-
pollen (4.21-0ubuntu1~14.04) trusty-proposed; urgency=medium
* check_pollen:
- note the number of short bytes in the error log message
pollen (4.20-0ubuntu1) wily; urgency=medium
* debian/pollen.upstart: LP: #1505473
- remove typo in the upstart config which was preventing the service from starting
* rebuild the packages for upload
pollen (4.19-0ubuntu1) wily; urgency=medium
* debian/pollen.upstart: LP: #1505473
- remove typo in the upstart config which was preventing the service from starting
pollen (4.18-0ubuntu1) wily; urgency=medium
* pollen.go:
- add the "available" word to the log
pollen (4.17-0ubuntu1) unstable; urgency=medium
* debian/pollen.postrm:
- clear out certificates on purge
* debian/pollen.default:
- quote the variable definition, for consistency
* debian/pollen.postinst:
- fix ssl cert generation, country must be <2 chars
* debian/pollen.service:
- put braces around environment variables; required to work at all
* pollen.go, usr.bin.pollen:
- log the entropy bits before and after the transaction
pollen (4.16-0ubuntu1) vivid; urgency=medium
[ Matthias Klose ]
* debian/control:
- Build everywhere
pollen (4.15-0ubuntu1) vivid; urgency=medium
[ Didier Roche ]
* debian/control, debian/pollen.service, debian/rules:
- Add systemd unit, following similar restart on failure and device
checking logic
- Bump Standards-Version
pollen (4.14-0ubuntu1) vivid; urgency=medium
* pollen.go: LP: #1383738
- remove SSLv3 support
pollen (4.13-0ubuntu1) vivid; urgency=medium
* debian/pollen-restart.upstart, debian/pollen.upstart, debian/rules:
- LP: #1386052
- add a new upstart job that restarts pollen any time the rsyslog server
is restarted
- this is necessary to work around a bug in the golang syslog library
where syslog restarts break logging
+ https://code.google.com/p/go/issues/detail?id=2264#c8
pollen (4.12-0ubuntu1) utopic; urgency=medium
* debian/control:
- recommend rng-tools; we can do this, since pollen is in universe
* debian/pollen.postinst:
- minor change to the default self-signed cert; use 'localhost'
for the hostname; this is useful for testing pollinate against
the localhost with a self-signed cert
* README:
- update docs; pollinate no longer runs daily by default
* README:
- update some docs
* check_pollen:
- ensure that the nagios check catches log failures
-- Dustin Kirkland <email address hidden> Tue, 13 Oct 2015 10:25:58 -0700
-
pollen (4.11-0ubuntu1.1) trusty; urgency=medium
* Fix typos in upstart script which were preventing the service from
starting (LP: #1505473).
-- Robie Basak <email address hidden> Fri, 06 Nov 2015 08:43:03 +0000
-
pollen (4.11-0ubuntu1) trusty; urgency=medium
* pollen_test.go:
- fix FTBFS
- hardcode device to /dev/urandom in unit tests, otherwise, our
entropy starved vm-based builders will fail the unit tests
and fail the build
-- Dustin Kirkland <email address hidden> Tue, 18 Mar 2014 16:31:50 +0900
-
pollen (4.10-0ubuntu1) trusty; urgency=low
* debian/control, debian/pollen.default, pollen.go, usr.bin.pollen:
- LP: #1293958
- suggest rng-tools (universe), which is needed to leverage tpm for
/dev/random entropy
- change default entropy source for pollen server to /dev/random
- update inline configuration documentation to reflect reality
- add rw of /dev/random to our apparmor whitelist
-- Dustin Kirkland <email address hidden> Thu, 06 Mar 2014 09:24:51 -0600
-
pollen (4.9-0ubuntu1) trusty; urgency=low
* debian/rules: LP: #1288807
- fix FTBFS, build using golang 'go build' rather than gccgo
-- Dustin Kirkland <email address hidden> Fri, 28 Feb 2014 11:13:11 -0600
-
pollen (4.8-0ubuntu1) trusty; urgency=low
[ JuanJo Ciarlante and Dustin Kirkland ]
* check_pollen:
- use the new -t|--testing flag, to verify communications with the
server, runable as a non-privileged user, but not affecting the
local PRNG
-- Dustin Kirkland <email address hidden> Wed, 26 Feb 2014 10:51:09 -0600
-
pollen (4.7-0ubuntu1) trusty; urgency=low
[ John Arbash Meinel ]
* .gitignore, pollen.go, pollen_test.go:
- This changes the 'handler' from being just a func() using global
state to being a struct with local state.
- It then moves the things like dev and log to being members of the
struct, with interfaces that let us override them in the test suite.
- It then adds a bunch of tests about how we handle failures, errors,
logging, the size flag, etc.
- The interfaces also mean that we won't try to spam syslog while running
the test suite.
- Another small change is that if you do:
pollen -https-port=""
Then it won't try to bind to the HTTP port with a cert.
- Since I'm not the official source for pollen, it helped for testing at
least the HTTP requests manually.
- This also fixes the help text for "-size" since it doesn't actually
change how much content we send on the wire, but how much content we
read from /dev/urandom (but it adds tests for that fact).
- go fmt, and some formatting tweaks
- actually do the right formatting
- use microsecond timing (ms was always 0)
- capture the length of time serving requests takes
[ Dustin Kirkland ]
* pollen.go:
- put brackets around request length of time value
-- Dustin Kirkland <email address hidden> Tue, 18 Feb 2014 23:18:59 -0600
-
pollen (4.6-0ubuntu1) trusty; urgency=low
[ Caleb Spare ]
* pollen.go:
- Require the challenge query-string param to be provided
- don't create the random device, if it doesn't exist
[ Dustin Kirkland ]
* pollen_test.go:
- update test to handle required challenge string
* pollen.go:
- incorporate feedback from Adam Langley
- catch errors reading the random device
- add a note as to why we're checksumming the random seed
- update message when challenge empty
[ Caleb Spare and Dustin Kirkland ]
* debian/pollen.upstart, pollen.8, pollen.go:
- Use flags rather than positional arguments, and plumb bytes argument
through
[ Dustin Kirkland and Matt Croydon ]
* debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go:
- add support for specifying the TLS cert and key as command line
flags
-- Dustin Kirkland <email address hidden> Tue, 18 Feb 2014 14:50:56 -0600
-
pollen (4.5-0ubuntu1) trusty; urgency=low
[ Caleb Spare ]
* pollen.go, pollen_test.go:
- Bring naming in line with Go conventions
- Use shorter parameter names for an http.HandlerFunc
- Remove an unnecessary string conversion
- Print useful error if wrong arguments are given rather than crashing
- Don't ignore errors
- Rename http[s]Port to http[s]Addr for accuracy
- Handle errors starting the http servers
- Change some naming in the test
- Read from the provided device rather than always /dev/urandom
-- Dustin Kirkland <email address hidden> Mon, 17 Feb 2014 12:51:54 -0600
-
pollen (4.4-0ubuntu1) trusty; urgency=low
[ Casey Marshall ]
* debian/control, debian/rules, Makefile, pollen.go, pollen_test.go:
- add unit tests for pollen server
[ Dustin Kirkland ]
* debian/pollen.lintian-overrides:
- override expected Lintian gripes
-- Dustin Kirkland <email address hidden> Mon, 17 Feb 2014 09:38:54 -0600
-
pollen (4.3-0ubuntu1) trusty; urgency=low
* check_pollen:
- ensure that the nagios script uses the -r|--reseed option
-- Dustin Kirkland <email address hidden> Tue, 11 Feb 2014 18:04:10 -0600
-
pollen (4.2-0ubuntu1) trusty; urgency=low
* pollen.go:
- remove redundant line
* README:
- remove deprecated bit of documentation
-- Dustin Kirkland <email address hidden> Tue, 11 Feb 2014 10:11:21 -0600
-
pollen (4.1-0ubuntu1) trusty; urgency=low
* debian/control:
- build on amd64 and i386 only
- these are the only builds I've been able to confirm when building
with golang-go
- note that this undoes the fix for LP: #1274074, but that's the
way it has to be, until either golang-go supports more architectures
or gccgo doesn't suck
-- Dustin Kirkland <email address hidden> Tue, 11 Feb 2014 09:40:28 -0600
-
pollen (4.0-0ubuntu1) trusty; urgency=low
* check_pollen, debian/control, debian/copyright,
debian/pollinate.default, debian/pollinate.install,
debian/pollinate.manpages, debian/pollinate.postinst,
debian/pollinate.postrm, debian/pollinate.upstart,
entropy.ubuntu.com.pem, INSTALL, Makefile, pollinate, pollinate.1:
- split pollen and pollinate into separate projects and packages
- re-enable the pollen build
-- Dustin Kirkland <email address hidden> Mon, 10 Feb 2014 14:16:12 -0600
-
pollen (3.17-0ubuntu1) trusty; urgency=low
* pollinate:
- improve kernel debug info
* debian/control, debian/pollen.install, Makefile:
- TEMPORARILY disabling the building of pollen, until
either gccgo or golang-go get promoted to main
- this should be reverted as soon as a go compiler
is available as a build dep
-- Dustin Kirkland <email address hidden> Wed, 05 Feb 2014 13:57:45 +0200
-
pollen (3.16-0ubuntu1) trusty; urgency=low
* pollinate:
- minor standardization of the user agent string
-- Dustin Kirkland <email address hidden> Wed, 05 Feb 2014 12:31:52 +0200
-
pollen (3.15-0ubuntu1) trusty; urgency=low
* debian/control: LP: #1274074
- build on any architecure, now that we build with gccgo
-- Dustin Kirkland <email address hidden> Wed, 05 Feb 2014 11:34:39 +0200
-
pollen (3.14-0ubuntu1) trusty; urgency=low
* debian/pollinate.postinst:
- fix order of operations, packaging breakage
-- Dustin Kirkland <email address hidden> Tue, 04 Feb 2014 11:51:27 +0200
-
pollen (3.13-0ubuntu1) trusty; urgency=low
* README:
- fix more minor typos
- explain "did some work"
* debian/rules, Makefile:
- fix the build for gccgo
- must use the -g parameter
- don't strip binaries
- these are ugly, but are the result of gccgo vs golang-go
* pollinate:
- remove unused variable $cmd
* debian/pollinate.upstart:
- our upstart job should start on starting cloud-init, to ensure that
we get run before generating SSH keys
* debian/pollinate.install, debian/pollinate.postrm, pollen.go,
pollinate, pollinate.cron.d, README:
- drop the tag and cronjob per feedback from sarnold in the code audit
in LP: #1246098
* debian/pollinate.default, pollinate:
- add helpful debug info to user agent, similar to chrome and firefox,
* debian/pollinate.postinst, debian/pollinate.postrm,
debian/pollinate.upstart, pollinate, pollinate.1:
- use a pollinate user, rather than the daemon user
- by default, only run pollinate once per system instantiation
- offer reseeding as an option, though
* debian/control:
- need to depend on adduser
-- Dustin Kirkland <email address hidden> Tue, 28 Jan 2014 22:16:12 +0000
-
pollen (3.12-0ubuntu1) trusty; urgency=low
* README:
- minor documentation feedback from Kees Cook
- note that pollen servers can of course be run internally
* debian/control:
- clean up package descriptions a bit
-- Dustin Kirkland <email address hidden> Mon, 27 Jan 2014 13:54:19 +0000
-
pollen (3.11-0ubuntu1) trusty; urgency=low
* README:
- updates to the README
* debian/copyright, pollinate:
- the client should really be GPLv3, rather than AGPL
* debian/copyright:
- point to the local copy of GPLv3 license
-- Dustin Kirkland <email address hidden> Thu, 16 Jan 2014 11:39:44 -0600
-
pollen (3.10-0ubuntu1) trusty; urgency=low
* debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
- have each client choose a random time of day to reseed,
at first run, rather than at package installation time
- this requires a very clever hack(!)
- install a "template" at /etc/cron.d/pollinate, with __MINUTE__
and __HOUR__ symbols that should be replaced by the client,
at first run
- cron requires that /etc/cron.d/pollinate be owned by root
- ideally we'd run the pollinate script as a non-root user (ie, daemon),
by specifying the daemon user in upstart and in the cronjob
- but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
- so here's the hack...
+ the upstart job installed by the package has "setuid root"
+ on its first run (which will be either at package install time, or
at boot), it will run as root and: a) update the cronjob to a random
time, and b) update the upstart job to run as daemon
+ woot
+ this works because both are conffiles
* debian/pollen.postinst, debian/pollinate.postinst,
debian/pollinate.postrm, pollinate:
- use /var/cache/pollinate, rather than /var/lib/pollinate
- this should make it more obvious that this data can be cleared out,
and should be cleared out, on re-bundles or snapshots and reimages
* debian/control, Makefile:
- switch from golang-go to gcc-go, so that we can get this source
package into Ubuntu main
* pollinate, pollinate.1:
- separate the pool and the server variables
* debian/control:
- no need to depend on bsdutils, it's essential
- pollen depends on adduser
* usr.bin.pollen:
- update apparmor profile to allow reading of /usr/bin/pollen
- oddly, this was introduced when switching compilers
* debian/copyright:
- lintian/dep5 cleanup
-- Dustin Kirkland <email address hidden> Thu, 16 Jan 2014 08:01:31 -0600
-
pollen (3.9-0ubuntu1) trusty; urgency=low
* debian/pollinate.default:
- don't use quiet by default, do use binary
* pollinate:
- save ourselves an unneeded fork
* debian/control:
- drop haveged as a suggests
* debian/pollinate.default, debian/pollinate.install,
entropy.ubuntu.com.pem:
- install entropy.ubuntu.com.pem's certificate and intermediate
chain, to get rid of --insecure curl option
* debian/control, pollinate:
- log to the system log, using the logger utility
- add a final message, noting successful (re-)seed
- have pollinate depend on bsdutils, which provides logger
-- Dustin Kirkland <email address hidden> Wed, 15 Jan 2014 16:49:39 -0600
-
pollen (3.8-0ubuntu1) trusty; urgency=low
* debian/pollinate.default, debian/pollinate.postinst,
debian/pollinate.upstart, pollinate:
- fix the (broken) options setting in the pollinate default file
- change the tag creation to happen during the pollinate runtime,
rather than at package installation; this makes it more useful
for downstreams and remixes of Ubuntu
- ensure the daemon user owns the /var/lib/pollinate directory
- run the pollinate upstart script as the daemon user
* debian/pollinate.cron.d, debian/pollinate.postinst,
debian/pollinate.postrm:
- run the pollinate cronjob (reseed) once per day, rather than once
per hour
- purge pollinate files more effectively
-- Dustin Kirkland <email address hidden> Wed, 15 Jan 2014 10:59:38 -0600
-
pollen (3.7-0ubuntu1) trusty; urgency=low
* debian/control:
- demote haveged to suggests, based on feedback from Seth Arnold
in LP: #1246098
* pollinate:
- ensure both -c and -i can be used, without losing CURL_OPTS,
as identified by Seth Arnold in LP: #1246098
* pollinate:
- drop unused IPV6 variable, per review by Seth Arnold in LP: #1246098
* debian/pollen.postinst:
- use pollen as our fake email address, suggested by Seth Arnold
in LP: #1246098
* debian/pollinate.cron.d:
- add notes in the comments about NIST DRBG Special Publication 800-90A
recommendations on reseeding
- add notes in the comments about why we choose a random minute
- fix a bug, that was causing the cronjob to run far more frequently
than desired
- Addresses some issues raised by Seth Arnold in LP: #1246098
* debian/pollen.upstart, pollen.8, pollen.go:
- add DEVICE as the 3rd argument to the pollen server in the upstart
script
- test that DEVICE is a special in upstart
- document that the DEVICE is now a required argument
* debian/pollen.install, Makefile, pollen:
- build static binary at package build time, rather than dynamically
compiling at each run, per feedback from Seth Arnold in LP: #1246098
- use a very simple, basic Makefile
* debian/control:
- move golang-go to a build-dependency, rather than a runtime dependency
* debian/control, debian/pollen.postinst, debian/pollen.postrm,
debian/pollen.upstart:
- create a new user, pollen:daemon, in the postinst, remove in postrm
- depend on libcap2-bin, which provides setcap
- use setcap to allow the pollen binary to bind to privileged ports
- run the pollen daemon as the pollen user
- per feedback from Seth Arnold in LP: #1246098
* debian/pollen.upstart:
- use setuid in upstart to run the pollen daemon as the pollen user
* debian/pollen.postinst:
- change pollen user's shell to /bin/false
* debian/control, debian/pollen.install, debian/pollen.postinst,
debian/rules, usr.bin.pollen:
- add an apparmor profile for the pollen server, per suggestion
by Seth Arnold in LP: #1246098
- big thanks to Jamie Strandboge and Seth Arnold for assistance
* debian/pollinate.postinst:
- these chowns are not necessary; thanks for catching Michael Terry
in LP: #1246098
* debian/control: LP: #1259014
- have the pollen server depend on ent, which is used by the
check_pollen nagios script
-- Dustin Kirkland <email address hidden> Fri, 08 Nov 2013 09:59:37 -0600
-
pollen (3.6-0ubuntu1) trusty; urgency=low
* pollinate:
- remove sourcing of an rc config file from $HOME, per security
review from Seth Arnold
* pollinate.1:
- update documentation to note that multiple servers can be specified
on the command line
* debian/pollinate.default:
- use the entropy.ubuntu.com beta site for testing
- note that we're specifying the --insecure option here, as this is
very much a work in progress
* debian/pollinate.upstart:
- start pollinate when we have networking up and running, or
when we start ssh
* pollen.go:
- drop the nanosecond timestamp collection on the server
- a good server should have real entropy hardware, and a busy server
will have network traffic entropy already captured by the kernel
- Suggestion by Seth Arnold in a security review
* debian/pollen.default, pollinate:
- drop timestamp based salting, not terribly valuable
- per security review by Seth Arnold
* pollinate:
- drop unused $bin variable
-- Dustin Kirkland <email address hidden> Tue, 29 Oct 2013 16:55:31 -0500
-
pollen (3.5-0ubuntu1) trusty; urgency=low
* README:
- enhance and update design documentation
* debian/copyright:
- update to DEP-5 format
-- Dustin Kirkland <email address hidden> Wed, 11 Sep 2013 16:56:54 -0500
-
pollen (3.4-0ubuntu1) saucy; urgency=low
* check_pollen, debian/control:
- improve the nagios check
- warn if:
+ insufficient bytes are retrieved
+ less than 5-bits-per-byte of entropy are calculated
+ an out of whack arithmetic mean
- have pollen server recommend ent, which is used by the nagios check
-- Dustin Kirkland <email address hidden> Wed, 04 Sep 2013 14:25:51 -0500
