From: Marius Bakke <mbakke@fastmail.com>
To: Leo Famulari <leo@famulari.name>, Tobias Geerinckx-Rice <me@tobias.gr>
Cc: 29542@debbugs.gnu.org
Subject: [bug#29542] rng-tools: New upstream location, new releases
Date: Wed, 06 Dec 2017 00:11:36 +0100 [thread overview]
Message-ID: <87wp20ydlj.fsf@fastmail.com> (raw)
In-Reply-To: <20171204184558.GF30970@jasmine.lan>
[-- Attachment #1: Type: text/plain, Size: 2268 bytes --]
Leo Famulari <leo@famulari.name> writes:
> On Sun, Dec 03, 2017 at 08:49:09PM +0100, Tobias Geerinckx-Rice wrote:
>> Hm. Looks legit, no?
>
> I think so but one can never be sure :)
>
>> I took a look at the recent commit[0] that added most of these:
>>
>> “NIST has a randomness beacon available here:
>> https://www.nist.gov/programs-projects/nist-randomness-beacon
>>
>> It generates entropy at a rate of 512 bits per minute. Its sent in
>> cleartext over the internet, making it unsuitable for cryptographic
>> function, it is useful in the generation of entropy for things like
>> monte carlo tests or other uses where shared pools of entropy might be
>> useful. As such, lets add the NIST beacon as an entropy source, but
>> disable it by default so users have to know to keep it enabled.”
>>
>> Neat! :-)
>>
>> I'd be remiss if I didn't point out that it adds 166.3 MiB to the
>> closure, though. On the one hand, that 's a 240% increase in closure
>> size for a feature that's ‘disabled by default’ (but read on).
>>
>> On the other hand, this is a leaf package only installed by users who
>> want it, and I don't like removing features without better reason. I
>> also had to add ‘--without-nistbeacon’ to #:configure-flags so it's not
>> *that* disabled by default...
>>
>> I'm in mild favour of keeping it, but suggest we add a comment above
>> those three inputs to point those hacking the recipe in the right direction.
>
> Thanks for digging in here.
>
> I started looking at this package because I'm interested in improving
> the situation with the Linux RNG for virtualized GuixSD. Rng-tool's rngd
> seems to have a part to play here. I think it would be better to keep the
> closure small since it could potentially end up deployed widely.
>
> How about we disable the NIST beacon support for now, and add
> 'rng-tools-minimal' later if the feature is requested?
That sounds good to me. I prefer my entropy sources lightweight ;)
FWIW if you control the hypervisor, you can send something along the
lines of:
qemu -device virtio-rng-pci,bus=pci.0,addr=0x1e,max-bytes=1024,period=1000
to feed the guest with entropy from the host through virtio, up to 1kB/s.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
next prev parent reply other threads:[~2017-12-05 23:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-03 0:31 [bug#29542] rng-tools: New upstream location, new releases Leo Famulari
2017-12-03 19:49 ` Tobias Geerinckx-Rice
2017-12-04 18:45 ` Leo Famulari
2017-12-05 23:11 ` Marius Bakke [this message]
2017-12-06 18:27 ` Seeding the Linux RNG at first boot Leo Famulari
2017-12-07 21:07 ` Ludovic Courtès
2017-12-07 23:47 ` Leo Famulari
2017-12-11 9:16 ` Ludovic Courtès
2017-12-11 16:08 ` Leo Famulari
2017-12-20 8:55 ` bug#29542: rng-tools: New upstream location, new releases Leo Famulari
2017-12-06 2:33 ` [bug#29542] " Tobias Geerinckx-Rice
2017-12-06 18:07 ` Leo Famulari
2017-12-06 2:38 ` Tobias Geerinckx-Rice
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wp20ydlj.fsf@fastmail.com \
--to=mbakke@fastmail.com \
--cc=29542@debbugs.gnu.org \
--cc=leo@famulari.name \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.