--- ekeyd-1.1.1.orig/daemon/ekey-rekey.in +++ ekeyd-1.1.1/daemon/ekey-rekey.in @@ -42,7 +42,7 @@ SERIAL="$1" # alter the serial number to ensure it contains no path separators -SERIALP="$(echo "$1" | tr / .)" +SERIALP="$(echo "$1" | tr / _)" : ${DEVICE="/dev/entropykey/$SERIALP"} SOCKET="/var/run/entropykeys/$SERIALP" --- ekeyd-1.1.1.orig/debian/ekeyd-egd-linux.default +++ ekeyd-1.1.1/debian/ekeyd-egd-linux.default @@ -0,0 +1,21 @@ +# Change to YES to allow ekeyd-egd-linux to start. Ensure the below are +# correctly configured first though. +START_EKEYD_EGD_LINUX=NO + +# Change this if you want it to be something other than the default +# HOST=127.0.0.1 +# PORT=8888 + +# Number of bits minimum in the pool, below which the daemon will kick in +# and transfer data from the EGD to the pool (providing it's available) +# WATERMARK=1024 + +# Number of 1024 bit (128 byte) blocks to transfer to the kernel each +# time it dips below the low water mark. +# BLOCKS=3 + +# How many shannons-per-byte to claim for data pushed to the pool +# SHANNONS=7 + +# How many seconds between connection retries. Zero means do-not-retry. +# RETRYTIME=0 --- ekeyd-1.1.1.orig/debian/copyright +++ ekeyd-1.1.1/debian/copyright @@ -0,0 +1,34 @@ +This package was debianized by Daniel Silverstone on +Sun Jul 19 19:55:01 CEST 2009 + +It was downloaded from http://www.simtec.co.uk/products/UDEKEY01/files/ + +Upstream Author: Simtec Electronics + +Copyright: + +This software is Copyright 2009 Simtec Electronics. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +Portions of the codebase (Skein specifically) are under the following: + +** Source code author: Doug Whiting, 2008. +** +** This algorithm and source code is released to the public domain. --- ekeyd-1.1.1.orig/debian/compat +++ ekeyd-1.1.1/debian/compat @@ -0,0 +1 @@ +5 --- ekeyd-1.1.1.orig/debian/ekeyd.postrm +++ ekeyd-1.1.1/debian/ekeyd.postrm @@ -0,0 +1,9 @@ +#!/bin/sh -e + +if test -x /sbin/udevcontrol; then + udevcontrol --reload_rules 2>/dev/null || udevcontrol reload_rules 2>/dev/null +elif test -x /sbin/udevadm; then + udevadm control --reload-rules 2>/dev/null || udevadm control --reload_rules 2>/dev/null +fi + +#DEBHELPER# --- ekeyd-1.1.1.orig/debian/ekeyd-uds.postinst +++ ekeyd-1.1.1/debian/ekeyd-uds.postinst @@ -0,0 +1,9 @@ +#!/bin/sh -e + +if test -x /sbin/udevcontrol; then + udevcontrol --reload_rules 2>/dev/null || udevcontrol reload_rules 2>/dev/null +elif test -x /sbin/udevadm; then + udevadm control --reload-rules 2>/dev/null || udevadm control --reload_rules 2>/dev/null +fi + +#DEBHELPER# --- ekeyd-1.1.1.orig/debian/control +++ ekeyd-1.1.1/debian/control @@ -0,0 +1,42 @@ +Source: ekeyd +Section: utils +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Simtec Electronics +Uploaders: Daniel Silverstone , Vincent Sanders , Daniel Silverstone , Vincent Sanders +Build-Depends: debhelper (>= 5), lua5.1, liblua5.1-dev | liblua5.1-0-dev, libusb-dev +Standards-Version: 3.8.3 + +Package: ekeyd +Architecture: any +Depends: ${shlibs:Depends}, lua5.1, liblua5.1-socket2 +Recommends: udev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386] +Suggests: munin-node +Description: Simtec Electronics UDEKEY01 Entropy Key Daemon + This does stuff with Entropy Keys. You want it if you have some. + . + Mostly you only need this if you have a Simtec Electronics + UDEKEY01 device. The daemon and supplied tools drive the ekey + and allow it to supply entropy to the system random pool. + +Package: ekeyd-uds +Architecture: any +Depends: ${shlibs:Depends}, ekeyd (= ${binary:Version}) +Description: Simtec Electronics UDEKEY01 Entropy Key Daemon (UDS variant) + This package augments the ekeyd package with additional support + for running the Entropy Key using a userland daemon written using + libusb instead of the kernel cdc-acm driver. + . + You should use this package if you are having difficulty with the + cdc-acm driver such as might be exhibited in Linux 2.6.18, 2.6.28 + or similarly unstable kernel versions. + +Package: ekeyd-egd-linux +Architecture: alpha amd64 arm armel hppa i386 ia64 mips mipsel powerpc s390 sparc +Depends: ${shlibs:Depends} +Suggests: ekeyd +Description: Transfers entropy from an EGD to the Linux kernel pool + This utility reads from an EGD capable service over TCP and writes + the entropy retrieved to the Linux kernel random pool. Typically + this will be used on clusters or virtual hosts where direct access + to useful entropy is hard. --- ekeyd-1.1.1.orig/debian/ekeyd-uds.postrm +++ ekeyd-1.1.1/debian/ekeyd-uds.postrm @@ -0,0 +1,15 @@ +#!/bin/sh -e + +if [ "$1" = remove ] +then + dpkg-divert --remove --package ekeyd-uds --rename \ + --divert /lib/udev/60-UDEKEY01.rules.disabled /lib/udev/rules.d/60-UDEKEY01.rules +fi + +if test -x /sbin/udevcontrol; then + udevcontrol --reload_rules 2>/dev/null || udevcontrol reload_rules 2>/dev/null +elif test -x /sbin/udevadm; then + udevadm control --reload-rules 2>/dev/null || udevadm control --reload_rules 2>/dev/null +fi + +#DEBHELPER# --- ekeyd-1.1.1.orig/debian/ekeyd.dirs +++ ekeyd-1.1.1/debian/ekeyd.dirs @@ -0,0 +1,7 @@ +/etc/init.d +/etc/default +/lib/udev +/lib/udev/rules.d +/usr/share/doc/ekeyd +/usr/share/munin/plugins +/etc/munin/plugin-conf.d --- ekeyd-1.1.1.orig/debian/ekeyd-egd-linux.postinst +++ ekeyd-1.1.1/debian/ekeyd-egd-linux.postinst @@ -0,0 +1,12 @@ +#!/bin/sh -e + +# Those using dependency based boot sequencing with sysv-rc and installing +# ekeyd-egd-linux before and including version 1.0.4-1 would have wrong +# runlevel symlinks. Recover from this. +if [ "$1" = "configure" ] && dpkg --compare-versions "$2" le "1.0.4-1" \ + && [ -f /etc/rcS.d/S[0-9][0-9]ekeyd-egd-linux ] ; then + update-rc.d -f ekeyd-egd-linux remove +fi + +#DEBHELPER# + --- ekeyd-1.1.1.orig/debian/rules +++ ekeyd-1.1.1/debian/rules @@ -0,0 +1,68 @@ +#!/usr/bin/make -f + +DEB_HOST_ARCH_OS=$(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +ifneq ($(DEB_HOST_ARCH_OS),linux) +SKIP_EGD_LINUX=YES +endif + +build-stamp: + $(MAKE) -C daemon BUILD_ULUSBD=yes + touch $@ + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + $(MAKE) -C daemon clean + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_prep || dh_clean -k + dh_installdirs + $(MAKE) -C daemon install DESTDIR=$$(pwd)/debian/ekeyd BUILD_ULUSBD=yes + mv debian/ekeyd/usr/sbin/ekey-ulusbd debian/ekeyd-uds/usr/sbin/ + mv debian/ekeyd/usr/share/man/man8/ekey-ulusbd.8.gz debian/ekeyd-uds/usr/share/man/man8/ + for RME in AUTHORS daemon/README daemon/README.security daemon/README.protocol daemon/README.egd-protocol; do \ + install -m 644 $$RME debian/ekeyd/usr/share/doc/ekeyd/ ; \ + done +ifneq ($(SKIP_EGD_LINUX),YES) + install -m 644 doc/60-UDEKEY01.rules debian/ekeyd/lib/udev/rules.d/ + install -m 644 doc/60-UDEKEY01-UDS.rules debian/ekeyd-uds/lib/udev/rules.d/60-UDEKEY01.rules + install -m 755 doc/ekeyd-udev debian/ekeyd/lib/udev/ekeyd-udev + for RME in daemon/README.egd-linux daemon/README.egd-protocol; do \ + install -m 644 $$RME debian/ekeyd-egd-linux/usr/share/doc/ekeyd-egd-linux/ ; \ + done + install -m 755 daemon/egd-linux debian/ekeyd-egd-linux/usr/sbin/ekeyd-egd-linux + install -m 644 debian/ekeyd-egd-linux.default debian/ekeyd-egd-linux/etc/default/ekeyd-egd-linux + install -m 644 daemon/ekey-egd-linux.8 debian/ekeyd-egd-linux/usr/share/man/man8/ekeyd-egd-linux.8 +endif + install -m 644 debian/ekeyd.default debian/ekeyd/etc/default/ekeyd + chmod 0600 debian/ekeyd/etc/entropykey/keyring + for F in debian/*/usr/share/man/*/*.gz; do gunzip $$F;done + install -m 755 munin/ekeyd_stat_ debian/ekeyd/usr/share/munin/plugins/ekeyd_stat_ + install -m 644 munin/plugin-conf.d_ekeyd debian/ekeyd/etc/munin/plugin-conf.d/ekeyd + +binary-indep: + +binary-arch: build install + dh_testdir -a + dh_testroot -a + dh_installdocs -a + dh_installchangelogs -a ChangeLog + dh_installmenu -a + dh_installman -a + dh_installinit -a + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- ekeyd-1.1.1.orig/debian/ekeyd.default +++ ekeyd-1.1.1/debian/ekeyd.default @@ -0,0 +1,2 @@ +# Change to NO to prevent ekeyd starting on boot +START_EKEYD=YES --- ekeyd-1.1.1.orig/debian/ekeyd-egd-linux.init +++ ekeyd-1.1.1/debian/ekeyd-egd-linux.init @@ -0,0 +1,66 @@ +#!/bin/sh -e + +### BEGIN INIT INFO +# Provides: ekeyd-egd-linux +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Entropy Key Manager, EGD->Linux pool stirrer +### END INIT INFO + +PATH="/sbin:/bin:/usr/sbin:/usr/bin" +DAEMON=/usr/sbin/ekeyd-egd-linux + +[ -x "$DAEMON" ] || exit 0 + +. /lib/lsb/init-functions + +if [ -s /etc/default/ekeyd-egd-linux ]; then + . /etc/default/ekeyd-egd-linux +else + log_failure_msg "Could not find /etc/default/ekeyd-egd-linux (aborting)" + exit 1 +fi + +if [ "x$START_EKEYD_EGD_LINUX" != "xYES" ]; then + log_daemon_msg "Simtec Entropy Key EGD->Linux Daemon is disabled" + log_end_msg 0 + exit 0 +fi + +test "x$HOST" = "x" || HOST="-H$HOST" +test "x$PORT" = "x" || PORT="-p$PORT" +test "x$BLOCKS" = "x" || BLOCKS="-b$BLOCKS" +test "x$SHANNONS" = "x" || SHANNONS="-S$SHANNONS" +test "x$RETRYTIME" = "x" || RETRYTIME="-r$RETRYTIME" + +test "x$WATERMARK" = "x" && WATERMARK=1024 + +case "$1" in + start) + log_daemon_msg "Starting Simtec Entropy Key Daemon - EGD->Linux bridge" "ekeyd-egd-linux" + start-stop-daemon --start --exec $DAEMON -- $HOST $PORT $BLOCKS $SHANNONS $RETRYTIME -D/var/run/ekeyd-egd-linux.pid + sysctl kernel.random.write_wakeup_threshold=$WATERMARK >/dev/null 2>&1 + log_end_msg 0 + ;; + restart|force-reload) + $0 stop + $0 start + ;; + stop) + log_daemon_msg "Stopping Simtec Entropy Key Daemon - EGD->Linux bridge" "ekeyd-egd-linux" + start-stop-daemon --stop --pidfile /var/run/ekeyd-egd-linux.pid --exec $DAEMON --oknodo --quiet + log_end_msg 0 + ;; + status) + exit 4 + ;; + *) + echo "Usage: /etc/init.d/ekeyd-egd-linux {start|stop}" + exit 2 + ;; + +esac + +exit 0 --- ekeyd-1.1.1.orig/debian/ekeyd.init +++ ekeyd-1.1.1/debian/ekeyd.init @@ -0,0 +1,60 @@ +#!/bin/sh -e + +### BEGIN INIT INFO +# Provides: ekeyd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: udev +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Entropy Key Manager +### END INIT INFO + +PATH="/sbin:/bin:/usr/sbin:/usr/bin" +DAEMON=/usr/sbin/ekeyd + +[ -x "$DAEMON" ] || exit 0 + +. /lib/lsb/init-functions + +if [ -s /etc/default/ekeyd ]; then + . /etc/default/ekeyd +else + log_failure_msg "Could not find /etc/default/ekeyd (aborting)" + exit 1 +fi +if [ ! -s /etc/entropykey/ekeyd.conf ]; then + log_failure_msg "Could not find /etc/entropykey/entropykey.conf (aborting)" + exit 1 +fi + +case "$1" in + start) + if [ "x$START_EKEYD" != "xYES" ]; then + log_failure_msg "Simtec Entropy Key Daemon is disabled" + exit 0 + fi + log_daemon_msg "Starting Simtec Entropy Key Daemon" "ekeyd" + start-stop-daemon --start --exec $DAEMON + log_end_msg 0 + ;; + restart|force-reload) + $0 stop + $0 start + ;; + stop) + log_daemon_msg "Stopping Simtec Entropy Key Daemon" "ekeyd" + start-stop-daemon --stop --pidfile /var/run/ekeyd.pid --exec $DAEMON --oknodo --quiet + log_end_msg 0 + ;; + status) + exit 4 + ;; + *) + echo "Usage: /etc/init.d/ekeyd {start|stop}" + exit 2 + ;; + +esac + +exit 0 --- ekeyd-1.1.1.orig/debian/ekeyd-egd-linux.dirs +++ ekeyd-1.1.1/debian/ekeyd-egd-linux.dirs @@ -0,0 +1,4 @@ +/usr/sbin +/usr/share/doc/ekeyd-egd-linux +/etc/default +/usr/share/man/man8 --- ekeyd-1.1.1.orig/debian/ekeyd-uds.dirs +++ ekeyd-1.1.1/debian/ekeyd-uds.dirs @@ -0,0 +1,3 @@ +/lib/udev/rules.d +/usr/sbin +/usr/share/man/man8 --- ekeyd-1.1.1.orig/debian/changelog +++ ekeyd-1.1.1/debian/changelog @@ -0,0 +1,109 @@ +ekeyd (1.1.1-1ubuntu1) lucid; urgency=low + + * daemon/ekey-rekey.in: adjust invalid paths the same way udev does + (Closes: 575570). + + -- Kees Cook Sun, 28 Mar 2010 09:41:11 -0700 + +ekeyd (1.1.1-1) unstable; urgency=low + + * New upstream release + - Fixes issue where ekeyd would sit and spin if ekeydctl shutdown + was used to stop the daemon. + - ekeyd-egd-linux's logging behaviour is improved and it now + retries connections more effectively. + - New --device option for ekey-rekey + - Better state machine support for long-buffered packets which + would previously have caused spurious "Long-term-key bad" reports. + - Munin defaults updated and better entropy rate indicator support. + * Correct FTBFS on hurd-i386 (Closes: #555497) + Thanks to Pino Toscano for the patch. + + -- Daniel Silverstone Tue, 17 Nov 2009 12:19:10 +0000 + +ekeyd (1.1.0-1) unstable; urgency=low + + * New upstream release + - Allow ekeyd-egd-linux to retry connections if configured to do so. + - Solve memory leak when in EGD mode and there is no regular drain of + entropy. + * Update ekeyd-egd-linux.{default,init} to include support for new retry + directive. + * Fixed missing / in ekeyd.postinst which could cause install failure + on etch. + * Demoted ekeyd to a Suggests in ekeyd-egd-linux. (Closes: #555300) + * Demoted udev to a Recommends in ekeyd + * Move the "ekeyd is enabled" check to the 'start' method. (Closes: #555302) + + -- Daniel Silverstone Mon, 09 Nov 2009 10:40:47 +0000 + +ekeyd (1.0.7-1) unstable; urgency=high + + * New upstream release + - Solves issue with rekeying devices with a / in the serial number. + + -- Daniel Silverstone Wed, 14 Oct 2009 14:48:58 +0100 + +ekeyd (1.0.6-1) unstable; urgency=low + + * New upstream release + - Solves ulusbd issue related to keys vanishing sometimes. + - Solves ekeyd issue related to keys "going bad" under high load. + * Install ekeyd changelog into /usr/share/doc + + -- Daniel Silverstone Fri, 25 Sep 2009 11:18:28 +0100 + +ekeyd (1.0.5-2) unstable; urgency=low + + * Extra logging in read path of ulusbd + + -- Daniel Silverstone Thu, 24 Sep 2009 12:03:14 +0100 + +ekeyd (1.0.5-1) unstable; urgency=low + + * New upstream release + - Corrects minor bug in daemonise routines. + - Adds syslog() support to the ulusbd + * Update init info in the init scripts with information provided by + pere. This does not take all of pere's patch, rather only the parts + which seemed critical to the correct functioning of the information + block. (Closes: #546462) + * Install ekeyd-egd-linux manpage. + + -- Daniel Silverstone Tue, 15 Sep 2009 16:10:49 +0100 + +ekeyd (1.0.4-1) unstable; urgency=low + + * New upstream release + - Ought to now build on GNU/kFreeBSD + - Will no longer exit when you strace it when + it's in poll() + - If EGD clients are waiting for entropy to be gathered + then the daemon will no longer sit and spin. + * Make ekeyd-egd-linux package architecture !kFreeBSD + - These two combine to fix a bug. (Closes: #544860) + * Include copyright statement and licence for Skein codebase. + * Install the munin plugin and suggest munin-node + + -- Daniel Silverstone Wed, 09 Sep 2009 12:06:41 +0100 + +ekeyd (1.0.3-1) unstable; urgency=low + + * New upstream release + + -- Daniel Silverstone Sun, 30 Aug 2009 14:54:34 +0100 + +ekeyd (1.0.2-1) unstable; urgency=low + + * New upstream release + - Fix case where there are multiple entropy keys attached. + - Add authors file + * Install new authors file in /usr/share/doc + + -- Daniel Silverstone Sat, 29 Aug 2009 11:26:27 +0100 + +ekeyd (1.0.1-1) unstable; urgency=low + + * Initial upstream (and package) release + + -- Daniel Silverstone Thu, 27 Aug 2009 22:42:06 +0100 --- ekeyd-1.1.1.orig/debian/watch +++ ekeyd-1.1.1/debian/watch @@ -0,0 +1,2 @@ +version=3 +# Nothing to do here since the packagers are the upstream. --- ekeyd-1.1.1.orig/debian/ekeyd-uds.preinst +++ ekeyd-1.1.1/debian/ekeyd-uds.preinst @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ "$1" = install ] || [ "$1" = upgrade ] +then + dpkg-divert --add --package ekeyd-uds --rename \ + --divert /lib/udev/60-UDEKEY01.rules.disabled /lib/udev/rules.d/60-UDEKEY01.rules +fi + +#DEBHELPER# + +exit 0 --- ekeyd-1.1.1.orig/debian/ekeyd.postinst +++ ekeyd-1.1.1/debian/ekeyd.postinst @@ -0,0 +1,18 @@ +#!/bin/sh -e + +if test -x /sbin/udevcontrol; then + udevcontrol --reload_rules 2>/dev/null || udevcontrol reload_rules 2>/dev/null +elif test -x /sbin/udevadm; then + udevadm control --reload-rules 2>/dev/null || udevadm control --reload_rules 2>/dev/null +fi + +# Those using dependency based boot sequencing with sysv-rc and installing +# ekeyd-egd-linux before and including version 1.0.4-1 would have wrong +# runlevel symlinks. Recover from this. +if [ "$1" = "configure" ] && dpkg --compare-versions "$2" le "1.0.4-1" \ + && [ -f /etc/rcS.d/S[0-9][0-9]ekeyd ] ; then + update-rc.d -f ekeyd remove +fi + +#DEBHELPER# +