pollen (4.21) released; urgency=medium
* check_pollen:
- note the number of short bytes in the error log message
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:25:58 -0700
pollen (4.20-0ubuntu1) wily; urgency=medium
* debian/pollen.upstart: LP: #1505473
- remove typo in the upstart config which was preventing the service from starting
* rebuild the packages for upload
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:25:54 -0700
pollen (4.19-0ubuntu1) wily; urgency=medium
* debian/pollen.upstart: LP: #1505473
- remove typo in the upstart config which was preventing the service from starting
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Oct 2015 10:21:08 -0700
pollen (4.18-0ubuntu1) wily; urgency=medium
* pollen.go:
- add the "available" word to the log
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 09 Sep 2015 15:22:56 -0500
pollen (4.17-0ubuntu1) unstable; urgency=medium
* debian/pollen.postrm:
- clear out certificates on purge
* debian/pollen.default:
- quote the variable definition, for consistency
* debian/pollen.postinst:
- fix ssl cert generation, country must be <2 chars
* debian/pollen.service:
- put braces around environment variables; required to work at all
* pollen.go, usr.bin.pollen:
- log the entropy bits before and after the transaction
-- Dustin Kirkland <kirkland@ubuntu.com> Sat, 02 May 2015 18:39:13 -0500
pollen (4.16-0ubuntu1) vivid; urgency=medium
[ Matthias Klose ]
* debian/control:
- Build everywhere
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 25 Mar 2015 09:44:01 -0500
pollen (4.15-0ubuntu1) vivid; urgency=medium
[ Didier Roche ]
* debian/control, debian/pollen.service, debian/rules:
- Add systemd unit, following similar restart on failure and device
checking logic
- Bump Standards-Version
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 07 Jan 2015 13:06:05 -0600
pollen (4.14-0ubuntu1) vivid; urgency=medium
* pollen.go: LP: #1383738
- remove SSLv3 support
-- Dustin Kirkland <kirkland@ubuntu.com> Fri, 31 Oct 2014 16:31:23 -0500
pollen (4.13-0ubuntu1) vivid; urgency=medium
* debian/pollen-restart.upstart, debian/pollen.upstart, debian/rules:
- LP: #1386052
- add a new upstart job that restarts pollen any time the rsyslog server
is restarted
- this is necessary to work around a bug in the golang syslog library
where syslog restarts break logging
+ https://code.google.com/p/go/issues/detail?id=2264#c8
-- Dustin Kirkland <kirkland@ubuntu.com> Fri, 31 Oct 2014 16:08:39 -0500
pollen (4.12-0ubuntu1) utopic; urgency=medium
* debian/control:
- recommend rng-tools; we can do this, since pollen is in universe
* debian/pollen.postinst:
- minor change to the default self-signed cert; use 'localhost'
for the hostname; this is useful for testing pollinate against
the localhost with a self-signed cert
* README:
- update docs; pollinate no longer runs daily by default
* README:
- update some docs
* check_pollen:
- ensure that the nagios check catches log failures
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 23 Jul 2014 00:08:54 -0700
pollen (4.11-0ubuntu1) trusty; urgency=medium
* pollen_test.go:
- fix FTBFS
- hardcode device to /dev/urandom in unit tests, otherwise, our
entropy starved vm-based builders will fail the unit tests
and fail the build
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Mar 2014 22:56:20 +0900
pollen (4.10-0ubuntu1) trusty; urgency=low
* debian/control, debian/pollen.default, pollen.go, usr.bin.pollen:
- LP: #1293958
- suggest rng-tools (universe), which is needed to leverage tpm for
/dev/random entropy
- change default entropy source for pollen server to /dev/random
- update inline configuration documentation to reflect reality
- add rw of /dev/random to our apparmor whitelist
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Mar 2014 16:31:47 +0900
pollen (4.9-0ubuntu1) trusty; urgency=low
* debian/rules: LP: #1288807
- fix FTBFS, build using golang 'go build' rather than gccgo
-- Dustin Kirkland <kirkland@ubuntu.com> Thu, 06 Mar 2014 09:24:48 -0600
pollen (4.8-0ubuntu1) trusty; urgency=low
[ JuanJo Ciarlante and Dustin Kirkland ]
* check_pollen:
- use the new -t|--testing flag, to verify communications with the
server, runable as a non-privileged user, but not affecting the
local PRNG
-- Dustin Kirkland <kirkland@ubuntu.com> Fri, 28 Feb 2014 11:13:09 -0600
pollen (4.7-0ubuntu1) trusty; urgency=low
[ John Arbash Meinel ]
* .gitignore, pollen.go, pollen_test.go:
- This changes the 'handler' from being just a func() using global
state to being a struct with local state.
- It then moves the things like dev and log to being members of the
struct, with interfaces that let us override them in the test suite.
- It then adds a bunch of tests about how we handle failures, errors,
logging, the size flag, etc.
- The interfaces also mean that we won't try to spam syslog while running
the test suite.
- Another small change is that if you do:
pollen -https-port=""
Then it won't try to bind to the HTTP port with a cert.
- Since I'm not the official source for pollen, it helped for testing at
least the HTTP requests manually.
- This also fixes the help text for "-size" since it doesn't actually
change how much content we send on the wire, but how much content we
read from /dev/urandom (but it adds tests for that fact).
- go fmt, and some formatting tweaks
- actually do the right formatting
- use microsecond timing (ms was always 0)
- capture the length of time serving requests takes
[ Dustin Kirkland ]
* pollen.go:
- put brackets around request length of time value
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 26 Feb 2014 10:51:06 -0600
pollen (4.6-0ubuntu1) trusty; urgency=low
[ Caleb Spare ]
* pollen.go:
- Require the challenge query-string param to be provided
- don't create the random device, if it doesn't exist
[ Dustin Kirkland ]
* pollen_test.go:
- update test to handle required challenge string
* pollen.go:
- incorporate feedback from Adam Langley
- catch errors reading the random device
- add a note as to why we're checksumming the random seed
- update message when challenge empty
[ Caleb Spare and Dustin Kirkland ]
* debian/pollen.upstart, pollen.8, pollen.go:
- Use flags rather than positional arguments, and plumb bytes argument
through
[ Dustin Kirkland and Matt Croydon ]
* debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go:
- add support for specifying the TLS cert and key as command line
flags
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Feb 2014 23:18:55 -0600
pollen (4.5-0ubuntu1) trusty; urgency=low
[ Caleb Spare ]
* pollen.go, pollen_test.go:
- Bring naming in line with Go conventions
- Use shorter parameter names for an http.HandlerFunc
- Remove an unnecessary string conversion
- Print useful error if wrong arguments are given rather than crashing
- Don't ignore errors
- Rename http[s]Port to http[s]Addr for accuracy
- Handle errors starting the http servers
- Change some naming in the test
- Read from the provided device rather than always /dev/urandom
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 18 Feb 2014 14:50:52 -0600
pollen (4.4-0ubuntu1) trusty; urgency=low
[ Casey Marshall ]
* debian/control, debian/rules, Makefile, pollen.go, pollen_test.go:
- add unit tests for pollen server
[ Dustin Kirkland ]
* debian/pollen.lintian-overrides:
- override expected Lintian gripes
-- Dustin Kirkland <kirkland@ubuntu.com> Mon, 17 Feb 2014 12:51:51 -0600
pollen (4.3-0ubuntu1) trusty; urgency=low
* check_pollen:
- ensure that the nagios script uses the -r|--reseed option
-- Dustin Kirkland <kirkland@ubuntu.com> Mon, 17 Feb 2014 09:38:51 -0600
pollen (4.2-0ubuntu1) trusty; urgency=low
* pollen.go:
- remove redundant line
* README:
- remove deprecated bit of documentation
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 18:04:08 -0600
pollen (4.1-0ubuntu1) trusty; urgency=low
* debian/control:
- build on amd64 and i386 only
- these are the only builds I've been able to confirm when building
with golang-go
- note that this undoes the fix for LP: #1274074, but that's the
way it has to be, until either golang-go supports more architectures
or gccgo doesn't suck
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 10:11:19 -0600
pollen (4.0-0ubuntu1) trusty; urgency=low
* check_pollen, debian/control, debian/copyright,
debian/pollinate.default, debian/pollinate.install,
debian/pollinate.manpages, debian/pollinate.postinst,
debian/pollinate.postrm, debian/pollinate.upstart,
entropy.ubuntu.com.pem, INSTALL, Makefile, pollinate, pollinate.1:
- split pollen and pollinate into separate projects and packages
- re-enable the pollen build
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 11 Feb 2014 09:40:21 -0600
pollen (3.17-0ubuntu1) trusty; urgency=low
* pollinate:
- improve kernel debug info
* debian/control, debian/pollen.install, Makefile:
- TEMPORARILY disabling the building of pollen, until
either gccgo or golang-go get promoted to main
- this should be reverted as soon as a go compiler
is available as a build dep
-- Dustin Kirkland <kirkland@ubuntu.com> Mon, 10 Feb 2014 14:16:08 -0600
pollen (3.16-0ubuntu1) trusty; urgency=low
* pollinate:
- minor standardization of the user agent string
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 13:57:42 +0200
pollen (3.15-0ubuntu1) trusty; urgency=low
* debian/control: LP: #1274074
- build on any architecure, now that we build with gccgo
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 12:31:20 +0200
pollen (3.14-0ubuntu1) trusty; urgency=low
* debian/pollinate.postinst:
- fix order of operations, packaging breakage
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 05 Feb 2014 11:34:36 +0200
pollen (3.13-0ubuntu1) trusty; urgency=low
* README:
- fix more minor typos
- explain "did some work"
* debian/rules, Makefile:
- fix the build for gccgo
- must use the -g parameter
- don't strip binaries
- these are ugly, but are the result of gccgo vs golang-go
* pollinate:
- remove unused variable $cmd
* debian/pollinate.upstart:
- our upstart job should start on starting cloud-init, to ensure that
we get run before generating SSH keys
* debian/pollinate.install, debian/pollinate.postrm, pollen.go,
pollinate, pollinate.cron.d, README:
- drop the tag and cronjob per feedback from sarnold in the code audit
in LP: #1246098
* debian/pollinate.default, pollinate:
- add helpful debug info to user agent, similar to chrome and firefox,
* debian/pollinate.postinst, debian/pollinate.postrm,
debian/pollinate.upstart, pollinate, pollinate.1:
- use a pollinate user, rather than the daemon user
- by default, only run pollinate once per system instantiation
- offer reseeding as an option, though
* debian/control:
- need to depend on adduser
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 04 Feb 2014 11:51:22 +0200
pollen (3.12-0ubuntu1) trusty; urgency=low
* README:
- minor documentation feedback from Kees Cook
- note that pollen servers can of course be run internally
* debian/control:
- clean up package descriptions a bit
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 28 Jan 2014 22:16:10 +0000
pollen (3.11-0ubuntu1) trusty; urgency=low
* README:
- updates to the README
* debian/copyright, pollinate:
- the client should really be GPLv3, rather than AGPL
* debian/copyright:
- point to the local copy of GPLv3 license
-- Dustin Kirkland <kirkland@ubuntu.com> Mon, 27 Jan 2014 13:54:16 +0000
pollen (3.10-0ubuntu1) trusty; urgency=low
* debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
- have each client choose a random time of day to reseed,
at first run, rather than at package installation time
- this requires a very clever hack(!)
- install a "template" at /etc/cron.d/pollinate, with __MINUTE__
and __HOUR__ symbols that should be replaced by the client,
at first run
- cron requires that /etc/cron.d/pollinate be owned by root
- ideally we'd run the pollinate script as a non-root user (ie, daemon),
by specifying the daemon user in upstart and in the cronjob
- but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
- so here's the hack...
+ the upstart job installed by the package has "setuid root"
+ on its first run (which will be either at package install time, or
at boot), it will run as root and: a) update the cronjob to a random
time, and b) update the upstart job to run as daemon
+ woot
+ this works because both are conffiles
* debian/pollen.postinst, debian/pollinate.postinst,
debian/pollinate.postrm, pollinate:
- use /var/cache/pollinate, rather than /var/lib/pollinate
- this should make it more obvious that this data can be cleared out,
and should be cleared out, on re-bundles or snapshots and reimages
* debian/control, Makefile:
- switch from golang-go to gcc-go, so that we can get this source
package into Ubuntu main
* pollinate, pollinate.1:
- separate the pool and the server variables
* debian/control:
- no need to depend on bsdutils, it's essential
- pollen depends on adduser
* usr.bin.pollen:
- update apparmor profile to allow reading of /usr/bin/pollen
- oddly, this was introduced when switching compilers
* debian/copyright:
- lintian/dep5 cleanup
-- Dustin Kirkland <kirkland@ubuntu.com> Thu, 16 Jan 2014 11:39:42 -0600
pollen (3.9-0ubuntu1) trusty; urgency=low
* debian/pollinate.default:
- don't use quiet by default, do use binary
* pollinate:
- save ourselves an unneeded fork
* debian/control:
- drop haveged as a suggests
* debian/pollinate.default, debian/pollinate.install,
entropy.ubuntu.com.pem:
- install entropy.ubuntu.com.pem's certificate and intermediate
chain, to get rid of --insecure curl option
* debian/control, pollinate:
- log to the system log, using the logger utility
- add a final message, noting successful (re-)seed
- have pollinate depend on bsdutils, which provides logger
-- Dustin Kirkland <kirkland@ubuntu.com> Thu, 16 Jan 2014 08:01:28 -0600
pollen (3.8-0ubuntu1) trusty; urgency=low
* debian/pollinate.default, debian/pollinate.postinst,
debian/pollinate.upstart, pollinate:
- fix the (broken) options setting in the pollinate default file
- change the tag creation to happen during the pollinate runtime,
rather than at package installation; this makes it more useful
for downstreams and remixes of Ubuntu
- ensure the daemon user owns the /var/lib/pollinate directory
- run the pollinate upstart script as the daemon user
* debian/pollinate.cron.d, debian/pollinate.postinst,
debian/pollinate.postrm:
- run the pollinate cronjob (reseed) once per day, rather than once
per hour
- purge pollinate files more effectively
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 15 Jan 2014 16:49:35 -0600
pollen (3.7-0ubuntu1) trusty; urgency=low
* debian/control:
- demote haveged to suggests, based on feedback from Seth Arnold
in LP: #1246098
* pollinate:
- ensure both -c and -i can be used, without losing CURL_OPTS,
as identified by Seth Arnold in LP: #1246098
* pollinate:
- drop unused IPV6 variable, per review by Seth Arnold in LP: #1246098
* debian/pollen.postinst:
- use pollen as our fake email address, suggested by Seth Arnold
in LP: #1246098
* debian/pollinate.cron.d:
- add notes in the comments about NIST DRBG Special Publication 800-90A
recommendations on reseeding
- add notes in the comments about why we choose a random minute
- fix a bug, that was causing the cronjob to run far more frequently
than desired
- Addresses some issues raised by Seth Arnold in LP: #1246098
* debian/pollen.upstart, pollen.8, pollen.go:
- add DEVICE as the 3rd argument to the pollen server in the upstart
script
- test that DEVICE is a special in upstart
- document that the DEVICE is now a required argument
* debian/pollen.install, Makefile, pollen:
- build static binary at package build time, rather than dynamically
compiling at each run, per feedback from Seth Arnold in LP: #1246098
- use a very simple, basic Makefile
* debian/control:
- move golang-go to a build-dependency, rather than a runtime dependency
* debian/control, debian/pollen.postinst, debian/pollen.postrm,
debian/pollen.upstart:
- create a new user, pollen:daemon, in the postinst, remove in postrm
- depend on libcap2-bin, which provides setcap
- use setcap to allow the pollen binary to bind to privileged ports
- run the pollen daemon as the pollen user
- per feedback from Seth Arnold in LP: #1246098
* debian/pollen.upstart:
- use setuid in upstart to run the pollen daemon as the pollen user
* debian/pollen.postinst:
- change pollen user's shell to /bin/false
* debian/control, debian/pollen.install, debian/pollen.postinst,
debian/rules, usr.bin.pollen:
- add an apparmor profile for the pollen server, per suggestion
by Seth Arnold in LP: #1246098
- big thanks to Jamie Strandboge and Seth Arnold for assistance
* debian/pollinate.postinst:
- these chowns are not necessary; thanks for catching Michael Terry
in LP: #1246098
* debian/control: LP: #1259014
- have the pollen server depend on ent, which is used by the
check_pollen nagios script
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 15 Jan 2014 10:59:34 -0600
pollen (3.6-0ubuntu1) trusty; urgency=low
* pollinate:
- remove sourcing of an rc config file from $HOME, per security
review from Seth Arnold
* pollinate.1:
- update documentation to note that multiple servers can be specified
on the command line
* debian/pollinate.default:
- use the entropy.ubuntu.com beta site for testing
- note that we're specifying the --insecure option here, as this is
very much a work in progress
* debian/pollinate.upstart:
- start pollinate when we have networking up and running, or
when we start ssh
* pollen.go:
- drop the nanosecond timestamp collection on the server
- a good server should have real entropy hardware, and a busy server
will have network traffic entropy already captured by the kernel
- Suggestion by Seth Arnold in a security review
* debian/pollen.default, pollinate:
- drop timestamp based salting, not terribly valuable
- per security review by Seth Arnold
* pollinate:
- drop unused $bin variable
-- Dustin Kirkland <kirkland@ubuntu.com> Fri, 08 Nov 2013 09:59:35 -0600
pollen (3.5-0ubuntu1) trusty; urgency=low
* README:
- enhance and update design documentation
* debian/copyright:
- update to DEP-5 format
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 29 Oct 2013 16:55:28 -0500
pollen (3.4-0ubuntu1) saucy; urgency=low
* check_pollen, debian/control:
- improve the nagios check
- warn if:
+ insufficient bytes are retrieved
+ less than 5-bits-per-byte of entropy are calculated
+ an out of whack arithmetic mean
- have pollen server recommend ent, which is used by the nagios check
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 11 Sep 2013 16:56:52 -0500
pollen (3.3-0ubuntu1) saucy; urgency=low
* pollen-nagios-check:
- added nagios check script
* check_pollen, debian/pollen.install:
- rename check script and install in nagios plugins directory
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 04 Sep 2013 14:25:49 -0500
pollen (3.2-0ubuntu1) saucy; urgency=low
* README:
- update design documentation
* pollinate, pollinate.1:
- support printing random seed to standard out
- useful for debugging
- add a -q|--quiet option to silence log messages
* pollinate, pollinate.1:
- add an option for binary data output
* debian/pollen.default, debian/pollen.upstart, pollen.8, pollen.go:
- re-enable support for both encrypted and non-encrypted connections
- use a go subroutine to serve both out of the same process
- document these changes
- default to 80 and 443, allow admin to override easily via config
* debian/control:
- update package descriptions
* pollinate:
- default to, but do not force, https
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 20 Aug 2013 18:56:11 -0500
pollen (3.1-0ubuntu1) saucy; urgency=low
* pollen.go
- use a global for the dev writer
- write a few more timestamps into the mix during the response
handler
- change logging verbiage
* pollinate:
- use a single temp directory, rather than multiple temp files
- use a trap to cleanup the temp directory
- uptdate the logging verbiage
- use an etc default file if available
* debian/pollen.default:
- drop "TCP_" in the TCP_PORT variable
* pollen.go:
- just use two timestamps
* pollinate:
- improve usability; prepend https
* debian/pollinate.cron.d, debian/pollinate.default,
debian/pollinate.upstart, pollinate, pollinate.1:
- use an upstart job, rather than an @reboot cronjob,
to do the initial prng seeding
- fix the default config file
-- Dustin Kirkland <kirkland@ubuntu.com> Wed, 14 Aug 2013 17:45:22 -0500
pollen (3.0-0ubuntu1) saucy; urgency=low
* anerd, anerd-server-tcp.1 => anerd-server.1, anerd-server-tcp =>
anerd-server, anerd-server-tcp.go => anerd-server.go, anerd-server-
udp.1, anerd-server-udp.c, configure.ac, debian/anerd-
client.default, debian/anerd-server.anerd-server-tcp.upstart =>
debian/anerd-server.upstart, debian/anerd-server.anerd-server-
udp.upstart, debian/anerd-server.default, debian/anerd-
server.install, debian/anerd-server.manpages, debian/control,
debian/rules, Makefile.am:
- completely deprecate the UDP operation of both the client and
the server
- the TLS server over TCP is the only supported protocol going
forward
- this will necessitate a major version bump
* anerd.1 => pollinate.1, anerd => pollinate, anerd-server.1 =>
pollen.8, anerd-server.go => pollen.go, anerd-server => pollen,
ChangeLog, debian/anerd-client.cron.d => debian/pollinate.cron.d,
debian/anerd-client.default => debian/pollinate.default,
debian/anerd-client.install => debian/pollinate.install,
debian/anerd-client.manpages => debian/pollinate.manpages,
debian/anerd-client.postinst => debian/pollinate.postinst,
debian/anerd-client.postrm => debian/pollinate.postrm, debian/anerd-
server.default => debian/pollen.default, debian/anerd-server.install
=> debian/pollen.install, debian/anerd-server.manpages =>
debian/pollen.manpages, debian/anerd-server.postinst =>
debian/pollen.postinst, debian/anerd-server.upstart =>
debian/pollen.upstart, debian/control, debian/copyright,
img/anerd_14.png, img/anerd_192.png, img/anerd_64.png,
img/anerd.png, initramfs/hooks/anerd-client-udp,
initramfs/scripts/init-bottom/anerd, NEWS, README, === removed
directory initramfs, === removed directory initramfs/hooks, ===
removed directory initramfs/scripts, === removed directory
initramfs/scripts/init-bottom:
- rename anerd server/client to pollen / pollinate
to reflect that this data is intended to "seed" a random
number generator
* debian/control, debian/pollen.manpages:
- package maintenace for package/project rename
- move manpage to section 8
* pollen.8, pollinate, pollinate.1:
- documentation updated
* debian/control, pollen.8, pollinate:
- update some documentation and descriptions
* img/pollen_14.png, img/pollen_192.png, img/pollen_64.png:
- added new pollen logos
* debian/control:
- drop suggests
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 13 Aug 2013 16:34:42 -0500
anerd (2.4-0ubuntu1) saucy; urgency=low
* anerd-client-tcp.go:
- deprecated, use the shell (curl) one for better timestamping
salt
* anerd-server-tcp.go:
- log user-agent and nanosecond timestamp
* anerd, anerd-server-tcp.go:
- rename "tip" to "challenge", use for challenge/response
- verify challenge/response, to ensure personalized communication
* anerd:
- use a common logging function throughout
* anerd-server-tcp.go:
- open syslog only once
* anerd, debian/control:
- lower socat to a suggests, while still requiring curl
- dynamically check for socat/curl and error appropriately
- update package description
- recommend haveged on the server
* debian/anerd-server.default:
- do not run the UDP, by default; local admin can enable by
setting a port in /etc/default/anerd-server
* anerd, anerd-server-tcp.go, debian/anerd-client.postinst,
debian/anerd-server.postrm:
- rename uuid to tag
- generate on package install, remove on purge
* anerd, debian/anerd-server.postrm => debian/anerd-client.postrm:
- silence search for helper utilities
- fix maintainer script name
* anerd:
- silence missing tag error messages for now
-- Dustin Kirkland <kirkland@ubuntu.com> Fri, 09 Aug 2013 16:16:54 +0100
anerd (2.3-0ubuntu1) saucy; urgency=low
[ Matthias Klose ]
* debian/control: LP: #1139188
- Don't build anerd-server on powerpc (no golang-go, prevents
migration from raring-proposed to raring).
-- Dustin Kirkland <kirkland@ubuntu.com> Fri, 02 Aug 2013 12:40:00 -0500
anerd (2.2-0ubuntu1) saucy; urgency=low
* === added directory img, img/anerd_14.png, img/anerd_192.png,
img/anerd_64.png, img/anerd.png:
- added icons
* anerd-server-tcp.go:
- gofmt
* anerd-server-tcp.go:
- make this code more go-like, after some code review with Tim Penney
* anerd-server-tcp.go:
- drop unnecessary json formatting
-- Dustin Kirkland <kirkland@ubuntu.com> Thu, 01 Aug 2013 09:21:13 -0500
anerd (2.1-0ubuntu1) saucy; urgency=low
* anerd-client-tcp.go:
- default to anerd.us
* anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/anerd-
client.default:
- anerd.us is now serving on 443
* anerd, anerd-server-tcp.go:
- add syslog logging to the anerd tcp server
- use post for the tip from the anerd tcp client
* anerd, debian/control:
- use uuidgen -r for uuid and tip
* anerd, anerd-server-udp.c:
- add UDP to syslog messages
- fix uuid related typo
- add --insecure option
* anerd, anerd-client-tcp.go, anerd-server-tcp.go, debian/control:
- use sha512sum rather than uuidgen
* anerd, debian/anerd-client.cron.d:
- run at reboot, and hourly thereafter
- shorten some function names
* debian/anerd-client.cron.d, debian/anerd-client.postinst:
- randomize the hourly cronjob to distribute load on the
server, if possible
* debian/control:
- fix a lintian annoyance
* anerd, anerd-server-tcp.go, anerd-server-udp.c:
- drop byte counts in logging, as these can be misleading
* anerd-server-tcp.go:
- salt data with nanosecond timestamp
-- Dustin Kirkland <kirkland@ubuntu.com> Mon, 29 Jul 2013 15:24:29 -0500
anerd (2.0-0ubuntu1) saucy; urgency=low
* anerd-tcp.go:
- pretty print the json
* anerd-client, anerd-client.1, anerd-tcp, anerd-tcp.1, anerd-tcp.go,
anerd-udp.1, anerd-udp.c, debian/anerd-server.anerd-tcp.upstart,
debian/anerd-server.anerd-udp.upstart, debian/control:
- drop the "asynchronous" part of aNerd, this really isn't
necessary in the description anymore
* anerd-tcp.go:
- reduce the default size to 64 bytes, which is sufficient to seed
any random number generator
* anerd-tcp.go, debian/anerd-server.default:
- change the default size to 64 bytes
- add some notes in the comments in the configuration file
- always uses TLS encryption for the TCP implementation
* anerd-tcp.1 => anerd-server-tcp.1, anerd-tcp => anerd-server-tcp,
anerd-tcp.go => anerd-server-tcp.go, anerd-udp.1 => anerd-server-
udp.1, anerd-udp.c => anerd-server-udp.c, debian/anerd-server.anerd-
tcp.upstart => debian/anerd-server.anerd-server-tcp.upstart,
debian/anerd-server.anerd-udp.upstart => debian/anerd-server.anerd-
server-udp.upstart, debian/anerd-server.install, debian/anerd-
server.manpages, debian/rules, Makefile.am:
- rename anerd-tcp to anerd-server-tcp
- rename anerd-udp to anerd-server-udp
* debian/anerd-client.default:
- change to the new anerd.us server, which supports TCP, TLS, and UDP
* anerd, anerd-client, anerd-client.1 => anerd.1, anerd-client-tcp.go,
anerd-server-tcp, debian/anerd-client.cron.d, debian/anerd-
client.default, debian/anerd-client.install, debian/anerd-
client.manpages, debian/anerd-server.anerd-server-tcp.upstart,
debian/anerd-server.install, debian/control, initramfs/hooks/anerd-
client => initramfs/hooks/anerd-client-udp, initramfs/scripts/init-
bottom/anerd-client => initramfs/scripts/init-bottom/anerd,
Makefile.am:
- major rework of client, combine udp/tcp clients into a single
shell script
* anerd, anerd-client-tcp.go, anerd-server-tcp, anerd-server-tcp.go,
anerd-server-udp.c, COPYING, debian/copyright,
initramfs/scripts/init-bottom/anerd:
- changed license back to AGPL
* debian/anerd-client.default, debian/anerd-server.default:
- deprecate hash as a configurable; use sha512sum
* anerd:
- use socat in verbose mode, to add more timestamps to the log
- hash the timestamped log output
* debian/control:
- bump standards
-- Dustin Kirkland <kirkland@ubuntu.com> Thu, 25 Jul 2013 16:34:54 -0500
anerd (1.4-0ubuntu1) raring; urgency=low
[ Dustin Kirkland ]
* anerd-tcp.go:
- add a very small, basic anerd-tcp server
- clean up via gofmt
* anerd-client:
- count the number of bytes received correctly using a tmpfile
- adjust info messages slightly
* anerd.c:
- drop crc from logging, change messages to info from debug
* debian/anerd-client.default:
- default to anerd.gazzang.net now that its up for good
* anerd-tcp, anerd-tcp.go, debian/anerd-tcp-common.install,
debian/anerd-tcp.postinst, debian/anerd-tcp.upstart, debian/anerd-
web.upstart, debian/control:
- create two small packages, one to launch anerd-tcp->80 and
anerd-tcp->443
+ both depend on anerd-tcp-common, which provides the go script
- add a postinst that generates a self-signed cert if there is none;
obviously, one would want to replace these with real certs if
security matters to you
- create two upstart scripts that start the web service on each port
+ means you can install one, or the other, or both
* anerd-client, debian/anerd-client.default:
- fix communication with remote servers
- make the wait time configurable, 0.1s by default
- only broadcast when no specific servers are specified
- add message on broadcast bytes sent
* anerd-tcp:
- add interpreter
* anerd-tcp.1, debian/anerd-tcp-common.manpages:
- add documentation
* anerd-tcp.go:
- ensure that we read enough bytes
* anerd.1 => anerd-udp.1, anerd.c => anerd-udp.c, anerd-web.1 =>
anerd-tcp.1, anerd-web => anerd-tcp, anerd-web.go => anerd-tcp.go,
debian/anerd-server.anerd-udp.upstart, debian/anerd-server.default,
debian/anerd-server.install, debian/anerd-server.manpages,
debian/anerd-server.upstart => debian/anerd-server.anerd-
tcp.upstart, debian/anerd-web-common.install, debian/anerd-web-
common.manpages, debian/anerd-webs.postinst => debian/anerd-
server.postinst, debian/anerd-webs.upstart, debian/anerd-
web.upstart, debian/control, debian/rules, Makefile.am:
- rename the C program to anerd-udp
- create separate upstart scripts for anerd-tcp and anerd-udp
- update documentation
- drop anerd-web* packages
* debian/anerd-client.postinst, debian/control, debian/anerd-client.install:
- keep the initramfs code, but don't automatically update the initramfs
for now, as this can render a machine without networking unbootable;
re-enable this when we have a workaround for that
* debian/anerd-server.postinst:
- fix typo
[ Hector Acosta ]
* anerd.c:
- Only call srandom() once
-- Dustin Kirkland <kirkland@ubuntu.com> Fri, 15 Feb 2013 13:02:50 -0600
anerd (1.3-0ubuntu1) raring; urgency=low
* anerd.1, anerd.c, anerd-client, anerd-client.1, AUTHORS,
debian/anerd-server.upstart, debian/copyright:
- updated email addresses and author information
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 05 Feb 2013 09:50:23 -0600
anerd (1.2-0ubuntu1) raring; urgency=low
[ Dustin Kirkland ]
* debian/control, debian/cron.d:
- use run-one for cronjob
* anerd-client:
- clean up client, make more modular, remove some variables, uses pipes
to keep everything in memory
* debian/anerd-client.install, debian/anerd-server.install,
debian/control, debian/copyright, debian/cron.d => debian/anerd-
client.cron.d, debian/default => debian/anerd-client.default,
debian/upstart => debian/anerd-server.upstart:
- split package into a server and client package, with a meta
package depending on both
* anerd.1, anerd-client.1:
- manpage fixes
* debian/anerd-client.cron.d, debian/anerd-client.default:
- add some inline documentation
- use the default file for setting defaults (ie, uncomment)
* debian/control:
- bump standards
* debian/anerd-server.manpages, debian/manpages => debian/anerd-
client.manpages, Makefile.am:
- install manpages (perhaps there's a better automake way of doing this?)
* anerd.c:
- rename "sum" to "crc"
* debian/anerd-server.upstart:
- upstart needs to expect the fork
- upstart does not need to sudo to the daemon user because anerd does
this automatically
* anerd-client:
- use a $cmd variable populated with correct parameters
* anerd-client, debian/control:
- reluctantly add support for netcat
* anerd-client, anerd-client.1:
- use a default file for configuration
* anerd-client:
- emulate the syslog printing from the server
[ Wesley Wiedenmeier ]
* anerd.c, anerd-client, debian/default:
- add ipv6 support
* anerd.1, anerd.c, anerd-client.1, debian/manpages:
- added manpages
- dropped unused global
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 22 Jan 2013 10:38:24 -0600
anerd (1.1-0ubuntu1) quantal; urgency=low
* anerd.c:
- define the default total exchange size
- also define and use a default payload size
- break up the total exchange to a bunch of smaller payloads, to increase
the randomness of UDP packet ordering and timing
- improve some inline documentation
- lower logging to debug from info
- allocate an extra byte for the data binary string
- use a separate pointer for segmenting and moving through the data string
- no need for null-bytes, since binary data could have null bytes within
- alphabetize includes
- change perrors to syslog errors
- move daemon() function
* Makefile.am:
- fix up the build, clean out the binary and log files
* anerd.c, anerd-client, debian/control, debian/cron.d,
debian/default, debian/install, Makefile.am:
- drop the anerd client in the C program entirely
- the C program is now the server exclusively
- add a bash script client, which can loop over a pool of anerd servers,
and broadcast to the local network
- recommend the socat package/utility, which is used to broadcast to the
local network from the bash script
- add a cron job to run the anerd-client regularly
- add a default configuration file for configuring the pool and other
tunables
- remove the unnessary install file
-- Dustin Kirkland <kirkland@ubuntu.com> Thu, 27 Sep 2012 15:40:23 -0500
anerd (1.0-0ubuntu1) quantal; urgency=low
[ Dustin Kirkland ]
* initial release
* === added directory debian, === added directory debian/source,
anerd, debian/compat, debian/control, debian/copyright,
debian/install, debian/rules, debian/source/format, debian/upstart:
- added packaging
* anerd, anerd.conf, debian/install, debian/upstart:
- add a configuration file
- run as daemon (non-root) user
* anerd.c, AUTHORS, ChangeLog, configure.ac, COPYING,
debian/copyright, debian/upstart, INSTALL, Makefile.am, NEWS,
README:
- ported from python to C
- added autoconf/automake build
- changed license from GPLv3 to Apache2.0 for portability to other
UNIX platforms
* anerd.conf, debian/control, debian/install, debian/upstart:
- drop conf file, add options to upstart script
- update build deps
* anerd.c:
- use syslog, open files/sockets only once per fork
- catch all responses to a client broadcast
- use a common function for salt calculation
- implement a very simple checksum of random data
- use uint64_t for platform compatibility
- add entropy to pool in client read
- simplify salt generation
- simplify log printing
- whitespace changes only, 80 char width
* debian/install:
- drop installation of default file
[ Wesley Wiedenmeier ]
* anerd.c:
- use getopt for command line parsing
- Modified code to fork twice then kill the parent process,
freeing the terminal that spawns the daemons, added daemonize()
function to safely daemonize the program.
- Improved entering into daemon status by moving daemon() call to
after intilization of server and client, so that errors
encountered in intilization are written to the terminal.
-- Dustin Kirkland <kirkland@ubuntu.com> Tue, 04 Sep 2012 18:14:40 -0500