Ludovic Courtès writes: > Hi again, > > Marius Bakke skribis: > >> After reconfiguring on the 'core-updates' branch, systems using the >> OpenSSH service will occasionally (not always!) hang forever during >> boot, waiting for entropy. Moving the mouse or mashing the keyboard >> allows the boot to proceed. >> >> I don't think this is limited to OpenSSH, but anything that calls >> getrandom() during startup. >> >> There is some information about this problem and various workarounds >> here, including links to recent LKML discussions: >> >> https://daniel-lange.com/archives/152-hello-buster.html > > I read some of these, and our ‘urandom-seed-service-type’ has the same > bug as . Namely, we > write the previous seed to /dev/urandom but we don’t credit the > entropy. > > The attached patch fixes that, and I think it should fix the problem you > reported. Could people give it a try? Good catch, LGTM. Unfortunately it does not fix the problem. > I’m interested in seeing the value of > /proc/sys/kernel/random/entropy_avail with and without this patch right > after boot (don’t try it in ‘guix system vm’ because there’s no seed > there.) before - 243 after - 2419 I don't know why this change was insufficient. Perhaps the kernel does not consider such a seed alone trustworthy enough? I also tried to increase the seed size to no avail. I found this patch in the 5.4 kernel tree after reading the commit log of random.c: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f2dc2798b81531fd93a3b9b7c39da47ec689e55 ...which *does* solve the problem. The comments in the merge commit suggests that it is not necessarily a good solution, so I think we should let it "settle" a bit upstream before pushing it. It does look rather sledgehammer-y... https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f2dc2798b81531fd93a3b9b7c39da47ec689e55 Thoughts? I have attached a patch that adds Linus' fix for the curious: