Haveged has actually become higher priority with 12.1. I was advocating enabling it by default so I'm surprised to see that development has gone the opposite way.
In releases prior to 12.1, drivers for popular network devices contributed to the entropy pool. Those patches weren't getting much traction upstream so we dropped them in the 12.1 kernel. The entropy pool will not be replenished as quickly on 12.1 naturally so haveged being enabled by default would be a good idea.
-Jeff
--
Jeff Mahoney
(apologies for the top post -- from my mobile)
On Jul 24, 2011, at 11:02 AM, Lars Müller
On Sun, Jul 24, 2011 at 03:19:47PM +0100, Olipro wrote:
I see someone else made a post back in May about this and I was wondering if anything came of it since; This daemon is sadly disabled by default in 11.4 which results in /dev/random having very little available entropy at all and thus anything that uses /dev/random for key generation will tend to stall for inordinate amounts of time, especially on systems that are only running from the commandline, for example, I have occasionally seen DNSSEC tutorials for openSUSE which use /dev/urandom - something that I think is just insane, but most likely a result of nothing being available to fill the entropy pool.
See https://bugzilla.novell.com/show_bug.cgi?id=675841 which was refereced by the haveged package change log.
- avoid unnecessary services. bnc#675841 also the start should be mediated by YaST or kiwi depending on presence of a virtualization environment, not by the package itself.
Would it enhance the result if the installer suggest to enable haveged if we decide to operate in runlevel 3?
The amount of black magic in changing defaults in the background without notifying the user must kept as minimal as possible.
Please drive this via bugzilla to make references in the package change log to the bug IDs possible. In bugzilla you're able to place a pointer to the archive of this mailing list thread http://lists.opensuse.org/opensuse-factory/2011-07/msg00378.html
Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org