On 19 May 2016 at 17:43, Josef Reidinger
On Thu, 19 May 2016 17:37:49 +0200 Richard Brown
wrote: On 19 May 2016 at 16:51, Josef Reidinger
wrote: On Thu, 19 May 2016 16:45:44 +0300 Shyukri Shyukriev
wrote: On 5/19/16 3:41 PM, Josef Reidinger wrote:
On Thu, 19 May 2016 15:12:57 +0300 Shyukri Shyukriev
wrote: Cross-posting to Factory...
Hello All, I'm struggling with testing OBS Appliances ( https://openqa.opensuse.org/group_overview/17 ) which uses gpg keygen during setup. Checking the appliance started with openQA QEMU_VIRTIO_RNG=1 options shows:
cat /proc/sys/kernel/random/entropy_avail 16
while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
Googling about the topic suggests using dev/urandom, but it's not secure enough...
http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/ http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-...
Any ideas?
serial0 log https://openqa.opensuse.org/tests/196141/file/serial0.txt
Best regards
Hi Shyukri, in installation when we need good enough pool of entropy we use haveged service - http://www.issihosts.com/haveged/
Josef
Log shows that it starts and then stops quickly. Is it normal?
[ 27.093445] systemd[1]: Starting Entropy Daemon based on the HAVEGE algorithm... Starting Entropy Daemon based on the HAVEGE algorithm... [ [32m OK [0m] Started Entropy Daemon based on the HAVEGE algorithm. [ 27.105412] systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
..... [ 27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
It looks strange for me. I see that yast only stops haveged after unmounting disks, which should not be your case. So maybe check logs who stops it. As enabled haveged can really help you.
Josef
Josef, haveged during the install not seem to be working at all - I reported a similar issue in SLE 12 SP1 which is still unresolved
https://bugzilla.suse.com/show_bug.cgi?id=955141
Regards,
Richard
Ah, I am not aware of it. Basically YaST installation expect that haveged is run by default ( in past it is started by yast itself, but then it was changed, so yast no longer start it itself ).
Josef
Yeah I'm still waiting for an indication from someone knowledgeable and authoritative to decide what the intended/acceptable behaviour is. If YaST's current behaviour is correct (it's understandable, on that I totally agree) and nothing else is going to take over it's old role of starting haveged, then I expect to see documentation for users on how to start haveged as part of their installation when the entropy is needed. Then I'll be quite comfortable helping shyurki and others by having openQA automatically do that as part of it's testing. But right now I feel this is stuck in a bit of limbo, and I do not want to put workarounds for it in openQA which could ultimately mask the problem until it's too late and users are putting this out in the real world and finding they don't have sufficient entropy to install *SUSE in certain circumstances. Who do you think would be a good idea to poke about this? Marcus Meissner? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org