Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rng-tools: 5 -> 6.6, jitterentropy: init at 2.1.2 #48843

Merged
merged 4 commits into from Oct 24, 2018
Merged

rng-tools: 5 -> 6.6, jitterentropy: init at 2.1.2 #48843

merged 4 commits into from Oct 24, 2018

Conversation

JohnAZoidberg
Copy link
Member

@JohnAZoidberg JohnAZoidberg commented Oct 22, 2018
edited

Motivation for this change

New version :)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@JohnAZoidberg JohnAZoidberg changed the title rng-tools: 5 -> 6.6 WIP: rng-tools: 5 -> 6.6 Oct 23, 2018
@JohnAZoidberg
Copy link
Member Author

Wait, don't merge yet. I think there's something wrong with the sources.

@JohnAZoidberg JohnAZoidberg force-pushed the rng-tools-6.6 branch 2 times, most recently from 215998f to 01310a4 Compare October 23, 2018 14:56
@JohnAZoidberg JohnAZoidberg changed the title WIP: rng-tools: 5 -> 6.6 rng-tools: 5 -> 6.6 Oct 23, 2018
@JohnAZoidberg JohnAZoidberg changed the title rng-tools: 5 -> 6.6 rng-tools: 5 -> 6.6, jitterentropy: init at 2.1.2 Oct 23, 2018
@JohnAZoidberg
Copy link
Member Author

I had the source-hash wrong and it pulled an old source - probably the cache prevented it from failing.
Looks good now, builds with all configuration combinations and runs fine.

I also added the jitterentropy library to use it as a dependency.

@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 23, 2018

Thank you for tracking its new home and putting yourself as maintainer 👍 (first things first)

c0bw3b
c0bw3b requested changes Oct 23, 2018
View reviewed changes
Copy link
Contributor

@c0bw3b c0bw3b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly needs fixing the attribute name of jitterentropy

pkgs/development/libraries/jitterentropy/default.nix Outdated Show resolved Hide resolved
pkgs/development/libraries/jitterentropy/default.nix Outdated Show resolved Hide resolved
pkgs/development/libraries/jitterentropy/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/rng-tools/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/rng-tools/default.nix Outdated Show resolved Hide resolved
pkgs/tools/security/rng-tools/default.nix Outdated Show resolved Hide resolved
@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 23, 2018

And for broader comments:

  • Consider adding enableParallelBuilding = true in both packages (these are not big builds but still)
  • Is jitter entropy source considered experimental? Is it disabled by default upstream or was it your choice?

@JohnAZoidberg
Copy link
Member Author

JohnAZoidberg commented Oct 23, 2018
edited

Thank you for the thorough review!

Do we add enableParallelBuilding = true for all packages if it doesn't seem to cause problems?

No, upstream enables everything by default if it sees that the dependency is installed. I disabled the nistbeacon because I don't want to make people's entropy pool unsuitable for cryptography without them knowing because that's probably what they would want to use this for.
Yeah, I thought about disabling jitterentropy by default, too, because I'm not entirely convinced it's numbers are of the same quality as the other hardware random sources. I'll disable it and ask the maintainers of both projects if they think it's safe to use.

@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 23, 2018
edited

Do we add enableParallelBuilding = true for all packages if it doesn't seem to cause problems?

Yes. It's not the default because some packages break with this, but otherwise it's good practice to add it (after testing) and benefit from faster builds :)

Regarding rng-tools configure flags I think your defaults are sane as is (RDRAND with libgcrypt enabled / NIST beacon and jitter entropy on-demand only). I was mostly curious. 🐈

@JohnAZoidberg
Copy link
Member Author

Alright :)
Why does ofborg-eval still fail? I can't seem to view the errors.
Is it okay that the no-aliases check fails or should I rename the libsysfs argument to sysfsutils?

@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 23, 2018

Ah yes... seems you need libsysfs -> sysfsutils because libsysfs is now just an alias that might be deprecated/removed later.

@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 23, 2018

@GrahamcOfBorg build jitterentropy rng-tools

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: jitterentropy

The following builds were skipped because they don't evaluate on aarch64-linux: rng-tools

Partial log (click to expand)

ln -s libjitterentropy.so.2 /nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2/lib/libjitterentropy.so
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2
shrinking /nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2/lib/libjitterentropy.so.2.1.2
gzipping man pages under /nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2/share/man/
strip is /nix/store/p9akxn2sfy4wkhqdqa3li97pc6jaz3r1-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2/lib
patching script interpreter paths in /nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2
checking for references to /build in /nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2...
/nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: jitterentropy

The following builds were skipped because they don't evaluate on x86_64-linux: rng-tools

Partial log (click to expand)

ln -s libjitterentropy.so.2 /nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2/lib/libjitterentropy.so
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2
shrinking /nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2/lib/libjitterentropy.so.2.1.2
gzipping man pages under /nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2/share/man/
strip is /nix/store/vcc4svb8gy29g4pam2zja6llkbcwsyiq-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2/lib
patching script interpreter paths in /nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2
checking for references to /build in /nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2...
/nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2

@JohnAZoidberg
Copy link
Member Author

The attribute in pkgs is called rng_tools with an underscore... That's why ofborg can't evaluate your request.
We could change it and add an alias for the underscore, it looks like that is what we do for many other packages.

@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 23, 2018
edited

Yes. If you're up for it it's indeed a good occasion the change the name to rng-tools in pkgs/top-level/all-packages.nix and add an alias for rng_tools in pkgs/top-level/aliases.nix for retrocompat

And make this package compliant with the naming guidelines

@c0bw3b c0bw3b self-assigned this Oct 23, 2018
@c0bw3b
nixos/rngd: use new name pkgs.rng-tools
b2f6aa0 
Instead of pkgs.rng_tools which is now an alias
@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 24, 2018

@GrahamcOfBorg build jitterentropy rng-tools

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: jitterentropy, rng-tools

Partial log (click to expand)

shrinking /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6/bin/rngtest
shrinking /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6/sbin/rngd
gzipping man pages under /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6/share/man/
strip is /nix/store/vcc4svb8gy29g4pam2zja6llkbcwsyiq-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6/bin  /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6/sbin
patching script interpreter paths in /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6
checking for references to /build in /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6...
moving /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6/sbin/* to /nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6/bin
/nix/store/n71m1f6dbdcbn66qdr22bnm6xvas85nj-jitterentropy-2.1.2
/nix/store/xhd1rkdc13g77c4ydzxyfpma3fgnb9w9-rng-tools-6.6

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: jitterentropy, rng-tools

Partial log (click to expand)

shrinking /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6/sbin/rngd
shrinking /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6/bin/rngtest
gzipping man pages under /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6/share/man/
strip is /nix/store/p9akxn2sfy4wkhqdqa3li97pc6jaz3r1-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6/bin  /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6/sbin
patching script interpreter paths in /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6
checking for references to /build in /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6...
moving /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6/sbin/* to /nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6/bin
/nix/store/2g7f60q3jymddsxb37ccnvj0zkwzskfk-jitterentropy-2.1.2
/nix/store/xj190q2ln93pw6829q1gjknbsad62920-rng-tools-6.6

@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 24, 2018

@JohnAZoidberg I took the liberty to add a commit on top of yours to use the new pkg name in the rngd service module. The alias remains needed for out of tree users.

@c0bw3b c0bw3b merged commit 9b2059f into NixOS:master Oct 24, 2018
@c0bw3b c0bw3b mentioned this pull request Oct 28, 2018
Merged
9 tasks
@JohnAZoidberg JohnAZoidberg deleted the rng-tools-6.6 branch April 27, 2019 02:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c0bw3b c0bw3b c0bw3b approved these changes

Assignees

@c0bw3b c0bw3b

Labels
6.topic: nixos 8.has: clean-up 8.has: module (update) 8.has: package (new) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@JohnAZoidberg @c0bw3b @GrahamcOfBorg