From 58f33af216bb3f0149cac3dae08a99863bacd605 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 17 Nov 2016 16:46:59 +0100 Subject: [PATCH] committing changes in /etc after apt run Package changes: +haveged 1.9.1-4 amd64 +libhavege1 1.9.1-4 amd64 +libparted2 3.2-16+b1 amd64 +parted 3.2-16+b1 amd64 --- .etckeeper | 7 ++ apparmor.d/local/usr.sbin.haveged | 2 + apparmor.d/usr.sbin.haveged | 23 ++++ default/haveged | 5 + init.d/haveged | 100 ++++++++++++++++++ rc0.d/K01haveged | 1 + rc1.d/K01haveged | 1 + rc2.d/S03haveged | 1 + rc3.d/S03haveged | 1 + rc4.d/S03haveged | 1 + rc5.d/S03haveged | 1 + rc6.d/K01haveged | 1 + .../default.target.wants/haveged.service | 1 + 13 files changed, 145 insertions(+) create mode 100644 apparmor.d/local/usr.sbin.haveged create mode 100644 apparmor.d/usr.sbin.haveged create mode 100644 default/haveged create mode 100755 init.d/haveged create mode 120000 rc0.d/K01haveged create mode 120000 rc1.d/K01haveged create mode 120000 rc2.d/S03haveged create mode 120000 rc3.d/S03haveged create mode 120000 rc4.d/S03haveged create mode 120000 rc5.d/S03haveged create mode 120000 rc6.d/K01haveged create mode 120000 systemd/system/default.target.wants/haveged.service diff --git a/.etckeeper b/.etckeeper index 9cf011e..26134ec 100755 --- a/.etckeeper +++ b/.etckeeper @@ -55,6 +55,10 @@ maybe chmod 0755 'apm' maybe chmod 0755 'apm/event.d' maybe chmod 0755 'apm/event.d/01chrony' maybe chmod 0755 'apm/event.d/20hdparm' +maybe chmod 0755 'apparmor.d' +maybe chmod 0755 'apparmor.d/local' +maybe chmod 0644 'apparmor.d/local/usr.sbin.haveged' +maybe chmod 0644 'apparmor.d/usr.sbin.haveged' maybe chmod 0755 'apt' maybe chmod 0644 'apt/SALTSTACK-GPG-KEY.pub' maybe chmod 0755 'apt/apt.conf.d' @@ -192,6 +196,7 @@ maybe chmod 0644 'default/devpts' maybe chmod 0644 'default/dlocate' maybe chmod 0644 'default/grub' maybe chmod 0644 'default/halt' +maybe chmod 0644 'default/haveged' maybe chmod 0644 'default/hwclock' maybe chmod 0644 'default/irqbalance' maybe chmod 0644 'default/keyboard' @@ -328,6 +333,7 @@ maybe chmod 0755 'init.d/console-setup.sh' maybe chmod 0755 'init.d/cron' maybe chmod 0755 'init.d/dbus' maybe chmod 0755 'init.d/halt' +maybe chmod 0755 'init.d/haveged' maybe chmod 0755 'init.d/hostname.sh' maybe chmod 0755 'init.d/hwclock.sh' maybe chmod 0755 'init.d/irqbalance' @@ -704,6 +710,7 @@ maybe chmod 0755 'systemd/network' maybe chmod 0644 'systemd/resolved.conf' maybe chmod 0755 'systemd/system' maybe chmod 0644 'systemd/system.conf' +maybe chmod 0755 'systemd/system/default.target.wants' maybe chmod 0755 'systemd/system/getty.target.wants' maybe chmod 0755 'systemd/system/getty@.service.d' maybe chmod 0644 'systemd/system/getty@.service.d/noclear.conf' diff --git a/apparmor.d/local/usr.sbin.haveged b/apparmor.d/local/usr.sbin.haveged new file mode 100644 index 0000000..07c2960 --- /dev/null +++ b/apparmor.d/local/usr.sbin.haveged @@ -0,0 +1,2 @@ +# Site-specific additions and overrides for usr.sbin.haveged. +# For more details, please see /etc/apparmor.d/local/README. diff --git a/apparmor.d/usr.sbin.haveged b/apparmor.d/usr.sbin.haveged new file mode 100644 index 0000000..0e61138 --- /dev/null +++ b/apparmor.d/usr.sbin.haveged @@ -0,0 +1,23 @@ +# Last Modified: Fri Aug 21 15:23:17 2015 +#include + +/usr/sbin/haveged { + #include + + # Required for ioctl RNDADDENTROPY + capability sys_admin, + + owner @{PROC}/@{pid}/status r, + + @{PROC}/sys/kernel/osrelease r, + @{PROC}/sys/kernel/random/poolsize r, + @{PROC}/sys/kernel/random/write_wakeup_threshold w, + /dev/random w, + + /sys/devices/system/cpu/ r, + /sys/devices/system/cpu/cpu*/cache/ r, + /sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r, + /usr/sbin/haveged mr, + + #include +} diff --git a/default/haveged b/default/haveged new file mode 100644 index 0000000..77b6941 --- /dev/null +++ b/default/haveged @@ -0,0 +1,5 @@ +# Configuration file for haveged + +# Options to pass to haveged: +# -w sets low entropy watermark (in bits) +DAEMON_ARGS="-w 1024" diff --git a/init.d/haveged b/init.d/haveged new file mode 100755 index 0000000..e03a517 --- /dev/null +++ b/init.d/haveged @@ -0,0 +1,100 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: haveged +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Entropy daemon using the HAVEGE algorithm +# Description: haveged uses HAVEGE (HArdware Volatile Entropy Gathering +# and Expansion) to maintain a pool of random bytes used +# to fill /dev/random whenever necessary. +### END INIT INFO + +# Do NOT "set -e" + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="entropy daemon" +NAME=haveged +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +do_start() +{ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +do_stop() +{ + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/rc0.d/K01haveged b/rc0.d/K01haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc0.d/K01haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc1.d/K01haveged b/rc1.d/K01haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc1.d/K01haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc2.d/S03haveged b/rc2.d/S03haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc2.d/S03haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc3.d/S03haveged b/rc3.d/S03haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc3.d/S03haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc4.d/S03haveged b/rc4.d/S03haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc4.d/S03haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc5.d/S03haveged b/rc5.d/S03haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc5.d/S03haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc6.d/K01haveged b/rc6.d/K01haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc6.d/K01haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/systemd/system/default.target.wants/haveged.service b/systemd/system/default.target.wants/haveged.service new file mode 120000 index 0000000..caa7bd7 --- /dev/null +++ b/systemd/system/default.target.wants/haveged.service @@ -0,0 +1 @@ +/lib/systemd/system/haveged.service \ No newline at end of file -- 2.39.5