From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42756) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eMMNj-0004JD-3G for guix-patches@gnu.org; Tue, 05 Dec 2017 18:12:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eMMNe-00038N-5h for guix-patches@gnu.org; Tue, 05 Dec 2017 18:12:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:39538) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eMMNd-00037t-W0 for guix-patches@gnu.org; Tue, 05 Dec 2017 18:12:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eMMNd-00005K-OH for guix-patches@gnu.org; Tue, 05 Dec 2017 18:12:01 -0500 Subject: [bug#29542] rng-tools: New upstream location, new releases Resent-Message-ID: From: Marius Bakke In-Reply-To: <20171204184558.GF30970@jasmine.lan> References: <20171203003126.GA353@jasmine.lan> <20171204184558.GF30970@jasmine.lan> Date: Wed, 06 Dec 2017 00:11:36 +0100 Message-ID: <87wp20ydlj.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Leo Famulari , Tobias Geerinckx-Rice Cc: 29542@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Sun, Dec 03, 2017 at 08:49:09PM +0100, Tobias Geerinckx-Rice wrote: >> Hm. Looks legit, no? > > I think so but one can never be sure :) > >> I took a look at the recent commit[0] that added most of these: >>=20 >> =E2=80=9CNIST has a randomness beacon available here: >> https://www.nist.gov/programs-projects/nist-randomness-beacon >>=20 >> It generates entropy at a rate of 512 bits per minute. Its sent in >> cleartext over the internet, making it unsuitable for cryptographic >> function, it is useful in the generation of entropy for things like >> monte carlo tests or other uses where shared pools of entropy might be >> useful. As such, lets add the NIST beacon as an entropy source, but >> disable it by default so users have to know to keep it enabled.=E2=80= =9D >>=20 >> Neat! :-) >>=20 >> I'd be remiss if I didn't point out that it adds 166.3 MiB to the >> closure, though. On the one hand, that 's a 240% increase in closure >> size for a feature that's =E2=80=98disabled by default=E2=80=99 (but rea= d on). >>=20 >> On the other hand, this is a leaf package only installed by users who >> want it, and I don't like removing features without better reason. I >> also had to add =E2=80=98--without-nistbeacon=E2=80=99 to #:configure-fl= ags so it's not >> *that* disabled by default... >>=20 >> I'm in mild favour of keeping it, but suggest we add a comment above >> those three inputs to point those hacking the recipe in the right direct= ion. > > Thanks for digging in here. > > I started looking at this package because I'm interested in improving > the situation with the Linux RNG for virtualized GuixSD. Rng-tool's rngd > seems to have a part to play here. I think it would be better to keep the > closure small since it could potentially end up deployed widely. > > How about we disable the NIST beacon support for now, and add > 'rng-tools-minimal' later if the feature is requested? That sounds good to me. I prefer my entropy sources lightweight ;) FWIW if you control the hypervisor, you can send something along the lines of: qemu -device virtio-rng-pci,bus=3Dpci.0,addr=3D0x1e,max-bytes=3D1024,period= =3D1000 to feed the guest with entropy from the host through virtio, up to 1kB/s. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlonJ6gACgkQoqBt8qM6 VPqSAgf9HPhafeVUlFnE2eGTQfHfUzGE+EKsFZAwT0jPLwz1dUBnAaoa1ep/JQji y/Tucqbpi/bMLbwEY6BTSbLee3Aua6kHzPp/+g8E7Sv/UAf3QykwdDBzWaSu11wF sv1Kaib2RTs4AzTQrm6xTPQsng4Szeb+AqKAcd/v2kWQbuzMlCjKPpTPzFZLWHRI RwpqD9VvvV/lEB0PVsijzlddSqjv5mj+JfAhmKMMxcV/WQJHQkDcD+RFoDu7Iitu m9z9GZ/i7ZXKW1dUN/nJtynKnsK7UdU8aYOvzmMukdzRy5xJcOSN5bIb+OZkNIpZ Y1I2Uh+A++IifjkALK6lR6mB1zibzg== =2rCi -----END PGP SIGNATURE----- --=-=-=--