Bug#923675: Add related bug #916690 info
Debian Edu ran into this problem when installing Kerberos as a server from d-i,
and solved it by running a process in the background to monitor the entropy level,
and when it was running low, it would flush the file buffers and run 'find
/target' to force some IO operations that would add entropy to the kernel.
The code can be found in
<URL: https://salsa.debian.org/debian-edu/debian-edu-config/blob/master/share/debian-edu-config/d-i/finish-install >
and look like this:
# Try to add entropy when running low
(
cd /
while true ; do
entropy="$(cat /proc/sys/kernel/random/entropy_avail)"
if [ 130 -gt "$entropy" ] ; then
log "low on entropy, pool is $entropy. trying to add more"
# Disk IO add entropy to the kernel. Flush cache to ensure find and
# touch/rm causes disk IO.
sync
echo 3 > /proc/sys/vm/drop_caches
find /target > /dev/null || true
touch /target/var/tmp/foo
sync
rm /target/var/tmp/foo
sync
entropy="$(cat /proc/sys/kernel/random/entropy_avail)"
log "entropy pool is $entropy after trying to add"
fi
sleep 20
done ) < /dev/null 2>&1 3>/dev/null 4>&3 5>&3 6>&3 | logger -t edu-entropy-add
& epid=$!
... install stuff ...
# Ignore errors in case the entropy gathering is no longer running
if kill $epid ; then
:
else
log "error: killing the entropy gathering job failed - exited?"
fi
Perhaps a similar approach could be inserted into the default Debian Installer?
--
Happy hacking
Petter Reinholdtsen
Reply to: