From 91443f923429d41c79a850295796ccaf1cd8ec4b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 31 Jul 2023 13:43:47 +0000 Subject: [PATCH 1/3] udev: Drop hwrng rules This is another fragment of rngd - the gift that keeps giving. The udev rules file contains a lot of stuff for a prototype which never went into production. So, that can be dropped. It would have been left with one rule that starts rngd whenever a HWRNG is being found. That is however no longer needed as rngd is being started in the init process. We no longer need to initialize it as early as possible to seed the kernel's PRNG. Signed-off-by: Michael Tremer --- config/rootfiles/common/udev | 1 - config/rootfiles/core/177/update.sh | 1 + config/udev/90-hwrng.rules | 16 ---------------- lfs/rng-tools | 2 +- lfs/udev | 4 ---- src/initscripts/packages/rngd | 16 +--------------- 6 files changed, 3 insertions(+), 37 deletions(-) delete mode 100644 config/udev/90-hwrng.rules diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev index a34ee46c3..5cd9e077f 100644 --- a/config/rootfiles/common/udev +++ b/config/rootfiles/common/udev @@ -72,7 +72,6 @@ lib/udev/rules.d/75-net-description.rules lib/udev/rules.d/75-probe_mtd.rules lib/udev/rules.d/78-sound-card.rules lib/udev/rules.d/80-drivers.rules -lib/udev/rules.d/90-hwrng.rules lib/udev/rules.d/99-aqm.rules lib/udev/rules.d/99-offloading.rules lib/udev/scsi_id diff --git a/config/rootfiles/core/177/update.sh b/config/rootfiles/core/177/update.sh index b2af611c1..2ab1568b9 100644 --- a/config/rootfiles/core/177/update.sh +++ b/config/rootfiles/core/177/update.sh @@ -105,6 +105,7 @@ if [ ! -e "/opt/pakfire/db/installed/meta-rng-tools" ]; then /etc/rc.d/init.d/rngd \ /etc/rc.d/rc*.d/*rngd fi +rm -vf /lib/udev/rules.d/90-hwrng.rules # Extract files extract_files diff --git a/config/udev/90-hwrng.rules b/config/udev/90-hwrng.rules deleted file mode 100644 index cbc555c11..000000000 --- a/config/udev/90-hwrng.rules +++ /dev/null @@ -1,16 +0,0 @@ -# do not edit this file, it will be overwritten on update - -SUBSYSTEM!="tty", GOTO="ipfire_hwrng_end" -KERNEL!="ttyACM[0-9]*", GOTO="ipfire_hwrng_end" - -SUBSYSTEMS=="usb-serial", ENV{.ID_PORT}="$attr{port_number}" - -IMPORT{builtin}="usb_id" -ENV{ID_SERIAL}=="", GOTO="ipfire_hwrng_end" -SUBSYSTEMS=="usb", ENV{ID_USB_INTERFACE_NUM}="$attr{bInterfaceNumber}" -ENV{ID_USB_INTERFACE_NUM}=="", GOTO="ipfire_hwrng_end" - -ATTRS{manufacturer}=="IPFire.org", ATTRS{product}=="Random Number Generator*", ENV{.ID_PORT}=="", SYMLINK+="hwrngtty" RUN+="/bin/stty raw -echo -ixoff -F /dev/hwrngtty 115200" RUN+="/etc/rc.d/init.d/rngd udev-event" - -LABEL="ipfire_hwrng_end" -ACTION=="add|remove", KERNEL=="hw_random", RUN+="/etc/rc.d/init.d/rngd udev-event" diff --git a/lfs/rng-tools b/lfs/rng-tools index c3f1e205c..fb0d729e3 100644 --- a/lfs/rng-tools +++ b/lfs/rng-tools @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rng-tools -PAK_VER = 3 +PAK_VER = 4 DEPS = diff --git a/lfs/udev b/lfs/udev index e712ef6ea..8f3ce4251 100644 --- a/lfs/udev +++ b/lfs/udev @@ -122,10 +122,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \ /lib/udev/rules.d - # Install hwrng rules. - install -v -m 644 $(DIR_SRC)/config/udev/90-hwrng.rules \ - /lib/udev/rules.d - # Install AQM rules install -v -m 644 $(DIR_SRC)/config/udev/99-aqm.rules \ /lib/udev/rules.d diff --git a/src/initscripts/packages/rngd b/src/initscripts/packages/rngd index ba3e72d3a..61e2821aa 100644 --- a/src/initscripts/packages/rngd +++ b/src/initscripts/packages/rngd @@ -24,18 +24,8 @@ case "${1}" in start) - if pidofproc -s /usr/sbin/rngd; then - boot_mesg "Random Number Generator Daemon is already running..." - echo_ok; - exit 0 - fi - if [ -e /dev/hwrngtty ]; then - HWRNG=/dev/hwrngtty - else - HWRNG=/dev/hwrng - fi boot_mesg "Starting Random Number Generator Daemon..." - loadproc /usr/sbin/rngd -r $HWRNG --quiet + loadproc /usr/sbin/rngd --quiet ;; stop) @@ -53,10 +43,6 @@ case "${1}" in statusproc /usr/sbin/rngd ;; - udev-event) - $0 restart &>/dev/null - ;; - *) echo "Usage: ${0} {start|stop|restart|status}" exit 1 From 422fce9cb0cfcc0d784cf5bb84ce39cb641ff6d4 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Tue, 1 Aug 2023 17:58:40 +0200 Subject: [PATCH 2/3] ruleset-sources: Adjust download URL for snort community ruleset Fixes: #13203 Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer --- config/suricata/ruleset-sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 592cbedf0..14d1b865f 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -43,7 +43,7 @@ our %Providers = ( website => "https://www.snort.org", tr_string => "community rules", requires_subscription => "False", - dl_url => "https://www.snort.org/rules/community", + dl_url => "https://www.snort.org/downloads/community/community-rules.tar.gz", dl_type => "archive", }, From c649a19441aa7e800d5dca2f4af229d72f443503 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 2 Aug 2023 09:10:22 +0000 Subject: [PATCH 3/3] core177: Ship suricata rulesets Signed-off-by: Michael Tremer --- config/rootfiles/core/177/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/177/filelists/files b/config/rootfiles/core/177/filelists/files index 5f0034d81..1b9ce3261 100644 --- a/config/rootfiles/core/177/filelists/files +++ b/config/rootfiles/core/177/filelists/files @@ -238,3 +238,4 @@ lib/firmware/rtw89/rtw8851b_fw.bin lib/firmware/rtw89/rtw8852b_fw-1.bin lib/firmware/rtw89/rtw8852c_fw.bin usr/sbin/unbound-dhcp-leases-bridge +var/ipfire/suricata/ruleset-sources