Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 6.12 to 6.14
- Update of rootfile not required
- patch for building rng-tools also for i586 removed as 32 bit will no longer be EOL at
end of 2021
- Building 6.14 caused an error for not finding librtlsdr. The same check is in the
makefile in 6.12 but it does not get checked. I could not find why the check was being
carried out in 6.14 - it was not due to the removal of the patch. In the end I added
the --disable-rtlsdr option to configure and this allowed the build to occur without
the check for the prescence of librtlsdr being carried out.
- Changelog
rng-tools 6.14
Bug Fixes:
Fixed a null pointer deref in nistbeacon entropy source
fixed some confguration tests
clarified some rngd behavior in the man page
update init code to do proper logging
various covscan fixes
fixed a memory leak in jitter entropy source
fixed possible NULL deref in rdrand source
various fixed in openssl mangling code
added randstat binary to build
minor modernizations to configure.ac
rng-tools 6.13
Features:
Support rndr instruction on arm
Support jitter software timer on coarse time systems
Bug Fixes:
Merged all openssl use into a single helper library
Improved console output readability
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Please refer to https://github.com/nhorman/rng-tools/releases for a full
list of meaningful changes between 6.4 and 6.12. "--without-pkcs11" is
necessary to avoid additional dependencies, which do not make sense on
IPFire since there are no use-cases for it.
Rootfiles did not change, our patch to use RDRDAND on i586 as well is
still valid.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The rng daemon will be installed by default and will
also be installed when a hardware random number generator
is found. It will then read random data from the hardware
random number generator and will feed it into the kernel's
entropy pool.
If no HW RNG is available, a warning will be printed
at boot time.
