commit: bf8a9809c6529960579264d2102ced61c9779960 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Mon May 26 03:07:43 2025 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Tue May 27 18:14:49 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf8a9809
ssl-cert.eclass: do not pass -rand to openssl Let openssl find a suitable entropy source instead of using some random log files for "random" bytes. Bug: https://bugs.gentoo.org/956442 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> eclass/ssl-cert.eclass | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass index b4f5f921c119..dd95200dbc4a 100644 --- a/eclass/ssl-cert.eclass +++ b/eclass/ssl-cert.eclass @@ -63,9 +63,6 @@ gen_cnf() { SSL_CONF="${T}/${$}ssl.cnf" # Location of the CA serial file SSL_SERIAL="${T}/${$}ca.ser" - # Location of some random files OpenSSL can use: don't use - # /dev/u?random here -- doesn't work properly on all platforms - SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" # These can be overridden in the ebuild SSL_DAYS="${SSL_DAYS:-730}" @@ -128,8 +125,7 @@ get_base() { gen_key() { local base=$(get_base "$1") nonfatal edob -m "Generating ${SSL_BITS} bit RSA key${1:+ for CA}" \ - openssl genrsa -rand "${SSL_RANDOM}" \ - -out "${base}.key" "${SSL_BITS}" + openssl genrsa -out "${base}.key" "${SSL_BITS}" return $? }
