diff options
| author | Daniel Baumann <daniel@debian.org> | 2024-11-10 15:32:30 +0100 |
|---|---|---|
| committer | Daniel Baumann <daniel@debian.org> | 2024-11-10 15:32:30 +0100 |
| commit | 887c3b877f16e5e1b834e008306afe6677458225 (patch) | |
| tree | df0289cd7c79553a1d81310876cf48083db44239 /contrib | |
| parent | Adding upstream version 1.9.14. (diff) | |
| download | haveged-upstream.tar.xz haveged-upstream.zip | |
Adding upstream version 1.9.19.upstream/1.9.19upstream
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/Fedora/90-haveged.rules | 2 | ||||
| -rw-r--r-- | contrib/Fedora/haveged-once.service | 31 | ||||
| -rw-r--r-- | contrib/Fedora/haveged-switch-root.service | 1 | ||||
| -rw-r--r-- | contrib/Fedora/haveged.conf | 1 | ||||
| -rw-r--r-- | contrib/Fedora/haveged.service | 3 | ||||
| -rw-r--r-- | contrib/Fedora/haveged.spec | 33 | ||||
| -rw-r--r-- | contrib/SUSE/90-haveged.rules | 2 | ||||
| -rw-r--r-- | contrib/SUSE/haveged-switch-root.service | 1 |
8 files changed, 67 insertions, 7 deletions
diff --git a/contrib/Fedora/90-haveged.rules b/contrib/Fedora/90-haveged.rules index 6b1c5cf..648d9bc 100644 --- a/contrib/Fedora/90-haveged.rules +++ b/contrib/Fedora/90-haveged.rules @@ -1,5 +1,5 @@ # Start the haveged service as soon as the random device is available # to avoid starting other services while starved of entropy -ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service" +ACTION=="add", KERNEL=="random", SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service" diff --git a/contrib/Fedora/haveged-once.service b/contrib/Fedora/haveged-once.service new file mode 100644 index 0000000..bfa84a5 --- /dev/null +++ b/contrib/Fedora/haveged-once.service @@ -0,0 +1,31 @@ +[Unit] +Description=Entropy Daemon based on the HAVEGE algorithm +Documentation=man:haveged(8) http://www.issihosts.com/haveged/ +DefaultDependencies=no + +[Service] +Type=oneshot +ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --once --Foreground +SuccessExitStatus=137 143 + +SecureBits=noroot-locked +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT +# We can *not* set PrivateTmp=true as it can cause an ordering cycle. +PrivateTmp=false +PrivateDevices=true +# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs) +#PrivateNetwork=true +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +RestrictNamespaces=true +RestrictRealtime=true + +LockPersonality=true +MemoryDenyWriteExecute=true +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@mount +SystemCallErrorNumber=EPERM diff --git a/contrib/Fedora/haveged-switch-root.service b/contrib/Fedora/haveged-switch-root.service index 8cc38cf..a3eb086 100644 --- a/contrib/Fedora/haveged-switch-root.service +++ b/contrib/Fedora/haveged-switch-root.service @@ -1,6 +1,7 @@ [Unit] Description=Tell haveged about new root DefaultDependencies=no +ConditionKernelVersion=<5.6 ConditionPathExists=/etc/initrd-release Before=initrd-switch-root.service JoinsNamespaceOf=haveged.service diff --git a/contrib/Fedora/haveged.conf b/contrib/Fedora/haveged.conf new file mode 100644 index 0000000..e10884d --- /dev/null +++ b/contrib/Fedora/haveged.conf @@ -0,0 +1 @@ +add_dracutmodules+=" haveged " diff --git a/contrib/Fedora/haveged.service b/contrib/Fedora/haveged.service index abb9cfc..55c8600 100644 --- a/contrib/Fedora/haveged.service +++ b/contrib/Fedora/haveged.service @@ -2,11 +2,12 @@ Description=Entropy Daemon based on the HAVEGE algorithm Documentation=man:haveged(8) http://www.issihosts.com/haveged/ DefaultDependencies=no +ConditionKernelVersion=<5.6 After=systemd-tmpfiles-setup-dev.service Before=sysinit.target shutdown.target systemd-journald.service [Service] -ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground +ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground -v 64 Restart=always SuccessExitStatus=137 143 diff --git a/contrib/Fedora/haveged.spec b/contrib/Fedora/haveged.spec index 9dc4bea..f1d50ab 100644 --- a/contrib/Fedora/haveged.spec +++ b/contrib/Fedora/haveged.spec @@ -1,7 +1,7 @@ %define dracutlibdir lib/dracut Summary: A Linux entropy source using the HAVEGE algorithm Name: haveged -Version: 1.9.14 +Version: 1.9.17 Release: 1%{?dist} License: GPLv3+ URL: https://github.com/jirka-h/haveged @@ -11,7 +11,7 @@ Requires(preun): systemd Requires(postun): systemd BuildRequires: gcc -BuildRequires: automake coreutils glibc-common systemd-units +BuildRequires: make automake coreutils glibc-common systemd-units Enhances: apache2 gpg2 openssl openvpn php5 smtp_daemon systemd %description @@ -21,7 +21,7 @@ Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction (e.g. headless servers). - + Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion) to maintain a 1M pool of random bytes used to fill /dev/random whenever the supply of random bits in /dev/random falls below the low @@ -60,8 +60,11 @@ chmod 0644 COPYING README ChangeLog AUTHORS #Install systemd service file sed -e 's:@SBIN_DIR@:%{_sbindir}:g' -i contrib/Fedora/*service +sed -i '/^ConditionKernelVersion/d' contrib/Fedora/*service + install -Dpm 0644 contrib/Fedora/haveged.service %{buildroot}%{_unitdir}/%{name}.service install -Dpm 0644 contrib/Fedora/haveged-switch-root.service %{buildroot}%{_unitdir}/%{name}-switch-root.service +install -Dpm 0644 contrib/Fedora/haveged-once.service %{buildroot}%{_unitdir}/%{name}-once.service install -Dpm 0755 contrib/Fedora/haveged-dracut.module %{buildroot}/%{_prefix}/%{dracutlibdir}/modules.d/98%{name}/module-setup.sh install -Dpm 0644 contrib/Fedora/90-haveged.rules %{buildroot}%{_udevrulesdir}/90-%{name}.rules @@ -101,7 +104,29 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot %changelog -* Sun Jun 28 2020 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-1 +* Sat Jan 08 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.17-1 + - Update to 1.9.17 + +* Mon Jan 03 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-2 + - Fixed ExecStart in haveged-once.service + +* Sun Jan 02 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-1 + - Update to 1.9.16 + +* Thu Sep 30 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.15-1 + - Update to 1.9.15 + +* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.9.14-4 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Jan 3 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-2 - Update to 1.9.14 - BZ1835006 - Added dracut module - Start the service as soon as the random device is available with diff --git a/contrib/SUSE/90-haveged.rules b/contrib/SUSE/90-haveged.rules index 6b1c5cf..648d9bc 100644 --- a/contrib/SUSE/90-haveged.rules +++ b/contrib/SUSE/90-haveged.rules @@ -1,5 +1,5 @@ # Start the haveged service as soon as the random device is available # to avoid starting other services while starved of entropy -ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service" +ACTION=="add", KERNEL=="random", SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service" diff --git a/contrib/SUSE/haveged-switch-root.service b/contrib/SUSE/haveged-switch-root.service index 9757da4..24b8649 100644 --- a/contrib/SUSE/haveged-switch-root.service +++ b/contrib/SUSE/haveged-switch-root.service @@ -1,6 +1,7 @@ [Unit] Description=Tell haveged about new root DefaultDependencies=no +ConditionKernelVersion=<5.6 ConditionPathExists=/etc/initrd-release Before=initrd-switch-root.service JoinsNamespaceOf=haveged.service |