debian/0000775000000000000000000000000012445456014007175 5ustar debian/rng-tools.lintian-overrides0000664000000000000000000000015712312122375014475 0ustar rng-tools: description-synopsis-starts-with-a-capital-letter rng-tools: command-with-path-in-maintainer-script debian/NEWS.Debian0000664000000000000000000000152212312122375011046 0ustar rng-tools (2-unofficial-mt.9-1) experimental; urgency=low rng-tools now features an user-space driver to interface to the VIA PadLock security engine's RNG. In order to better support such extensions, rngd is being revised to work with better modularized entropy sources ("input drivers") and entropy sinks ("output drivers"). To accomodate for these changes, the public interfaces have been changed slightly. The "intel" TRNG profile has been renamed to "intelfwh" (in hindsight, it should have been named like that since day one). The "via" TRNG profile has been renamed "viakernel", and a new TRNG profile, "viapadlock", was added. It is probable that the command line interface will be throughoutly modified soon, to better accomodate the modular drivers. -- Henrique de Moraes Holschuh Fri, 5 Nov 2004 08:57:35 -0200 debian/patches/0000775000000000000000000000000012312122725010614 5ustar debian/patches/0002-Update-FSF-mailing-address-in-license.patch0000664000000000000000000002036412312122375021145 0ustar Index: rng-tools-4/COPYING =================================================================== --- rng-tools-4.orig/COPYING 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/COPYING 2013-08-13 13:55:35.993566702 +0000 @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -305,7 +305,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA Also add information on how to contact you by electronic and paper mail. Index: rng-tools-4/configure.ac =================================================================== --- rng-tools-4.orig/configure.ac 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/configure.ac 2013-08-13 13:55:35.993566702 +0000 @@ -15,7 +15,7 @@ dnl dnl You should have received a copy of the GNU General Public License dnl along with this program; if not, write to the Free Software -dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +dnl Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA AC_INIT(rng-tools, 4, [Jeff Garzik ]) AC_PREREQ(2.52) Index: rng-tools-4/exits.h =================================================================== --- rng-tools-4.orig/exits.h 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/exits.h 2013-08-13 13:55:35.993566702 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #ifndef EXITS__H Index: rng-tools-4/fips.c =================================================================== --- rng-tools-4.orig/fips.c 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/fips.c 2013-08-13 13:55:35.993566702 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #define _GNU_SOURCE Index: rng-tools-4/fips.h =================================================================== --- rng-tools-4.orig/fips.h 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/fips.h 2013-08-13 13:55:35.993566702 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #ifndef FIPS__H Index: rng-tools-4/rngd.c =================================================================== --- rng-tools-4.orig/rngd.c 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/rngd.c 2013-08-13 13:55:35.997566783 +0000 @@ -23,7 +23,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #define _GNU_SOURCE Index: rng-tools-4/rngd.h =================================================================== --- rng-tools-4.orig/rngd.h 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/rngd.h 2013-08-13 13:55:35.997566783 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #ifndef RNGD__H Index: rng-tools-4/rngd_entsource.c =================================================================== --- rng-tools-4.orig/rngd_entsource.c 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/rngd_entsource.c 2013-08-13 13:55:35.997566783 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #define _GNU_SOURCE Index: rng-tools-4/rngd_entsource.h =================================================================== --- rng-tools-4.orig/rngd_entsource.h 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/rngd_entsource.h 2013-08-13 13:55:35.997566783 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #ifndef RNGD_ENTSOURCE__H Index: rng-tools-4/rngd_linux.c =================================================================== --- rng-tools-4.orig/rngd_linux.c 2013-08-13 13:55:31.449473811 +0000 +++ rng-tools-4/rngd_linux.c 2013-08-13 13:55:35.997566783 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #define _GNU_SOURCE Index: rng-tools-4/rngd_linux.h =================================================================== --- rng-tools-4.orig/rngd_linux.h 2013-08-13 13:55:31.449473811 +0000 +++ rng-tools-4/rngd_linux.h 2013-08-13 13:55:35.997566783 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #ifndef RNGD_LINUX__H Index: rng-tools-4/rngtest.c =================================================================== --- rng-tools-4.orig/rngtest.c 2013-08-13 13:55:31.449473811 +0000 +++ rng-tools-4/rngtest.c 2013-08-13 13:55:35.997566783 +0000 @@ -18,7 +18,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #define _GNU_SOURCE Index: rng-tools-4/stats.c =================================================================== --- rng-tools-4.orig/stats.c 2013-08-13 13:55:31.449473811 +0000 +++ rng-tools-4/stats.c 2013-08-13 13:55:35.997566783 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #define _GNU_SOURCE Index: rng-tools-4/stats.h =================================================================== --- rng-tools-4.orig/stats.h 2013-08-13 13:55:31.449473811 +0000 +++ rng-tools-4/stats.h 2013-08-13 13:55:35.997566783 +0000 @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ #ifndef STATS__H debian/patches/0004-Provide-support-for-RDRAND-capable-systems-that-don-.patch0000664000000000000000000001317112312122375023763 0ustar Index: rng-tools-4/configure.ac =================================================================== --- rng-tools-4.orig/configure.ac 2013-08-13 13:55:35.993566702 +0000 +++ rng-tools-4/configure.ac 2013-08-13 13:55:36.901585207 +0000 @@ -23,6 +23,15 @@ AM_INIT_AUTOMAKE([gnu]) AC_CONFIG_HEADERS([rng-tools-config.h]) +dnl Parse options + +AC_ARG_WITH([libgcrypt], + AS_HELP_STRING([--without-libgcrypt], + [Disable libgcrypt support. Systems that support RDRAND but not AES-NI will require libgcrypt in order to use RDRAND as an entropy source. (Default: --with-libgcrypt)]), + [], + [with_libgcrypt=check] +) + dnl Make sure anyone changing configure.ac/Makefile.am has a clue AM_MAINTAINER_MODE @@ -47,6 +56,32 @@ dnl Checks for optional library functions dnl ------------------------------------- +dnl ------------------------------------- +dnl Check for libgcrypt support +dnl ------------------------------------- + +AS_IF( + [test "x$with_libgcrypt" != "xno"], + [ + AC_CHECK_HEADER([gcrypt.h], + AC_CHECK_LIB( + [gcrypt], + [gcry_check_version], , + [ + if test "x$with_libgcrypt" != "xcheck"; then + AC_MSG_FAILURE([libgcrypt not found]); else + AC_MSG_NOTICE([libgcrypt support disabled]) + fi + ] + ), + [if test "x$with_libgcrypt" != "xcheck"; then + AC_MSG_FAILURE([libgcrypt headers not found]); else + AC_MSG_NOTICE([libgcrypt support disabled]) + fi] + ) + ] +) + dnl ----------------- dnl Configure options dnl ----------------- Index: rng-tools-4/rngd_rdrand.c =================================================================== --- rng-tools-4.orig/rngd_rdrand.c 2013-08-13 13:55:31.449473811 +0000 +++ rng-tools-4/rngd_rdrand.c 2013-08-13 13:55:36.901585207 +0000 @@ -1,7 +1,8 @@ /* * Copyright (c) 2012, Intel Corporation * Authors: Richard B. Hill , - * H. Peter Anvin + * H. Peter Anvin , + * John P. Mechalas * * This program is free software; you can redistribute it and/or modify it * under the terms and conditions of the GNU General Public License, @@ -36,6 +37,9 @@ #include #include #include +#ifdef HAVE_LIBGCRYPT +#include +#endif #include "rngd.h" #include "fips.h" @@ -76,7 +80,7 @@ } #endif -/* Calling cpuid instruction to verify rdrand capability */ +/* Calling cpuid instruction to verify rdrand and aes-ni capability */ static void cpuid(unsigned int leaf, unsigned int subleaf, struct cpuid *out) { #ifdef __i386__ @@ -101,6 +105,25 @@ #define CHUNK_SIZE (16*8) static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128))); +static int have_aesni= 0; + +/* Necessary if we have RDRAND but not AES-NI */ + +#ifdef HAVE_LIBGCRYPT + +#define MIN_GCRYPT_VERSION "1.0.0" + +static gcry_cipher_hd_t gcry_cipher_hd; + +/* Arbitrary 128-bit AES key 0x00102030405060708090A0B0C0D0E0F0 */ + +static const unsigned char key[16]= { + 0x00, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, + 0x80, 0x90, 0xA0, 0xB0, 0xC0, 0xD0, 0xE0, 0xF0 +}; + +#endif + int xread_drng(void *buf, size_t size, struct rng *ent_src) { @@ -116,7 +139,29 @@ message(LOG_DAEMON|LOG_ERR, "read error\n"); return -1; } - x86_aes_mangle(tmp, iv_buf); + + // Use 128-bit AES in CBC mode to mangle our random data + + if ( have_aesni ) x86_aes_mangle(tmp, iv_buf); + else { +#ifdef HAVE_LIBGCRYPT + gcry_error_t gcry_error; + + /* Encrypt tmp in-place. */ + + gcry_error= gcry_cipher_encrypt(gcry_cipher_hd, + tmp, CHUNK_SIZE, NULL, 0); + + if ( gcry_error ) { + message(LOG_DAEMON|LOG_ERR, + "gcry_cipher_encrypt error: %s\n", + gcry_strerror(gcry_error)); + return -1; + } +#else + return -1; +#endif + } } chunk = (sizeof(tmp) > size) ? size : sizeof(tmp); memcpy(p, tmp, chunk); @@ -133,8 +178,9 @@ int init_drng_entropy_source(struct rng *ent_src) { struct cpuid info; - /* We need RDRAND and AESni */ - const uint32_t need_features_ecx1 = (1 << 30) | (1 << 25); + /* We need RDRAND, but AESni is optional */ + const uint32_t features_ecx1_rdrand = 1 << 30; + const uint32_t features_ecx1_aesni = 1 << 25; #if defined(__i386__) if (!x86_has_eflag(1 << 21)) @@ -145,13 +191,55 @@ if (info.eax < 1) return 1; cpuid(1, 0, &info); - if ((info.ecx & need_features_ecx1) != need_features_ecx1) + if (! (info.ecx & features_ecx1_rdrand) ) return 1; + have_aesni= (info.ecx & features_ecx1_aesni) ? 1 : 0; +#ifndef HAVE_LIBGCRYPT + if ( ! have_aesni ) return 1; +#endif + /* Initialize the IV buffer */ if (!x86_rdrand_nlong(iv_buf, CHUNK_SIZE/sizeof(long))) return 1; +#ifdef HAVE_LIBGCRYPT + if ( ! have_aesni ) { + gcry_error_t gcry_error; + + if (! gcry_check_version(MIN_GCRYPT_VERSION) ) { + message(LOG_DAEMON|LOG_ERR, + "libgcrypt version mismatch: have %s, require >= %s\n", + gcry_check_version(NULL), MIN_GCRYPT_VERSION); + return 1; + } + + gcry_error= gcry_cipher_open(&gcry_cipher_hd, + GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); + + if ( ! gcry_error ) { + gcry_error= gcry_cipher_setkey(gcry_cipher_hd, key, 16); + } + + if ( ! gcry_error ) { + /* + * Only need the first 16 bytes of iv_buf. AES-NI can + * encrypt multiple blocks in parallel but we can't. + */ + + gcry_error= gcry_cipher_setiv(gcry_cipher_hd, iv_buf, 16); + } + + if ( gcry_error ) { + message(LOG_DAEMON|LOG_ERR, + "could not set key or IV: %s\n", + gcry_strerror(gcry_error)); + gcry_cipher_close(gcry_cipher_hd); + return 1; + } + } +#endif + src_list_add(ent_src); /* Bootstrap FIPS tests */ ent_src->fipsctx = malloc(sizeof(fips_ctx_t)); debian/patches/series0000664000000000000000000000045412312122375012035 0ustar 0001-rngtest.1.in-Import-spelling-fixes-from-Fedora.patch 0002-Update-FSF-mailing-address-in-license.patch 0003-Fix-the-AES-keys-so-that-they-are-correct-and-match-.patch 0004-Provide-support-for-RDRAND-capable-systems-that-don-.patch 0005-rngd.8-Delete-obsolete-FIXME.patch 0006-Add-BUGS-file.patch debian/patches/0006-Add-BUGS-file.patch0000664000000000000000000000070512312122375014366 0ustar Index: rng-tools-4/BUGS =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ rng-tools-4/BUGS 2013-08-13 13:55:37.453596457 +0000 @@ -0,0 +1,7 @@ + +1) Should interpret TPM response for failure, instead of + simply accepting data as random data. + +2) Should fail gracefully at startup, if no privs to add entropy, + rather than failing continually at entropy submission time. + debian/patches/0001-rngtest.1.in-Import-spelling-fixes-from-Fedora.patch0000664000000000000000000000155212312122375023007 0ustar Index: rng-tools-4/rngtest.1.in =================================================================== --- rng-tools-4.orig/rngtest.1.in 2013-08-13 13:55:31.449473811 +0000 +++ rng-tools-4/rngtest.1.in 2013-08-13 13:55:35.037547221 +0000 @@ -43,7 +43,7 @@ Dump statistics every n blocks, if n is not zero. .TP \fB\-t\fR \fIn\fR, \fB\-\-timedstats=\fIn\fR (default: 0) -Dump statistics every n secods, if n is not zero. +Dump statistics every n seconds, if n is not zero. .TP \fB\-?\fR, \fB\-\-help\fR Give a short summary of all program options. @@ -62,7 +62,7 @@ tests are defined on FIPS 140-1 and FIPS 140-2 errata of 2001-10-10. They were removed in FIPS 140-2 errata of 2002-12-03). .PP -The speed statistics are taken for every 20000-bit block trasferred or +The speed statistics are taken for every 20000-bit block transferred or processed. .SH EXIT STATUS debian/patches/0005-rngd.8-Delete-obsolete-FIXME.patch0000664000000000000000000000060412312122375017200 0ustar Index: rng-tools-4/rngd.8.in =================================================================== --- rng-tools-4.orig/rngd.8.in 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/rngd.8.in 2013-08-13 13:55:37.189591076 +0000 @@ -39,7 +39,6 @@ Note that this device must support the Linux kernel /dev/random ioctl API. .PP -FIXME: document random-step and timeout .SH OPTIONS .TP debian/patches/0003-Fix-the-AES-keys-so-that-they-are-correct-and-match-.patch0000664000000000000000000000304412312122375023541 0ustar Index: rng-tools-4/rdrand_asm.S =================================================================== --- rng-tools-4.orig/rdrand_asm.S 2013-08-13 13:55:31.445473640 +0000 +++ rng-tools-4/rdrand_asm.S 2013-08-13 13:55:36.573578522 +0000 @@ -173,17 +173,17 @@ .section ".rodata","a" .balign 16 aes_round_keys: - .long 0x00102030, 0x40506070, 0x8090A0B0, 0xC0D0E0F0 - .long 0x89D810E8, 0x855ACE68, 0x2D1843D8, 0xCB128FE4 - .long 0x4915598F, 0x55E5D7A0, 0xDACA94FA, 0x1F0A63F7 - .long 0xFA636A28, 0x25B339C9, 0x40668A31, 0x57244D17 - .long 0x24724023, 0x6966B3FA, 0x6ED27532, 0x88425B6C - .long 0xC81677BC, 0x9B7AC93B, 0x25027992, 0xB0261996 - .long 0xC62FE109, 0xF75EEDC3, 0xCC79395D, 0x84F9CF5D - .long 0xD1876C0F, 0x79C4300A, 0xB45594AD, 0xD66FF41F - .long 0xFDE3BAD2, 0x05E5D0D7, 0x3547964E, 0xF1FE37F1 - .long 0xBD6E7C3D, 0xF2B5779E, 0x0B61216E, 0x8B10B689 - .long 0x69C4E0D8, 0x6A7B0430, 0xD8CDB780, 0x70B4C55A + .long 0x30201000, 0x70605040, 0xB0A09080, 0xF0E0D0C0 + .long 0x8AACF171, 0xFACCA131, 0x4A6C31B1, 0xBA8CE171 + .long 0x2958958B, 0xD39434BA, 0x99F8050B, 0x2374E47A + .long 0xF37E07E6, 0x20EA335C, 0xB9123657, 0x9A66D22D + .long 0x2BC6345B, 0x0B2C0707, 0xB23E3150, 0x2858E37D + .long 0xD4F25E5A, 0xDFDE595D, 0x6DE0680D, 0x45B88B70 + .long 0x859C3247, 0x5A426B1A, 0x37A20317, 0x721A8867 + .long 0x00DC90C3, 0x5A9EFBD9, 0x6D3CF8CE, 0x1F2670A9 + .long 0xD31C6712, 0x89829CCB, 0xE4BE6405, 0xFB9814AC + .long 0x421321F3, 0xCB91BD38, 0x2F2FD93D, 0xD4B7CD91 + .long 0xC35B8878, 0x08CA3540, 0x27E5EC7D, 0xF35221EC .size aes_round_keys, .-aes_round_keys .bss debian/rules0000775000000000000000000000575212312122375010257 0ustar #!/usr/bin/make -f # debian/rules for rng-tools # GNU copyright 1997 to 1999 by Joey Hess. # Copyright (c) 2003-2010 by Henrique de Moraes Holschuh # Published under the GNU GPL license version 2 or any later versions # Based on previous work by Viral Shah . PACKAGE:=rng-tools PKGDIR:=$(CURDIR)/debian/$(PACKAGE) # DebHelper control export DH_ALWAYS_EXCLUDE=CVS:.svn:.git DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ifneq (,$(findstring strict,$(DEB_BUILD_OPTIONS))) CFLAGS += -Werror endif confflags= # FOR AUTOCONF 2.52 AND NEWER ONLY ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) confflags += --build $(DEB_HOST_GNU_TYPE) else confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) endif # Detect i386/i486 and force-enable VIA PadLock support ifneq (,$(findstring i386,$(DEB_BUILD_ARCH))) confflags += --enable-viapadlock endif build-prepare: build-prepare-stamp build-prepare-stamp: @dh_testdir ./autogen.sh touch build-prepare-stamp configure-stamp: | build-prepare dh_testdir ./configure CFLAGS="$(CFLAGS) -Wall -pipe" $(confflags)\ --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info touch configure-stamp build: build-stamp build-stamp: configure-stamp dh_testdir $(MAKE) touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp rm -rf autom4te.cache [ ! -f Makefile ] || $(MAKE) distclean rm -f config.sub config.guess configure config.log rm -fr autom4te.cache rm -f Makefile.in aclocal.m4 contrib/Makefile.in rm -f Makefile contrib/Makefile rm -f depcomp install-sh missing rng-tools-config.h.in dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs $(MAKE) install DESTDIR=$(PKGDIR) # Install logcheck files mkdir -p $(PKGDIR)/etc/logcheck/ignore.d.server install -m 644 debian/logcheck.ignore \ $(PKGDIR)/etc/logcheck/ignore.d.server/rng-tools mkdir -p $(PKGDIR)/etc/logcheck/violations.ignore.d install -m 644 debian/logcheck.ignore \ $(PKGDIR)/etc/logcheck/violations.ignore.d/rng-tools # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot # dh_installdebconf dh_installdocs README # dh_installexamples # dh_installmenu # dh_installlogrotate # dh_installemacsen # dh_installpam # dh_installmime dh_installmodules dh_installinit --error-handler=true -- defaults 21 19 # dh_installcron dh_installman # dh_installinfo # dh_undocumented dh_installchangelogs ChangeLog dh_lintian dh_link dh_strip dh_compress dh_fixperms # dh_makeshlibs dh_installdeb # dh_perl dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install build-prepare debian/TODO0000664000000000000000000000132212312122375007654 0ustar $Id: TODO,v 1.6.2.34 2008-06-10 19:51:37 hmh Exp $ ! do not try to use /dev/foo in VIAPadlock mode (initscript) ! find a way to waste less system time when VIA xstore does not return data. Busy-loop option. Nanosleep option (very nice to system, but only 68kbit/s on 2.6). * Maybe define NDEBUG to remove assert() from the packaged binary? Stats: - detect/store overflow on stat counters? - stats: average only since last stat dump? - add system resource usage stats (CPUTIME, etc) Ideas: - TCP/IP sink mode (multiple streams) - TCP/IP source mode, compatible with the above - Protect the above with good crypto (TLS). Backburner: - i18n (including argp) - file input with deletion of used bits debian/source/0000775000000000000000000000000012312122725010465 5ustar debian/source/format0000664000000000000000000000001412312122375011674 0ustar 3.0 (quilt) debian/control0000664000000000000000000000277712312122420010575 0ustar Source: rng-tools Section: utils Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Henrique de Moraes Holschuh Build-Depends: debhelper (>> 7), autoconf, automake, libtspi-dev, libgcrypt11-dev Standards-Version: 3.8.4.0 Vcs-Browser: http://git.debian.org/?p=users/hmh/rng-tools.git;a=summary Vcs-git: git://git.debian.org/users/hmh/rng-tools.git Package: rng-tools Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, udev (>= 0.053) | makedev (>= 2.3.1-77) Provides: intel-rng-tools Replaces: intel-rng-tools Conflicts: intel-rng-tools Description: Daemon to use a Hardware TRNG The rngd daemon acts as a bridge between a Hardware TRNG (true random number generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's PRNG (pseudo-random number generator). . It tests the data received from the TRNG using the FIPS 140-2 (2002-10-10) tests to verify that it is indeed random, and feeds the random data to the kernel entropy pool. . This increases the bandwidth of the /dev/random device, from a source that does not depend on outside activity. It may also improve the quality (entropy) of the randomness of /dev/random. . A TRNG kernel module such as hw_random, or some other source of true entropy that is accessible as a device or fifo, is required to use this package. . This is an unofficial version of rng-tools which has been extensively modified to add multithreading and a lot of new functionality. debian/logcheck.ignore0000664000000000000000000000033512312122375012153 0ustar rngd\[[0-9]+\]: +stats: rngd\[[0-9]+\]: .* starting up\.\.\. rngd\[[0-9]+\]: +Exiting\.\.\. rngd\[[0-9]+\]: +entropy feed to the kernel ready rngd\[[0-9]+\]: +Activating Linux kernel 2.4 entropy accounting bug workaround debian/changelog0000664000000000000000000005216512445456007011062 0ustar rng-tools (4-0ubuntu2.1) trusty; urgency=medium * Fix capability detection for Intel RDRAND cpu feature in the init script and thus start rngd daemon on compatible cpus. (LP: #1377131) -- Dimitri John Ledkov Sun, 21 Dec 2014 05:34:14 +0000 rng-tools (4-0ubuntu2) trusty; urgency=medium * Add missing build-depends on libgcrypt. -- Stéphane Graber Tue, 18 Mar 2014 15:57:06 -0400 rng-tools (4-0ubuntu1) saucy; urgency=low * Merge from upstream git://git.kernel.org/pub/scm/utils/kernel/rng-tools/rng-tools.git 908d733527a361621da88cdf931a71aa83cba430 -LP: #1084378 -- Tim Gardner Tue, 13 Aug 2013 13:12:05 +0000 rng-tools (2-unofficial-mt.14-1ubuntu1) oneiric; urgency=low * Merge from debian unstable (LP: #812121). Remaining changes: - debian/patches/tpm-engine.patch: implement TPM entropy source (Debian bug 542599). - debian/control: add build-deps for TPM interface. - debian/rng-tools.default: add example for TPM devices. - debian/{rules,rng-tools.postinst}: adjust rc start/stop location to start later then trousers. -- Steve Beattie Sun, 17 Jul 2011 22:48:46 -0700 rng-tools (2-unofficial-mt.14-1) unstable; urgency=low * New upstream version: + Work around VIA Nano xstore bug (closes: #609289) + Add support for Linux 3.0 (closes: #630771) -- Henrique de Moraes Holschuh Sat, 18 Jun 2011 00:12:54 -0300 rng-tools (2-unofficial-mt.13-3ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: - debian/patches/tpm-engine.patch: implement TPM entropy source (Debian bug 542599). - debian/control: add build-deps for TPM interface. - debian/rng-tools.default: add example for TPM devices. - debian/{rules,rng-tools.postinst}: adjust rc start/stop location to start later then trousers. -- Kees Cook Fri, 05 Nov 2010 17:23:05 -0700 rng-tools (2-unofficial-mt.13-3) unstable; urgency=low * Re-upload to fix problem caused by a bad i386 chroot on the -2 build -- Henrique de Moraes Holschuh Thu, 13 May 2010 23:24:00 -0300 rng-tools (2-unofficial-mt.13-2) unstable; urgency=low * Use DEB_BUILD_ARCH to detect if we should force VIA PadLock support (closes: #580843) -- Henrique de Moraes Holschuh Thu, 13 May 2010 22:33:25 -0300 rng-tools (2-unofficial-mt.13-1) unstable; urgency=low * New upstream source: + Enable large file support (closes: #506639) + Fix COPYING file to contain the correct license (GPL v2 text) + Enable VIA PadLock support on x86_64 (untested) * debian/copyright,debian/rules,debian/rng-tools.postinst: update copyright notices and fix license blurb were wrong (it is GPL2+) * Debian build-system updates: + Set debian/source/format to '3.0 (quilt)' + debian/control: build-depend on autoconf, automake and drop autotools-dev since automake will take care of it and we do not use them directly anymore + debian/rules: remove all autogenerated files in clean target, and call upstream's autogen.sh to regenerate build system + debian/rules: use dh_prep instead of dh_clean -k (lintian) + debian/rules: use dh_lintian * debian/rules: honour CFLAGS, really set build arch/target and really enable viapadlock on i386 * debian/control: rng-tools (binary pkg): add misc:Depends (lintian) * debian/control: rng-tools (binary pkg): swap udev and makedev in dependency header (closes: #546880) * debian/rng-tools.postinst: call MAKEDEV only when available (closes: #504762) * debian/control: add version-control related fields * Remove obsolete /etc/modprobe.d/rng-tools (closes: #518240) * debian/control: bump standards-version to 3.8.4.0 (no changes) * debian/rng-tools.lintian-overrides: ignore complains about the path in /sbin/MAKEDEV calls in postinst -- Henrique de Moraes Holschuh Wed, 05 May 2010 22:50:32 -0300 rng-tools (2-unofficial-mt.12-1ubuntu3) lucid; urgency=low * debian/rng-tools.default: add example for TPM devices (LP: #519427). * debian/{rules,rng-tools.postinst}: adjust rc start/stop location to start later then trousers (LP: #544545). * tpm_engine.c: wait for TPM to become available. -- Kees Cook Fri, 23 Apr 2010 00:40:15 -0700 rng-tools (2-unofficial-mt.12-1ubuntu2) lucid; urgency=low * Implement TPM RNG engine (Debian bug 542599): - tpm_engine.{c,h}: add TPM RNG. - rngd_entsource.{c,h}, rngd.c, Makefile.am, configure.ac: hook up. -- Kees Cook Fri, 23 Oct 2009 13:57:12 -0700 rng-tools (2-unofficial-mt.12-1ubuntu1) jaunty; urgency=low * debian/rng-tools.modprobe: Drop, the kernel will already autoload this * debian/rules: Update -- Scott James Remnant Thu, 05 Mar 2009 18:24:09 +0000 rng-tools (2-unofficial-mt.12-1) unstable; urgency=low * New upstream source: + Some README/NEWS cleanup + No code changes * Upload to unstable (closes: #486688) * Remove debian/README.Debian, new upstream README has most of the text that was there * Sync with Debian sid branch 2-unofficial-mt.10-3 * Packaging cleanup: + Remove old debian/rng-tools.modules file, deprecated since forever... + Bump standards-version to 3.8.0.0, no changes needed + Fix lintian warning: debian-rules-ignores-make-clean-error using the suggested -f Makefile test + Switch to debhelper V7 mode + Use standard debhelper initscripts, lets us get rid of our custom postrm and prerm. Ignore failures to start/stop rng-tools in the maintainer scripts, however, otherwise we become a pest if /dev/hwrng is missing + linda is gone, drop override handling for it in debian/rules + install upstream README -- Henrique de Moraes Holschuh Thu, 19 Jun 2008 12:54:05 -0300 rng-tools (2-unofficial-mt.11-1) experimental; urgency=low * Sync with Debian sarge branch 2-unofficial-mt.10-1 -- Henrique de Moraes Holschuh Thu, 12 May 2005 10:20:23 -0300 rng-tools (2-unofficial-mt.10-3) unstable; urgency=low * Add LSB initscript header information, thanks to Petter Reinholdtsen for the patch (closes: #466917) * Fix --trng instead of --hrng in manpage and defaults file (closes: #388748) * Remove debian/watch file. Since I am upstream for this heavily modified version, the file is useless anyway (closes: #450224) -- Henrique de Moraes Holschuh Thu, 21 Feb 2008 18:46:30 -0300 rng-tools (2-unofficial-mt.10-2) unstable; urgency=low * Fix typo in initscript which caused HRNGDEVICE definitions in /etc/default/rng-tools to be ignored, thanks to Dariush Pietrzak for noticing this (closes: #354186) -- Henrique de Moraes Holschuh Fri, 24 Feb 2006 09:49:44 -0300 rng-tools (2-unofficial-mt.10-1) unstable; urgency=high * "Last changes for Sarge (I hope)" * The following changes warrant an upstream version bump: + Backport selected changes from rng-tools--hmh-devo--3.0--patch-80: + Upgrade udev and makedev versioned depends to require hwrng naming of the hardware random device + Attempt to makedev only "hwrng", deprecate all other device naming for hw_random and friends (closes: #308248) + Backport configure.ac tweaks, and call ./configure correctly + Backport s/TRNG/HRNG/ in all docs + Backport intel->intelfwh name change for Intel FWH profile -- Henrique de Moraes Holschuh Wed, 11 May 2005 06:43:37 -0300 rng-tools (2-unofficial-mt.9-3) experimental; urgency=low * Sync with 2-unofficial-mt.8-5 -- Henrique de Moraes Holschuh Tue, 15 Feb 2005 08:15:48 -0200 rng-tools (2-unofficial-mt.9-2) experimental; urgency=low * Sync with 2-unofficial-mt.8-3: -- Henrique de Moraes Holschuh Thu, 10 Feb 2005 04:25:42 -0200 rng-tools (2-unofficial-mt.9-1) experimental; urgency=low * New unofficial version: * Support for different input drivers * Add new high-performance (several Mbit/s) VIA PadLock TRNG user-space driver. This work was sponsored by mekensleep.com, in particular by Loic Dachary. Mekensleep gave me unlimited access to a VIA Nehemiah system that they bought for this purpose, and which I am told will be available for the general community after the rngd work is stablized. * --trng=intel renamed to --trng=intelfwh (because Intel may show up with something to compete with VIA's PadLock security engine) * --trng=via renamed to --trng=viakernel * Add NEWS.Debian file to report user-visible changes in behaviour * Minor README.Debian improvements and fixes * Detect running kernel version, and work around kernel 2.4 bugs in entropy accounting -- Henrique de Moraes Holschuh Tue, 8 Feb 2005 23:05:24 -0200 rng-tools (2-unofficial-mt.8-5) unstable; urgency=high * Fix initscript, thanks to Clint Adams (closes: #295321) * Urgency high to get this simple fix into testing ASAP -- Henrique de Moraes Holschuh Mon, 14 Feb 2005 23:58:37 -0200 rng-tools (2-unofficial-mt.8-4) unstable; urgency=high * Fix bad off-by-one error on the FIFO queue allocation that has been in the unofficial versions since forever. I really need to use valgrind more often. -- Henrique de Moraes Holschuh Fri, 11 Feb 2005 00:10:53 -0200 rng-tools (2-unofficial-mt.8-3) unstable; urgency=high * The "WTF are they smoking up there?" release * Rework initscript to detect yet another new alias for the hw_random. Now udev rules want to call it hwrng. I love how these things keep changing for no good reason. -- Henrique de Moraes Holschuh Thu, 10 Feb 2005 04:25:42 -0200 rng-tools (2-unofficial-mt.8-2) unstable; urgency=low * Install modprobe.d file mapping char-major-10-183, /dev/hwrandom, /dev/hw_random and /dev/misc/hw_random to the hw_random module (closes: #287938) * Add lintian overrides for description-synopsis-starts-with-a-capital-letter -- Henrique de Moraes Holschuh Tue, 1 Feb 2005 06:55:36 -0200 rng-tools (2-unofficial-mt.8-1) unstable; urgency=low * New unofficial version * rngd.c: use the GNU version of strerror_r(). Argh! -- Henrique de Moraes Holschuh Sat, 6 Nov 2004 15:18:49 -0200 rng-tools (2-unofficial-mt.7-1) unstable; urgency=low * New unofficial version * rngd, rngtest: Use groupings on Argp parser * rngd: fix macro content output in Argp help text * rngd_threads.c, rngd_threads.h: dynamically size buffer structures * rngd.h: allow up to 1000 buffers, instead of 10 * add many assert() calls to root out bugs -- Henrique de Moraes Holschuh Tue, 2 Nov 2004 11:29:42 -0200 rng-tools (2-unofficial-mt.6-1) unstable; urgency=low * New unofficial version: * select() and poll() don't always work with /dev/hwrandom Thus, even non-blocking IO is a no-go. Add SIGALRM functionality that is pthread-aware to rngd, and use that to implement --rng-timeout. * rngd_linux.c: implement --feed-interval in a portable way * better thread-safety when logging messages * Better watch file using prdownloads.sf.net as primary source of version information -- Henrique de Moraes Holschuh Sun, 31 Oct 2004 12:33:02 -0300 rng-tools (2-unofficial-mt.5-1) unstable; urgency=low * New unofficial version: * Deprecate --timeout, rename it to --feed-interval * rngd_linux.c: use select() instead of poll(), so that we do not lose track of --feed-interval (non-portable to non-Linux kernels) * Document in rngd(8) that --fill-watermark now takes percentage values and defaults to 50% * Implement --rng-timeout, default 10s, so that we can detect a RNG that is silent/disabled -- Henrique de Moraes Holschuh Sun, 24 Oct 2004 09:22:39 -0300 rng-tools (2-unofficial-mt.4-1) unstable; urgency=low * New upstream version + No real changes, upstream just accepted Debian patches + Added Jeff Garzik to copyright notice for rngd * New unofficial version * Get kernel entropy pool size from /proc, and use that to allow the user to specify --fill-watermark in percentage values relative to the pool size, as well as in absolute bit size * Limit --fill-watermark dynamically to the kernel entropy pool size (closes: #274479) * Better input validation when processing command line parameters * Cosmetic changes to code (signed/unsigned cleanups, plus some other code/formatting cleanups) * Minor manpage typos and formatting fixes * Add myself to copyright notice for rngd, due to the threading code, and all the other small features * Log PID to syslog * Make sure we do have work to do before we leave the sink and FIPS thread startup code * Sync rngtest "entropy source returned EOF" message to be the same as rngd's * Add watch file for uscan/DEHS * Use automake 1.9 in build * Minor updates to debian/copyright * Update logcheck.ignore for LOG_PID logging, and force-feed the ignore file to violations.ignore.d/ to workaround logcheck braindamage -- Henrique de Moraes Holschuh Mon, 4 Oct 2004 10:46:21 -0300 rng-tools (1.1-unofficial-mt.3-1) unstable; urgency=low * New unofficial version: * Better pidfile locking, fixes race; * strerror() is not threadsafe, so don't use it inside threads. Use strerror_r() instead; * Nicer error message when entropy source signals EOF. -- Henrique de Moraes Holschuh Mon, 28 Jun 2004 23:33:07 -0300 rng-tools (1.1-unofficial-mt.2-1) unstable; urgency=low * New unofficial version: * Clean-up 64-bit support, using the __STDC_FORMAT_MACROS and PRI?64 macros ugliness. Thanks to the ia64 autobuilder and the gcc warnings for the heads-up ;-) -- Henrique de Moraes Holschuh Fri, 11 Jun 2004 17:08:59 -0300 rng-tools (1.1-unofficial-mt.1-1) unstable; urgency=medium * New unofficial version: * Initialize statistics early in rngd.c * Switch to arch: any. I figure that at least ppc, ia32, ia64 and amd64/x86_64 may benefit from this package (although I do not know of a TRNG for the PPC). One could also generate the random numbers elsewhere and store them in a (big) file, at which point anything that runs Linux would be able to use this package with the TRNG output file (closes: #252535); * Minor updates to package description, and README.Debian. * Urgency medium, to get a bug-free version in testing ASAP -- Henrique de Moraes Holschuh Sat, 5 Jun 2004 14:02:45 -0300 rng-tools (1.1-unofficial-mt-3) unstable; urgency=low * Upload to unstable, since Jeff Garzik seems to be otherwise busy and the upstream merge has halted for some weeks now. * Ack bugs fixed by previous uploads to experimental: closes: #248548, #239810 -- Henrique de Moraes Holschuh Mon, 24 May 2004 01:50:10 -0300 rng-tools (1.1-unofficial-mt-2) experimental; urgency=low * Use simple MAKEDEV calls, and kill all legacy "let's fix the device inode" code. Add intel_rng and i810_rng variations to the initscript device search list (closes: #248548) -- Henrique de Moraes Holschuh Tue, 11 May 2004 20:37:45 -0300 rng-tools (1.1-unofficial-mt-1) experimental; urgency=low * Major batch of enhancements from yours thruly. Not yet merged upstream, right now consider this a temporary fork (the merge IS ongoing). Do not bother upstream with bugs against this package. The new functionality may change, depending on upstream merge; ChangeLog: + Use multithreading to increase the available bandwidth, now rngd can read, process FIPS tests, and feed the kernel at the same time; + Store data on buffers, that can be operated independently by the threads. Default to triple-buffering; + Lock memory used as buffers of random data; + Add statistics, based on ideas from mtrngd.cpp by Martin Peck ; + Detect and deal with TRNGs stuck in a failing state, using an exponential backoff and eventually giving up and exiting; + Revamped manpage extensively; + Configure /dev/random, /dev/hwrandom and pidfile location using autoconf, to avoid hardcoded defaults; + Work on systems using kernel 2.6 (closes: #243319) * Add logcheck ignore rules; * Update README.Debian to reflect new functionality in the package; * Update package description and short description a bit; * Use --name and --start-as instead of --exec in initscript; * postinst: ignore exit status of initscript on start (closes: #239810) (yes, I have changed my mind about the issue). -- Henrique de Moraes Holschuh Mon, 10 May 2004 09:01:35 -0300 rng-tools (1.1-1) unstable; urgency=low * New upstream source: + New rngtest by yours thruly + Improved FIPS tests * Minor update to README.Debian; * Separate recommended options by TRNG type in /etc/default/rng-tools; * Fix initscript to properly wait for rngd to exit on stop/restart; * Update copyright file; * Version dependency on a makedev that knows about intel_rng (since hwrandom isn't available yet), and add alternative dependency on udev. Remove useless dependency on devfsd. -- Henrique de Moraes Holschuh Tue, 6 Apr 2004 11:13:34 -0300 rng-tools (1.0-3) unstable; urgency=low * Remove all hand-holding about /dev/hwrandom from initscript. Instead, try to detect which device we should be using. Also, add an /etc/default/rng-tools, and use it (closes: #235045); * Add some helpful hints to README.Debian * Change n for the continuous run test to 32, due to AMD's RNG. This is still FIPS 140-1 compliant for smaller block RNGs, anyway. It will reduce false positives on Intel's RNG as well; * Add --rng-entropy (-H) option; * Add note in description about what this package is about. Add explanation about PRNGs and TRNGs in README.Debian (closes: #235752). -- Henrique de Moraes Holschuh Tue, 9 Mar 2004 17:16:28 -0300 rng-tools (1.0-2) unstable; urgency=low * Add ugly hack workaround until MAKEDEV support for hwrandom goes in (refer to #234366); This closes: #233656. -- Henrique de Moraes Holschuh Mon, 23 Feb 2004 11:11:51 -0300 rng-tools (1.0-1) unstable; urgency=low * New maintainer (closes: #214926); * New upstream version: + Support new hw_random device in new kernels; * And some enhancements to the upstream code, from yours thruly: + Use new automake and autoconf, and enable AM_MAINTAINER_MODE; + Fix rngd to also do the FIPS 140-1 continuous run test; + Add pidfile control; + Improve manpage; * Rename package to rng-tools; * Ack NMUs: + closes: #101389; * Lots of changes in the packaging, including: + Drop partial DevFS support (patches are welcome to implement it _properly_). DevFS users must add the required links or modify the initscript themselves (closes: #197506 since it is now irrelevant); + Standards-version 3.6.1; + Debhelper mode 4; + Rewrite README.Debian, and add section about Intel RNGs (contributions on other RNGs are welcome); + Rewrite copyright file to something that is valid; + Update initscript to something more proper for an important system service. -- Henrique de Moraes Holschuh Fri, 9 Jan 2004 17:24:24 -0200 intel-rng-tools (0.9.1-6) unstable; urgency=low * Uploading with maintainer set to QA group * debian/copyright: de-dh_make-boilerplated -- Andrew Pollock Thu, 20 Nov 2003 23:05:00 +1100 intel-rng-tools (0.9.1-5) unstable; urgency=low * Fixed manpage. (Closes: #110591, #149904) * Remove devfs handling, as it has been breaking. (Closes: #116868) * Make appropriate links in /dev for devfs systems. Poor fix but should work fine. (Closes: #113320) -- Viral Shah Sun, 28 Oct 2001 16:21:57 -0700 intel-rng-tools (0.9.1-4) unstable; urgency=low * Added dependency to makedev (>= 2.3.1-53) for creating /dev/intel_rng. * postinst uses MAKEDEV to create /dev/intel_rng if required. (Closes: #101389) * Entry for devfsd symlink, /etc/devfs/symlink.d/intel-rng-tools added, which creates a symlink for correct use. -- Viral Shah Tue, 19 Jun 2001 10:36:38 +0530 intel-rng-tools (0.9.1-3) unstable; urgency=low * set -e added to postinst. -- Viral Shah Mon, 4 Jun 2001 17:47:42 +0530 intel-rng-tools (0.9.1-2) unstable; urgency=low * Use dh_installmodules to register kernel module. * Integrate mknod in postinst to create /dev/intel_rng, as MAKEDEV doesn't yet support it. Check for /dev/.devfsd in postinst. * Depend upon makedev | devfsd. -- Viral Shah Sun, 3 Jun 2001 12:53:52 +0530 intel-rng-tools (0.9.1-1) unstable; urgency=low * Initial Release. -- Viral Shah Wed, 25 Apr 2001 12:30:29 +0530 debian/rng-tools.init0000664000000000000000000000403312445455720012011 0ustar #! /bin/sh # # rng-tools initscript for the rng-tools package # Copr. 2003 by Henrique de Moraes Holschuh # Copr. 2002 by Viral Shah # ### BEGIN INIT INFO # Provides: rng-tools # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO # # # $Id: rng-tools.init,v 1.6.2.10 2008-06-10 19:51:37 hmh Exp $ PATH=/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/rngd NAME=rngd DESC="Hardware RNG entropy gatherer daemon" PIDFILE=/var/run/rngd.pid DEVICELIST="hwrng hw_random hwrandom intel_rng i810_rng" HRNGDEVICE=/dev/hwrng RNGDOPTIONS= [ -r /etc/default/rng-tools ] && . /etc/default/rng-tools test -f ${DAEMON} || exit 0 set -e finddevice () { [ -c "${HRNGDEVICE}" ] && return 0 for i in ${DEVICELIST} ; do if [ -c "/dev/$i" ] ; then HRNGDEVICE="/dev/$i" return 0 fi if [ -c "/dev/misc/$i" ] ; then HRNGDEVICE="/dev/misc/$i" return 0 fi done if grep -q rdrand /proc/cpuinfo ; then return 0 fi echo "(Hardware RNG device inode not found)" echo "$0: Cannot find a hardware RNG device to use." >&2 exit 1 } START="--start --quiet --pidfile ${PIDFILE} --startas ${DAEMON} --name ${NAME}" case "$1" in start) echo -n "Starting $DESC: " finddevice START="${START} -- -r ${HRNGDEVICE} ${RNGDOPTIONS}" if start-stop-daemon ${START} >/dev/null 2>&1 ; then echo "${NAME}." else if start-stop-daemon --test ${START} >/dev/null 2>&1; then echo "(failed)." exit 1 else echo "${DAEMON} already running." exit 0 fi fi ;; stop) echo -n "Stopping $DESC: " if start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \ --startas ${DAEMON} --retry 10 --name ${NAME} \ >/dev/null 2>&1 ; then echo "${NAME}." else if start-stop-daemon --test ${START} >/dev/null 2>&1; then echo "(not running)." exit 0 else echo "(failed)." exit 1 fi fi ;; restart|force-reload) $0 stop exec $0 start ;; *) echo "Usage: $0 {start|stop|restart|force-reload}" 1>&2 exit 1 ;; esac exit 0 debian/rng-tools.default0000664000000000000000000000142712312122375012464 0ustar # Configuration for the rng-tools initscript # $Id: rng-tools.default,v 1.1.2.5 2008-06-10 19:51:37 hmh Exp $ # This is a POSIX shell fragment # Set to the input source for random data, leave undefined # for the initscript to attempt auto-detection. Set to /dev/null # for the viapadlock and tpm drivers. #HRNGDEVICE=/dev/hwrng #HRNGDEVICE=/dev/null # Additional options to send to rngd. See the rngd(8) manpage for # more information. Do not specify -r/--rng-device here, use # HRNGDEVICE for that instead. #RNGDOPTIONS="--hrng=intelfwh --fill-watermark=90% --feed-interval=1" #RNGDOPTIONS="--hrng=viakernel --fill-watermark=90% --feed-interval=1" #RNGDOPTIONS="--hrng=viapadlock --fill-watermark=90% --feed-interval=1" #RNGDOPTIONS="--hrng=tpm --fill-watermark=90% --feed-interval=1" debian/rng-tools.postinst0000664000000000000000000000301312312122375012714 0ustar #! /bin/sh # postinst script for rng-tools # Copyright (c) 2003-2010 by Henrique de Moraes Holschuh # Copyright (c) 2002 by Viral Shah # Distributed under the GNU General Public License version 2 or later versions set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see /usr/doc/packaging-manual/ # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. export PATH=/sbin:/usr/sbin:/bin:/usr/bin case "$1" in configure) if [ '!' -c /dev/hwrng ] && [ '!' -c /dev/misc/hwrng ] && \ [ -x /sbin/MAKEDEV ]; then echo "Trying to create /dev/hwrng device inode..." (cd /dev && /sbin/MAKEDEV hwrng || true) fi # Update start/stop symlinks if dpkg --compare-versions "$2" lt-nl "2-unofficial-mt.12-1ubuntu3"; then rm -f /etc/rc?.d/[SK]20rng-tools fi true ;; esac #DEBHELPER# exit 0 debian/rng-tools.manpages0000664000000000000000000000000712312122375012624 0ustar rngd.8 debian/compat0000664000000000000000000000000212312122375010364 0ustar 7 debian/copyright0000664000000000000000000000257312312122375011130 0ustar This package was assembled by Henrique de Moraes Holschuh , based on previous work by Viral Shah . Upstream sources are at: http://sourceforge.net/projects/gkernel/ (module rng-tools) The Debian packaging of rng-tools is: Copyright (c) 2003-2010 by Henrique de Moraes Holschuh , Copyright (c) 2002 by Viral Shah , and distributed under the same license as the upstream source it applies to. Changes: The Debian version of rngd is extensively patched with added functionality and bugs courtesy of Henrique de Moraes Holschuh. All changes were supposed to be proposed to be merged upstream, but the deviation got too large to handle, so it hasn't happened. See upstream changelog for a list of all changes. Upstream Authors: Philipp Rumpf, Jeff Garzik Henrique de Moraes Holschuh Copyright: Copyright (C) 2001 Philipp Rumpf Copyright (C) 2001 Jeff Garzik Copyright (C) 2004-2010 Henrique de Moraes Holschuh This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. The GPL may be found in /usr/share/common-licenses/GPL on a Debian system.