[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#978045: marked as done (apache2-bin: Immediate exit with "AH00141: Could not initialize random number generator")

Your message dated Sun, 27 Dec 2020 11:16:25 +0100 (CET)
with message-id <alpine.DEB.2.21.2012271112490.23208@manul.sfritsch.de>
and subject line Re: Bug#978045: apache2-bin: Immediate exit with "AH00141: Could not initialize random number generator"
has caused the Debian Bug report #978045,
regarding apache2-bin: Immediate exit with "AH00141: Could not initialize random number generator"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
978045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978045
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2-bin
Version: 2.4.46-2
Severity: important

On my machine, /usr/sbin/apache2 fails to start with the following message:

[Thu Dec 24 15:38:01.052051 2020] [:crit] [pid 15725] (38)Function not implemented: AH00141: Could not initialize random number generator

This happens very early, before reading conffiles or parsing command-line
arguments.

The error comes from line 5674 here:
https://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?revision=1884431&view=markup#l5674
and is due to a failure in apr_generate_random_bytes().

You can see that the associated call/failure is happening inside APR here, on
line 216:
https://svn.apache.org/viewvc/apr/apr/trunk/misc/unix/rand.c?revision=1832691&view=markup#l216

The issue is that if the library is configured (at build time) to
USE_GETRANDOM, then it assumes that the getrandom() call will be available and
if it fails it becomes a fatal error. On my system, I don't have getrandom()
because I'm running an ancient kernel, but others could (more legitimately)
have the option disabled on a recent custom-built kernel.

I think the correct fix is to not use that build-time option, and go back to
using DEV_RANDOM or whatever was being used previously. Alternatively, at
least document that a kernel with getrandom() support is required to use
apache2.

I'm not sure exactly when the packaging on this changed, but I know it was
broken in 2.4.46-1 and I *think* it worked in 2.4.43-1, although I can't get a
copy of that to double-check anymore.


-- Package-specific info:

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (501, 'testing'), (100, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14.15 (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2-bin depends on:
ii  libapr1                  1.7.0-4
ii  libaprutil1              1.6.1-5
ii  libaprutil1-dbd-sqlite3  1.6.1-5
ii  libaprutil1-ldap         1.6.1-5
ii  libbrotli1               1.0.9-2+b2
ii  libc6                    2.31-5
ii  libcrypt1                1:4.4.17-1
ii  libcurl4                 7.72.0-1
ii  libjansson4              2.13.1-1
ii  libldap-2.4-2            2.4.56+dfsg-1
ii  liblua5.2-0              5.2.4-1.1+b3
ii  libnghttp2-14            1.42.0-1
ii  libpcre3                 2:8.39-13
ii  libssl1.1                1.1.1h-1
ii  libxml2                  2.9.10+dfsg-6.3+b1
ii  perl                     5.32.0-6
ii  zlib1g                   1:1.2.11.dfsg-2

apache2-bin recommends no packages.

Versions of packages apache2-bin suggests:
ii  apache2-doc                                      2.4.46-2
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  links [www-browser]                              2.21-1
ii  lynx [www-browser]                               2.9.0dev.6-1
ii  w3m [www-browser]                                0.5.3-38+b1

Versions of packages apache2 depends on:
ii  apache2-data         2.4.46-2
ii  apache2-utils        2.4.46-2
ii  dpkg                 1.20.5
ii  init-system-helpers  1.60
ii  lsb-base             11.1.0
ii  mime-support         3.66
ii  perl                 5.32.0-6
ii  procps               2:3.3.16-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.40

Versions of packages apache2 suggests:
ii  apache2-doc                                      2.4.46-2
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  links [www-browser]                              2.21-1
ii  lynx [www-browser]                               2.9.0dev.6-1
ii  w3m [www-browser]                                0.5.3-38+b1

Versions of packages apache2-bin is related to:
ii  apache2      2.4.46-2
ii  apache2-bin  2.4.46-2

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Sun, 27 Dec 2020, Ondřej Surý wrote:

> I believe it’s a reasonable assumption that the kernel matches the 
> Debian release. If anybody is running with old kernel or disables 
> getrandom I would say they are on their own - also other stuff will 
> break, not only apache2.

Yes. One release backwards compartiblity is required for upgrades and more 
is sometimes convenient for running in chroots. But libapr1 1.7 will only 
be in Debian 11 bullseye and will work with Debian 9's kernel. That's
 two releases compatibility and should be enough. If you are stuck with 
the old kernel stay with Debian 10's userland. Or upgrade your kernel.

Cheers,
Stefan

--- End Message ---
Reply to: