El 29/04/14 14:43, Florian Weimer escribió:
The message at
<https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html>
contains
two boot traces from virtual machines which show that the SSH key is
generated before the kernel pool is sufficiently seeded.
Would it be possible using socket activation to create the listening
socket for SSH, but block the actual service startup until the keys have
been generated after sufficient entropy became available?
What would you need on the kernel side to implement the waiting?
(Textual comparison of a log message is only good for a prototype.)
The device should block but only until it is sufficiently
seeded..unfortunately I have seen it taking up a long time :-(
2014-04-29T12:13:24,000000-0400 --> system start
2014-04-29T12:14:51,007880-0400 --> random: nonblocking pool is initialized
In the systemd side we could avoid this by getting entropy from rdrand
if available.
Quite frankly, I think there is nothing we should do, this is something
that has to be fixed in the kernel side only.
--
Cristian
"I don't know the key to success, but the key to failure is trying to
please everybody."
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
