From: Leo Famulari <leo@famulari.name>
To: Robert Vollmert <rob@vllmrt.net>
Cc: 36380@debbugs.gnu.org
Subject: bug#36380: service urandom-seed takes too long on boot
Date: Wed, 26 Jun 2019 11:47:21 -0400 [thread overview]
Message-ID: <20190626154721.GA2999@jasmine.lan> (raw)
In-Reply-To: <F88CEF04-9BFA-4886-8A2D-AD84AE278D07@vllmrt.net>
[-- Attachment #1: Type: text/plain, Size: 1392 bytes --]
On Tue, Jun 25, 2019 at 08:12:28PM +0200, Robert Vollmert wrote:
> On my VPS, booting takes forever (long enough that for a long
> time I thought the install had failed). I just rebooted again,
> and it took over 7 minutes, see attached screenshot.
Yikes, that's way too long. Can you say what VPS it is?
> I would suggest skipping the seeding from /dev/hwrng by default
> if /var/lib/random-seed is available. I’m assuming here that my
> problem is not too rare — if it is, an option to disable the
> seeding from /dev/hwrng seems like a good idea.
Originally I added the HWRNG read specifically the for VM / VPS use case
[0], where the first boot environment is relatively deterministic. I
agree it's superfluous if the random-seed file is handled properly but
it's nice to unconditionally have this other entropy source that avoids
the pitfalls of file-based entropy seeding.
Ideally the hypervisor would seed the guest's HWRNG interface with the
host's /dev/urandom, which would avoid significant delays. It seems they
are using some other more limited resource instead.
Does anyone else have an opinion or experience with this issue? It would
be great to know how widespread it is.
[0]
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=9a56cf2b5b4970843c215091ea9823a67e077310
https://lists.gnu.org/archive/html/guix-devel/2017-12/msg00096.html
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2019-06-26 15:48 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-25 18:12 bug#36380: service urandom-seed takes too long on boot Robert Vollmert
2019-06-26 9:41 ` Alex Sassmannshausen
2019-06-26 15:47 ` Leo Famulari [this message]
2019-06-26 16:02 ` Robert Vollmert
2019-06-27 19:19 ` Leo Famulari
2019-06-27 15:20 ` Ludovic Courtès
2019-06-27 19:03 ` Leo Famulari
2019-06-27 20:00 ` Ludovic Courtès
2019-06-28 6:47 ` Robert Vollmert
2019-06-28 17:24 ` Leo Famulari
2019-07-11 17:44 ` Leo Famulari
2019-07-11 21:33 ` Ludovic Courtès
2019-07-17 21:04 ` bug#36380: related article (Debian) Robert Vollmert
2020-03-22 8:43 ` bug#36380: service urandom-seed takes too long on boot Brice Waegeneire
2020-03-22 20:19 ` Leo Famulari
2020-12-27 15:00 ` Stefan
2020-12-27 23:09 ` Leo Famulari
2020-12-27 23:28 ` Stefan
2020-12-29 2:51 ` Leo Famulari
2021-02-07 15:23 ` raid5atemyhomework via Bug reports for GNU Guix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190626154721.GA2999@jasmine.lan \
--to=leo@famulari.name \
--cc=36380@debbugs.gnu.org \
--cc=rob@vllmrt.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).