OneRNG on Arch Linux

If your a Linux Crypto guy you probably care about your entropy.  If you don’t, you problably should.

I recently purchased a OneRNG device from the kickstarter project.  Unfortunately it didn’t work out of the box with Arch Linux.  This blog post documents what I hit and how I overcame some of the issues to get my OneRNG working.

First thing I did was install the prerequisites:

yaourt -S at python-gnupg rng-tools
sudo systemctl enable atd.service
sudo systemctl start atd.service

as per the instructions at http://onerng.info/onerng/.  Note that we do NOT enable/start rngd.service as the daemon management is done from the udev stuff.

I then downloaded the tar file from https://github.com/OneRNG/onerng.github.io/blob/master/sw/onerng_3.4.orig.tar.gz?raw=true, verified the md5sum and the sha256 sum, and installed it with slightly tweaked instructions:

tar -xvzf onerng_3.4.orig.tar.gz
cd onerng_3.4
sudo make install
sudo udevadm control --reload-rules

I now plugged in my OneRNG with my fingers crossed.  At this point it died.  I did some brief reverse engineering and ended up figuring out how the /sbin/onerng.sh worked.  I then tried to run it manually and got:

$ sudo bash -ax /sbin/onerng.sh daemon ttyACM0
[snip]
Exception in thread Thread-7:
Traceback (most recent call last):
File "/usr/lib/python3.4/threading.py", line 920, in _bootstrap_inner
self.run()
File "/usr/lib/python3.4/threading.py", line 868, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python3.4/site-packages/gnupg.py", line 753, in _read_response
result.handle_status(keyword, value)
File "/usr/lib/python3.4/site-packages/gnupg.py", line 284, in handle_status
raise ValueError("Unknown status message: %r" % key)
ValueError: Unknown status message: 'NEWSIG'
[snip]

This issue is logged upstream against python-gnupg and has been fixed but the current release doesn’t have it active. See the patch file at https://bitbucket.org/vinay.sajip/python-gnupg/commits/1337e6ce364f.

I manually applied the patch to /usr/lib/python3.4/site-packages/gnupg.py because I didn’t feel like rebuilding the package with the patch included.

Now when I unplugged the OneRNG and plugged it back in I noticed rngd successfully started in the background:

rngd -f -n 1 -d 1 -p /var/lock/LCK..ttyACM0 -r /dev/stdin

It is reading from stdin since there is an openssl pipe for aes whitening in front of it.  Unfortunately, removal didn’t result in the rngd process being killed. My udev foo is a little lacking so I hacked the onerng.sh script as follows:

--- /sbin/onerng.sh.orig        2015-06-20 21:27:33.000000000 -0700
+++ /sbin/onerng.sh     2015-07-04 16:31:45.478019740 -0700
@@ -158,7 +158,10 @@
 #      when something is removed kill the daemon
 #
 if [ "$1" = "kill" ]; then
-       if [ -e /var/lock/LCK..$2 ]
+       if [ -e /var/lock/LCK..ttyACM0 ]
+       then
+               kill -9 `cat /var/lock/LCK..ttyACM0`
+       elif [ -e /var/lock/LCK..$2 ]
        then
                kill -9 `cat /var/lock/LCK..$2`
        else

This enabled my pull of the OneRNG to kill the rngd process. Unfortunately this is a hack since if anything else used the OpenMoko ttyACM stuff it would kill it but I don’t have such things.  At this point I hit the “good enough for me” wall.

I verifed running

cat /dev/random > /dev/null

dimmed the LED on the OneRNG and I was good to go.  Time to regenerate my ssh hostkeys 😉

Uninstalling a Fantastico App in Hostgator’s Cpanel

barrygrussling.com has hosted multiple different applications over the years.

Through most of this adventure I have used hostgator to host my websites.
Like most hosting providers, hostgator uses cpanel to allow customers to
interact with their webpages.  One of cpanels main components for setting
up net installations is fantastico.  Fantastico allows users to install various
web apps on their websites through the user of various supplied scripts.

I wanted to install wordpress on my website, but unfortunately I already
had an install of Gallery running on my website.  I wanted to remove it
as I had no need for it anymore.

Unfortunately, the hostgator fantastico seems to lack an uninstall button.

Some reading on the web suggested I just rm -rf my stuff and that
will “uninstall” it.

I proceeded to rm -rf all the files in my virtual host directory, and I
dropped the mysql databases using the mysql web front of cpanel.

I then went to the fantastico installation menu, but it was still reporting
my old Gallery install.  I ssh’d into hostgator and found the .fantasticodata
directory.  I found a folder inside named Gallery and inside that was a
file named barrygrussling.com|.  I rm’d that file, reloaded fantastico, and
found that it no longer reported having an installation of Gallery on
barrygrussling.com.  I was stoked.  I click WordPress and said to
install it into barrygrussling.com.  Unfortunately at this point in time
cpanel complained to me that I could only have one application installed
in the root at a time.

Back to the ssh session and I then found the .fantasticodata/installed_in_root.php.

It listed a PHP associative array with a key of barrygrussling.com and a value of 1.
I removed the offending line from the installed_in_root.php, went back to the
fantastico web interface, and was then able to install WordPress.

Not sure why Hostgators cpanel doesn’t have a fantastico uninstall interface
that I could find.  Hope this helps someone.

Barry