Merging upstream version 1.9.19 (Closes: #999811, #1078052):

- haveged can be run as an application if also running as a daemon (Closes: #998382). Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-05 13:12:32 +01:00 · 2025-02-05 13:12:32 +01:00 · 363454abff
commit 363454abff
parent 10d5974907
54 changed files with 6554 additions and 5557 deletions
--- a/contrib/Fedora/90-haveged.rules
+++ b/contrib/Fedora/90-haveged.rules
@ -1,5 +1,5 @@
 # Start the haveged service as soon as the random device is available
 # to avoid starting other services while starved of entropy

-ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
+ACTION=="add", KERNEL=="random", SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"

--- a/contrib/Fedora/haveged-once.service
+++ b/contrib/Fedora/haveged-once.service
@ -0,0 +1,31 @@
+[Unit]
+Description=Entropy Daemon based on the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --once --Foreground
+SuccessExitStatus=137 143
+
+SecureBits=noroot-locked
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
+# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
+PrivateTmp=false
+PrivateDevices=true
+# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs)
+#PrivateNetwork=true
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+RestrictNamespaces=true
+RestrictRealtime=true
+
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@mount
+SystemCallErrorNumber=EPERM
--- a/contrib/Fedora/haveged-switch-root.service
+++ b/contrib/Fedora/haveged-switch-root.service
@ -1,6 +1,7 @@
 [Unit]
 Description=Tell haveged about new root
 DefaultDependencies=no
+ConditionKernelVersion=<5.6
 ConditionPathExists=/etc/initrd-release
 Before=initrd-switch-root.service
 JoinsNamespaceOf=haveged.service
--- a/contrib/Fedora/haveged.conf
+++ b/contrib/Fedora/haveged.conf
@ -0,0 +1 @@
+add_dracutmodules+=" haveged "
--- a/contrib/Fedora/haveged.service
+++ b/contrib/Fedora/haveged.service
@ -2,11 +2,12 @@
 Description=Entropy Daemon based on the HAVEGE algorithm
 Documentation=man:haveged(8) http://www.issihosts.com/haveged/
 DefaultDependencies=no
+ConditionKernelVersion=<5.6
 After=systemd-tmpfiles-setup-dev.service
 Before=sysinit.target shutdown.target systemd-journald.service

 [Service]
-ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground -v 64
 Restart=always
 SuccessExitStatus=137 143

--- a/contrib/Fedora/haveged.spec
+++ b/contrib/Fedora/haveged.spec
@ -1,7 +1,7 @@
 %define dracutlibdir lib/dracut
 Summary:        A Linux entropy source using the HAVEGE algorithm
 Name:           haveged
-Version:        1.9.14
+Version:        1.9.17
 Release:        1%{?dist}
 License:        GPLv3+
 URL:            https://github.com/jirka-h/haveged
@ -11,7 +11,7 @@ Requires(preun):  systemd
 Requires(postun): systemd

 BuildRequires:  gcc
-BuildRequires:  automake coreutils glibc-common systemd-units
+BuildRequires:  make automake coreutils glibc-common systemd-units
 Enhances:       apache2 gpg2 openssl openvpn php5 smtp_daemon systemd

 %description
@ -21,7 +21,7 @@ Haveged is a user space entropy daemon which is not dependent upon the
 standard mechanisms for harvesting randomness for the system entropy
 pool. This is important in systems with high entropy needs or limited
 user interaction (e.g. headless servers).
- 
+
 Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)
 to maintain a 1M pool of random bytes used to fill /dev/random
 whenever the supply of random bits in /dev/random falls below the low
@ -60,8 +60,11 @@ chmod 0644 COPYING README ChangeLog AUTHORS

 #Install systemd service file
 sed -e 's:@SBIN_DIR@:%{_sbindir}:g' -i contrib/Fedora/*service
+sed -i '/^ConditionKernelVersion/d' contrib/Fedora/*service
+
 install -Dpm 0644 contrib/Fedora/haveged.service %{buildroot}%{_unitdir}/%{name}.service
 install -Dpm 0644 contrib/Fedora/haveged-switch-root.service %{buildroot}%{_unitdir}/%{name}-switch-root.service
+install -Dpm 0644 contrib/Fedora/haveged-once.service %{buildroot}%{_unitdir}/%{name}-once.service
 install -Dpm 0755 contrib/Fedora/haveged-dracut.module %{buildroot}/%{_prefix}/%{dracutlibdir}/modules.d/98%{name}/module-setup.sh
 install -Dpm 0644 contrib/Fedora/90-haveged.rules %{buildroot}%{_udevrulesdir}/90-%{name}.rules

@ -101,7 +104,29 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot


 %changelog
-* Sun Jun 28 2020 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-1
+* Sat Jan 08 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.17-1
+ - Update to 1.9.17
+
+* Mon Jan 03 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-2
+ - Fixed ExecStart in haveged-once.service
+
+* Sun Jan 02 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-1
+ - Update to 1.9.16
+
+* Thu Sep 30 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.15-1
+ - Update to 1.9.15
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.9.14-4
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Jan 3 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-2
 - Update to 1.9.14
 - BZ1835006 - Added dracut module
 - Start the service as soon as the random device is available with