Back to bit-babbler PTS page

Accepted bit-babbler 0.8 (source amd64) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted bit-babbler 0.8 (source amd64) into unstable
From: Ron Lee <ron@debian.org>
Date: Mon, 12 Feb 2018 10:49:12 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1elBfc-0008qu-Rd@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Feb 2018 10:26:52 +1030
Source: bit-babbler
Binary: bit-babbler bit-babbler-dbg
Architecture: source amd64
Version: 0.8
Distribution: unstable
Urgency: medium
Maintainer: Ron Lee <ron@debian.org>
Changed-By: Ron Lee <ron@debian.org>
Description:
 bit-babbler - BitBabbler hardware TRNG and kernel entropy source support
 bit-babbler-dbg - debugging symbols for BitBabbler tools
Changes:
 bit-babbler (0.8) unstable; urgency=medium
 .
   * Support hotplugging devices into libvirt guest domains which have names
     containing characters that are not valid as part of a shell variable name.
     Another reminder that the important part of keeping things as simple as
     possible is always the "as possible" bit.
 .
   * Support reading seedd(1) options from a configuration file.  The original
     design plan explicitly avoided this, partly just to keep the code as
     simple and easy to audit as possible, and partly because it was desirable
     to make invocation as simple and foolproof as possible.  The more options
     that something has, the easier it is to make some mistake with running it
     which could have subtle and even serious consequences.  But we are at the
     point now where there are enough real alternative options which are either
     genuinely desirable or needed for some use case, that the balance becomes
     weighted toward being able to keep persistent configuration settings in a
     file rather than having to spell them out on the command line each time.
 .
     The final straw for making this change now was the inability of systemd to
     sanely support the existing simplified configuration interface that was
     provided in /etc/default/seedd for the SysV init script.  When given the
     alternative choices available to us of either adding a shell wrapper to
     do what systemd could not, or forcing people to manually edit or override
     the systemd unit directly to make any configuration change, this was
     clearly the Lesser Evil to embrace if we were going to provide a native
     systemd unit for the system daemon.  The former gains us nothing over the
     existing LSB init script, and the latter would require every user to first
     have a solid grasp of all the non-obvious consequences which can come into
     play when configuring a system which (according to systemd.directives(7))
     "contains 2464 entries in 13 sections, referring to 241 individual manual
     pages" - and where even package maintainers and systemd upstream still
     make mistakes that can take a long time for the real consequences to be
     noticed.  So if we were to provide a systemd unit, it needs to be well
     tested and give people few, if any, reasons to ever need to modify it.
 .
   * Preserve existing configuration on package upgrades.  The new default
     configuration file behaves the same way as the old defaults did.  If the
     settings in /etc/default/seedd have been customised, then on upgrade we
     generate a custom /etc/bit-babbler/seedd.conf implementing the same set
     of options.  The old customised file content will be retained, and can
     be found in /etc/default/seedd.dpkg-old, in case there was anything else
     in it which people might also want to keep, but after checking for that
     it can safely be removed by the system admin.  Nothing from this package
     uses files in /etc/default from this version onward.
 .
   * Two systemd unit files are now included in this package, but only one is
     enabled by default.
 .
     The seedd.service unit provides the same functionality as the SysV init
     script does, and will be used instead of it on systems where systemd is
     running as the init process.  It will start the seedd(1) daemon as soon
     as possible during boot, reading its options from the new configuration
     file, and if feeding entropy to the kernel it will begin doing so as soon
     as the available USB devices are announced to the system by udev.
 .
     The seedd-wait.service oneshot unit is not enabled by default. It provides
     a simple sequence point which may be used to ensure that QA checked seed
     entropy from available BitBabbler devices can be mixed into the kernel's
     pool before other ordinary services which might rely upon it are started.
     This is its default behaviour if it is simply enabled, and ordinarily it
     will not delay the boot for very long, only until udev announces a device
     that we can read some good seed bits from.  By default this will time out
     after 30 seconds if good entropy cannot be obtained, which should be more
     than enough time to get a good seed if that was going to be possible, but
     won't completely cripple the system when it is acceptable for it to still
     be running without having a working BitBabbler attached.
 .
     Additionally, the seedd-wait.service can also be used to place a harder
     constraint on individual services, if there are particular things which
     the local admin does not want started at all if good seed entropy was not
     obtained.  Or it can be configured to divert the boot to a degraded mode
     (such as the single-user mode emergency.target) if the availability of
     good entropy from a BitBabbler should be a hard requirement for the whole
     system.  For more details of its use see the BOOT SEQUENCING section of
     the seedd(1) manual page.
Checksums-Sha1:
 36ce6275cdadda5e1b0d31aa0cdd9b8f0af58c7c 1526 bit-babbler_0.8.dsc
 18911dd67c769431b4c11e453d8124853383f553 396918 bit-babbler_0.8.tar.gz
 e6c6529e4645f0310bffbaba7c999912249be17a 1444300 bit-babbler-dbg_0.8_amd64.deb
 a124f416f91e7b38cbeabdc46b3597cba5aa591b 5711 bit-babbler_0.8_amd64.buildinfo
 56777586c52d9553cd874e7f3e5d1731429eeed8 283872 bit-babbler_0.8_amd64.deb
Checksums-Sha256:
 1d500102dada6bc113fd671122e32bdc76435b3d8769246033295bea6b8109a4 1526 bit-babbler_0.8.dsc
 d1fc35842cdc929ee0109852219429facf67c0ef1f553b77b90fa792d40209e2 396918 bit-babbler_0.8.tar.gz
 687ebe164e025cad9d772d3fbea954f064929efd2892a8a315c9a3864846bbcd 1444300 bit-babbler-dbg_0.8_amd64.deb
 c2380c2682fd767858fd1e6f542a4a66dd62f3d70fced6a7d2fb4f393c2342b5 5711 bit-babbler_0.8_amd64.buildinfo
 f02d94547cb4e98b6fde046c496ce93bc53b63150bf45a0b994d894c519382d3 283872 bit-babbler_0.8_amd64.deb
Files:
 fe678ddd4d38927eb2299b1ac9d21abc 1526 admin optional bit-babbler_0.8.dsc
 76614ae4e62acf6e1abfb507f4dfc650 396918 admin optional bit-babbler_0.8.tar.gz
 1a38fb20fd2f5fc3cf91d5ff80bd9ad3 1444300 debug extra bit-babbler-dbg_0.8_amd64.deb
 3fc1107970762ba93e6859470a052bbe 5711 admin optional bit-babbler_0.8_amd64.buildinfo
 6cf0c4b088bab8e7bbe664bcf596b198 283872 admin optional bit-babbler_0.8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJagWuQAAoJECSWn9pgwHEsI9kQAJdvBWGcgmQFeap6YRjhuUCn
hYQIgf88WXEuHO6Q700yjfSaUajBTW0W7XmHBt93iENMvyaJrcGvMdgKGa8k57bF
zPEdLngjzYlsX2J/I8MgZ2Mfbdowq6p10riX2skmhuxBF4jLOyczsA26oasJQlpQ
hXQvFaeRtuJvVTEV1wDD2Q6HQdIrQEhM14r90noFgf4oonJpUyq6zhk2mM7z5E0k
o5vrlk0PQcqazZ3J2SqV3w61dMX6Uu3aZJNmtgylJ47NRuS+Av8+Qnjh/P7F7bop
eIO6cvNDfJ3t32ZMjmVkL62yrXY3G56nfAm2smNeRRY/fUzeDPJ+zbgvnjX2QSBk
y9Gjc1uLUbu6bsRBJShtWp8zIoBA3aTPHgy3Kv62QKgxI3mbKr1t78Q5YfReUOF7
XNUfozrNL4JFvYV/pYsWtY9xswR4ZUyKT1qIfCmhrPwb/hHKoJDjlxIVmqFwvrEg
LBayqlupbgn9mOHZ5+H/Oq4tW7EpT1fJvz1MgGGBt9RakPOhGUJPj0DersZ98rtg
N2idttBFIUxauwhxM8dzUz6wjRKuLDU4lzgW2dLPEUj6qs0iLePW3dsaGFVyO6gJ
pkMuQQjrrxOuVWDU2rzwUTIm/QCvE34fGFfl5zjktNXTmKwnp0QkOIc5cDlNhhTU
Gs7tTEDWfvuGYW1VauJp
=7vTb
-----END PGP SIGNATURE-----