 60fdef1bbdc210aae5795ea43b2c115ca6fd32012cd7c68295574469c9649b89d7fd48800565fe3eb55f0e1228cbabd5ef4e401fed71a1ea563c9d903ff0c35a WHIRLPOOL 665a14a2e7310ba9704744038162bd870185c61b7af8e884e39a001866d14545b618ab554a27d09995b7d7510550aad4e7d6701f7d441cffe78e23994c8257dc
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iQIcBAEBCAAGBQJQn0SYAAoJELEHsLL7fEFWH3UP/ipYqhT7McXrgLlB3JrLeUKL
-n69FlgBvLhyJS2+bnTnLwFzO4Y0hcx3FU/EVxIKFGY+nybcOIcdFrrqigIlcfRJR
-/vseMT07b1K37VWZyl8JvBM02fOYee5iOuCtZmdX8Zm7ZGtqM1W5vgP8FCzPOIwP
-Sk7q1osV56ps0ZB4/7GDU+vVtSt79WiR7376ql3fWgIFzcY2vabQDdG26AGtOU3o
-XWX0MtGF6Qh+nMGETJja1TenLwyOiE3gIRapLBMSkv9jmUAigSv7HM9ktud/8gqW
-jgzgjCG1uYHg0HC+E++KftE9BP5IfcCBEG6gmUxYhgrnCoeKeWXkefr3ED5UQiPg
-5RHSuZDdd2RNQ579eSJvNAJqoKpE4J6zaV/LIWZE+x8wXqNUr+VSeZwi6u3ozQ2T
-sFdAFaXhbctcbCBxIUOksHWFJBQ0TYYWVFFFUZuatzdqFjwLe9Atk+I8JzOODpji
-yGadMxerMW5hSyjBtbN3zZL1Bx3+U780Sh0MUwCalfI2dtbhBBX/DWGA3keGa3kR
-0AvuCUBZPHk1Oi+tKgY/91CgGrcTu9EaZBz6zppOE0aNSWaaJGudP7KX4C0KUb28
-V7yqXtGAQxI5wfU+W1223OQpdXlJb3pk3wVyLLmn7uewp8GQwNpsHwZKaLEJSga7
-UDlVnQLqEwXNBmKnDOnA
-=O6Qb
+iQEcBAEBCAAGBQJQzQ+oAAoJEBzRPIrUMBNCFNwH/0XcfGmIS55lxVGJUIm6Eyxw
+bigu+4+Ej6we+3rCKz4IeoVXNu2WvdVu7GZKwqK1MNQiEwaRNywoQjKyMvaOj9nu
+lkhHaSXMxZgd+W/kjG4QMNBXTiyeutsu7mxD3wQPlZYgbTXohQZ0r8a+R4CYID58
+1geSNNZF4NwwFBqgnrtMz0sygmlJvJo+J4u1jWnyYlvxF/HFkc7oK43T0GbnrFfC
+Emi9jZ+YQFaKwR0jSP07NqDWdUSFqmpPJZ8Vn2iSwkZR0JmR5FDxWF+DSS/nffsz
+u0D5oHc4V9PRhH5l44cvfieMWSIxyRPU/EAC3z6dUIF9zU+hbT6bkdqGCUqScR8=
+=yluf
 -----END PGP SIGNATURE-----
diff --git a/sys-apps/rng-tools/files/rngd-confd-4.1 b/sys-apps/rng-tools/files/rngd-confd-4.1
new file mode 100644
index 000000000000..e46dfcc3e867
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-confd-4.1
@@ -0,0 +1,27 @@
+# /etc/conf.d/rngd
+
+# Please see "/usr/sbin/rngd --help" and "man rngd" for more information
+
+# If a single device is preferred, then specify it here, otherwise we will
+# search for suitable devices. TPM is specified via a later option, not this
+# one.
+#DEVICE=
+#TPM_DEVICE=
+
+# Random step (Number of bytes written to random-device at a time):
+STEP=64
+
+# Should TPM be avoided?
+NO_TPM=0
+
+# Should RDRAND be avoided?
+NO_DRNG=0
+
+# Fill watermark
+# 0 <= n <= 4096
+WATERMARK=2048
+
+# Bug #292239: Remixing /dev/urandom back into /dev/random is considered a
+# security vulnerability in some cases where not enough entropy is present on
+# systems.
+DO_NOT_REMIX_URANDOM=1
diff --git a/sys-apps/rng-tools/files/rngd-initd-4.1 b/sys-apps/rng-tools/files/rngd-initd-4.1
new file mode 100644
index 000000000000..1478c15fd7c3
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd-initd-4.1
@@ -0,0 +1,32 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/files/rngd-initd-4.1,v 1.1 2012/12/16 00:02:42 flameeyes Exp $
+
+depend() {
+	need localmount
+	after random
+	provide entropy
+}
+
+# Do NOT add /dev/tpm to this.
+DEFAULT_DEVICE="/dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng*"
+[ $DO_NOT_REMIX_URANDOM -eq 0 ] && DEFAULT_DEVICE="${DEFAULT_DEVICE} /dev/urandom"
+
+find_device() {
+	# The echo is to cause globbing
+	local d
+	for d in $* ; do
+		[ -e "${d}" ] && break
+	done
+	echo "${d}"
+}
+
+find_rng_device() {
+	echo "$(find_device $(echo ${DEVICE:-${DEFAULT_DEVICE}}) /dev/null)"
+}
+
+command=/usr/sbin/rngd
+pidfile="/var/run/${SVCNAME}.pid"
+command_args="--pid-file ${pidfile} --background --random-step ${STEP:-64} --no-tpm=${NO_TPM:-0} --no-drng=${NO_DRNG:-0} --fill-watermark ${WATERMARK} --rng-device $(find_rng_device)"
+start_stop_daemon_args="--retry SIGKILL/5 --wait 1000"
diff --git a/sys-apps/rng-tools/rng-tools-4-r2.ebuild b/sys-apps/rng-tools/rng-tools-4-r2.ebuild
new file mode 100644
index 000000000000..65180662f579
--- /dev/null
+++ b/sys-apps/rng-tools/rng-tools-4-r2.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/rng-tools-4-r2.ebuild,v 1.1 2012/12/16 00:02:42 flameeyes Exp $
+
+EAPI="4"
+
+inherit eutils autotools toolchain-funcs
+
+DESCRIPTION="Daemon to use hardware random number generators"
+HOMEPAGE="http://gkernel.sourceforge.net/"
+SRC_URI="mirror://sourceforge/gkernel/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~x86"
+IUSE=""
+
+src_prepare() {
+	echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am
+	epatch "${FILESDIR}"/test-for-argp.patch
+	eautoreconf
+
+	sed -i '/^AR /d' Makefile.in
+	tc-export AR
+}
+
+src_install() {
+	default
+	newinitd "${FILESDIR}"/rngd-initd-4.1 rngd
+	newconfd "${FILESDIR}"/rngd-confd-4.1 rngd
+}