Red Hat Bugzilla – Bug 1258642
The removal of "-i" and "-t" causes existing rngd environment to fail that make use of those options
Last modified: 2016-04-21 08:50:59 EDT
Description of problem:
rng-tools-5-1 remove "-i" and "-t" as valid options. This poses serious production problems for existing customers who already make use of those options. This is mainly a dispute over enterprise stability because there is no clear warning of the large impact that this can have on applications that require rngd. Yes, there is an easy workaround which involved switching to "-q", but many people will only realize that after they update and cause a production outage when rngd begins to use old invalid options.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
EXTRAOPTIONS="-r /dev/urandom -o /dev/random -t 1 -i"
2. service rngd restart
# service rngd restart
Stopping rngd: [FAILED]
Starting rngd: rngd: invalid option -- 't'
Try `rngd --help' or `rngd --usage' for more information.
Backward compatibility for enterprise level customers.
I suggest something like putting the 5.x version in Software Collections, or having a second package called something like rng-tools5, similar to how we do rsyslog and bind.
The following KCS solution has been updated to reflect this change, which is a common go-to URL for how the deprecated options are used:
rngd: too many FIPS failures, disabling entropy source-
Created attachment 1069041 [details]
Patch to add back old options
Attached a patch to restore the old option. Will commit as soon as the bug is approved. Note the timeout option really isnt needed any more, so its just there vestigially, and doesn't do anything
Hey Neil, if you have an rpm I'll test it.
Initial testing looks good, thanks!
6.8 package rng-tools-5-2.el6_7.x86_64.rpm from RHEL-6.8-20160414.0 was already tested on 6.7 in https://bugzilla.redhat.com/show_bug.cgi?id=1259457#c5 .
rng-tools-5-2.el6_7.x86_64.rpm already in current 6.8 release RHEL-6.8-20160414.0