On starting (and stopping) rngd

Felipe Sateler fsateler at debian.org
Mon Nov 9 23:19:17 GMT 2020 

Hi,

I'll comment only on the init stuff, as I have no idea what rng-tools does.

On Sun, Nov 8, 2020 at 6:48 PM Thorsten Glaser <tg at debian.org> wrote:

> Hi *,
>
> I’m copying this eMail to those who requested various starting
> methods for rngd and those who can probably help me with it.
>
> Background: I took over the heavily patched 2.x series of
> rng-tools as “rng-tools-debian”, which is currently started
> from a sysvinit script only.
>
> Now I have got requests for starting it different ways:
>
> • my own arngc (not packaged in Debian itself) starts it as
>   client of an stunnel (for entropy distribution over the
>   network), so it must avoid starting rngd from the init
>   script… but might make use of stopping at system shutdown?
>   (arngc is always started manually or late, it needs network
>   and possibly additionally VPN set up)
>

It is difficult to comment on this without more details. Maybe it would be
possible to configure socket activation here? If not, the best option is
likely to be a differently-named service, that starts it in the right way.
Yet another option is to override the ExecStart= line from the main systemd
service with a config override[1]

[1]
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#id-1.14.3


>
> • some people wish for a systemd script
>
> • according to some people, the /dev/hwrng device sometimes
>   was not online when rngd was started, so we need a way to
>   wait for that (the submitter suggested a systemd unit with
>   multiple delayed restart attempts, which is… too crude)
>
> • some people use a HWRNG that only comes online after some
>   activity (e.g. plugging in a USB device, or powering up
>   the WLAN chip), and so want it started from udev (but how
>   to stop in that case?)
>

These two problems are actually the same (device being asynchronously
ready), and starting from udev is the correct solution. However, you don't
directly start it from udev, rather you tag with
`SYSTEMD_WANTS=rng-tools.service`, and then it is just as if it was started
at boot.


>
> My first question is to rngd upstream: does it, at all, make
> sense to start rngd multiple times? If so, how would I best
> manage that? If not, how would we best deal with possibly
> having multiple entropy sources?
>
> Then I need init system-related help. I need to write a
> systemd unit and a udev start script; I’ll probably factor
> out what the sysvinit script does and put that into a new
> shell script and start it from both sysvinit and systemd
> unit


This is a good idea regardless of systemd units. Files in /etc/init.d are
conffiles, and thus any logic is best shipped elsewhere. Due to conffile
handling, some users might not get (possibly required) logic changes in the
init script.


> and document that this is the script to start from
> one’s udev rules somewhere?
>

As mentioned above, you can instruct udev to start a systemd service
directly.  I;m not clear on whether you want this only for systemd systems
or everyone else too. In the latter case, you could probably add a RUN
script that starts the init script when not running under systemd.


> I also need information on how I can delay the rngd start
> to occur after udev has set up /dev/hwrng but not if there
> is nothing to set up for it, that is, no source, or already
> set up earlier / built into the kernel.
>

Starting via udev should be the best way then.


>
> Then, I have a report in #466946 indicating that stopping
> rngd on system shutdown might not be needed; I asked on
>
> http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/2020-November/thread.html#3753
> for comments on that. On one hand, not stopping rngd until
> the bitter end ensures it stays available; on the other
> hand, it can negatively affect things like umounting,
> cryptsetup unconfiguration, etc; in fact, on my own systems,
> I always get “process still running” messages from insserv(?)
> for the rngd instances started from arngc (see above).


> So I was considering letting the init script stop all rngd
> instances (a simple pkill would do the trick, I assume) on
> system shutdown, but don’t know if that’s a good idea and
> if it would work with systemd.
>

Please don't do this. Init scripts killing random processes is not a good
idea (what if I ran stop while the system is up?).


>
> There’s also the question whether/how to stop the instances
> started by udev.
>

At least under systemd, via SYSTEMD_WANTS they get treated as a service
just like any other. Thus, the ExecStop will be run for the service at
shutdown at the appropriate time (according to dependencies).


> The question of whether to allow multiple rngd processes
> (see above) also comes into play.
>
> Finally: yes, I’m aware of rng-tools5 and its version 6.x,
> but the version “traditionally shipped with Debian” contains
> a lot of new functionality that never made it upstream and
> as such has many users; arngc, for example, requires this
> functionality, as do others (cf. #951799).
>
> Thanks in advance,
> //mirabilos
> --
> 22:20⎜<asarch> The crazy that persists in his craziness becomes a master
> 22:21⎜<asarch> And the distance between the craziness and geniality is
> only measured by the success 18:35⎜<asarch> "Psychotics are consistently
> inconsistent. The essence of sanity is to be inconsistently inconsistent
>
>

-- 

Saludos,
Felipe Sateler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20201109/c638bdd4/attachment.html>

More information about the Pkg-systemd-maintainers mailing list