diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-04-08 02:39:28 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-04-08 02:39:28 +0000 |
| commit | 2cfe111027aaffc4892f21a4f8046abe5e20e848 (patch) | |
| tree | 7b19647e026ce2e6ebab20221453b2c4477ab213 /app-crypt/ekeyd/files | |
| parent | Add ~mips keyword (diff) | |
| download | gentoo-2-2cfe111027aaffc4892f21a4f8046abe5e20e848.tar.gz gentoo-2-2cfe111027aaffc4892f21a4f8046abe5e20e848.tar.bz2 gentoo-2-2cfe111027aaffc4892f21a4f8046abe5e20e848.zip | |
Merge ekey-egd-linux daemon (and init script) within ekeyd, and suggest using it for heavy-loaded machines; the ekeyd init script provides entropy if (and only if) it is not set to provide EGD sockets; add a warning about using the userland USB access method; fix the only warning that was still present (false positive on format strings).
(Portage version: 2.2.0_alpha29/cvs/Linux x86_64)
Diffstat (limited to 'app-crypt/ekeyd/files')
| -rw-r--r-- | app-crypt/ekeyd/files/ekey-egd-linux.conf | 12 | ||||
| -rw-r--r-- | app-crypt/ekeyd/files/ekey-egd-linux.init | 40 | ||||
| -rw-r--r-- | app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch | 26 | ||||
| -rw-r--r-- | app-crypt/ekeyd/files/ekeyd.init | 13 |
4 files changed, 89 insertions, 2 deletions
diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.conf b/app-crypt/ekeyd/files/ekey-egd-linux.conf new file mode 100644 index 000000000000..0f72288ac534 --- /dev/null +++ b/app-crypt/ekeyd/files/ekey-egd-linux.conf @@ -0,0 +1,12 @@ +# Configuration file for ekey-egd-linux + +# Hostname or IP address to connect to. +#HOST="localhost" +# Port number to connect to. +#PORT="8888" +# Time between reconnect attempts. +#RECONNECTINTERVAL=10 +# Set the number of 1024 bit blocks to request each time +#BLOCKS=2 +# Low level entropy to trigger egd-linux entropy read +WATERMARK=1024 diff --git a/app-crypt/ekeyd/files/ekey-egd-linux.init b/app-crypt/ekeyd/files/ekey-egd-linux.init new file mode 100644 index 000000000000..c3a2a9914ba6 --- /dev/null +++ b/app-crypt/ekeyd/files/ekey-egd-linux.init @@ -0,0 +1,40 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekey-egd-linux.init,v 1.1 2011/04/08 02:39:27 flameeyes Exp $ + +: ${HOST:=localhost} +: ${PORT:=8888} +: ${RECONNECTINTERVAL:=10} +: ${BLOCKS:=2} + +depend() { + use net + after ekeyd + + provide entropy +} + +start() { + ebegin "Starting EntropyKey EGD client" + start-stop-daemon \ + --start --pidfile "/var/run/${SVCNAME}.pid" \ + --exec /usr/libexec/ekey-egd-linux -- \ + -H ${HOST} -p ${PORT} \ + -r ${RECONNECTINTERVAL} \ + -b ${BLOCKS} \ + -D "/var/run/${SVCNAME}.pid" + + [ -n "${WATERMARK}" ] && \ + sysctl "kernel.random.write_wakeup_threshold=$WATERMARK" >/dev/null 2>&1 + + eend $? +} + +stop() { + ebegin "Stopping EntropyKey EGD client" + start-stop-daemon \ + --stop --pidfile "/var/run/${SVCNAME}.pid" \ + --exec /usr/libexec/ekey-egd-linux + eend $? +} diff --git a/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch new file mode 100644 index 000000000000..a705dd503e0c --- /dev/null +++ b/app-crypt/ekeyd/files/ekeyd-1.1.3-format.patch @@ -0,0 +1,26 @@ +Index: ekeyd-1.1.3/daemon/ekeyd.c +=================================================================== +--- ekeyd-1.1.3.orig/daemon/ekeyd.c ++++ ekeyd-1.1.3/daemon/ekeyd.c +@@ -203,7 +203,7 @@ open_foldback_output(void) + return (output_stream != NULL); + } + +-static const char *usage= ++static const char usage[]= + "Usage: %s [-f <configfile>] [-p <pidfile>] [-v] [-h]\n" + "Entropy Key Daemon\n\n" + "\t-f Read configuration from configfile\n" +Index: ekeyd-1.1.3/daemon/ekey-setkey.c +=================================================================== +--- ekeyd-1.1.3.orig/daemon/ekey-setkey.c ++++ ekeyd-1.1.3/daemon/ekey-setkey.c +@@ -79,7 +79,7 @@ calc_mac(uint8_t *snum, uint8_t *mkey, u + return mac; + } + +-static const char *usage = ++static const char usage[] = + "Usage: %s [-d] [-h] [-n] [-f <keyring>] [-m <master>]\n" + " [-s <serial>] <path>\n" + "Entropy key device long term session key tool\n\n" diff --git a/app-crypt/ekeyd/files/ekeyd.init b/app-crypt/ekeyd/files/ekeyd.init index 528a8d32ab7d..897f3ac77e95 100644 --- a/app-crypt/ekeyd/files/ekeyd.init +++ b/app-crypt/ekeyd/files/ekeyd.init @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 2009 Gentoo Foundation +# Copyright 2009-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.3 2009/10/04 11:43:34 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/ekeyd/files/ekeyd.init,v 1.4 2011/04/08 02:39:27 flameeyes Exp $ INSTANCE="${SVCNAME#*.}" if [ -z "${INSTANCE}" ] || [ "${SVCNAME}" = "ekeyd" ]; then @@ -11,6 +11,15 @@ fi depend() { use udev ekey-ulusbd need localmount + + local cfgfile="/etc/entropykey/${INSTANCE}.conf" + config "${cfgfile}" + + # quickly parse the configuration file; we only provide entropy + # if we're not using the egd server/client split method. + if sed -e 's:--.*::' "${cfgfile}" | grep -q SetOutputToKernel; then + provide entropy + fi } start() { |