Bug#923675: debian-installer: consider using haveged to gather entropy

To: Cyril Brulebois <kibi@debian.org>, 923675@bugs.debian.org
Cc: Ben Hutchings <ben@decadent.org.uk>, Petter Reinholdtsen <pere@hungry.com>
Subject: Bug#923675: debian-installer: consider using haveged to gather entropy
From: Steve McIntyre <steve@einval.com>
Date: Tue, 16 Apr 2019 23:17:07 +0100
Message-id: <[🔎] 20190416221707.GN25446@tack.einval.com>
Reply-to: Steve McIntyre <steve@einval.com>, 923675@bugs.debian.org
In-reply-to: <[🔎] 20190416214508.hkt5ltqzrkbjyqgh@mraw.org>
References: <155163358557.7325.3024603748667534580.reportbug@armor.home> <[🔎] 20190416101930.GA13044@hjemme.reinholdtsen.name> <[🔎] 6f528091216846607daed9aad0daef894fe3b0ea.camel@decadent.org.uk> <[🔎] 20190416115736.GA15857@hjemme.reinholdtsen.name> <155163358557.7325.3024603748667534580.reportbug@armor.home> <[🔎] 103efb6d919cd76d9e5ad2b71eac1c8cf0f76fda.camel@decadent.org.uk> <155163358557.7325.3024603748667534580.reportbug@armor.home> <[🔎] 20190416203710.q5mirddvxtpac6g3@mraw.org> <155163358557.7325.3024603748667534580.reportbug@armor.home> <[🔎] 20190416214508.hkt5ltqzrkbjyqgh@mraw.org> <155163358557.7325.3024603748667534580.reportbug@armor.home>

On Tue, Apr 16, 2019 at 11:45:08PM +0200, Cyril Brulebois wrote:
>Cyril Brulebois <kibi@debian.org> (2019-04-16):
>> The former was on my list of things to try; thanks for mentioning the
>> latter.

...

>My initial thought would be to launch it on demand when one is about to
>get to wget calls that needs HTTPS; but we could probably benefit from
>it in case HTTP is requested but redirections to HTTPS happens… There
>are also the obvious keypair generations mentioned above. But then over
>time maybe some other operations could be needing entropy (the
>cryptsetup case is discussed in a separate thread[1]).
>
> 1. https://lists.debian.org/debian-boot/2019/04/msg00153.html
>
>So it might be best to start it unconditionally at start-up?

I'd go with that, yes. What's the down-side?

I'm also pondering doing something similar with "udevadm monitor" -
start it unconditionally, logging to the installer syslog. It'd be a
good extra bit of debug to have.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
Google-bait:       http://www.debian.org/CD/free-linux-cd
  Debian does NOT ship free CDs. Please do NOT contact the mailing
  lists asking us to send them to you.

Reply to:

References:
- Bug#923675: Add related bug #916690 info
  - From: Petter Reinholdtsen <pere@hungry.com>
- Bug#923675: Add related bug #916690 info
  - From: Ben Hutchings <ben@decadent.org.uk>
- Bug#923675: Add related bug #916690 info
  - From: Petter Reinholdtsen <pere@hungry.com>
- Bug#923675: Add related bug #916690 info
  - From: Ben Hutchings <ben@decadent.org.uk>
- Bug#923675: Add related bug #916690 info
  - From: Cyril Brulebois <kibi@debian.org>
- Bug#923675: debian-installer: consider using haveged to gather entropy
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: partman-basicfilesystems_147_source.changes ACCEPTED into unstable
Next by Date: Bug#923675: debian-installer: consider using haveged to gather entropy
Previous by thread: Processed: Bug#923675: debian-installer: consider using haveged to gather entropy
Next by thread: Bug#923675: debian-installer: consider using haveged to gather entropy
Index(es):
- Date
- Thread