From 5c249a3245912a27d82e292917d0a3dd0a90cbba Mon Sep 17 00:00:00 2001
From: Daniel Schaefer <git@danielschaefer.me>
Date: Mon, 22 Oct 2018 23:48:25 +0200
Subject: [PATCH 1/4] rng-tools: 5 -> 6.6

---
 pkgs/tools/security/rng-tools/default.nix | 46 +++++++++++++++++------
 1 file changed, 34 insertions(+), 12 deletions(-)

diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix
index d2326c7e8c3..3a6c1cecdf1 100644
--- a/pkgs/tools/security/rng-tools/default.nix
+++ b/pkgs/tools/security/rng-tools/default.nix
@@ -1,24 +1,46 @@
-{ stdenv, fetchurl }:
-
+{ stdenv, fetchFromGitHub, libtool, autoconf, automake, pkgconfig
+, sysfsutils
+  # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS
+  # https://www.nist.gov/programs-projects/nist-randomness-beacon
+, curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false
+  # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source
+, libgcrypt ? null, withGcrypt ? true
+}:
+with stdenv.lib;
 stdenv.mkDerivation rec {
-  name = "rng-tools-5";
+  name = "rng-tools-${version}";
+  version = "6.6";
 
-  src = fetchurl {
-    url = "mirror://sourceforge/gkernel/${name}.tar.gz";
-
-    sha256 = "13h7lc8wl9khhvkr0i3bl5j9bapf8anhqis1lcnwxg1vc2v058b0";
+  src = fetchFromGitHub {
+    owner = "nhorman";
+    repo = "rng-tools";
+    rev = "v${version}";
+    sha256 = "0c32sxfvngdjzfmxn5ngc5yxwi8ij3yl216nhzyz9r31qi3m14v7";
   };
 
+  nativeBuildInputs = [ libtool autoconf automake pkgconfig ];
+
+  preConfigure = "./autogen.sh";
+
+  configureFlags =
+       [ "--disable-jitterentropy" ]
+    ++ optional (!withNistBeacon) "--without-nistbeacon"
+    ++ optional (!withGcrypt) "--without-libgcrypt";
+
+  buildInputs = [ sysfsutils ]
+    ++ optional withGcrypt [ libgcrypt.dev ]
+    ++ optional withNistBeacon [ openssl.dev curl.dev libxml2.dev ];
+
+  enableParallelBuilding = true;
+
   # For cross-compilation
   makeFlags = [ "AR:=$(AR)" ];
 
   meta = {
     description = "A random number generator daemon";
-
-    homepage = https://sourceforge.net/projects/gkernel;
-
-    license = stdenv.lib.licenses.gpl2;
-
+    homepage = https://github.com/nhorman/rng-tools;
+    license = stdenv.lib.licenses.gpl2Plus;
     platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ johnazoidberg ];
   };
 }

From 8ada6f6c468b195c5839b8b4b6e22c797a2bad56 Mon Sep 17 00:00:00 2001
From: Daniel Schaefer <git@danielschaefer.me>
Date: Tue, 23 Oct 2018 23:36:57 +0200
Subject: [PATCH 2/4] jitterentropy: init at 2.1.2

---
 .../libraries/jitterentropy/default.nix       | 30 +++++++++++++++++++
 pkgs/tools/security/rng-tools/default.nix     |  6 +++-
 pkgs/top-level/all-packages.nix               |  2 ++
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/development/libraries/jitterentropy/default.nix

diff --git a/pkgs/development/libraries/jitterentropy/default.nix b/pkgs/development/libraries/jitterentropy/default.nix
new file mode 100644
index 00000000000..175097ef785
--- /dev/null
+++ b/pkgs/development/libraries/jitterentropy/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchFromGitHub }:
+stdenv.mkDerivation rec {
+  name = "jitterentropy-${version}";
+  version = "2.1.2";
+
+  src = fetchFromGitHub {
+    owner = "smuellerDD";
+    repo = "jitterentropy-library";
+    rev = "v${version}";
+    sha256 = "10yl1hi0hysr53wzy2i8brs0qqnxh46mz3dcjh5mk0ad03wvbfsl";
+  };
+
+  enableParallelBuilding = true;
+
+  preInstall = ''
+    mkdir -p $out/include
+  '';
+
+  installFlags = [
+    "PREFIX=$(out)"
+  ];
+
+  meta = {
+    description = "Provides a noise source using the CPU execution timing jitter";
+    homepage = https://github.com/smuellerDD/jitterentropy-library;
+    license = with stdenv.lib.licenses; [ gpl2 bsd3 ];
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ johnazoidberg ];
+  };
+}
diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix
index 3a6c1cecdf1..86a5a1b7c39 100644
--- a/pkgs/tools/security/rng-tools/default.nix
+++ b/pkgs/tools/security/rng-tools/default.nix
@@ -5,6 +5,9 @@
 , curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false
   # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source
 , libgcrypt ? null, withGcrypt ? true
+  # Not sure if jitterentropy is safe to use for cryptography
+  # and thus a default entropy source
+, jitterentropy ? null, withJitterEntropy ? false
 }:
 with stdenv.lib;
 stdenv.mkDerivation rec {
@@ -23,11 +26,12 @@ stdenv.mkDerivation rec {
   preConfigure = "./autogen.sh";
 
   configureFlags =
-       [ "--disable-jitterentropy" ]
+       optional (!withJitterEntropy) "--disable-jitterentropy"
     ++ optional (!withNistBeacon) "--without-nistbeacon"
     ++ optional (!withGcrypt) "--without-libgcrypt";
 
   buildInputs = [ sysfsutils ]
+    ++ optional withJitterEntropy [ jitterentropy ]
     ++ optional withGcrypt [ libgcrypt.dev ]
     ++ optional withNistBeacon [ openssl.dev curl.dev libxml2.dev ];
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5d3fa9f5aa5..2864eec394d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3459,6 +3459,8 @@ with pkgs;
 
   jira-cli = callPackage ../development/tools/jira_cli { };
 
+  jitterentropy = callPackage ../development/libraries/jitterentropy { };
+
   jl = haskellPackages.callPackage ../development/tools/jl { };
 
   jmespath = callPackage ../development/tools/jmespath { };

From 6ffdf5a39f492c3bff1f253e00bbb1716f35a8e8 Mon Sep 17 00:00:00 2001
From: Daniel Schaefer <git@danielschaefer.me>
Date: Wed, 24 Oct 2018 00:49:46 +0200
Subject: [PATCH 3/4] rng-tools: Rename attribute rng_tools -> rng-tools

Comply with naming guidelines
---
 pkgs/top-level/aliases.nix      | 1 +
 pkgs/top-level/all-packages.nix | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index a0f611dd961..c5cbc3abce9 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -234,6 +234,7 @@ mapAliases ({
   qwt6 = libsForQt5.qwt;  # added 2015-12-19
   rdiff_backup = rdiff-backup;  # added 2014-11-23
   rdmd = dtools;  # added 2017-08-19
+  rng_tools = rng-tools; # added 2018-10-24
   robomongo = robo3t; #added 2017-09-28
   rssglx = rss-glx; #added 2015-03-25
   ruby_2_0_0 = throw "deprecated 2018-0213: use a newer version of ruby";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2864eec394d..0586e97822d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -5085,7 +5085,7 @@ with pkgs;
     inherit (pythonPackages) sphinx;
   };
 
-  rng_tools = callPackage ../tools/security/rng-tools { };
+  rng-tools = callPackage ../tools/security/rng-tools { };
 
   rnv = callPackage ../tools/text/xml/rnv { };
 

From b2f6aa00696f174f8d7ab453a89b8b7370dd128b Mon Sep 17 00:00:00 2001
From: Renaud <c0bw3b@users.noreply.github.com>
Date: Wed, 24 Oct 2018 13:46:08 +0200
Subject: [PATCH 4/4] nixos/rngd: use new name pkgs.rng-tools

Instead of pkgs.rng_tools which is now an alias
---
 nixos/modules/security/rngd.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix
index 3a1ffc55e5f..81e04a44b11 100644
--- a/nixos/modules/security/rngd.nix
+++ b/nixos/modules/security/rngd.nix
@@ -30,7 +30,7 @@ with lib;
 
       description = "Hardware RNG Entropy Gatherer Daemon";
 
-      serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
+      serviceConfig.ExecStart = "${pkgs.rng-tools}/sbin/rngd -f -v" +
         (if config.services.tcsd.enable then " --no-tpm=1" else "");
     };
   };