Bug 739347 - Review Request: haveged - A Linux entropy source using the HAVEGE algorithm. Feed entropy into random pool
Summary: Review Request: haveged - A Linux entropy source using the HAVEGE algorithm. ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Susi Lehtola
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-17 23:28 UTC by Jiri Hladky
Modified: 2012-10-15 01:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-26 10:56:39 UTC
susi.lehtola: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description Jiri Hladky 2011-09-17 23:28:37 UTC
Spec URL: http://jhladky.fedorapeople.org/haveged.spec
SRPM URL: http://jhladky.fedorapeople.org/haveged-1.2-0.fc14.src.rpm
Description: 
A Linux entropy source using the HAVEGE algorithm

Haveged is a user space entropy daemon which is not dependent upon the
standard mechanisms for harvesting randomness for the system entropy
pool. This is important in systems with high entropy needs or limited
user interaction (e.g. headless servers).
 
Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)
to maintain a 1M pool of random bytes used to fill /dev/random
whenever the supply of random bits in /dev/random falls below the low
water mark of the device. The principle inputs to haveged are the
sizes of the processor instruction and data caches used to setup the
HAVEGE collector. The haveged default is a 4kb data cache and a 16kb
instruction cache. On machines with a cpuid instruction, haveged will
attempt to select appropriate values from internal tables.

Comment 1 Susi Lehtola 2011-09-21 06:55:59 UTC
Patch0 doesn't have a comment in the spec file. Please document what it does.

Is there any reason why you macroize everything? Why not run just automake, make and so on?

Is SMP build not supported?

Please use cp or install instead of mv in %install, so that shortcutting builds work. Besides, why do you
 %{__mv} init.d/haveged_fedora %{buildroot}%{_initrddir}/haveged
 %{__rm} -rf %{buildroot}/etc/init.d
since at least on F15
 $ rpm --eval %{_initrddir}
 /etc/rc.d/init.d
 $ file /etc/init.d
 /etc/init.d: symbolic link to `rc.d/init.d'

Comment 2 Jiri Hladky 2011-09-21 21:47:39 UTC
Just tested hwloc-1.2.1, bug is still there, contacting hwloc developers

ppc-koji build --scratch dist-f16 rpmbuild/SRPMS/hwloc-1.2.1-0.fc14.src.rpm


PASS: glibc-sched
exported to buffer 0x10568a30 length 1835
re-exported to buffer 0x1056d118 length 1834
### First exported buffer is:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE topology SYSTEM "hwloc.dtd">
<topology>
  <object type="Machine" os_level="-1" os_index="0" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003" local_memory="16091512832">
    <page_type size="17179869184" count="0"/>
    <page_type size="65536" count="245537"/>
    <page_type size="16777216" count="0"/>
    <info name="Backend" value="Linux"/>
    <info name="OSName" value="Linux"/>
    <info name="OSRelease" value="2.6.32-131.6.1.el6.ppc64"/>
    <info name="OSVersion" value="#1 SMP Mon Jun 20 14:15:43 EDT 2011"/>
    <info name="HostName" value="ppc-comm01"/>
    <info name="Architecture" value="ppc"/>
    <object type="Socket" os_level="-1" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003">
      <object type="Cache" os_level="-1" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003" cache_size="4194304" depth="2" cache_linesize="128">
        <object type="Cache" os_level="-1" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003" cache_size="65536" depth="1" cache_linesize="128">
          <object type="Core" os_level="-1" os_index="0" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003">
            <object type="PU" os_level="-1" os_index="0" cpuset="0x00000001" complete_cpuset="0x00000001" online_cpuset="0x00000001" allowed_cpuset="0x00000001"/>
            <object type="PU" os_level="-1" os_index="1" cpuset="0x00000002" complete_cpuset="0x00000002" online_cpuset="0x00000002" allowed_cpuset="0x00000002"/>
          </object>
        </object>
      </object>
    </object>
  </object>
</topology>
### End of first export buffer
### Second exported buffer is:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE topology SYSTEM "hwloc.dtd">
<topology>
  <object type="Machine" os_level="-1" os_index="0" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003" local_memory="16091512832">
    <page_type size="4294967295" count="0"/>
    <page_type size="65536" count="245537"/>
    <page_type size="16777216" count="0"/>
    <info name="Backend" value="Linux"/>
    <info name="OSName" value="Linux"/>
    <info name="OSRelease" value="2.6.32-131.6.1.el6.ppc64"/>
    <info name="OSVersion" value="#1 SMP Mon Jun 20 14:15:43 EDT 2011"/>
    <info name="HostName" value="ppc-comm01"/>
    <info name="Architecture" value="ppc"/>
    <object type="Socket" os_level="-1" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003">
      <object type="Cache" os_level="-1" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003" cache_size="4194304" depth="2" cache_linesize="128">
        <object type="Cache" os_level="-1" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003" cache_size="65536" depth="1" cache_linesize="128">
          <object type="Core" os_level="-1" os_index="0" cpuset="0x00000003" complete_cpuset="0x00000003" online_cpuset="0x00000003" allowed_cpuset="0x00000003">
            <object type="PU" os_level="-1" os_index="0" cpuset="0x00000001" complete_cpuset="0x00000001" online_cpuset="0x00000001" allowed_cpuset="0x00000001"/>
            <object type="PU" os_level="-1" os_index="1" cpuset="0x00000002" complete_cpuset="0x00000002" online_cpuset="0x00000002" allowed_cpuset="0x00000002"/>
          </object>
        </object>
      </object>
    </object>
  </object>
</topology>
### End of second export buffer
FAIL: xmlbuffer
========================================================
1 of 26 tests failed
Please report to http://www.open-mpi.org/community/help/
========================================================

Comment 3 Jiri Hladky 2011-09-21 21:53:12 UTC
Please ignore https://bugzilla.redhat.com/show_bug.cgi?id=739347#c2 
I have updated wrong BZ

Jirka

Comment 4 Jiri Hladky 2011-09-21 23:17:56 UTC
(In reply to comment #1)

Hi Jussi,

please see my comments bellow:

> Patch0 doesn't have a comment in the spec file. Please document what it does.

It's coming update to the version 1.3 of haveged. I have documented it now in the SPEC file. 
 
> Is there any reason why you macroize everything? Why not run just automake,
> make and so on?
Not really. I was not sure which way is preferred. I have changed it now to rm, make, install and so on.

> Is SMP build not supported?
It's supported. I have just added it.


> Please use cp or install instead of mv in %install, so that shortcutting builds
> work.

Done.

> Besides, why do you
>  %{__mv} init.d/haveged_fedora %{buildroot}%{_initrddir}/haveged
>  %{__rm} -rf %{buildroot}/etc/init.d
> since at least on F15
>  $ rpm --eval %{_initrddir}
>  /etc/rc.d/init.d
>  $ file /etc/init.d
>  /etc/init.d: symbolic link to `rc.d/init.d'

Changed it to
rm -rf %{buildroot}/etc/init.d
install -m755 -D init.d/haveged_fedora %{buildroot}%{_initrddir}/haveged

Since /etc/init.d is a symbolic link I believe it's better to install files into the master directory %{_initrddir} == /etc/rc.d/init.d

Besides that, I prefer to use MACRO %{_initddir} instead of %{_sysconfdir}/init.d (which would expand to /etc/init.d)

Please let me know your opinion on this. Is there a reason to prefer /etc/init.d over /etc/rc.d/init.d? Is there a macro that expands to /etc/init.d ??

New SPEC File and SRPM:

Spec URL: http://jhladky.fedorapeople.org/hwloc-1.0.2-1.spec
SRPM URL: http://jhladky.fedorapeople.org/haveged-1.2-1.fc14.src.rpm

Scratch build:
koji build --scratch dist-f15 SRPMS/haveged-1.2-1.fc14.src.rpm 
http://koji.fedoraproject.org/koji/taskinfo?taskID=3369279

Thanks for the input!
Jirka

Comment 5 Susi Lehtola 2011-09-22 07:09:51 UTC
But my question is: why do you run
 rm -rf %{buildroot}/etc/init.d
in the first place?

Comment 6 Jiri Hladky 2011-09-22 22:48:07 UTC
(In reply to comment #5)
> But my question is: why do you run
>  rm -rf %{buildroot}/etc/init.d
> in the first place?

Hi Jussi,

two reasons:

1)There is generic haveged start script. This one is installed to /etc/init.d. However, this script does not work well on Fedora. I need to use haveged_fedora

That's why I rename the script:

install -m755 -D init.d/haveged_fedora %{buildroot}%{_initrddir}/haveged

2) I would like to install start script into /etc/rc.d/init.d directory. 

What's your opinion?

Thanks
Jirka

Comment 7 Susi Lehtola 2011-09-23 06:45:54 UTC
(In reply to comment #6)
> (In reply to comment #5)
> > But my question is: why do you run
> >  rm -rf %{buildroot}/etc/init.d
> > in the first place?
> 
> 1)There is generic haveged start script. This one is installed to /etc/init.d.

OK, then please make a note about this in the spec file. Note that you don't necessarily need to remove the generic script if you just replace it with the Fedora specific script.

> However, this script does not work well on Fedora. I need to use haveged_fedora
> 
> That's why I rename the script:
> 
> install -m755 -D init.d/haveged_fedora %{buildroot}%{_initrddir}/haveged
> 
> 2) I would like to install start script into /etc/rc.d/init.d directory. 

http://fedoraproject.org/wiki/Packaging:SysVInitScript
"Packages with SysV-style initscripts must put them into /etc/rc.d/init.d. A rpm macro exists for this directory, %_initddir."

So the directory itself is fine, but you should use a different macro.

Comment 8 Susi Lehtola 2011-09-23 06:47:28 UTC
(In reply to comment #7)
> (In reply to comment #6)
> > (In reply to comment #5)
> > > But my question is: why do you run
> > >  rm -rf %{buildroot}/etc/init.d
> > > in the first place?
> > 
> > 1)There is generic haveged start script. This one is installed to /etc/init.d.
> 
> OK, then please make a note about this in the spec file. Note that you don't
> necessarily need to remove the generic script if you just replace it with the
> Fedora specific script.

.. although this still does not explain why you run the command. You're just removing a symlink. Please remove the line altogether.

Comment 9 Jiri Hladky 2011-09-23 22:48:08 UTC
Hi Jussi,

I have tried to remove
rm -rf %{buildroot}/etc/init.d
line and it does not work:

========================================================================
rpmbuild -ba SPECS/haveged.spec

Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/jirka/rpmbuild/BUILDROOT/haveged-1.2-1.fc14.i386
error: Installed (but unpackaged) file(s) found:
   /etc/init.d/haveged


RPM build errors:
    Installed (but unpackaged) file(s) found:
   /etc/init.d/haveged
========================================================================

To summarize:
make install of the package havege will install generic script to
/etc/init.d/haveged

We need to:
Install Fedora specific script to /etc/rc.d/init.d directory

Since we don't want /etc/init.d/haveged to be packed into rpm, we need to remove it from the %{buildroot} directory otherwise rpm built-in check will give us an error described above.


Resolution:
I have added following comment to the spec file
#Installing Fedora specific haveged SysV-style initscript 
#http://fedoraproject.org/wiki/Packaging:SysVInitScript
#Need to remove haveged specific script from %{buildroot} since it's installed to the wrong location 
#(/etc/init.d instead of /etc/rc.d/init.d)

New SPEC File and SRPM:
Spec URL: http://jhladky.fedorapeople.org/haveged-1.2-2.fc14.spec
SRPM URL: http://jhladky.fedorapeople.org/haveged-1.2-2.fc14.src.rpm

Thanks
Jirka

Comment 10 Jiri Hladky 2011-09-25 22:53:58 UTC
Hi Jussi,

have you had time to review the latest SPEC file? 

Thanks
Jirka

Comment 11 Susi Lehtola 2011-09-26 07:07:26 UTC
Very well. I now see that the rm -rf line is necessary, since for some reason /etc/init.d is a directory and not a symlink as on installed Fedoras.

Here's my review:

***

rpmlint output:
haveged.src: W: spelling-error %description -l en_US dev -> deb, derv, div
haveged.src: W: spelling-error %description -l en_US cpuid -> cupid
haveged.src: W: spelling-error %description -l en_US stdout -> stout, std out, std-out
haveged.src:63: W: macro-in-comment %{buildroot}
haveged.src:91: W: macro-in-comment %attr
haveged.src:91: W: macro-in-comment %{_initrddir}
haveged.x86_64: W: spelling-error %description -l en_US dev -> deb, derv, div
haveged.x86_64: W: spelling-error %description -l en_US cpuid -> cupid
haveged.x86_64: W: spelling-error %description -l en_US stdout -> stout, std out, std-out
haveged.x86_64: W: incoherent-subsys /etc/rc.d/init.d/haveged $prog
3 packages and 0 specfiles checked; 0 errors, 10 warnings.

- Patch0 is missing a comment, still. Please add one in the spec file.
- Please drop the "Apply patches: " comment and the following commented line.
- Please drop the commented line in %files.
- The "spelling-errors" are false alarms.
- Fix the subsystem stuff.


MUST: The spec file for the package is legible and macros are used consistently.  OK
MUST: The package must be named according to the Package Naming Guidelines. OK
MUST: The spec file name must match the base package %{name}. OK
MUST: The package must be licensed with a Fedora approved license and meet the  Licensing Guidelines. OK

MUST: The License field in the package spec file must match the actual license. NEEDSWORK
- License is GPLv3+, not GPLv3.

MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. OK
$ md5sum haveged-1.2.tar.gz ../SOURCES/haveged-1.2.tar.gz 
dc961f36c065239f2ddeeb840ddf9ec0  haveged-1.2.tar.gz
dc961f36c065239f2ddeeb840ddf9ec0  ../SOURCES/haveged-1.2.tar.gz

MUST: The package MUST successfully compile and build into binary rpms. OK
MUST: The spec file MUST handle locales properly. N/A
MUST: Optflags are used and time stamps preserved. OK
MUST: Packages containing shared library files must call ldconfig. N/A

MUST: A package must own all directories that it creates or require the package that owns the directory. OK
- ... but *please* don't use wildcards for just one or two files. Change
 %{_mandir}/man8/*
 %{_sbindir}/*
 %{_initrddir}/*
to
 %{_mandir}/man8/haveged.8*
 %{_sbindir}/haveged
 %{_initrddir}/haveged
or the same using %{name}, both of which have the same effect as the wildcard but make the %files section MUCH clearer.

MUST: Files only listed once in %files listings. OK
MUST: Debuginfo package is complete. OK
MUST: Permissions on files must be set properly. OK
MUST: Large documentation files must go in a -doc subpackage. N/A
MUST: All relevant items are included in %doc. Items in %doc do not affect runtime of application. OK
MUST: Header files must be in a -devel package. N/A
MUST: Static libraries must be in a -static package. N/A
MUST: If a package contains library files with a suffix then library files ending in .so must go in a -devel package. N/A
MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned, architecture dependent dependency. N/A
MUST: Packages does not contain any .la libtool archives. N/A
MUST: Desktop files are installed properly. N/A
MUST: No file conflicts with other packages and no general names. OK
SHOULD: %{?dist} tag is used in release. OK
SHOULD: If the package does not include license text(s) as separate files from upstream, the packager should query upstream to include it. OK
SHOULD: The package builds in mock. OK
EPEL: Clean section exists. OK
EPEL: Buildroot cleaned before install. OK
EPEL: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig'. N/A

Comment 12 Jiri Hladky 2011-09-26 22:05:12 UTC
(In reply to comment #11)

Hi,

please see my comments bellow:
 
> - Patch0 is missing a comment, still. Please add one in the spec file.
Well, I have added following text to he description already in 
https://bugzilla.redhat.com/show_bug.cgi?id=739347#c4

===================================================================
Patch represents changes planed for the version 1.3:
1)Changed run levels:
0=daemon
-1=configuration info
-2=write Bytes to stdout without limit
>0 write <r> Bytes to file. Units k,m,g,t are supported:

    
2)Added option to write random bytes to stdout: -f -
===================================================================

Not sure if I got it wrong - is there special section for it? Or perhaps you have just overlooked it. Please let me know.


> - Please drop the "Apply patches: " comment and the following commented line.
Done

> - Please drop the commented line in %files.
Done

> - The "spelling-errors" are false alarms.
> - Fix the subsystem stuff.
It also false alarm. Please run
rpmlint -i

to see the detailed explanation:

haveged.i686: W: incoherent-subsys /etc/rc.d/init.d/haveged ${prog}
...... It is also possible
that rpmlint gets this wrong, especially if the init script contains
nontrivial shell variables and/or assignments.  These cases usually manifest
themselves when rpmlint reports that the subsys name starts a with '$'; in
these cases a warning instead of an error is reported and you should check the
script manually.

Init script is indeed using a variable.


> NEEDSWORK
> - License is GPLv3+, not GPLv3.
Good hint, thanks!

> - ... but *please* don't use wildcards for just one or two files. Change
>  %{_mandir}/man8/*
>  %{_sbindir}/*
>  %{_initrddir}/*
> to
>  %{_mandir}/man8/haveged.8*
>  %{_sbindir}/haveged
>  %{_initrddir}/haveged
> or the same using %{name}, both of which have the same effect as the wildcard
> but make the %files section MUCH clearer.

Done.

Spec URL: http://jhladky.fedorapeople.org/haveged-1.2-3.fc14.spec
SRPM URL: http://jhladky.fedorapeople.org/haveged-1.2-3.fc14.src.rpm

Thanks
Jirka

Comment 13 Susi Lehtola 2011-09-26 22:19:35 UTC
(In reply to comment #12)
> > - Patch0 is missing a comment, still. Please add one in the spec file.
> Well, I have added following text to he description already in 
> https://bugzilla.redhat.com/show_bug.cgi?id=739347#c4

... you put it at the end of %description? Well, that's the wrong place to put  it. When you have a bunch of patches, then you'd like to see what they're for. For instance:

# Link to foo correctly
Patch0: haveged-1.2.3-foo.patch
# Don't do bar on install
Patch1: haveged-1.2.3-nobar.patch

> haveged.i686: W: incoherent-subsys /etc/rc.d/init.d/haveged ${prog}
> ...... It is also possible
> that rpmlint gets this wrong, especially if the init script contains
> nontrivial shell variables and/or assignments.  These cases usually manifest
> themselves when rpmlint reports that the subsys name starts a with '$'; in
> these cases a warning instead of an error is reported and you should check the
> script manually.
> 
> Init script is indeed using a variable.

OK.


Before commit to git, please remove the patch comment from %description, where it doesn't serve any purpose, and add a short description of Patch0 as above.

This package has been

APPROVED

Comment 14 Jiri Hladky 2011-09-28 20:44:35 UTC
Hi Jussi,

thanks a lot for reviewing the package. I have moved the patch description to the right location. The update package is here

Spec URL: http://jhladky.fedorapeople.org/haveged-1.2-3.fc14.spec
SRPM URL: http://jhladky.fedorapeople.org/haveged-1.2-3.fc14.src.rpm

Cheers
Jirka

Comment 15 Jiri Hladky 2011-09-28 20:56:59 UTC
New Package SCM Request
=======================
Package Name: haveged
Short Description:  A Linux entropy source using the HAVEGE algorithm. Feed entropy into the random pool
Owners: Jirka Hladky
Branches: f15 f16 el6
InitialCC: jhladky

Comment 16 Jiri Hladky 2011-09-28 20:58:57 UTC
Errata:

New Package SCM Request
=======================
Package Name: haveged
Short Description:  A Linux entropy source using the HAVEGE algorithm. Feed
entropy into the random pool
Owners: jhladky
Branches: f15 f16 el6
InitialCC: jhladky

Comment 17 Susi Lehtola 2011-09-28 21:58:47 UTC
Actually, please change the description to
"A Linux entropy source using the HAVEGE algorithm".

I forgot to nag about this in the review..

Comment 18 Gwyn Ciesla 2011-09-29 01:00:43 UTC
Git done (by process-git-requests).

Edited description.

Comment 19 Fedora Update System 2011-09-30 00:21:32 UTC
haveged-1.2-3.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/haveged-1.2-3.fc16

Comment 20 Fedora Update System 2011-09-30 00:23:42 UTC
haveged-1.2-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/haveged-1.2-3.fc15

Comment 21 Jiri Hladky 2011-09-30 00:26:07 UTC
Hi Jussi,

I have updated the package description.

@GIT TEAM: thanks a lot!

Jirka

Comment 22 Fedora Update System 2011-09-30 02:48:00 UTC
haveged-1.2-3.fc16 has been pushed to the Fedora 16 testing repository.

Comment 23 Fedora Update System 2011-11-05 21:25:04 UTC
haveged-1.3-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/haveged-1.3-1.fc16

Comment 24 Fedora Update System 2011-11-05 21:34:32 UTC
haveged-1.3-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/haveged-1.3-1.fc15

Comment 25 Susi Lehtola 2012-09-26 10:56:39 UTC
Odd that the update system hasn't closed this, even though the updates have hit stable. Closing.

Comment 26 Jiri Hladky 2012-10-13 12:39:37 UTC
Package Change Request
======================
Package Name: haveged
New Branches: el5
Owners: jhladky
InitialCC: jhladky

Requested by Jason Roysdon:

 Jirka,
Any chance you can add EL5 for your builds for haveged in EPEL?  I’d really appreciate it.  We’ve a number of Oracle-based apps that are not yet certified for EL6.
 
Thanks for your consideration,
Jason Roysdon
Information Security Analyst
Modesto Irrigation District
Ph: 209-557-1482

Comment 27 Gwyn Ciesla 2012-10-15 01:46:23 UTC
Git done (by process-git-requests).


Note You need to log in before you can comment on or make changes to this bug.