[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#914297: apache2: getrandom call blocks on first startup, systemd kills with timeout

reassign 914297 systemd
affects 914297 apache2

On Saturday, 15 December 2018 02:24:54 CET Alexander E. Patrakov wrote:
> Stefan Fritsch <sf@sfritsch.de>:
> > The rng should be initialized after the seed is loaded from disk.
> This is false according to systemd developers. Its state is changed,
> but it is still not initialized, because they think that the seed
> might come from a gold master image.

That's broken, then.

It turns out there was a similar bug against openssh which was closed as 
wontfix [1]. I don't see how apache can do anything about this, either.

But I disagree with the systemd maintainers that there is nothing that systemd 
can do about this. They should credit the entropy loaded from the seed but 
save a new seed immediately after reading it during startup, to avoid that the 
same seed is used more than once.

A second (but  worse) alternative would be to provide something that waits for 
the RNG to be initialized that other services can depend on.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087

Reply to: