On Wed, Jul 18, 2018 at 8:04 PM Ken Moffat <[email protected]> wrote:
> On Sat, Jun 02, 2018 at 10:02:39PM +0100, Ken Moffat wrote: > > > I've been seeing problems on some of my machines with recent kernels > > (first noticed in 4.17-rc, but it also now happends in 4.16.4 or > > later). The problem is that instead of unbound taking a handful of > > seconds to start (often, it is all-but immediate), on the affected > > machines it now takes up to two and a half minutes. > > > > Finally, making slow progress on this. The problem is caused by the > fix for CVE-2018-1108. A little while ago Ted Ts'o offered a patch, > possibly as an RFC, to use entropy from the hwrng (unsafe for > critical things like key generation, but it allows less-important > things, e.g. in systemd units, to run and therefore it lets the box > boot in the absence of real entropy. > > Apparently he did this because fedora are starting to derive > "entropy" from jitter so that e.g. VMs can boot in a meaningful > time. > > For my haswell that was great, but for my kaveri it made no > difference - turns out that the kaveri does NOT have a hwrng (I > enabled the option, and /dev/hwrng exists, but reading it with dd > reports 'No such file'). > > And the patch which introduced this fix can no-longer be reverted, > parts of the file, at least in 4.18-rc5, have been rewritten. > > What I will now be looking at is twofold: > > 1. start the random bootscript earlier (currently it is S25, but > unbound is S21; S15 - just after sysklogd - looks likely). > For systemd, I've no idea how to change the dependencies. > > > While option 2 is nice, for systemd, it'll be a one-liner configuration change. We could probably even do it as a sed. We'd have to change it to Requires=haveged
-- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
