From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#36380: service urandom-seed takes too long on boot Date: Wed, 26 Jun 2019 11:47:21 -0400 Message-ID: <20190626154721.GA2999@jasmine.lan> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:48602) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgA9U-0002uz-Ce for bug-guix@gnu.org; Wed, 26 Jun 2019 11:48:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hgA9T-00070R-9Q for bug-guix@gnu.org; Wed, 26 Jun 2019 11:48:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:51573) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hgA9S-0006zh-Dc for bug-guix@gnu.org; Wed, 26 Jun 2019 11:48:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hgA9S-0000yt-A3 for bug-guix@gnu.org; Wed, 26 Jun 2019 11:48:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Robert Vollmert Cc: 36380@debbugs.gnu.org --M9NhX3UHpAaciwkO Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 25, 2019 at 08:12:28PM +0200, Robert Vollmert wrote: > On my VPS, booting takes forever (long enough that for a long > time I thought the install had failed). I just rebooted again, > and it took over 7 minutes, see attached screenshot. Yikes, that's way too long. Can you say what VPS it is? > I would suggest skipping the seeding from /dev/hwrng by default > if /var/lib/random-seed is available. I=E2=80=99m assuming here that my > problem is not too rare =E2=80=94 if it is, an option to disable the > seeding from /dev/hwrng seems like a good idea. Originally I added the HWRNG read specifically the for VM / VPS use case [0], where the first boot environment is relatively deterministic. I agree it's superfluous if the random-seed file is handled properly but it's nice to unconditionally have this other entropy source that avoids the pitfalls of file-based entropy seeding. Ideally the hypervisor would seed the guest's HWRNG interface with the host's /dev/urandom, which would avoid significant delays. It seems they are using some other more limited resource instead. Does anyone else have an opinion or experience with this issue? It would be great to know how widespread it is. [0] https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D9a56cf2b5b4970843c2= 15091ea9823a67e077310 https://lists.gnu.org/archive/html/guix-devel/2017-12/msg00096.html --M9NhX3UHpAaciwkO Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl0Tk4QACgkQJkb6MLrK fwhzQQ/8Dec8zVia6JlNfy5x142pZNTseg3wV2ngdEeJrpViVjhtXRvfMY/UYOPF 9mct+VviPHSae8oSJG5S+rPA7xQwXedMdMRsDjdORajEoB7WUZ7FKYWmkRvuhatB bJPisHnYkZXE/+Un4hQEYQV8Ntpbr1hmBmC2DTzqpLbL13nD1lxfjolRg67Shywt TkQOMt81waqRQdyY2tNK6whjgFMfzAyTdsW/kaMzGWgtyI8ze4vus1F4wG1LWVgH 47O7q8uRq+y94jKfTN3RzRLhdK7jRtClAZi5nLETwbh+mCO82fiq+/5jCMKHo63E JGpL7LoIDwZCLKC9K+VVpHfUIUpw8nV42eY/2VW6NyF5n/dFszAsbnwNa4vJVpD/ w6YAr83y1LwiThz0cq5e/kgW8PWuDTCzUtJCXJ+9fMqZjhxkLbY21yZHyLwu1yKl AP0GY3+77AcDbqvXXF7br19l5B2KNF2TjV5uhssEnnTSy80RWufQQ8N3HeoGbHKF C68Ls/XQ42Zyfy5r+lulPOF0C/2d+pNJJ7aFVqFTw8wpWApwhexafDqdmBoNyNH3 31J+gzdNZ+SukUoE0x+NkBkgIgedLU/D4tYh7kgPJKGFfZpomLGsry83sgy1wMlE /JvJqQQsgPRp6YD6P+37Vil5ob6KzlV1QmUhH4H4XI/WiUjJnlI= =JjKb -----END PGP SIGNATURE----- --M9NhX3UHpAaciwkO--