diff mbox series

rng-tools: disable rngd daemon start by default

Message ID 20230315014728.86644-1-xiangyu.chen@eng.windriver.com
State New
Headers show
Series rng-tools: disable rngd daemon start by default | expand

Commit Message

Xiangyu Chen March 15, 2023, 1:47 a.m. UTC 
From: Xiangyu Chen <xiangyu.chen@windriver.com>

Since we removed the openssh dependency[1] on rng-tools, there are no package requiring
rng-tools in oe-core, meta-oe, meta-virt, one of the reasons for keeping rng-tools
build into the image is that it can be used to test[2], so adding an option to disable
rngd daemon by default since the linux-5.6 and later /dev/random won't block anymore[3].

By default, this option set to 0 to disable the rngd start, when this option set to 1, the
rngd daemon would start normally (if someone really need it).

Reference:
[1] https://git.openembedded.org/openembedded-core/commit/?id=868dfb46d96a27ec9041cb902fb769330277257d
[2] https://linux.die.net/man/1/rngtest
[3] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
---
 .../rng-tools/rng-tools/default               |  1 +
 meta/recipes-support/rng-tools/rng-tools/init | 42 ++++++++++++-------
 .../rng-tools/rng-tools/rng-tools.service     |  2 +-
 3 files changed, 29 insertions(+), 16 deletions(-)

Comments

Alexander Kanavin March 15, 2023, 8:27 a.m. UTC | #1 
I don't think adding a custom variable is the correct approach.

If you want rngtest or other supplementary tools in the image, but
don't want to install and start rngd, then rngtest should be packaged
and installed separately via appropriate FILES/PACKAGES assignments in
the recipe. Can you make it work that way please?

Alex

On Wed, 15 Mar 2023 at 02:47, Xiangyu Chen
<xiangyu.chen@eng.windriver.com> wrote:
>
> From: Xiangyu Chen <xiangyu.chen@windriver.com>
>
> Since we removed the openssh dependency[1] on rng-tools, there are no package requiring
> rng-tools in oe-core, meta-oe, meta-virt, one of the reasons for keeping rng-tools
> build into the image is that it can be used to test[2], so adding an option to disable
> rngd daemon by default since the linux-5.6 and later /dev/random won't block anymore[3].
>
> By default, this option set to 0 to disable the rngd start, when this option set to 1, the
> rngd daemon would start normally (if someone really need it).
>
> Reference:
> [1] https://git.openembedded.org/openembedded-core/commit/?id=868dfb46d96a27ec9041cb902fb769330277257d
> [2] https://linux.die.net/man/1/rngtest
> [3] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32
>
> Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
> ---
>  .../rng-tools/rng-tools/default               |  1 +
>  meta/recipes-support/rng-tools/rng-tools/init | 42 ++++++++++++-------
>  .../rng-tools/rng-tools/rng-tools.service     |  2 +-
>  3 files changed, 29 insertions(+), 16 deletions(-)
>
> diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
> index b9f8e03635..02659742fd 100644
> --- a/meta/recipes-support/rng-tools/rng-tools/default
> +++ b/meta/recipes-support/rng-tools/rng-tools/default
> @@ -1 +1,2 @@
>  EXTRA_ARGS="-r /dev/hwrng"
> +RUN_RNGD=0
> diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init
> index 13f0ecd37c..6c8ce00104 100644
> --- a/meta/recipes-support/rng-tools/rng-tools/init
> +++ b/meta/recipes-support/rng-tools/rng-tools/init
> @@ -12,27 +12,39 @@ test -x "$rngd" || exit 1
>
>  case "$1" in
>    start)
> -    echo -n "Starting random number generator daemon"
> -    start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
> -    echo "."
> +    if [ $RUN_RNGD = 1 ]
> +    then
> +        echo -n "Starting random number generator daemon"
> +        start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
> +        echo "."
> +    fi
>      ;;
>    stop)
> -    echo -n "Stopping random number generator daemon"
> -    start-stop-daemon -K -q -n rngd
> -    echo "."
> +    if [ $RUN_RNGD = 1 ]
> +    then
> +        echo -n "Stopping random number generator daemon"
> +        start-stop-daemon -K -q -n rngd
> +        echo "."
> +    fi
>      ;;
>    reload|force-reload)
> -    echo -n "Signalling rng daemon restart"
> -    start-stop-daemon -K -q -s 1 -x $rngd
> -    start-stop-daemon -K -q -s 1 -x $rngd
> +    if [ $RUN_RNGD = 1 ]
> +    then
> +        echo -n "Signalling rng daemon restart"
> +        start-stop-daemon -K -q -s 1 -x $rngd
> +        start-stop-daemon -K -q -s 1 -x $rngd
> +    fi
>      ;;
>    restart)
> -    echo -n "Stopping random number generator daemon"
> -    start-stop-daemon -K -q -n rngd
> -    echo "."
> -    echo -n "Starting random number generator daemon"
> -    start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
> -    echo "."
> +    if [ $RUN_RNGD = 1 ]
> +    then
> +        echo -n "Stopping random number generator daemon"
> +        start-stop-daemon -K -q -n rngd
> +        echo "."
> +        echo -n "Starting random number generator daemon"
> +        start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
> +        echo "."
> +    fi
>      ;;
>    *)
>      echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}"
> diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
> index 5ae2fba215..be88ab125a 100644
> --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
> +++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
> @@ -7,7 +7,7 @@ ConditionVirtualization=!container
>
>  [Service]
>  EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
> -ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
> +ExecStart=/bin/sh -c '[ x$RUN_RNGD != x1 ] || exec @SBINDIR@/rngd -f $EXTRA_ARGS '
>  CapabilityBoundingSet=CAP_SYS_ADMIN
>  IPAddressDeny=any
>  LockPersonality=yes
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#178518): https://lists.openembedded.org/g/openembedded-core/message/178518
> Mute This Topic: https://lists.openembedded.org/mt/97619573/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
index b9f8e03635..02659742fd 100644
--- a/meta/recipes-support/rng-tools/rng-tools/default
+++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -1 +1,2 @@ 
 EXTRA_ARGS="-r /dev/hwrng"
+RUN_RNGD=0
diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init
index 13f0ecd37c..6c8ce00104 100644
--- a/meta/recipes-support/rng-tools/rng-tools/init
+++ b/meta/recipes-support/rng-tools/rng-tools/init
@@ -12,27 +12,39 @@  test -x "$rngd" || exit 1
 
 case "$1" in
   start)
-    echo -n "Starting random number generator daemon"
-    start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
-    echo "."
+    if [ $RUN_RNGD = 1 ]
+    then
+        echo -n "Starting random number generator daemon"
+        start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
+        echo "."
+    fi
     ;;
   stop)
-    echo -n "Stopping random number generator daemon"
-    start-stop-daemon -K -q -n rngd
-    echo "."
+    if [ $RUN_RNGD = 1 ]
+    then
+        echo -n "Stopping random number generator daemon"
+        start-stop-daemon -K -q -n rngd
+        echo "."
+    fi
     ;;
   reload|force-reload)
-    echo -n "Signalling rng daemon restart"
-    start-stop-daemon -K -q -s 1 -x $rngd
-    start-stop-daemon -K -q -s 1 -x $rngd
+    if [ $RUN_RNGD = 1 ]
+    then
+        echo -n "Signalling rng daemon restart"
+        start-stop-daemon -K -q -s 1 -x $rngd
+        start-stop-daemon -K -q -s 1 -x $rngd
+    fi
     ;;
   restart)
-    echo -n "Stopping random number generator daemon"
-    start-stop-daemon -K -q -n rngd
-    echo "."
-    echo -n "Starting random number generator daemon"
-    start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
-    echo "."
+    if [ $RUN_RNGD = 1 ]
+    then
+        echo -n "Stopping random number generator daemon"
+        start-stop-daemon -K -q -n rngd
+        echo "."
+        echo -n "Starting random number generator daemon"
+        start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
+        echo "."
+    fi
     ;;
   *)
     echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}"
diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
index 5ae2fba215..be88ab125a 100644
--- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
+++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
@@ -7,7 +7,7 @@  ConditionVirtualization=!container
 
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
-ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
+ExecStart=/bin/sh -c '[ x$RUN_RNGD != x1 ] || exec @SBINDIR@/rngd -f $EXTRA_ARGS '
 CapabilityBoundingSet=CAP_SYS_ADMIN
 IPAddressDeny=any
 LockPersonality=yes