Merge pull request #2357 from justincormack/arm64-rngd

Support rngd on arm64

examples/aws.yml

@@ -16,7 +16,7 @@ onboot:
     image: linuxkit/metadata:cec86f3e1c260c9eafefa80c262fceb40c182ddf
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: sshd
     image: linuxkit/sshd:505a985d7bd7a90f15eca9cb4dc6ec92789d51a0
     binds:

examples/azure.yml

@@ -11,7 +11,7 @@ onboot:
     image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: sshd

examples/docker.yml

@@ -22,7 +22,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: ntpd

examples/gcp.yml

@@ -20,7 +20,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: sshd
     image: linuxkit/sshd:505a985d7bd7a90f15eca9cb4dc6ec92789d51a0
     binds:

examples/getty.yml

@@ -19,7 +19,7 @@ services:
     #env:
     # - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
 files:
   - path: etc/getty.shadow
     # sample sets password for root to "abcdefgh" (without quotes)

examples/node_exporter.yml

@@ -11,7 +11,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: node_exporter

examples/packet.yml

@@ -11,7 +11,7 @@ onboot:
     image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: sshd

examples/sshd.yml

@@ -10,7 +10,7 @@ onboot:
   - name: sysctl
     image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051
   - name: rngd1
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
     command: ["/sbin/rngd", "-1"]
 services:
   - name: getty
@@ -18,7 +18,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: sshd

examples/swap.yml

@@ -28,7 +28,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: nginx
     image: nginx:alpine
     capabilities:

examples/tpm.yml

@@ -20,7 +20,7 @@ services:
   - name: tss
     image: linuxkit/tss:7f7d8d3d76d764e3130dd92f52c4944908c8bd80
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
 files:
   - path: etc/getty.shadow
     # sample sets password for root to "abcdefgh" (without quotes)

examples/vmware.yml

@@ -15,7 +15,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: nginx

examples/vultr.yml

@@ -20,7 +20,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: sshd
     image: linuxkit/sshd:505a985d7bd7a90f15eca9cb4dc6ec92789d51a0
     binds:

linuxkit.yml

@@ -22,7 +22,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: nginx
     image: nginx:alpine
     capabilities:

pkg/rngd/Makefile

@@ -1,5 +1,4 @@
 IMAGE=rngd
 DEPS:=$(wildcard cmd/rngd/*.go) $(shell find cmd/rngd/vendor)
-ARCHES=x86_64
 
 include ../package.mk

pkg/rngd/cmd/rngd/main.go

@@ -2,10 +2,14 @@
 
 package main
 
+// int rndaddentropy;
+import "C"
+
 import (
 	"flag"
 	"log"
 	"os"
+	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -69,3 +73,24 @@ func main() {
 		}
 	}
 }
+
+type randInfo struct {
+	entropyCount int
+	size         int
+	buf          uint64
+}
+
+func writeEntropy(random *os.File) (int, error) {
+	r, err := rand()
+	if err != nil {
+		// assume can fail occasionally
+		return 0, nil
+	}
+	const entropy = 64 // they are good random numbers, Brent
+	info := randInfo{entropy, 8, r}
+	ret, _, err := unix.Syscall(unix.SYS_IOCTL, uintptr(random.Fd()), uintptr(C.rndaddentropy), uintptr(unsafe.Pointer(&info)))
+	if ret == 0 {
+		return 8, nil
+	}
+	return 0, err
+}

pkg/rngd/cmd/rngd/rng_linux_amd64.go

@@ -37,10 +37,6 @@ import "C"
 import (
 	"errors"
 	"flag"
-	"os"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
 )
 
 var disableRdrand = flag.Bool("disable-rdrand", false, "Disable use of RDRAND")
@@ -48,12 +44,6 @@ var disableRdseed = flag.Bool("disable-rdseed", false, "Disable use of RDSEED")
 
 var hasRdrand, hasRdseed bool
 
-type randInfo struct {
-	entropyCount int
-	size         int
-	buf          uint64
-}
-
 func initRand() bool {
 	hasRdrand = C.hasrdrand() == 1 && !*disableRdrand
 	hasRdseed = C.hasrdseed() == 1 && !*disableRdseed
@@ -72,18 +62,3 @@ func rand() (uint64, error) {
 	}
 	return 0, errors.New("No randomness available")
 }
-
-func writeEntropy(random *os.File) (int, error) {
-	r, err := rand()
-	if err != nil {
-		// assume can fail occasionally
-		return 0, nil
-	}
-	const entropy = 64 // they are good random numbers, Brent
-	info := randInfo{entropy, 8, r}
-	ret, _, err := unix.Syscall(unix.SYS_IOCTL, uintptr(random.Fd()), uintptr(C.rndaddentropy), uintptr(unsafe.Pointer(&info)))
-	if ret == 0 {
-		return 8, nil
-	}
-	return 0, err
-}

pkg/rngd/cmd/rngd/rng_linux_arm64.go

@@ -0,0 +1,21 @@
+package main
+
+// #include <linux/random.h>
+//
+// int rndaddentropy = RNDADDENTROPY;
+//
+import "C"
+
+import (
+	"errors"
+)
+
+// No standard RNG on arm64
+
+func initRand() bool {
+	return false
+}
+
+func rand() (uint64, error) {
+	return 0, errors.New("No randomness available")
+}

pkg/rngd/cmd/rngd/rng_unsupported.go

@@ -1,4 +1,4 @@
-// +build !linux !amd64
+// +build !linux !amd64,!arm64
 
 package main
 

projects/compose/compose-dynamic.yml

@@ -21,7 +21,7 @@ onboot:
     command: ["/usr/bin/mountie", "/var/lib/docker"]
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: ntpd
     image: linuxkit/openntpd:0d7befc79842849d0b88d6c3b64200e340d7cf67
   - name: docker

projects/compose/compose-static.yml

@@ -21,7 +21,7 @@ onboot:
     command: ["/usr/bin/mountie", "/var/lib/docker"]
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: ntpd
     image: linuxkit/openntpd:0d7befc79842849d0b88d6c3b64200e340d7cf67
   - name: docker

projects/etcd/etcd.yml

@@ -21,7 +21,7 @@ onboot:
     image: linuxkit/metadata:cec86f3e1c260c9eafefa80c262fceb40c182ddf
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: ntpd
     image: linuxkit/openntpd:0d7befc79842849d0b88d6c3b64200e340d7cf67
   - name: node_exporter

projects/ima-namespace/ima-namespace.yml

@@ -15,7 +15,7 @@ onboot:
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: nginx
     image: nginx:alpine
     capabilities:

projects/kubernetes/kube-master.yml

@@ -32,7 +32,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: ntpd
     image: linuxkit/openntpd:0d7befc79842849d0b88d6c3b64200e340d7cf67
   - name: sshd

projects/kubernetes/kube-node.yml

@@ -32,7 +32,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: ntpd
     image: linuxkit/openntpd:0d7befc79842849d0b88d6c3b64200e340d7cf67
   - name: sshd

projects/logging/examples/logging.yml

@@ -15,7 +15,7 @@ onboot:
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: nginx
     image: nginx:alpine
     capabilities:

projects/miragesdk/examples/fdd.yml

@@ -16,7 +16,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
 files:

projects/okernel/examples/okernel_simple.yaml

@@ -11,7 +11,7 @@ onboot:
     image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: sshd

projects/shiftfs/shiftfs.yml

@@ -18,7 +18,7 @@ services:
     env:
      - INSECURE=true
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: nginx
     image: nginx:alpine
     capabilities:

projects/swarmd/swarmd.yml

@@ -31,7 +31,7 @@ services:
     binds:
       - /dev/vport0p1:/dev/vport0p1
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: ntpd
     image: linuxkit/openntpd:0d7befc79842849d0b88d6c3b64200e340d7cf67
   - name: weave

test/cases/030_security/000_docker-bench/test-docker-bench.yml

@@ -18,7 +18,7 @@ onboot:
     command: ["/usr/bin/mountie", "/var/lib/docker"]
 services:
   - name: rngd
-    image: linuxkit/rngd:b2f4bdcb55aa88a25c86733e294628614504f383
+    image: linuxkit/rngd:558e86a36242bb74353bc9287b715ddb8567357e
   - name: dhcpcd
     image: linuxkit/dhcpcd:f3f5413abb78fae9020e35bd4788fa93df4530b7
   - name: docker