[node-patches] Change in ovirt-node[master]: enable strong RNG options on the security page

fabiand at fedoraproject.org fabiand at fedoraproject.org
Mon Sep 24 10:11:28 UTC 2012 

Fabian Deutsch has posted comments on this change.

Change subject: enable strong RNG options on the security page
......................................................................


Patch Set 5: I would prefer that you didn't submit this

(4 inline comments)

Hey Joey,

please explain the working of the patch a bit more, so it can be reviewed a bit more thorough.

....................................................
Commit Message
Line 3: AuthorDate: 2012-09-10 15:16:03 -0400
Line 4: Commit:     Joey Boggs <jboggs at redhat.com>
Line 5: CommitDate: 2012-09-13 22:55:37 -0400
Line 6: 
Line 7: enable strong RNG options on the security page
Would be nice if you could explain the patch a bit more.
Line 8: 
Line 9: rhbz#829007
Line 10: 
Line 11: Change-Id: I0b96989b756a691668972d8e204cf8f152e53630


....................................................
File recipe/common-post.ks
Line 255: #cleanup tmp directory from cim setup
Line 256: rm -rf /tmp/cim_schema*
Line 257: 
Line 258: # enable strong random number generation
Line 259: sed -i '/SSH_USE_STRONG_RNG/d' /etc/sysconfig/sshd
Could you explain this change?
To me it seems as if you remove both *RNG* entries in sysconfig/sshd - how does this affect sshd?


....................................................
File scripts/ovirtnode/ovirtfunctions.py
Line 1493: def rng_status():
Line 1494:     bit_value = 0
Line 1495:     disable_aes_ni = 0
Line 1496:     try:
Line 1497:         f = open("/etc/profile")
you can use 

with open(..) as f:
  indeted_stuff

this will close the fd automagically at the end of the block
Line 1498:         for line in f:
Line 1499:             try:
Line 1500:                 if "SSH_USE_STRONG_RNG" in line:
Line 1501:                     export , kv = line.split()


Line 1496:     try:
Line 1497:         f = open("/etc/profile")
Line 1498:         for line in f:
Line 1499:             try:
Line 1500:                 if "SSH_USE_STRONG_RNG" in line:
wouldn't this fail in the following case (default on F16):

export SSH_USE_STRONG_RNG=0

# export SSH_USE_STRONG_RNG=1
Line 1501:                     export , kv = line.split()
Line 1502:                     key, bit_value = kv.split("=")
Line 1503:                 elif "OPENSSL_DISABLE_AES_NI=" in line:
Line 1504:                     disable_aes_ni = 1


--
To view, visit http://gerrit.ovirt.org/7934
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I0b96989b756a691668972d8e204cf8f152e53630
Gerrit-PatchSet: 5
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Joey Boggs <jboggs at redhat.com>
Gerrit-Reviewer: Fabian Deutsch <fabiand at fedoraproject.org>
Gerrit-Reviewer: Joey Boggs <jboggs at redhat.com>
Gerrit-Reviewer: Michael Burns <mburns at redhat.com>

More information about the node-patches mailing list