From: <Randy.MacLeod@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Cc: <anuj.mittal@intel.com>, <david.zuhn@sonos.com>
Subject: [PATCH] rng-tools: move from oe-core to meta-oe
Date: Wed, 10 Jan 2024 15:38:10 -0500 [thread overview]
Message-ID: <20240110203810.1555817-1-Randy.MacLeod@windriver.com> (raw)
From: Randy MacLeod <Randy.MacLeod@windriver.com>
Nothing in oe-core depends on rng-tools anymore:
e7e1bc43ca rng-tools: splitting the rng-tools systemd/sysvinit serivce as a package
so move it to meta-oe for people who still want to run rngd
as a service for some reason or for those who want to run rng-test.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
.../rng-tools/rng-tools/default | 1 +
.../recipes-support/rng-tools/rng-tools/init | 42 +++++++++++
.../rng-tools/rng-tools/rng-tools.service | 32 +++++++++
.../rng-tools/rng-tools_6.16.bb | 69 +++++++++++++++++++
4 files changed, 144 insertions(+)
create mode 100644 meta-oe/recipes-support/rng-tools/rng-tools/default
create mode 100644 meta-oe/recipes-support/rng-tools/rng-tools/init
create mode 100644 meta-oe/recipes-support/rng-tools/rng-tools/rng-tools.service
create mode 100644 meta-oe/recipes-support/rng-tools/rng-tools_6.16.bb
diff --git a/meta-oe/recipes-support/rng-tools/rng-tools/default b/meta-oe/recipes-support/rng-tools/rng-tools/default
new file mode 100644
index 000000000..b9f8e0363
--- /dev/null
+++ b/meta-oe/recipes-support/rng-tools/rng-tools/default
@@ -0,0 +1 @@
+EXTRA_ARGS="-r /dev/hwrng"
diff --git a/meta-oe/recipes-support/rng-tools/rng-tools/init b/meta-oe/recipes-support/rng-tools/rng-tools/init
new file mode 100644
index 000000000..13f0ecd37
--- /dev/null
+++ b/meta-oe/recipes-support/rng-tools/rng-tools/init
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# This is an init script for openembedded
+# Copy it to @SYSCONFDIR@/init.d/rng-tools and type
+# > update-rc.d rng-tools defaults 60
+#
+
+rngd=@SBINDIR@/rngd
+test -x "$rngd" || exit 1
+
+[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools"
+
+case "$1" in
+ start)
+ echo -n "Starting random number generator daemon"
+ start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
+ echo "."
+ ;;
+ stop)
+ echo -n "Stopping random number generator daemon"
+ start-stop-daemon -K -q -n rngd
+ echo "."
+ ;;
+ reload|force-reload)
+ echo -n "Signalling rng daemon restart"
+ start-stop-daemon -K -q -s 1 -x $rngd
+ start-stop-daemon -K -q -s 1 -x $rngd
+ ;;
+ restart)
+ echo -n "Stopping random number generator daemon"
+ start-stop-daemon -K -q -n rngd
+ echo "."
+ echo -n "Starting random number generator daemon"
+ start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
+ echo "."
+ ;;
+ *)
+ echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}"
+ exit 1
+esac
+
+exit 0
diff --git a/meta-oe/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta-oe/recipes-support/rng-tools/rng-tools/rng-tools.service
new file mode 100644
index 000000000..5ae2fba21
--- /dev/null
+++ b/meta-oe/recipes-support/rng-tools/rng-tools/rng-tools.service
@@ -0,0 +1,32 @@
+[Unit]
+Description=Hardware RNG Entropy Gatherer Daemon
+DefaultDependencies=no
+Conflicts=shutdown.target
+Before=sysinit.target shutdown.target
+ConditionVirtualization=!container
+
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
+ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
+CapabilityBoundingSet=CAP_SYS_ADMIN
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=sysinit.target
diff --git a/meta-oe/recipes-support/rng-tools/rng-tools_6.16.bb b/meta-oe/recipes-support/rng-tools/rng-tools_6.16.bb
new file mode 100644
index 000000000..f0aa3ff93
--- /dev/null
+++ b/meta-oe/recipes-support/rng-tools/rng-tools_6.16.bb
@@ -0,0 +1,69 @@
+SUMMARY = "Random number generator daemon"
+DESCRIPTION = "Check and feed random data from hardware device to kernel"
+HOMEPAGE = "https://github.com/nhorman/rng-tools"
+BUGTRACKER = "https://github.com/nhorman/rng-tools/issues"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+DEPENDS = "openssl libcap"
+
+SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \
+ file://init \
+ file://default \
+ file://rng-tools.service \
+ "
+SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2"
+
+S = "${WORKDIR}/git"
+
+inherit autotools update-rc.d systemd pkgconfig
+
+EXTRA_OECONF = "--without-rtlsdr"
+
+PACKAGECONFIG ??= "libjitterentropy"
+PACKAGECONFIG:libc-musl = "libargp libjitterentropy"
+
+PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone,"
+PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy"
+PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl"
+PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2"
+PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl"
+
+INITSCRIPT_PACKAGES = "${PN}-service"
+INITSCRIPT_NAME:${PN}-service = "rng-tools"
+INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ."
+
+SYSTEMD_PACKAGES = "${PN}-service"
+SYSTEMD_SERVICE:${PN}-service = "rng-tools.service"
+
+CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER "
+
+PACKAGES =+ "${PN}-service"
+
+FILES:${PN}-service += " \
+ ${sysconfdir}/init.d/rng-tools \
+ ${sysconfdir}/default/rng-tools \
+"
+
+# Refer autogen.sh in rng-tools
+do_configure:prepend() {
+ cp ${S}/README.md ${S}/README
+}
+
+do_install:append() {
+ install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools
+ install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools
+ install -Dm 0644 ${WORKDIR}/rng-tools.service \
+ ${D}${systemd_system_unitdir}/rng-tools.service
+ sed -i \
+ -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ ${D}${sysconfdir}/init.d/rng-tools \
+ ${D}${systemd_system_unitdir}/rng-tools.service
+
+ if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then
+ sed -i \
+ -e '/^IPAddressDeny=any/d' \
+ -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \
+ ${D}${systemd_system_unitdir}/rng-tools.service
+ fi
+}
--
2.34.1
reply other threads:[~2024-01-10 20:38 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240110203810.1555817-1-Randy.MacLeod@windriver.com \
--to=randy.macleod@windriver.com \
--cc=anuj.mittal@intel.com \
--cc=david.zuhn@sonos.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.