Bug#912087: [Pkg-openssl-devel] Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1

Michael Biebl biebl at debian.org
Mon Oct 29 18:11:17 GMT 2018 

reassign -1 openssl  1.1.1-1

On Mon, 29 Oct 2018 18:22:08 +0100 Kurt Roeckx <kurt at roeckx.be> wrote:
> reassign 912087 openssh-server,systemd
> thanks
> 
> On Mon, Oct 29, 2018 at 08:38:15AM +0100, Kurt Roeckx wrote:
> > On Mon, Oct 29, 2018 at 12:28:15AM +0000, Colin Watson wrote:
> > > Reassigning to OpenSSL - could the OpenSSL maintainers please have a
> > > look and advise what's best to do?  (See the start of the bug, reporting
> > > a delay of more than one minute in system boot in some cases, mainly
> > > waiting for sshd to start.)
> > 
> > The biggest change related to this is that we know use
> > getrandom()/getentropy() on kernels that have it, so kernels
> > >= 3.17. And the kernel using that interface doesn't return random
> > numbers until it has been initialized.
> > 
> > Something should be initializing the kernel with random data from
> > the previous boot. This used to be done by /etc/init.d/urandom,
> > but I'm not sure if that's still used. This should be done as
> > early as possible during the boot not to cause such problems. You
> > should look into when during the boot process the kernel gets this
> > random data.
> 
> So I believe this is not an openssl issue, but something in the
> order that the kernel's RNG is initialized and openssh is started.
> Potentionally the RNG isn't initialized at all and you actually
> have to wait for the kernel to get it's random data from the slow
> way.

The service is called systemd-random-seed.service and stores the random
seed during shutdown and restores it during boot. Pretty much as urandom
did under sysvinit.
This service is run in sysinit.target, ssh.service is started in
multi-user.target, which is ordered after sysvinit.target.


> So I'm reassigning this to systemd and openssh-server, I have no
> idea where the problem really is.

I don't see anything which can be fixed from the systemd side of things,
so reassigning back to openssl.

Regards,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20181029/33205eb1/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list