Bug#504044: On starting (and stopping) rngd

Thorsten Glaser tg at debian.org
Wed Nov 11 18:04:07 GMT 2020 

Hi Neil,

>First, regarding the rng-tools version looks rather out of date.  From what

yes. As I explicitly wrote in the first message, this is about the
*heavily* patched “Debian classic” version of rng-tools 2.x; the
package with 5.x is called rng-tools5 currently, and updating it
is tracked elsewhere¹.

>I'd strongly suggest updating to the latest
>version to avoid some of the problems described in the bug

As stated multiple times², “updating” is actually a major loss
of functionality and therefore not possible for many users, which
is why rng-tools-debian contains the heavily patched old version.
It’s basically a fork.

(Feel free to merge those patches upstream, or, considering the
drift, it’d probably be more like, reimplement the same functionality
with the same options on top of the newer upstream version.)

Until then, the entirety(!) of this thread is about rng-tools 2.x.

>As for the question regarding starting rngd on multiple cores, I can't

No, this would also apply to single cores. The question is about
starting rngd multiple times, for example if there are multiple
entropy sources, or rather, if the start is controlled by different
causes. For example, one is started at boot and uses virtio-rng,
another is started by udev when the WLAN chip containing an RNG
comes online, and a third is started manually in a pipe with
stunnel to retrieve entropy from a central server over the network.
(Worst-case scenario, I guess.)

Basically… does the Linux kernel take incoming entropy from all
three instances? (The -W flag probably needs to be the same…)
Does it hurt any, or does it help any?

bye,
//mirabilos

① https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922677
  in the package rng-tools5, which is maintained by a completely
  different person as well, so I can’t comment on it

② in https://bugs.launchpad.net/ubuntu/+source/rng-tools/+bug/1333293
  first, but also multiple times in #951799 and #919893
-- 
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
	-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL

More information about the Pkg-systemd-maintainers mailing list