Hi *, I’m copying this eMail to those who requested various starting methods for rngd and those who can probably help me with it.
Background: I took over the heavily patched 2.x series of rng-tools as “rng-tools-debian”, which is currently started from a sysvinit script only. Now I have got requests for starting it different ways: • my own arngc (not packaged in Debian itself) starts it as client of an stunnel (for entropy distribution over the network), so it must avoid starting rngd from the init script… but might make use of stopping at system shutdown? (arngc is always started manually or late, it needs network and possibly additionally VPN set up) • some people wish for a systemd script • according to some people, the /dev/hwrng device sometimes was not online when rngd was started, so we need a way to wait for that (the submitter suggested a systemd unit with multiple delayed restart attempts, which is… too crude) • some people use a HWRNG that only comes online after some activity (e.g. plugging in a USB device, or powering up the WLAN chip), and so want it started from udev (but how to stop in that case?) My first question is to rngd upstream: does it, at all, make sense to start rngd multiple times? If so, how would I best manage that? If not, how would we best deal with possibly having multiple entropy sources? Then I need init system-related help. I need to write a systemd unit and a udev start script; I’ll probably factor out what the sysvinit script does and put that into a new shell script and start it from both sysvinit and systemd unit and document that this is the script to start from one’s udev rules somewhere? I also need information on how I can delay the rngd start to occur after udev has set up /dev/hwrng but not if there is nothing to set up for it, that is, no source, or already set up earlier / built into the kernel. Then, I have a report in #466946 indicating that stopping rngd on system shutdown might not be needed; I asked on http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/2020-November/thread.html#3753 for comments on that. On one hand, not stopping rngd until the bitter end ensures it stays available; on the other hand, it can negatively affect things like umounting, cryptsetup unconfiguration, etc; in fact, on my own systems, I always get “process still running” messages from insserv(?) for the rngd instances started from arngc (see above). So I was considering letting the init script stop all rngd instances (a simple pkill would do the trick, I assume) on system shutdown, but don’t know if that’s a good idea and if it would work with systemd. There’s also the question whether/how to stop the instances started by udev. The question of whether to allow multiple rngd processes (see above) also comes into play. Finally: yes, I’m aware of rng-tools5 and its version 6.x, but the version “traditionally shipped with Debian” contains a lot of new functionality that never made it upstream and as such has many users; arngc, for example, requires this functionality, as do others (cf. #951799). Thanks in advance, //mirabilos -- 22:20⎜<asarch> The crazy that persists in his craziness becomes a master 22:21⎜<asarch> And the distance between the craziness and geniality is only measured by the success 18:35⎜<asarch> "Psychotics are consistently inconsistent. The essence of sanity is to be inconsistently inconsistent
