Bug#914297: apache2: getrandom call blocks on first startup, systemd kills with timeout
reassign 914297 systemd
affects 914297 apache2
On Saturday, 15 December 2018 02:24:54 CET Alexander E. Patrakov wrote:
> Stefan Fritsch <email@example.com>:
> > The rng should be initialized after the seed is loaded from disk.
> This is false according to systemd developers. Its state is changed,
> but it is still not initialized, because they think that the seed
> might come from a gold master image.
That's broken, then.
It turns out there was a similar bug against openssh which was closed as
wontfix . I don't see how apache can do anything about this, either.
But I disagree with the systemd maintainers that there is nothing that systemd
can do about this. They should credit the entropy loaded from the seed but
save a new seed immediately after reading it during startup, to avoid that the
same seed is used more than once.
A second (but worse) alternative would be to provide something that waits for
the RNG to be initialized that other services can depend on.