Fwd: Bug#912087: reassign to systemd #912087 | openssh-server: Slow startup after the upgrade to 7.9p1

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Bug#912087: reassign to systemd #912087 | openssh-server: Slow startup after the upgrade to 7.9p1

Nathael Pajani-3
*** I also tried to post on bugtracker, but I do not see it there ... ***

Hi all !

I also ran into this (very) late crng_init problem which prevents login on console or ssh
on an embedded system, and reading this kind of "the problem does not come from us,
assigned to someone else" behavior makes me feel like the debian community really has a
problem. (And reading this : https://github.com/systemd/systemd/issues/4167 gives some
weight to my feelings (fixing security issues only if we notice them being exploited !!!
wow ...) )

Anyway, for those interested in solving the problem, I made a small programm (160 lines,
including comments !) which solves the problem :
http://www.nathael.org/Data/Devel/entropy_pool_init.c

It's loosely based on what's done by haveged (without the HAVEGE algorithm) and what is in
/etc/init.d/urandom and in the "fast init" in the drivers/char/random.c driver.

I feel like it's a quite good compromise between speed, complexity and security.
May be improved with the real HAVEGE algorithm, but I did not have time to use it, and did
not want to have the haveged daemon running forever either (and the packages installed).

Compile with :
$(CROSS_COMPILE)gcc entropy_pool_init.c -o entropy_pool_init -Wall -Wextra
and place result in /sbin
(You make have time to create a debian package for this, I don't have time for debian any
more).

Then modify /etc/init.d/urandom to call entropy_pool_init with saved entropy file as
argument :
/sbin/entropy_pool_init /var/lib/urandom/random-seed

This should replace the (date and cat "$SAVEDFILE" )>/dev/urandom under "start" case.

you can even improve by calling this as soon as /proc and /dev are available and date got
set (from hwclock), so possibly before eudev/udev on a well configured system with a
recent well configured kernel, which will also remove all these kind of messages :
[    3.255107] random: udevd: uninitialized urandom read (16 bytes read)

Have fun !
+++


--
Nathael PAJANI
Techno-Innov
Internet : http://www.techno-innov.fr
Twitter : @TechnoInnov

Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bug#912087: reassign to systemd #912087 | openssh-server: Slow startup after the upgrade to 7.9p1

Kurt Roeckx

Note that systemd created an option so you can say you trust the
file. But in Debian we don't want to enable that by default. If
you need this in stable, I suggest talk to the systemd maintainer.