On Thu, May 19, 2016 at 4:51 PM, Josef Reidinger
On Thu, 19 May 2016 16:45:44 +0300 Shyukri Shyukriev
wrote: On 5/19/16 3:41 PM, Josef Reidinger wrote:
On Thu, 19 May 2016 15:12:57 +0300 Shyukri Shyukriev
wrote: Cross-posting to Factory...
Hello All, I'm struggling with testing OBS Appliances ( https://openqa.opensuse.org/group_overview/17 ) which uses gpg keygen during setup. Checking the appliance started with openQA QEMU_VIRTIO_RNG=1 options shows:
cat /proc/sys/kernel/random/entropy_avail 16
while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
Googling about the topic suggests using dev/urandom, but it's not secure enough...
http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/ http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-...
Any ideas?
serial0 log https://openqa.opensuse.org/tests/196141/file/serial0.txt
Best regards
Hi Shyukri, in installation when we need good enough pool of entropy we use haveged service - http://www.issihosts.com/haveged/
Josef
Log shows that it starts and then stops quickly. Is it normal?
[ 27.093445] systemd[1]: Starting Entropy Daemon based on the HAVEGE algorithm... Starting Entropy Daemon based on the HAVEGE algorithm... [ [32m OK [0m] Started Entropy Daemon based on the HAVEGE algorithm. [ 27.105412] systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
..... [ 27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
It looks strange for me. I see that yast only stops haveged after unmounting disks, which should not be your case. So maybe check logs who stops it. As enabled haveged can really help you. This is how it is done in OBS https://github.com/openSUSE/obs-build/commit/919a83ff3c46ebb33d2b8a9ddcec78a...
I guess openQA doesn't define -object rng-random,filename=$rng_dev,id=rng0
Josef -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org