Message ID | 20230315014728.86644-1-xiangyu.chen@eng.windriver.com |
---|---|
State | New |
Headers | show |
Series | rng-tools: disable rngd daemon start by default | expand |
I don't think adding a custom variable is the correct approach. If you want rngtest or other supplementary tools in the image, but don't want to install and start rngd, then rngtest should be packaged and installed separately via appropriate FILES/PACKAGES assignments in the recipe. Can you make it work that way please? Alex On Wed, 15 Mar 2023 at 02:47, Xiangyu Chen <xiangyu.chen@eng.windriver.com> wrote: > > From: Xiangyu Chen <xiangyu.chen@windriver.com> > > Since we removed the openssh dependency[1] on rng-tools, there are no package requiring > rng-tools in oe-core, meta-oe, meta-virt, one of the reasons for keeping rng-tools > build into the image is that it can be used to test[2], so adding an option to disable > rngd daemon by default since the linux-5.6 and later /dev/random won't block anymore[3]. > > By default, this option set to 0 to disable the rngd start, when this option set to 1, the > rngd daemon would start normally (if someone really need it). > > Reference: > [1] https://git.openembedded.org/openembedded-core/commit/?id=868dfb46d96a27ec9041cb902fb769330277257d > [2] https://linux.die.net/man/1/rngtest > [3] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32 > > Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > --- > .../rng-tools/rng-tools/default | 1 + > meta/recipes-support/rng-tools/rng-tools/init | 42 ++++++++++++------- > .../rng-tools/rng-tools/rng-tools.service | 2 +- > 3 files changed, 29 insertions(+), 16 deletions(-) > > diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default > index b9f8e03635..02659742fd 100644 > --- a/meta/recipes-support/rng-tools/rng-tools/default > +++ b/meta/recipes-support/rng-tools/rng-tools/default > @@ -1 +1,2 @@ > EXTRA_ARGS="-r /dev/hwrng" > +RUN_RNGD=0 > diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init > index 13f0ecd37c..6c8ce00104 100644 > --- a/meta/recipes-support/rng-tools/rng-tools/init > +++ b/meta/recipes-support/rng-tools/rng-tools/init > @@ -12,27 +12,39 @@ test -x "$rngd" || exit 1 > > case "$1" in > start) > - echo -n "Starting random number generator daemon" > - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > - echo "." > + if [ $RUN_RNGD = 1 ] > + then > + echo -n "Starting random number generator daemon" > + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > + echo "." > + fi > ;; > stop) > - echo -n "Stopping random number generator daemon" > - start-stop-daemon -K -q -n rngd > - echo "." > + if [ $RUN_RNGD = 1 ] > + then > + echo -n "Stopping random number generator daemon" > + start-stop-daemon -K -q -n rngd > + echo "." > + fi > ;; > reload|force-reload) > - echo -n "Signalling rng daemon restart" > - start-stop-daemon -K -q -s 1 -x $rngd > - start-stop-daemon -K -q -s 1 -x $rngd > + if [ $RUN_RNGD = 1 ] > + then > + echo -n "Signalling rng daemon restart" > + start-stop-daemon -K -q -s 1 -x $rngd > + start-stop-daemon -K -q -s 1 -x $rngd > + fi > ;; > restart) > - echo -n "Stopping random number generator daemon" > - start-stop-daemon -K -q -n rngd > - echo "." > - echo -n "Starting random number generator daemon" > - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > - echo "." > + if [ $RUN_RNGD = 1 ] > + then > + echo -n "Stopping random number generator daemon" > + start-stop-daemon -K -q -n rngd > + echo "." > + echo -n "Starting random number generator daemon" > + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS > + echo "." > + fi > ;; > *) > echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" > diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service > index 5ae2fba215..be88ab125a 100644 > --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service > +++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service > @@ -7,7 +7,7 @@ ConditionVirtualization=!container > > [Service] > EnvironmentFile=-@SYSCONFDIR@/default/rng-tools > -ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS > +ExecStart=/bin/sh -c '[ x$RUN_RNGD != x1 ] || exec @SBINDIR@/rngd -f $EXTRA_ARGS ' > CapabilityBoundingSet=CAP_SYS_ADMIN > IPAddressDeny=any > LockPersonality=yes > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#178518): https://lists.openembedded.org/g/openembedded-core/message/178518 > Mute This Topic: https://lists.openembedded.org/mt/97619573/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default index b9f8e03635..02659742fd 100644 --- a/meta/recipes-support/rng-tools/rng-tools/default +++ b/meta/recipes-support/rng-tools/rng-tools/default @@ -1 +1,2 @@ EXTRA_ARGS="-r /dev/hwrng" +RUN_RNGD=0 diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init index 13f0ecd37c..6c8ce00104 100644 --- a/meta/recipes-support/rng-tools/rng-tools/init +++ b/meta/recipes-support/rng-tools/rng-tools/init @@ -12,27 +12,39 @@ test -x "$rngd" || exit 1 case "$1" in start) - echo -n "Starting random number generator daemon" - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS - echo "." + if [ $RUN_RNGD = 1 ] + then + echo -n "Starting random number generator daemon" + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS + echo "." + fi ;; stop) - echo -n "Stopping random number generator daemon" - start-stop-daemon -K -q -n rngd - echo "." + if [ $RUN_RNGD = 1 ] + then + echo -n "Stopping random number generator daemon" + start-stop-daemon -K -q -n rngd + echo "." + fi ;; reload|force-reload) - echo -n "Signalling rng daemon restart" - start-stop-daemon -K -q -s 1 -x $rngd - start-stop-daemon -K -q -s 1 -x $rngd + if [ $RUN_RNGD = 1 ] + then + echo -n "Signalling rng daemon restart" + start-stop-daemon -K -q -s 1 -x $rngd + start-stop-daemon -K -q -s 1 -x $rngd + fi ;; restart) - echo -n "Stopping random number generator daemon" - start-stop-daemon -K -q -n rngd - echo "." - echo -n "Starting random number generator daemon" - start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS - echo "." + if [ $RUN_RNGD = 1 ] + then + echo -n "Stopping random number generator daemon" + start-stop-daemon -K -q -n rngd + echo "." + echo -n "Starting random number generator daemon" + start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS + echo "." + fi ;; *) echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}" diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service index 5ae2fba215..be88ab125a 100644 --- a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service +++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service @@ -7,7 +7,7 @@ ConditionVirtualization=!container [Service] EnvironmentFile=-@SYSCONFDIR@/default/rng-tools -ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS +ExecStart=/bin/sh -c '[ x$RUN_RNGD != x1 ] || exec @SBINDIR@/rngd -f $EXTRA_ARGS ' CapabilityBoundingSet=CAP_SYS_ADMIN IPAddressDeny=any LockPersonality=yes