On Wed, Apr 30, 2014 at 1:08 PM, Lennart Poettering <lenn...@poettering.net> wrote: > On Tue, 29.04.14 20:43, Florian Weimer (fwei...@redhat.com) wrote: > >> The message at >> <https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html> >> contains two boot traces from virtual machines which show that the >> SSH key is generated before the kernel pool is sufficiently seeded. > > Are you saying ssh reads from /dev/urandom rather than /dev/random, but > it should be reading from the latter? WHat does that have to do with > systemd? > >> Would it be possible using socket activation to create the listening >> socket for SSH, but block the actual service startup until the keys >> have been generated after sufficient entropy became available? >> >> What would you need on the kernel side to implement the waiting? >> (Textual comparison of a log message is only good for a prototype.) > > THis already exists. It's called /dev/random... > > Not sure I understand what you are asking for...
I guess what he wants is to only read from /dev/urandom once it is properly initialized, i.e., after the kernel logs: [ 4.249760] random: nonblocking pool is initialized Using /dev/random would also do the trick, but I guess in almost all cases that is completely unnecessary (assuming the pool has been initialized that is). -t _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
