[announce] skarnet.org Summer 2022 release

From: Laurent Bercot <ska-skaware_at_skarnet.org>
Date: Tue, 14 Jun 2022 11:49:21 +0000


  New versions of some skarnet.org packages are available.

  skalibs has undergone a major update, mostly to yet again revamp
librandom. This time I am happy with the API and implementation: I
it finally addresses all the cases in a satisfying way, providing cross-
platform failure-free pseudorandom number generation with options to
between waiting until the entropy pool has been initialized and possibly
getting less cryptographically secure data if the entropy pool is too
shallow. It wasn't easy to design; it's here at last.

  Compatibility with previous skalibs version is not assured, but apart
from librandom, and one additional function, no other interface has been
modified, so the compatibility breaks are minimal and a lot of software
will still build with this version without needing any modification.

  Most of the rest of the skarnet.org software stack has undergone at
a release bump, in order to build with the new skalibs; a large part of
has also received some changes and fixes. Some packages did not need
changing at all: no release is provided for these, they should keep
with the new stack.

  execline comes with a quality-of-life parser change: backslashes at the
end of lines are now ignored, which makes it possible to directly copy
some multiline commands from shell scripts.

  s6-linux-utils comes with a new utility, rngseed, which is an original
implementation of Jason Donenfeld's seedrng[1]. This is the work that
made it necessary to get librandom right once and for all. With rngseed,
no Linux system should ever have uninitialized entropy pool problems

  The new versions are the following:

skalibs- (major)
utmps- (minor)
execline- (major)
s6- (release)
s6-rc- (release)
s6-linux-init- (minor)
s6-portable-utils- (minor)
s6-linux-utils- (major)
s6-dns- (release)
s6-networking- (release)
mdevd- (release)
dnsfunnel- (release)

  Details of some of these package changes follow.

* skalibs-

  - librandom rewritten. random_init and random_finish functions removed.
The new random_buf function, which replaces random_strin), never fails.
It blocks if the entropy pool is not initialized; the new
function is the same, but does not block. random_devurandom is now
exported, but should not be needed except in very specific cases
  - New functions added: waitn_posix and waitn_reap_posix, openc*_at.
  - readnclose is now exported.
  - openreadnclose_at() now returns an ssize_t, aligning with
You should check your code for any use of openreadnclose_at(), and adapt
to the new API. (Previously it returned a size_t and the user was
to assume an error if it didn't fill the entire length of the buffer.
errors are reported with -1.)
  - Endianness conversion primitives reworked. The nonportability of
and bswap has always been a pain point; the new portable functions in
should now be just as efficient as the system-dependent endian.h
  - Added an implementation of the blake2s hash.


* utmps-

  - Nothing to do with the new skalibs; utmps- has been available
a while, but was never properly announced. The main feature is that
utmps-wtmpd can now take an argument naming its database file. This is
useful for implementing btmp, one of the numerous idiosyncrasies of
Linux software.


* execline-

  - Bugfixes.
  - The execlineb parser has been rewritten and its transition table is
  - The wait command can now wait for *one* of the listed processes, in
addition to its original capability of waiting for *all* of them. It can
also stop waiting after a timeout. The new features can be used even
wait is used in posix mode.


* s6-linux-init-

  - The system scandir is now configurable at compile-time via the
--scandir configure option. It is a relative path under the tmpfsdir.
The default is still "service", for a /run/service default scandir.


* s6-portable-utils-

  - s6-test now understands the =~ operator, matching its left argument
against an extended regular expression given as its right argument (this
is originally a GNU bash extension to test).


* s6-linux-utils-

  - New command: rngseed. It can read a seed file from the disk and use
it to
seed the Linux kernel's RNG, wait until the entropy pool is initialized,
and get a new seed and write it to the disk. All these operations can be
performed separately - always in a secure fashion, but giving more
to the user than the original seedrng[1] implementation.
  - s6-fillurandompool removed. Its functionality is implemented by

[1] https://git.zx2c4.com/seedrng/about/


* mdevd-

  - This is only a bugfix release, but worth mentioning because the fixed
bug is an important one. Previously, "-" markers, meaning "keep reading
file after interpreting this line", did not interact correctly with
spawned commands. This version implements the semantics of "-" markers
it was intended.


  Bug-reports welcome.

Received on Tue Jun 14 2022 - 13:49:21 CEST

This archive was generated by hypermail 2.4.0 : Tue Jun 14 2022 - 13:49:51 CEST