Description of problem: The rng header, include/crypto/rng.h, needs to be part of the kernel-devel package like the other crypto bits, so that the rng interfaces can be utilized by out-of-tree stuff (notably, the fips cavs rng crypto test). Version-Release number of selected component (if applicable): kernel-2.6.18-122.el5
Jarod, I just checked kernel-devel-2.6.18-122.el5.x86_64, and what you need appears to be already there: ========================================================================= [nhorman@hmsendeavour x86_64]$ rpm -qlip kernel-devel-2.6.18-122.el5.x86_64.rpm | grep rng /usr/src/kernels/2.6.18-122.el5-x86_64/include/config/crypto/ansi/cprng.h /usr/src/kernels/2.6.18-122.el5-x86_64/include/config/crypto/rng.h [nhorman@hmsendeavour x86_64]$ ========================================================================== Can you double check to make sure we're both seeing the same thing? Thanks!
I do have the include/config/crypto/rng.h file as well, but that's not the actual header file -- try cat'ing it. :) I'm not sure *what* all the stuff under include/config/ is for, but upon spot-checking, everything in there is empty...
ugh, you're right. Although looking at it, it doesn't look like any of the api types are properly exported via kernel-devel. how are you getting at the rest of the apis?
Thus far, everything else I've needed has been in: /* crypto headers */ #include <linux/crypto.h> #include <linux/ncrypto.h> #include <linux/crypto/mpi.h>
Created attachment 323212 [details] patch to add rng.h to kernel-devel Yeah, do me a favor, build/test a kernel set with this patch please. I'll probably still have to fix up rng.h with an ifdef __KERNEL__ and mark it as unifdef, but this should get it in the kernel-devel package I think. Thanks!
Crud, I just lost the scrollback, but the build errored out, something about not finding rng.h somewhere or something like that... :\
let me know what the error is and I'll fix it up as needed
Here's what I get: [...] + scripts/hdrcheck.sh /var/tmp/kernel-2.6.18-123.el5.fips4-root/usr/include /var/tmp/kernel-2.6.18-123.el5.fips4-root/usr/include/asm-i386/ldt.h + echo -e '*****\n*****' + grep -q exist hdrwarnings.txt + sed 's:^/var/tmp/kernel-2.6.18-123.el5.fips4-root/usr/include/::' hdrwarnings.txt ***** ***** HEADER EXPORT WARNINGS: ***** crypto/rng.h requires linux/crypto.h, which does not exist in exported headers ***** ***** + exit 1 RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.30527 (%install) Bad exit status from /var/tmp/rpm-tmp.30527 (%install)
Shoot, I'm sorry Jarod, I typoed in my patch, the crypto/Kbuild file in the patch needs to be changed so that instead of reading: header-y += rng.h should be changed so that it reads: unifdef-y += rnh.h If you change that, it should work. Thanks
Build went fine w/that change, but the header file still didn't make it into kernel-devel. :(
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1586157 There you go jarod. That appears to have everything you need. Please confirm and I'll put this upstream and in RHEL5
Hrm. Looks like the i686 brew build went fine, but the x86_64 one blew up. I suspect this is because on x86, kernel-headers isn't built in the i686 build pass, its built in the i386 pass, whereas x86_64 includes both the kernel and kernel-headers. [...] + grep -q exist hdrwarnings.txt + sed 's:^/var/tmp/kernel-2.6.18-124.el5dz_test-root/usr/include/::' hdrwarnings.txt ***** ***** HEADER EXPORT WARNINGS: ***** crypto/nscatterwalk.h requires linux/hardirq.h, which does not exist in exported headers crypto/algapi.h requires linux/list.h, which does not exist in exported headers crypto/aead.h requires linux/slab.h, which does not exist in exported headers crypto/skcipher.h requires linux/slab.h, which does not exist in exported headers linux/ncrypto.h requires asm/atomic.h, which does not exist in exported headers linux/crypto.h requires linux/module.h, which does not exist in exported headers ***** ***** + exit 1 error: Bad exit status from /var/tmp/rpm-tmp.41698 (%install)
https://brewweb.devel.redhat.com/taskinfo?taskID=1596826 New build brewing. I've included the missing headers, although I'm becomming less confident that this is as easy to do as it initially looked. We want these headers in kernel-devel but not kernel-headers (which is used by userspace), so I think we'll still have some cleanup to do here (masking unneeded data in the exported headers with ifdef __KERNEL__ and such. But this should be enough to validate what you need to do.
ugh, stpuid includes. Let me figure this out and I'll get back to you
https://brewweb.devel.redhat.com/taskinfo?taskID=1597546 Ok, the kernel-headers packages in that build should have what you need, although I think they probably belong in the kernel-devel package, and I'm not sure why there showing up there. Let me know if all the headers you need are in kernel-headers, and I'll figure out how to move them over to kernel-devel.
Updating PM score.
jarod, did this work for you?
Crud. I don't suppose you have a saved copy of that build somewhere? Can't seem to pull that out of brew any more, the scratch build reaper must have nuked it... So if you have either a local copy I could bum, or a patch I can just apply to a build, I can try it out that way... :\
crud, I don't and I re-installed my system over christmas. Back to the drawing board I guess. I'll let you know when I have something
Created attachment 333374 [details] new attempt at including rng header Heres another attempt at this, It seems from looking at the spec file that I just need to include the crypto libs in the copy operation when building the devel package. Although I'm not sure how some of the headers are getting in there now.
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1707524 New brew build here if you want to test it when you get a chance. Thanks!
Yep, this works for me. Puts it in a slightly different place than I was expecting, but that's no problem (was looking for include/crypto/rng.h, which is where the mpi and ksign headers are, but switching to crypto/rng.h worksforme).
in kernel-2.6.18-135.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1243.html