Bug 1258642 - The removal of "-i" and "-t" causes existing rngd environment to fail that make use of those options
The removal of "-i" and "-t" causes existing rngd environment to fail that ma...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: rng-tools (Show other bugs)
6.8
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Neil Horman
Vilém Maršík
: ZStream
Depends On:
Blocks: 1259457 1269638
  Show dependency treegraph
 
Reported: 2015-08-31 17:44 EDT by Bryan Totty
Modified: 2016-04-21 08:50 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A recent update of rng-tools removed the "-i" and "-t" options from the rngd daemon, which caused scripts that make use of these options to fail. This update adds these options back to maintain backward compatibility. Note that the "-t" option only exists to prevent script failures from occurring and has no functionality as the new rngd has no use for it.
Story Points: ---
Clone Of:
: 1259457 (view as bug list)
Environment:
Last Closed: 2016-04-21 08:50:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to add back old options (3.42 KB, application/octet-stream)
2015-09-01 10:53 EDT, Neil Horman
no flags Details

  None (edit)
Description Bryan Totty 2015-08-31 17:44:22 EDT
Description of problem:

rng-tools-5-1 remove "-i" and "-t" as valid options. This poses serious production problems for existing customers who already make use of those options. This is mainly a dispute over enterprise stability because there is no clear warning of the large impact that this can have on applications that require rngd. Yes, there is an easy workaround which involved switching to "-q", but many people will only realize that after they update and cause a production outage when rngd begins to use old invalid options.


Version-Release number of selected component (if applicable):
rng-tools-5-1 

How reproducible:
Always

Steps to Reproduce:
1. /etc/sysconfig/rngd

EXTRAOPTIONS="-r /dev/urandom -o /dev/random -t 1 -i"

2. service rngd restart



Actual results:
# service rngd restart
Stopping rngd:                                             [FAILED]
Starting rngd: rngd: invalid option -- 't'
Try `rngd --help' or `rngd --usage' for more information.
                                                           [FAILED]

Expected results:
Backward compatibility for enterprise level customers.


Additional info:
I suggest something like putting the 5.x version in Software Collections, or having a second package called something like rng-tools5, similar to how we do rsyslog and bind.
Comment 2 Bryan Totty 2015-08-31 17:48:22 EDT
The following KCS solution has been updated to reflect this change, which is a common go-to URL for how the deprecated options are used:

rngd: too many FIPS failures, disabling entropy source-
https://access.redhat.com/solutions/62960
Comment 4 Neil Horman 2015-09-01 10:53:00 EDT
Created attachment 1069041 [details]
Patch to add back old options
Comment 5 Neil Horman 2015-09-01 10:54:08 EDT
Attached a patch to restore the old option.  Will commit as soon as the bug is approved.  Note the timeout option really isnt needed any more, so its just there vestigially, and doesn't do anything
Comment 6 Leam 2015-09-01 15:37:16 EDT
Hey Neil, if you have an rpm I'll test it. 

Thanks!

Leam
Comment 8 Leam 2015-09-22 15:20:37 EDT
Initial testing looks good, thanks!
Comment 9 Vilém Maršík 2016-04-21 08:38:35 EDT
6.8 package rng-tools-5-2.el6_7.x86_64.rpm from RHEL-6.8-20160414.0 was already tested on 6.7 in https://bugzilla.redhat.com/show_bug.cgi?id=1259457#c5 .

Closing.
Comment 10 Vilém Maršík 2016-04-21 08:50:59 EDT
rng-tools-5-2.el6_7.x86_64.rpm already in current 6.8 release RHEL-6.8-20160414.0

Note You need to log in before you can comment on or make changes to this bug.