The message at
<https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html> contains
two boot traces from virtual machines which show that the SSH key is
generated before the kernel pool is sufficiently seeded.
Would it be possible using socket activation to create the listening
socket for SSH, but block the actual service startup until the keys have
been generated after sufficient entropy became available?
What would you need on the kernel side to implement the waiting?
(Textual comparison of a log message is only good for a prototype.)
--
Florian Weimer / Red Hat Product Security Team
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
