From: Frank Brehm <frank@brehm-online.com>
Date: Sun, 25 Apr 2021 17:55:32 +0000 (+0200)
Subject: committing changes in /etc made by "apt install haveged"
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=20428129da055e3ec37ae7d556bd59c6de88d38c;p=config%2Fhelga-hetzner%2Fetc.git

committing changes in /etc made by "apt install haveged"

Package changes:
+haveged 1.9.1-7 amd64
+libhavege1 1.9.1-7 amd64
---

diff --git a/.etckeeper b/.etckeeper
index 268f207..9768ed0 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -117,12 +117,14 @@ maybe chmod 0644 'apparmor.d/local/usr.bin.freshclam'
 maybe chmod 0644 'apparmor.d/local/usr.bin.man'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.chronyd'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.clamd'
+maybe chmod 0644 'apparmor.d/local/usr.sbin.haveged'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.named'
 maybe chmod 0644 'apparmor.d/local/usr.sbin.tcpdump'
 maybe chmod 0644 'apparmor.d/usr.bin.freshclam'
 maybe chmod 0644 'apparmor.d/usr.bin.man'
 maybe chmod 0644 'apparmor.d/usr.sbin.chronyd'
 maybe chmod 0644 'apparmor.d/usr.sbin.clamd'
+maybe chmod 0644 'apparmor.d/usr.sbin.haveged'
 maybe chmod 0644 'apparmor.d/usr.sbin.mysqld'
 maybe chmod 0644 'apparmor.d/usr.sbin.named'
 maybe chmod 0644 'apparmor.d/usr.sbin.tcpdump'
@@ -346,6 +348,7 @@ maybe chmod 0644 'default/dovecot'
 maybe chmod 0644 'default/grub'
 maybe chmod 0755 'default/grub.d'
 maybe chmod 0644 'default/grub.d/init-select.cfg'
+maybe chmod 0644 'default/haveged'
 maybe chmod 0644 'default/hwclock'
 maybe chmod 0644 'default/icinga2'
 maybe chmod 0644 'default/keyboard'
@@ -629,6 +632,7 @@ maybe chmod 0755 'init.d/cryptdisks'
 maybe chmod 0755 'init.d/cryptdisks-early'
 maybe chmod 0755 'init.d/dbus'
 maybe chmod 0755 'init.d/dovecot'
+maybe chmod 0755 'init.d/haveged'
 maybe chmod 0755 'init.d/hwclock.sh'
 maybe chmod 0755 'init.d/icinga2'
 maybe chmod 0755 'init.d/keyboard-setup.sh'
@@ -1353,6 +1357,7 @@ maybe chmod 0644 'systemd/system.conf'
 maybe chmod 0755 'systemd/system/clamav-daemon.service.d'
 maybe chmod 0644 'systemd/system/clamav-daemon.service.d/extend.conf'
 maybe chmod 0755 'systemd/system/cloud-init.target.wants'
+maybe chmod 0755 'systemd/system/default.target.wants'
 maybe chmod 0755 'systemd/system/getty.target.wants'
 maybe chmod 0755 'systemd/system/getty@tty1.service.d'
 maybe chmod 0644 'systemd/system/getty@tty1.service.d/noclear.conf'
diff --git a/apparmor.d/local/usr.sbin.haveged b/apparmor.d/local/usr.sbin.haveged
new file mode 100644
index 0000000..e69de29
diff --git a/apparmor.d/usr.sbin.haveged b/apparmor.d/usr.sbin.haveged
new file mode 100644
index 0000000..0e61138
--- /dev/null
+++ b/apparmor.d/usr.sbin.haveged
@@ -0,0 +1,23 @@
+# Last Modified: Fri Aug 21 15:23:17 2015
+#include <tunables/global>
+
+/usr/sbin/haveged {
+  #include <abstractions/base>
+
+  # Required for ioctl RNDADDENTROPY
+  capability sys_admin,
+
+  owner @{PROC}/@{pid}/status r,
+
+  @{PROC}/sys/kernel/osrelease r,
+  @{PROC}/sys/kernel/random/poolsize r,
+  @{PROC}/sys/kernel/random/write_wakeup_threshold w,
+  /dev/random w,
+
+  /sys/devices/system/cpu/ r,
+  /sys/devices/system/cpu/cpu*/cache/ r,
+  /sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
+  /usr/sbin/haveged mr,
+
+  #include <local/usr.sbin.haveged>
+}
diff --git a/default/haveged b/default/haveged
new file mode 100644
index 0000000..77b6941
--- /dev/null
+++ b/default/haveged
@@ -0,0 +1,5 @@
+# Configuration file for haveged
+
+# Options to pass to haveged:
+#   -w sets low entropy watermark (in bits)
+DAEMON_ARGS="-w 1024"
diff --git a/init.d/haveged b/init.d/haveged
new file mode 100755
index 0000000..e03a517
--- /dev/null
+++ b/init.d/haveged
@@ -0,0 +1,100 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          haveged
+# Required-Start:    $remote_fs
+# Required-Stop:     $remote_fs
+# Should-Start:      $syslog
+# Should-Stop:       $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Entropy daemon using the HAVEGE algorithm
+# Description:       haveged uses HAVEGE (HArdware Volatile Entropy Gathering
+#                    and Expansion) to maintain a pool of random bytes used
+#                    to fill /dev/random whenever necessary.
+### END INIT INFO
+
+# Do NOT "set -e"
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="entropy daemon"
+NAME=haveged
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS=""
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+. /lib/lsb/init-functions
+
+do_start()
+{
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+		|| return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+		$DAEMON_ARGS \
+		|| return 2
+}
+
+do_stop()
+{
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+case "$1" in
+    start)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+	do_start
+	case "$?" in
+	    0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+	    2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+    stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	    0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+	    2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+    status)
+       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+       ;;
+    restart|force-reload)
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	    0|1)
+		do_start
+		case "$?" in
+		    0) log_end_msg 0 ;;
+		    1) log_end_msg 1 ;; # Old process is still running
+		    *) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	    *)
+		# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+    *)
+	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+:
diff --git a/rc0.d/K01haveged b/rc0.d/K01haveged
new file mode 120000
index 0000000..52dc0e1
--- /dev/null
+++ b/rc0.d/K01haveged
@@ -0,0 +1 @@
+../init.d/haveged
\ No newline at end of file
diff --git a/rc1.d/K01haveged b/rc1.d/K01haveged
new file mode 120000
index 0000000..52dc0e1
--- /dev/null
+++ b/rc1.d/K01haveged
@@ -0,0 +1 @@
+../init.d/haveged
\ No newline at end of file
diff --git a/rc2.d/S01haveged b/rc2.d/S01haveged
new file mode 120000
index 0000000..52dc0e1
--- /dev/null
+++ b/rc2.d/S01haveged
@@ -0,0 +1 @@
+../init.d/haveged
\ No newline at end of file
diff --git a/rc3.d/S01haveged b/rc3.d/S01haveged
new file mode 120000
index 0000000..52dc0e1
--- /dev/null
+++ b/rc3.d/S01haveged
@@ -0,0 +1 @@
+../init.d/haveged
\ No newline at end of file
diff --git a/rc4.d/S01haveged b/rc4.d/S01haveged
new file mode 120000
index 0000000..52dc0e1
--- /dev/null
+++ b/rc4.d/S01haveged
@@ -0,0 +1 @@
+../init.d/haveged
\ No newline at end of file
diff --git a/rc5.d/S01haveged b/rc5.d/S01haveged
new file mode 120000
index 0000000..52dc0e1
--- /dev/null
+++ b/rc5.d/S01haveged
@@ -0,0 +1 @@
+../init.d/haveged
\ No newline at end of file
diff --git a/rc6.d/K01haveged b/rc6.d/K01haveged
new file mode 120000
index 0000000..52dc0e1
--- /dev/null
+++ b/rc6.d/K01haveged
@@ -0,0 +1 @@
+../init.d/haveged
\ No newline at end of file
diff --git a/systemd/system/default.target.wants/haveged.service b/systemd/system/default.target.wants/haveged.service
new file mode 120000
index 0000000..caa7bd7
--- /dev/null
+++ b/systemd/system/default.target.wants/haveged.service
@@ -0,0 +1 @@
+/lib/systemd/system/haveged.service
\ No newline at end of file