From 5d79d66d1c8d65e9a4e6bc4b7eccfaaa3a63655c Mon Sep 17 00:00:00 2001 From: Erik Falor Date: Sun, 9 Dec 2012 11:01:01 -0500 Subject: system/haveged: Added (A simple entropy daemon) Signed-off-by: dsomero --- system/haveged/README | 26 ++++++++++ system/haveged/doinst.sh | 28 +++++++++++ system/haveged/haveged.SlackBuild | 102 ++++++++++++++++++++++++++++++++++++++ system/haveged/haveged.info | 10 ++++ system/haveged/rc.haveged | 47 ++++++++++++++++++ system/haveged/slack-desc | 19 +++++++ 6 files changed, 232 insertions(+) create mode 100644 system/haveged/README create mode 100644 system/haveged/doinst.sh create mode 100644 system/haveged/haveged.SlackBuild create mode 100644 system/haveged/haveged.info create mode 100644 system/haveged/rc.haveged create mode 100644 system/haveged/slack-desc (limited to 'system/haveged') diff --git a/system/haveged/README b/system/haveged/README new file mode 100644 index 0000000000..dee52968a6 --- /dev/null +++ b/system/haveged/README @@ -0,0 +1,26 @@ +haveged (a simple entropy-gathering daemon) + +The haveged project is an attempt to provide an easy-to-use, unpredictable +random number generator based upon an adaptation of the HAVEGE algorithm. +Haveged was created to remedy low-entropy conditions in the Linux random device +that can occur under some workloads, especially on headless servers. + +The HAVEGE algorithm is based upon the indirect effects of unrelated hardware +events on the instruction timing of a calculation that is sensitive to processor +features such as branch predictors and instruction/data access mechanisms. +Samples from a high-resolution timer are input into the algorithm to +produce a stream of random data in a collection buffer. The contents of this +buffer can be fed into the random device or accessed directly through the file +system. File system access is a useful alternative to those situations where +use of the random device is either inappropriate or not available. + +Add the following snippet to your /etc/rc.d/rc.M to start up haveged at boot: + +# Starting HAVEGED entropy daemon +if [ -x /etc/rc.d/rc.haveged ]; then + /etc/rc.d/rc.haveged start +fi + +You can see how many bits of entropy are available to the system by reading the +/proc/sys/kernel/random/entropy_avail file, and check the size of your entropy +pool at /proc/sys/kernel/random/poolsize. diff --git a/system/haveged/doinst.sh b/system/haveged/doinst.sh new file mode 100644 index 0000000000..b9e90c8608 --- /dev/null +++ b/system/haveged/doinst.sh @@ -0,0 +1,28 @@ +config() { + for infile in $1; do + NEW="$infile" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... + done +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.haveged.new + diff --git a/system/haveged/haveged.SlackBuild b/system/haveged/haveged.SlackBuild new file mode 100644 index 0000000000..90ffd60cd0 --- /dev/null +++ b/system/haveged/haveged.SlackBuild @@ -0,0 +1,102 @@ +#!/bin/sh + +# Slackware build script for haveged + +# Copyright 2012 Erik Falor, West Valley City, Utah, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=haveged +VERSION=${VERSION:-1.5} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --build=$ARCH-slackware-linux + +make +make install-strip DESTDIR=$PKG + +rm -rf $PKG/etc/init.d +install -D -m0755 -oroot -groot $CWD/rc.haveged $PKG/etc/rc.d/rc.haveged.new + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a AUTHORS COPYING ChangeLog INSTALL README \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/haveged/haveged.info b/system/haveged/haveged.info new file mode 100644 index 0000000000..82876c0ac9 --- /dev/null +++ b/system/haveged/haveged.info @@ -0,0 +1,10 @@ +PRGNAM="haveged" +VERSION="1.5" +HOMEPAGE="http://www.issihosts.com/haveged/index.html" +DOWNLOAD="http://www.issihosts.com/haveged/haveged-1.5.tar.gz" +MD5SUM="c1f34be00c3f438ec83862e90e192e4b" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Erik Falor" +EMAIL="ewfalor@gmail.com" diff --git a/system/haveged/rc.haveged b/system/haveged/rc.haveged new file mode 100644 index 0000000000..7f6f5e4fc2 --- /dev/null +++ b/system/haveged/rc.haveged @@ -0,0 +1,47 @@ +#!/bin/sh +# Start/stop/restart haveged. + +PIDFILE=/var/run/haveged.pid +HAVEGED_OPTS="-w 1024 -v 1 -p $PIDFILE" + +# Start haveged: +haveged_start() { + if [ -f $PIDFILE ]; then + echo "HAVEGE daemon is already running as PID $(cat $PIDFILE) " >&2 + exit 3 + elif [ -x /usr/sbin/haveged ]; then + echo "Starting HAVEGE daemon: /usr/sbin/haveged" + /usr/sbin/haveged $HAVEGED_OPTS + fi +} + +# Stop haveged: +haveged_stop() { + if [ -r /var/run/haveged.pid ]; then + kill $(cat /var/run/haveged.pid) + else + killall haveged + fi +} + +# Restart haveged: +haveged_restart() { + haveged_stop + sleep 1 + haveged_start +} + +case "$1" in +'start') + haveged_start + ;; +'stop') + haveged_stop + ;; +'restart') + haveged_restart + ;; +*) + echo "usage $0 start|stop|restart" + exit 2 +esac diff --git a/system/haveged/slack-desc b/system/haveged/slack-desc new file mode 100644 index 0000000000..55d8f9ed50 --- /dev/null +++ b/system/haveged/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +haveged: haveged (A simple entropy daemon) +haveged: +haveged: The haveged project is an attempt to provide an easy-to-use, +haveged: unpredictable random number generator based upon an adaptation of the +haveged: HAVEGE algorithm. Haveged was created to remedy low-entropy +haveged: conditions in the Linux random device that can occur under some +haveged: workloads, especially on headless servers. +haveged: +haveged: +haveged: +haveged: -- cgit v1.2.3