Fixing Linux getrandom() in stable
Michael Biebl
biebl at debian.org
Thu May 10 18:30:46 BST 2018
Hi Russ
Am 10.05.2018 um 19:22 schrieb Russ Allbery:
> Michael Biebl <biebl at debian.org> writes:
>> Am 10.05.2018 um 00:46 schrieb Ben Hutchings:
>
>>> One of the krb5 maintainers (Benjamin Kaduk) favours option 2b, and
>>> also proposed that systemd could provide a wait-for-rng-ready unit to
>>> support this.
>
>> What exactly would such a wait-for-rng-ready service do and how would it
>> solve this particular problem?
>
> I may be misunderstanding the nature of the issue, but I believe that a
> Type=oneshot service that runs a small C program that calls getrandom()
> and then exit(0) when it returns would provide a useful facility.
> krb5-kdc could then just declare a dependency on that service and wouldn't
> be started until randomness was available.
So we'd shift the waiting for randomness-to-be-available from one
service to another? I don't quite see yet, where the benefit is in that.
What's better if a wait-for-rng-ready binary blocks on getrandom()
instead of the krb5-kdc binary itself? We wouldn't shorten the time we
have to wait this way.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20180510/7e80ec82/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list