Fixing Linux getrandom() in stable
Russ Allbery
rra at debian.org
Thu May 10 18:22:18 BST 2018
Michael Biebl <biebl at debian.org> writes:
> Am 10.05.2018 um 00:46 schrieb Ben Hutchings:
>> One of the krb5 maintainers (Benjamin Kaduk) favours option 2b, and
>> also proposed that systemd could provide a wait-for-rng-ready unit to
>> support this.
> What exactly would such a wait-for-rng-ready service do and how would it
> solve this particular problem?
I may be misunderstanding the nature of the issue, but I believe that a
Type=oneshot service that runs a small C program that calls getrandom()
and then exit(0) when it returns would provide a useful facility.
krb5-kdc could then just declare a dependency on that service and wouldn't
be started until randomness was available.
There's been some further discussion among the krb5 maintainers about
whether delaying startup of the KDC until randomness is ready is the best
approach, but for any service that decide to take this approach (this
seems obviously correct for kadmind, for instance), having this sort of
facility available would make it easy to declare the right dependency.
It's akin to systemd-networkd-wait-online.service.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-systemd-maintainers
mailing list