[pkg-gnupg-maint] Bug#874721: Bug#874721: gnupg: the option --debug-quick-random seems to be ignored
Werner Koch
wk at gnupg.org
Sat Sep 9 17:06:10 UTC 2017
> With gnupg 1.4 the corresponding option --quick-random had the desidered
> effect, but since the move gnupg 2.1 this seems to be ignored, to the
Your problem is that the keys are generated by gpg-agent. Thus you
would need to use --debug-quick-random in gpg-agent.conf. However, this
is not possible because we need to switch libgcrypt into quick random
mode as early as possible and thus gpg-agent detects it only when given
on the command line. Now, gpg-agent is started on demand by gpg and
thus we need a way to put it on the command line. If you put this into
the gpg.conf
agent-program /usr/bin/gpg-agent|--debug-quick-random
the agent will be started by gpg with an additional option of
--debug-quick-random. The use of the pipe symbol is an ugly kludge
but does its work. See gnupg/tests/openpgp/defs.scm for the other
options we use for the gnupg internal regression tests.
Another way is to start the agent first. The GPGME test suite does this
and uses the script gpgme/tests/start-stop-agent.
Yet another way is to gobally do away with /dev/random and use
/dev/urandom (or the getrandom syscall). With Libgcrypt 1.8 this can be
done by putting
only-urandom
into /etc/gcrypt/random.conf. That might in fact be a good idea for
builder boxes.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170909/7c14c7f6/attachment.sig>
More information about the pkg-gnupg-maint
mailing list