> On 05 March 2019 at 18:51 William Taylor via dovecot <dovecot@dovecot.org> > wrote: > > > On Tue, Mar 05, 2019 at 05:39:28PM +0100, Axel Burri via dovecot wrote: > > Hello > > > > When booting from a slow machine, I can observe dovecot blocking the > > whole boot process. I traced it down to the getrandom() system call in > > lib/randgen.c, which blocks until the random number generator is > > initialized (dmesg "random: crng init done"). This can take up to three > > minutes (!) on my machine, as there is not much entropy available (no > > hardware RNG, network VPN is also waiting for random). > > > > Unfortunately dovecot calls getrandom() before forking a daemon, which > > as a consequence blocks the whole init process (OpenRC on Gentoo Linux). > > > > I believe this behavior has changed in kernel 4.14: > > > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.40&id=6e513bc20ca63f594632eca4e1968791240b8f18 > > > > Quoting getrandom(2): > > "If the urandom source has not yet been initialized, then getrandom() > > will block, unless GRND_NONBLOCK is specified in flags." > > > > > > Dovecot: 2.3.4.1 (f79e8e7e4) > > > > Linux: 4.19.26-gentoo #2 SMP Thu Feb 28 20:30:23 CET 2019 x86_64 AMD > > G-T40E Processor AuthenticAMD GNU/Linux > > > > > > Regards, > > > > Axel > > > > It should either block or fail to start. I personally like the idea of > blocking so it starts up successfully. > > Have you tried installing an entropy daemon or something to provide more > entropy? I've seen people suggest haveged before. > > On a side note.. I thought you want to call getrandom() after forking > otherwise all children have the same rng sequence. >
Entropy daemon is very recommended for your server in any case, otherwise you'll have lots of trouble with SSL. Aki