5 files changed, 145 insertions, 0 deletions
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 31023021ac..8dc63b138e 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -739,6 +739,7 @@ RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>"
 RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>"
+RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>"
 RECIPE_MAINTAINER:pn-rpm = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>"
diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
new file mode 100644
index 0000000000..b9f8e03635
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -0,0 +1 @@
+EXTRA_ARGS="-r /dev/hwrng"
diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init
new file mode 100644
index 0000000000..13f0ecd37c
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/init
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# This is an init script for openembedded
+# Copy it to @SYSCONFDIR@/init.d/rng-tools and type
+# > update-rc.d rng-tools defaults 60
+#
+rngd=@SBINDIR@/rngd
+test -x "$rngd" || exit 1
+[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools"
+case "$1" in
+  start)
+    echo -n "Starting random number generator daemon"
+    start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
+    echo "."
+    ;;
+  stop)
+    echo -n "Stopping random number generator daemon"
+    start-stop-daemon -K -q -n rngd
+    echo "."
+    ;;
+  reload|force-reload)
+    echo -n "Signalling rng daemon restart"
+    start-stop-daemon -K -q -s 1 -x $rngd
+    start-stop-daemon -K -q -s 1 -x $rngd
+    ;;
+  restart)
+    echo -n "Stopping random number generator daemon"
+    start-stop-daemon -K -q -n rngd
+    echo "."
+    echo -n "Starting random number generator daemon"
+    start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
+    echo "."
+    ;;
+  *)
+    echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start|stop|reload|restart|force-reload}"
+    exit 1
+esac
+exit 0
diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
new file mode 100644
index 0000000000..5ae2fba215
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
@@ -0,0 +1,32 @@
+[Unit]
+Description=Hardware RNG Entropy Gatherer Daemon
+DefaultDependencies=no
+Conflicts=shutdown.target
+Before=sysinit.target shutdown.target
+ConditionVirtualization=!container
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
+ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
+CapabilityBoundingSet=CAP_SYS_ADMIN
+IPAddressDeny=any
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+[Install]
+WantedBy=sysinit.target
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb
new file mode 100644
index 0000000000..f0aa3ff93f
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools_6.16.bb
@@ -0,0 +1,69 @@
+SUMMARY = "Random number generator daemon"
+DESCRIPTION = "Check and feed random data from hardware device to kernel"
+HOMEPAGE = "https://github.com/nhorman/rng-tools"
+BUGTRACKER = "https://github.com/nhorman/rng-tools/issues"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+DEPENDS = "openssl libcap"
+SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \
+           file://init \
+           file://default \
+           file://rng-tools.service \
+           "
+SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2"
+S = "${WORKDIR}/git"
+inherit autotools update-rc.d systemd pkgconfig
+EXTRA_OECONF = "--without-rtlsdr"
+PACKAGECONFIG ??= "libjitterentropy"
+PACKAGECONFIG:libc-musl = "libargp libjitterentropy"
+PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone,"
+PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy"
+PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl"
+PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2"
+PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl"
+INITSCRIPT_PACKAGES = "${PN}-service"
+INITSCRIPT_NAME:${PN}-service = "rng-tools"
+INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ."
+SYSTEMD_PACKAGES = "${PN}-service"
+SYSTEMD_SERVICE:${PN}-service = "rng-tools.service"
+CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER "
+PACKAGES =+ "${PN}-service"
+FILES:${PN}-service += " \
+    ${sysconfdir}/init.d/rng-tools \
+    ${sysconfdir}/default/rng-tools \
+"
+# Refer autogen.sh in rng-tools
+do_configure:prepend() {
+    cp ${S}/README.md ${S}/README
+}
+do_install:append() {
+    install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools
+    install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools
+    install -Dm 0644 ${WORKDIR}/rng-tools.service \
+                     ${D}${systemd_system_unitdir}/rng-tools.service
+    sed -i \
+        -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+        -e 's,@SBINDIR@,${sbindir},g' \
+        ${D}${sysconfdir}/init.d/rng-tools \
+        ${D}${systemd_system_unitdir}/rng-tools.service
+    if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then
+        sed -i \
+            -e '/^IPAddressDeny=any/d' \
+            -e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \
+            ${D}${systemd_system_unitdir}/rng-tools.service
+    fi
+}

diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 31023021ac..8dc63b138e 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc
@@ -739,6 +739,7 @@ RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>"
739	RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>"	739	RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>"
740	RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>"	740	RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>"
741	RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>"	741	RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>"
		742	RECIPE_MAINTAINER:pn-rng-tools = "Anuj Mittal <anuj.mittal@intel.com>"
742	RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>"	743	RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj <raj.khem@gmail.com>"
743	RECIPE_MAINTAINER:pn-rpm = "Unassigned <unassigned@yoctoproject.org>"	744	RECIPE_MAINTAINER:pn-rpm = "Unassigned <unassigned@yoctoproject.org>"
744	RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>"	745	RECIPE_MAINTAINER:pn-rsync = "Yi Zhao <yi.zhao@windriver.com>"


diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default new file mode 100644 index 0000000000..b9f8e03635 --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -0,0 +1 @@
			EXTRA_ARGS="-r /dev/hwrng"


diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init new file mode 100644 index 0000000000..13f0ecd37c --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/init
@@ -0,0 +1,42 @@
		1	#!/bin/sh
		2	#
		3	# This is an init script for openembedded
		4	# Copy it to @SYSCONFDIR@/init.d/rng-tools and type
		5	# > update-rc.d rng-tools defaults 60
		6	#
		7
		8	rngd=@SBINDIR@/rngd
		9	test -x "$rngd" \|\| exit 1
		10
		11	[ -r @SYSCONFDIR@/default/rng-tools ] && . "@SYSCONFDIR@/default/rng-tools"
		12
		13	case "$1" in
		14	start)
		15	echo -n "Starting random number generator daemon"
		16	start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
		17	echo "."
		18	;;
		19	stop)
		20	echo -n "Stopping random number generator daemon"
		21	start-stop-daemon -K -q -n rngd
		22	echo "."
		23	;;
		24	reload\|force-reload)
		25	echo -n "Signalling rng daemon restart"
		26	start-stop-daemon -K -q -s 1 -x $rngd
		27	start-stop-daemon -K -q -s 1 -x $rngd
		28	;;
		29	restart)
		30	echo -n "Stopping random number generator daemon"
		31	start-stop-daemon -K -q -n rngd
		32	echo "."
		33	echo -n "Starting random number generator daemon"
		34	start-stop-daemon -S -q -x $rngd -- $EXTRA_ARGS
		35	echo "."
		36	;;
		37	*)
		38	echo "Usage: @SYSCONFDIR@/init.d/rng-tools {start\|stop\|reload\|restart\|force-reload}"
		39	exit 1
		40	esac
		41
		42	exit 0


diff --git a/meta/recipes-support/rng-tools/rng-tools/rng-tools.service b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service new file mode 100644 index 0000000000..5ae2fba215 --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools/rng-tools.service
@@ -0,0 +1,32 @@
		1	[Unit]
		2	Description=Hardware RNG Entropy Gatherer Daemon
		3	DefaultDependencies=no
		4	Conflicts=shutdown.target
		5	Before=sysinit.target shutdown.target
		6	ConditionVirtualization=!container
		7
		8	[Service]
		9	EnvironmentFile=-@SYSCONFDIR@/default/rng-tools
		10	ExecStart=@SBINDIR@/rngd -f $EXTRA_ARGS
		11	CapabilityBoundingSet=CAP_SYS_ADMIN
		12	IPAddressDeny=any
		13	LockPersonality=yes
		14	MemoryDenyWriteExecute=yes
		15	NoNewPrivileges=yes
		16	PrivateTmp=yes
		17	ProtectControlGroups=yes
		18	ProtectHome=yes
		19	ProtectHostname=yes
		20	ProtectKernelModules=yes
		21	ProtectKernelLogs=yes
		22	ProtectSystem=strict
		23	RestrictAddressFamilies=AF_UNIX
		24	RestrictNamespaces=yes
		25	RestrictRealtime=yes
		26	RestrictSUIDSGID=yes
		27	SystemCallArchitectures=native
		28	SystemCallErrorNumber=EPERM
		29	SystemCallFilter=@system-service
		30
		31	[Install]
		32	WantedBy=sysinit.target


diff --git a/meta/recipes-support/rng-tools/rng-tools_6.16.bb b/meta/recipes-support/rng-tools/rng-tools_6.16.bb new file mode 100644 index 0000000000..f0aa3ff93f --- /dev/null +++ b/meta/recipes-support/rng-tools/rng-tools_6.16.bb
@@ -0,0 +1,69 @@
		1	SUMMARY = "Random number generator daemon"
		2	DESCRIPTION = "Check and feed random data from hardware device to kernel"
		3	HOMEPAGE = "https://github.com/nhorman/rng-tools"
		4	BUGTRACKER = "https://github.com/nhorman/rng-tools/issues"
		5	LICENSE = "GPL-2.0-only"
		6	LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
		7	DEPENDS = "openssl libcap"
		8
		9	SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \
		10	file://init \
		11	file://default \
		12	file://rng-tools.service \
		13	"
		14	SRCREV = "e061c313b95890eb5fa0ada0cd6eec619dafdfe2"
		15
		16	S = "${WORKDIR}/git"
		17
		18	inherit autotools update-rc.d systemd pkgconfig
		19
		20	EXTRA_OECONF = "--without-rtlsdr"
		21
		22	PACKAGECONFIG ??= "libjitterentropy"
		23	PACKAGECONFIG:libc-musl = "libargp libjitterentropy"
		24
		25	PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone,"
		26	PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy"
		27	PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl"
		28	PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2"
		29	PACKAGECONFIG[qrypt] = "--with-qrypt,--without-qrypt,curl"
		30
		31	INITSCRIPT_PACKAGES = "${PN}-service"
		32	INITSCRIPT_NAME:${PN}-service = "rng-tools"
		33	INITSCRIPT_PARAMS:${PN}-service = "start 03 2 3 4 5 . stop 30 0 6 1 ."
		34
		35	SYSTEMD_PACKAGES = "${PN}-service"
		36	SYSTEMD_SERVICE:${PN}-service = "rng-tools.service"
		37
		38	CFLAGS += " -DJENT_CONF_ENABLE_INTERNAL_TIMER "
		39
		40	PACKAGES =+ "${PN}-service"
		41
		42	FILES:${PN}-service += " \
		43	${sysconfdir}/init.d/rng-tools \
		44	${sysconfdir}/default/rng-tools \
		45	"
		46
		47	# Refer autogen.sh in rng-tools
		48	do_configure:prepend() {
		49	cp ${S}/README.md ${S}/README
		50	}
		51
		52	do_install:append() {
		53	install -Dm 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/rng-tools
		54	install -Dm 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/rng-tools
		55	install -Dm 0644 ${WORKDIR}/rng-tools.service \
		56	${D}${systemd_system_unitdir}/rng-tools.service
		57	sed -i \
		58	-e 's,@SYSCONFDIR@,${sysconfdir},g' \
		59	-e 's,@SBINDIR@,${sbindir},g' \
		60	${D}${sysconfdir}/init.d/rng-tools \
		61	${D}${systemd_system_unitdir}/rng-tools.service
		62
		63	if [ "${@bb.utils.contains('PACKAGECONFIG', 'nistbeacon', 'yes', 'no', d)}" = "yes" ]; then
		64	sed -i \
		65	-e '/^IPAddressDeny=any/d' \
		66	-e '/^RestrictAddressFamilies=/ s/$/ AF_INET AF_INET6/' \
		67	${D}${systemd_system_unitdir}/rng-tools.service
		68	fi
		69	}