Bug 1258642

Summary: The removal of "-i" and "-t" causes existing rngd environment to fail that make use of those options
Product: Red Hat Enterprise Linux 6 Reporter: Bryan Totty <btotty>
Component: rng-toolsAssignee: Neil Horman <nhorman>
Status: CLOSED CURRENTRELEASE QA Contact: Vilém Maršík <vmarsik>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.8CC: emcnabb, jsvarova, leamhall, magoldma, salmy
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A recent update of rng-tools removed the "-i" and "-t" options from the rngd daemon, which caused scripts that make use of these options to fail. This update adds these options back to maintain backward compatibility. Note that the "-t" option only exists to prevent script failures from occurring and has no functionality as the new rngd has no use for it.
 Story Points: ---
Clone Of:
: 1259457 (view as bug list) Environment:
Last Closed: 2016-04-21 12:50:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1259457, 1269638    
Attachments:
Description Flags
Patch to add back old options none

Description Bryan Totty 2015-08-31 21:44:22 UTC 
Description of problem:

rng-tools-5-1 remove "-i" and "-t" as valid options. This poses serious production problems for existing customers who already make use of those options. This is mainly a dispute over enterprise stability because there is no clear warning of the large impact that this can have on applications that require rngd. Yes, there is an easy workaround which involved switching to "-q", but many people will only realize that after they update and cause a production outage when rngd begins to use old invalid options.


Version-Release number of selected component (if applicable):
rng-tools-5-1 

How reproducible:
Always

Steps to Reproduce:
1. /etc/sysconfig/rngd

EXTRAOPTIONS="-r /dev/urandom -o /dev/random -t 1 -i"

2. service rngd restart



Actual results:
# service rngd restart
Stopping rngd:                                             [FAILED]
Starting rngd: rngd: invalid option -- 't'
Try `rngd --help' or `rngd --usage' for more information.
                                                           [FAILED]

Expected results:
Backward compatibility for enterprise level customers.


Additional info:
I suggest something like putting the 5.x version in Software Collections, or having a second package called something like rng-tools5, similar to how we do rsyslog and bind.
Comment 2 Bryan Totty 2015-08-31 21:48:22 UTC 
The following KCS solution has been updated to reflect this change, which is a common go-to URL for how the deprecated options are used:

rngd: too many FIPS failures, disabling entropy source-
https://access.redhat.com/solutions/62960
Comment 4 Neil Horman 2015-09-01 14:53:00 UTC 
Created attachment 1069041 [details]
Patch to add back old options
Comment 5 Neil Horman 2015-09-01 14:54:08 UTC 
Attached a patch to restore the old option.  Will commit as soon as the bug is approved.  Note the timeout option really isnt needed any more, so its just there vestigially, and doesn't do anything
Comment 6 Leam 2015-09-01 19:37:16 UTC 
Hey Neil, if you have an rpm I'll test it. 

Thanks!

Leam
Comment 8 Leam 2015-09-22 19:20:37 UTC 
Initial testing looks good, thanks!
Comment 9 Vilém Maršík 2016-04-21 12:38:35 UTC 
6.8 package rng-tools-5-2.el6_7.x86_64.rpm from RHEL-6.8-20160414.0 was already tested on 6.7 in https://bugzilla.redhat.com/show_bug.cgi?id=1259457#c5 .

Closing.
Comment 10 Vilém Maršík 2016-04-21 12:50:59 UTC 
rng-tools-5-2.el6_7.x86_64.rpm already in current 6.8 release RHEL-6.8-20160414.0