RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1258642 - The removal of "-i" and "-t" causes existing rngd environment to fail that make use of those options
Summary: The removal of "-i" and "-t" causes existing rngd environment to fail that ma...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: rng-tools
Version: 6.8
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Neil Horman
QA Contact: Vilém Maršík
URL:
Whiteboard:
Depends On:
Blocks: 1259457 1269638
TreeView+ depends on / blocked
 
Reported: 2015-08-31 21:44 UTC by Bryan Totty
Modified: 2021-09-09 11:41 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A recent update of rng-tools removed the "-i" and "-t" options from the rngd daemon, which caused scripts that make use of these options to fail. This update adds these options back to maintain backward compatibility. Note that the "-t" option only exists to prevent script failures from occurring and has no functionality as the new rngd has no use for it.
Clone Of:
: 1259457 (view as bug list)
Environment:
Last Closed: 2016-04-21 12:50:59 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Patch to add back old options (3.42 KB, application/octet-stream)
2015-09-01 14:53 UTC, Neil Horman
no flags Details

Description Bryan Totty 2015-08-31 21:44:22 UTC
Description of problem:

rng-tools-5-1 remove "-i" and "-t" as valid options. This poses serious production problems for existing customers who already make use of those options. This is mainly a dispute over enterprise stability because there is no clear warning of the large impact that this can have on applications that require rngd. Yes, there is an easy workaround which involved switching to "-q", but many people will only realize that after they update and cause a production outage when rngd begins to use old invalid options.


Version-Release number of selected component (if applicable):
rng-tools-5-1 

How reproducible:
Always

Steps to Reproduce:
1. /etc/sysconfig/rngd

EXTRAOPTIONS="-r /dev/urandom -o /dev/random -t 1 -i"

2. service rngd restart



Actual results:
# service rngd restart
Stopping rngd:                                             [FAILED]
Starting rngd: rngd: invalid option -- 't'
Try `rngd --help' or `rngd --usage' for more information.
                                                           [FAILED]

Expected results:
Backward compatibility for enterprise level customers.


Additional info:
I suggest something like putting the 5.x version in Software Collections, or having a second package called something like rng-tools5, similar to how we do rsyslog and bind.

Comment 2 Bryan Totty 2015-08-31 21:48:22 UTC
The following KCS solution has been updated to reflect this change, which is a common go-to URL for how the deprecated options are used:

rngd: too many FIPS failures, disabling entropy source-
https://access.redhat.com/solutions/62960

Comment 4 Neil Horman 2015-09-01 14:53:00 UTC
Created attachment 1069041 [details]
Patch to add back old options

Comment 5 Neil Horman 2015-09-01 14:54:08 UTC
Attached a patch to restore the old option.  Will commit as soon as the bug is approved.  Note the timeout option really isnt needed any more, so its just there vestigially, and doesn't do anything

Comment 6 Leam 2015-09-01 19:37:16 UTC
Hey Neil, if you have an rpm I'll test it. 

Thanks!

Leam

Comment 8 Leam 2015-09-22 19:20:37 UTC
Initial testing looks good, thanks!

Comment 9 Vilém Maršík 2016-04-21 12:38:35 UTC
6.8 package rng-tools-5-2.el6_7.x86_64.rpm from RHEL-6.8-20160414.0 was already tested on 6.7 in https://bugzilla.redhat.com/show_bug.cgi?id=1259457#c5 .

Closing.

Comment 10 Vilém Maršík 2016-04-21 12:50:59 UTC
rng-tools-5-2.el6_7.x86_64.rpm already in current 6.8 release RHEL-6.8-20160414.0


Note You need to log in before you can comment on or make changes to this bug.