- haveged can be run as an application if also running as a daemon (Closes: #998382). Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
parent
10d5974907
commit
363454abff
GPG key ID:
FBB4F0E80A80222F
54 changed files with 6554 additions and 5557 deletions
|
|
@ -1,5 +1,5 @@
|
|||
# Start the haveged service as soon as the random device is available
|
||||
# to avoid starting other services while starved of entropy
|
||||
|
||||
ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
|
||||
ACTION=="add", KERNEL=="random", SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
|
||||
|
||||
|
|
|
|||
31
contrib/Fedora/haveged-once.service
Normal file
31
contrib/Fedora/haveged-once.service
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
[Unit]
|
||||
Description=Entropy Daemon based on the HAVEGE algorithm
|
||||
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --once --Foreground
|
||||
SuccessExitStatus=137 143
|
||||
|
||||
SecureBits=noroot-locked
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
|
||||
# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
|
||||
PrivateTmp=false
|
||||
PrivateDevices=true
|
||||
# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs)
|
||||
#PrivateNetwork=true
|
||||
ProtectSystem=full
|
||||
ProtectHome=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallFilter=~@mount
|
||||
SystemCallErrorNumber=EPERM
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
[Unit]
|
||||
Description=Tell haveged about new root
|
||||
DefaultDependencies=no
|
||||
ConditionKernelVersion=<5.6
|
||||
ConditionPathExists=/etc/initrd-release
|
||||
Before=initrd-switch-root.service
|
||||
JoinsNamespaceOf=haveged.service
|
||||
|
|
|
|||
1
contrib/Fedora/haveged.conf
Normal file
1
contrib/Fedora/haveged.conf
Normal file
|
|
@ -0,0 +1 @@
|
|||
add_dracutmodules+=" haveged "
|
||||
|
|
@ -2,11 +2,12 @@
|
|||
Description=Entropy Daemon based on the HAVEGE algorithm
|
||||
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
|
||||
DefaultDependencies=no
|
||||
ConditionKernelVersion=<5.6
|
||||
After=systemd-tmpfiles-setup-dev.service
|
||||
Before=sysinit.target shutdown.target systemd-journald.service
|
||||
|
||||
[Service]
|
||||
ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
|
||||
ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground -v 64
|
||||
Restart=always
|
||||
SuccessExitStatus=137 143
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
%define dracutlibdir lib/dracut
|
||||
Summary: A Linux entropy source using the HAVEGE algorithm
|
||||
Name: haveged
|
||||
Version: 1.9.14
|
||||
Version: 1.9.17
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
URL: https://github.com/jirka-h/haveged
|
||||
|
|
@ -11,7 +11,7 @@ Requires(preun): systemd
|
|||
Requires(postun): systemd
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: automake coreutils glibc-common systemd-units
|
||||
BuildRequires: make automake coreutils glibc-common systemd-units
|
||||
Enhances: apache2 gpg2 openssl openvpn php5 smtp_daemon systemd
|
||||
|
||||
%description
|
||||
|
|
@ -21,7 +21,7 @@ Haveged is a user space entropy daemon which is not dependent upon the
|
|||
standard mechanisms for harvesting randomness for the system entropy
|
||||
pool. This is important in systems with high entropy needs or limited
|
||||
user interaction (e.g. headless servers).
|
||||
|
||||
|
||||
Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)
|
||||
to maintain a 1M pool of random bytes used to fill /dev/random
|
||||
whenever the supply of random bits in /dev/random falls below the low
|
||||
|
|
@ -60,8 +60,11 @@ chmod 0644 COPYING README ChangeLog AUTHORS
|
|||
|
||||
#Install systemd service file
|
||||
sed -e 's:@SBIN_DIR@:%{_sbindir}:g' -i contrib/Fedora/*service
|
||||
sed -i '/^ConditionKernelVersion/d' contrib/Fedora/*service
|
||||
|
||||
install -Dpm 0644 contrib/Fedora/haveged.service %{buildroot}%{_unitdir}/%{name}.service
|
||||
install -Dpm 0644 contrib/Fedora/haveged-switch-root.service %{buildroot}%{_unitdir}/%{name}-switch-root.service
|
||||
install -Dpm 0644 contrib/Fedora/haveged-once.service %{buildroot}%{_unitdir}/%{name}-once.service
|
||||
install -Dpm 0755 contrib/Fedora/haveged-dracut.module %{buildroot}/%{_prefix}/%{dracutlibdir}/modules.d/98%{name}/module-setup.sh
|
||||
install -Dpm 0644 contrib/Fedora/90-haveged.rules %{buildroot}%{_udevrulesdir}/90-%{name}.rules
|
||||
|
||||
|
|
@ -101,7 +104,29 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot
|
|||
|
||||
|
||||
%changelog
|
||||
* Sun Jun 28 2020 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-1
|
||||
* Sat Jan 08 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.17-1
|
||||
- Update to 1.9.17
|
||||
|
||||
* Mon Jan 03 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-2
|
||||
- Fixed ExecStart in haveged-once.service
|
||||
|
||||
* Sun Jan 02 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-1
|
||||
- Update to 1.9.16
|
||||
|
||||
* Thu Sep 30 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.15-1
|
||||
- Update to 1.9.15
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.9.14-4
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Sun Jan 3 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-2
|
||||
- Update to 1.9.14
|
||||
- BZ1835006 - Added dracut module
|
||||
- Start the service as soon as the random device is available with
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# Start the haveged service as soon as the random device is available
|
||||
# to avoid starting other services while starved of entropy
|
||||
|
||||
ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
|
||||
ACTION=="add", KERNEL=="random", SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
[Unit]
|
||||
Description=Tell haveged about new root
|
||||
DefaultDependencies=no
|
||||
ConditionKernelVersion=<5.6
|
||||
ConditionPathExists=/etc/initrd-release
|
||||
Before=initrd-switch-root.service
|
||||
JoinsNamespaceOf=haveged.service
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue