Enabled haveged-switch-root.service for Fedora RPM

4 files changed, 66 insertions, 32 deletions

diff --git a/contrib/Fedora/haveged-dracut.module b/contrib/Fedora/haveged-dracut.module
index 80eb2c5..ed5f851 100755
--- a/contrib/Fedora/haveged-dracut.module
+++ b/contrib/Fedora/haveged-dracut.module
@@ -16,9 +16,11 @@ installkernel() {
 install() {
     inst_multiple -o \
         /usr/sbin/haveged \
-        $systemdsystemunitdir/haveged.service
+        $systemdsystemunitdir/haveged.service \
+        $systemdsystemunitdir/haveged-switch-root.service
     mkdir -p "$initdir/$systemdsystemunitdir/sysinit.target.wants"
     mkdir -p "$initdir/$systemdsystemunitdir/initrd-switch-root.target.wants"
     mkdir -p "$initdir/$systemdsystemunitdir/systemd-journald.service.wants"
     ln_r "$systemdsystemunitdir/haveged.service" "$systemdsystemunitdir/systemd-journald.service.wants/haveged.service"
+    ln_r "$systemdsystemunitdir/haveged-switch-root.service" "$systemdsystemunitdir/initrd-switch-root.target.wants/haveged-switch-root.service"
 }
diff --git a/contrib/Fedora/haveged-switch-root.service b/contrib/Fedora/haveged-switch-root.service
new file mode 100644
index 0000000..9757da4
--- /dev/null
+++ b/contrib/Fedora/haveged-switch-root.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Tell haveged about new root
+DefaultDependencies=no
+ConditionPathExists=/etc/initrd-release
+Before=initrd-switch-root.service
+JoinsNamespaceOf=haveged.service
+
+[Service]
+ExecStart=-/usr/sbin/haveged -c root=/sysroot
+PrivateNetwork=yes
+Type=oneshot
+StandardInput=null
+StandardOutput=null
+StandardError=null
+
+[Install]
+WantedBy=initrd-switch-root.target
diff --git a/contrib/Fedora/haveged.service b/contrib/Fedora/haveged.service
new file mode 100644
index 0000000..6217765
--- /dev/null
+++ b/contrib/Fedora/haveged.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=Entropy Daemon based on the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+After=systemd-tmpfiles-setup-dev.service
+Before=sysinit.target shutdown.target systemd-journald.service
+
+[Service]
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
+Restart=always
+SuccessExitStatus=137 143
+
+SecureBits=noroot-locked
+CapabilityBoundingSet=CAP_SYS_ADMIN
+# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
+PrivateTmp=false
+PrivateDevices=true
+PrivateNetwork=true
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+RestrictNamespaces=true
+RestrictRealtime=true
+
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@mount
+SystemCallErrorNumber=EPERM
+
+[Install]
+WantedBy=sysinit.target
diff --git a/contrib/Fedora/haveged.spec b/contrib/Fedora/haveged.spec
index 2ac0364..8698b26 100644
--- a/contrib/Fedora/haveged.spec
+++ b/contrib/Fedora/haveged.spec
@@ -1,3 +1,4 @@
+%define dracutlibdir lib/dracut
 Summary:        A Linux entropy source using the HAVEGE algorithm
 Name:           haveged
 Version:        1.9.14
@@ -8,6 +9,7 @@ Source0:        https://github.com/jirka-h/%{name}/archive/v%{version}/%{name}-%
 Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
+                  TODO - PATCH - DISABLE SYSLOG
 
 BuildRequires:  gcc
 BuildRequires:  automake coreutils glibc-common systemd-units
@@ -59,8 +61,9 @@ chmod 0644 COPYING README ChangeLog AUTHORS
 
 #Install systemd service file
 sed -e 's:@SBIN_DIR@:%{_sbindir}:g' -i init.d/service.fedora
-install -Dpm 0644 init.d/service.fedora %{buildroot}%{_unitdir}/%{name}.service
-install -Dpm 0755 contrib/Fedora/haveged-dracut.module %{buildroot}/%{_libdir}/dracut/modules.d/98%{name}/module-setup.sh
+install -Dpm 0644 contrib/Fedora/haveged.service %{buildroot}%{_unitdir}/%{name}.service
+install -Dpm 0644 contrib/Fedora/haveged-switch-root.service %{buildroot}%{_unitdir}/%{name}-switch-root.service
+install -Dpm 0755 contrib/Fedora/haveged-dracut.module %{buildroot}/${dracutlibdir}/modules.d/98%{name}/module-setup.sh
 install -Dpm 0644 contrib/Fedora/90-haveged.rules %{buildroot}%{_udevrulesdir}/90-%{name}.rules
 
 # We don't ship .la files.
@@ -71,47 +74,24 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot
 
 %post
 /sbin/ldconfig
-%if 0%{?systemd_post:1}
-%systemd_post haveged.service
-%else
-if [ $1 = 1 ]; then
-    # Initial installation
-    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
-fi
-%endif
+%systemd_post %{name}.service %{name}-switch-root.service
 
 %preun
-%if 0%{?systemd_preun:1}
-%systemd_preun haveged.service
-%else
-if [ $1 = 0 ]; then
-    # Package removal, not upgrade
-    /bin/systemctl --no-reload disable haveged.service >/dev/null 2>&1 || :
-    /bin/systemctl stop haveged.service >/dev/null 2>&1 || :
-fi
-%endif
+%systemd_preun %{name}.service %{name}-switch-root.service
 
 %postun
-%if 0%{?systemd_postun_with_restart:1}
-%systemd_postun_with_restart haveged.service
-%else
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ]; then
-    # Package upgrade, not uninstall
-    /bin/systemctl try-restart haveged.service >/dev/null 2>&1 || :
-fi
-%endif
+%systemd_postun_with_restart %{name}.service %{name}-switch-root.service
 /sbin/ldconfig
 
 %files
 %{_mandir}/man8/haveged.8*
 %{_sbindir}/haveged
-%{_unitdir}/haveged.service
+%{_unitdir}/*.service
 %{_libdir}/*so.*
 %{_defaultdocdir}/*
 %{_udevrulesdir}/*-%{name}.rules
-%dir %{_libdir}/dracut/modules.d/98%{name}
-%{_libdir}/dracut/modules.d/98%{name}/*
+%dir %{_prefix}/%{dracutlibdir}/modules.d/98%{name}
+%{_prefix}/%{dracutlibdir}/modules.d/98%{name}/*
 
 %files devel
 %{_mandir}/man3/libhavege.3*