I am neither a cryptographer nor a security engineer, so when it came time to consider cryptographic best practices for my project I innocently searched for entropy test utilities. A few skimmed lists later, I had set my sites on one that I kept hearing good things about -- something called dieharder.

Nakatomi Tower as a CLI? A Digital John McClane? I had to track it down and learn more.

DieHarder DOA?

DieHarder is a CLI entropy testing utility written by Robert G. Brown at Duke University. It implements several rigorous tests that can measure a system's performance calculating random data. To vastly oversimplify, it goes far beyond /dev/urandom. "Perfect," I thought. "I'll just grab that and include it as a nice-to-have."

Unfortunately, when I followed the installation instructions the compilation failed. Trying to find a solution only pulled up threads dedicated to CentOS or Ubuntu that were years out of date. So, I decided to solve how to compile it on Alpine myself.

Sed to the Rescue

Luckily, the necessary changes are brief and can be made using the built-in stream editor sed. The addition of a missing typedef and a missing define of a constant are all that it takes to make the compilation succeed; aside from renaming a required dependency.

Without further ado, here's how to install, patch, compile, and run this utility on Alpine!

#!/bin/sh # Install static packages. apk add \ apk-tools-static \ busybox-static # Install packages needed to compile DieHarder. apk.static -U add \ chrpath \ gsl \ gsl-dev \ haveged \ libtool \ make \ rng-tools \ rpm-dev \ build-base # Create a valid build tree for RPM. mkdir -pm 0700 \ ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} # Point to the 'rpmbuild' path in the macro file. echo '%_topdir %(echo $HOME)/rpmbuild' >> ~/.rpmmacros # Create a path of your choice to install into. mkdir -pm 0700 /your/install/path chown root:root /your/install/path # Download the latest version of dieharder. wget -c \ http://webhome.phy.duke.edu/~rgb/General/dieharder/dieharder.tgz -O - | \ tar -xz -C /your/install/path/ # Set current directory to the top level of the build # extracted from the tarball. cd /your/install/path/* # Generate makefiles and compilation resources. ./autogen.sh # ---- Patch dieharder.spec file. # Patch line 16 to point to 'gsl-dev' package. sed -i \ '16s/.*/chrpath gsl-dev/' \ ./dieharder.spec # Patch line 129 to prevent 'macro expanded' error. sed -i '129s/.*/# /' ./dieharder.spec # ---- Patch libdieharder.h file. # Insert new line to define 'M_PI' constant. sed -i \ '66i #define M_PI 3.14159265358979323846' \ ./include/dieharder/libdieharder.h # Insert new line to create 'uint' typedef. sed -i \ '262i typedef unsigned int uint;' \ ./include/dieharder/libdieharder.h # Compile dieharder. make install # Run all tests in dieharder. dieharder -a 

This has been tested using dieharder 3.31.1 running on Alpine 3.12 Stable inside a HashiCorp Vault 1.5.4 image built with docker-compose. Results may vary.

Hope this helps you in your cryptographic projects, and thanks for reading!