When I try to start rngd on my computer the init script does not start saying * Starting rngd ... rngd: Too many arguments Try `rngd --help' or `rngd --usage' for more information. * start-stop-daemon: failed to start `/usr/sbin/rngd' * Failed to start rngd [ !! ] * ERROR: rngd failed to start Reproducible: Always The reason is that the find_device() function in the init script finds two devices on my computer. So there are two ways to fix the problem: - edit /etc/conf.d/rngd adding a proper "DEVICE=/dev/blah" or fix the find_device() that it will quit searching when the first device from the list is found --- /etc/init.d/rngd.orig 2013-08-16 00:31:58.910311131 +0200 +++ /etc/init.d/rngd 2013-08-16 00:34:37.547016321 +0200 @@ -11,12 +11,13 @@ # Do NOT add /dev/tpm to this. DEFAULT_DEVICE="/dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng*" +DEFAULT_DEVICE="/dev/lala /dev/lzlz /dev/hw_random* /dev/hwrandom* /dev/i810_rng /dev/hwrng*" find_device() { local d # The echo is to cause globbing for d in $(echo ${DEFAULT_DEVICE}) ; do - [ -e "${d}" ] && echo "${d}" + [ -e "${d}" ] && echo "${d}" && break done } The second fix works well for me.
The previous patch contains a line from my tests.... the correct patch is --- /etc/init.d/rngd.orig 2013-08-16 00:31:58.910311131 +0200 +++ /etc/init.d/rngd 2013-08-16 07:32:18.411627177 +0200 @@ -16,7 +16,7 @@ local d # The echo is to cause globbing for d in $(echo ${DEFAULT_DEVICE}) ; do - [ -e "${d}" ] && echo "${d}" + [ -e "${d}" ] && echo "${d}" && break done } sorry for the confusion.
Created attachment 356180 [details, diff] /etc/init.d/rngd Please attach patches in the future, thank you.
I've hit the same problem today with sys-apps/rng-tools-4-r5 on x86. Notice below that --rng-device gets passed two parameters (both exist on my system). Martin Dummer's '&& break' fix works * Starting rngd ... + yesno '' + '[' -z '' ']' + return 1 + yesno '' + '[' -z '' ']' + return 1 + eval start-stop-daemon --start --exec /usr/sbin/rngd --pidfile /var/run/rngd.pid --wait 1000 -- --pid-file /var/run/rngd.pid --background --random-step 64 --fill-watermark 2048 --rng-device /dev/hw_random /dev/hwrng ++ start-stop-daemon --start --exec /usr/sbin/rngd --pidfile /var/run/rngd.pid --wait 1000 -- --pid-file /var/run/rngd.pid --background --random-step 64 --fill-watermark 2048 --rng-device /dev/hw_random /dev/hwrng rngd: Too many arguments Try `rngd --help' or `rngd --usage' for more information. * start-stop-daemon: failed to start `/usr/sbin/rngd' + eend 1 'Failed to start rngd' * Failed to start rngd [ !! ] + yesno '' + '[' -z '' ']' + return 1 + return 1 + exit 1 * ERROR: rngd failed to start
I am not sure if doing && break is appropriate, because 1) rngd may be able to use more devices at the same time (passing --rnd-device twice does not produce errors) 2) the first device found provides less entropy than the second On my machine, they seem to be the same: l /dev/hw* crw-rw---- 1 root root 10, 183 Jul 8 12:56 /dev/hw_random crw------- 1 root root 10, 183 Jul 8 12:56 /dev/hwrng on others, there may be more sources, a simple -e file check will not do in the init script. Someone needs to review the security implications of this "trivial" fix.
(In reply to Fedja Beader from comment #4) > I am not sure if doing && break is appropriate, because > 1) rngd may be able to use more devices at the same time (passing > --rnd-device twice does not produce errors) > > > 2) the first device found provides less entropy than the second > On my machine, they seem to be the same: > l /dev/hw* > crw-rw---- 1 root root 10, 183 Jul 8 12:56 /dev/hw_random > crw------- 1 root root 10, 183 Jul 8 12:56 /dev/hwrng > > on others, there may be more sources, a simple -e file check will not do in > the init script. > > > Someone needs to review the security implications of this "trivial" fix. I don't think you have two devices. If you look at the (major, minor), both devices have (10,183). They seem to be aliases to the same device. Also, if you pass two --rnd-device to rngd, the second one will override the first.
hwrandom provides a unified interface for multiple RNGs and as such there can be only one hwrandom device node under /dev. It is possible to query available RNGs by reading '/sys/class/misc/hw_random/rng_available' and current RNG by reading '/sys/class/misc/hw_random/rng_current'. The proposed patch should fix the issue. Perhaps a better way to check is to see if /dev/char/10:38 is available rather than trying a combination of strings.
Created attachment 406952 [details, diff] Proposed fix for rngd init The name change from "hw_random" to "hwrng" introduced by the commit d405640539555b601e52f7d18f1f0b1345d18bf5 roughly 6 years ago[1]. I am not sure why there are two device nodes for some people. Could it be that "hw_random" statically created with mknod some years ago and never deleted? I propose the removal of find_device() function altogether. The kernel by default creates it under '/dev/hwrng' and people with custom setups can still utilize '/etc/conf.d/rngd' to specify the device. [1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d405640539555b601e52f7d18f1f0b1345d18bf5
To err on the side of caution I have made a files/rngd-initd-r1-4.1 and added it and edited the ebuild accordingly. Setting to TEST-REQUEST to allow for any fine tuning. grief this was made for rng-tools-4-r6 which has been purged and -r7 made stable. For now just revbumping rng-tools-5.ebuild. *rng-tools-5-r1 (17 Jul 2015) 17 Jul 2015; Ian Delaney <idella4@gentoo.org> +files/rngd-initd-r1-4.1, +rng-tools-5-r1.ebuild, metadata.xml: rebump; fix to init script, patch by new proxy maintainer via Bug #481254, metadata.xml updated accordingly Members of base-system <herd>base-system</herd> are welcome to comment here. Suggested plan; Confirmation of new patch, advice re revbumping rng-tools-4-r7, make the revbumped rng-tools-5 stable and purge old versions and broken init script.
Oops needed to CC base-system
Changing the title as this bug applies to both rng-tools-4 and rng-tools-5 per shared init script.
I did a fresh amd64 install this week and I also see two device nodes, namely "hw_random" and "hwrng". I did another gentoo install few weeks ago and that one doesn't suffer from this. I think it's important to pinpoint why this is happening. Not sure if it's related but the one with two nodes uses gentoo-sources whereas the other uses vanilla-sources.
The culprit is mdev, which is included in initramfs by genkernel. When mdev is invoked to populate /dev (mdev -s), it scans /sys/class, finds the entry '/sys/class/misc/hw_random/dev' and creates /dev/hw_random. However, the kernel uses 'hw_random' for /sys entries and 'hwrng' for the dev node. When combined with the kernel option 'CONFIG_DEVTMPFS', this results in having two nodes under /dev (namely 'hw_random' and 'hwrng) that point to the same device.
Genkernel has been notified with bug 561102. mdev users who don't enable CONFIG_DEVTMPFS in their kernel will always end up with '/dev/hw_random' as opposed to '/dev/hwrng'. However, per gentoo wiki [1], enabling CONFIG_DEVTMPFS_MOUNT is part of the setup. The proposed fix still applies. [1] https://wiki.gentoo.org/wiki/Mdev
Pull request submitted: https://github.com/gentoo/gentoo/pull/95
In the tree: https://gitweb.gentoo.org/repo/gentoo.git/commit/sys-apps/rng-tools?id=a35142f9dcb21c96f08207fada56341d0ec8e20a
