Bug#999811: HAVEGED is obsolete starting from linux kernel 5.6

[Matt Taggart]

On 4/26/23 06:16, Cyril Brulebois wrote:

Control: severity -1 important

Matt Taggart  (2023-04-25):

As reported in #999811 the haveged package is obsolete starting in
linux 5.6 and newer, as the kernel adopted a similar algorithm and
also stopped blocking /dev/random reads.

I am upgrading severity to serious because I believe this is release
critical for bookworm.


No, thanks.


OK.

There may still be reasons to keep haveged in Debian, I do not know.
(do all archs have these >5.6 features? is it still needed in
addition?)


https://bugs.debian.org/1034361#12

1+ month into the hard freeze isn't when you suddenly want to remove a
dependency of the installer.


Sorry, I hadn't seen that bug :(

Post-bookworm I guess...

Thanks,

--
Matt Taggart
m...@lackof.org

Bug#999811: HAVEGED is obsolete starting from linux kernel 5.6

[Cyril Brulebois]

Control: severity -1 important

Matt Taggart  (2023-04-25):
> As reported in #999811 the haveged package is obsolete starting in
> linux 5.6 and newer, as the kernel adopted a similar algorithm and
> also stopped blocking /dev/random reads.
> 
> I am upgrading severity to serious because I believe this is release
> critical for bookworm.

No, thanks.

> There may still be reasons to keep haveged in Debian, I do not know.
> (do all archs have these >5.6 features? is it still needed in
> addition?)

https://bugs.debian.org/1034361#12

1+ month into the hard freeze isn't when you suddenly want to remove a
dependency of the installer.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#999811: HAVEGED is obsolete starting from linux kernel 5.6

[Matt Taggart]

severity 999811 serious
thanks

As reported in #999811 the haveged package is obsolete starting in linux 
5.6 and newer, as the kernel adopted a similar algorithm and also 
stopped blocking /dev/random reads.


I am upgrading severity to serious because I believe this is release 
critical for bookworm.


There may still be reasons to keep haveged in Debian, I do not know. (do 
all archs have these >5.6 features? is it still needed in addition?)

If so:
* sid has 1.9.14, upstream is 1.9.18, several existing debian bugs are fixed
* debian should adopt/implement something like the 
contrib/Fedora/haveged.service unit file mentioned that checks the 
kernel version before deciding to run.
* the vast majority of debian systems with haveged installed probably no 
longer need it on bullseye or newer. If the package will remain, the 
README.Debian should be updated and/or NEWS.Debian to let people know. 
If it's going to be removed from Debian, I'm not sure if it's better to 
have one last version that informs the user, to silently go away, or 
maybe something in the release notes?


Thanks,

--
Matt Taggart
m...@lackof.org

Bug#999811: HAVEGED is obsolete starting from linux kernel 5.6

[Danny van Heumen]

Package: haveged
Version: 1.9.14-1

HAVEGED is no longer considered necessary on any linux kernel 5.6 and greater. 
The site itself recommends[1] not using it as kernel random support is 
sufficiently improved, making haveged obsolete. Upstream uses a systemd service 
file with starting conditions[2] for exactly this reason.

Incidentally, issue 998382 notes issues with running haveged both as service 
and as userspace application. For recent kernels (e.g. Debian bullseye) this 
does not need to be an issue per se.

I want to point this out to ensure it is on the radar. I can imagine such a 
change might be too invasive on stable.

[1]: https://github.com/jirka-h/haveged/blob/master/README.md
[2]: 
https://raw.githubusercontent.com/jirka-h/haveged/master/contrib/Fedora/haveged.service