Created attachment 524094 [details, diff] Make --fill-watermark optional in the init script. rngd reads the entropy poolsize from the kernel and sets the write watermark to 3/4 of the poolsize or 2048 if it can't read the poolsize for some reason. The value can be overridden by passing "--fill-watermark=<n>" on the command line. One of the gentoo patches adds a sentence to the rngd man page to document that behavior. But the gentoo rngd init script always passes --fill-watermark to rngd, so the automatic 3/4 setting can never be used. Other rngd options are conditionally added to the command line only if a value is defined for them. Here's a patch to pass --fill-watermark conditionally like the other options so the default 3/4 poolsize setting can be used, and to comment out the WATERMARK setting in the conf script so the 3/4 setting is the default. The files updated by the patch and the package versions that currently use them are: rng-initd-r1-4.1 used by: rng-tools-5-r2 rng-initd-initd-6 used by: rng-tools-6-r1.ebuild and rng-tools-6.1-r1 rng-confd-4.1 used by: all 3 versions.
The patch to document the automatic 75% setting in the man page was added about 3 years ago in bug 555094. In that bug there was an unanswered question whether gentoo should use the automatic setting or keep overriding it. If there's a need to keep current behavior rather than changing to the default described in the rngd man page then the patch can be applied as-is except for the one line commenting out the WATERMARK= in the conf file. That will make the feature available without changing current gentoo behavior.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd29101d4458d6715c5aaa96c75da29e93f80b4 commit fcd29101d4458d6715c5aaa96c75da29e93f80b4 Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2018-12-29 02:11:42 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-12-29 02:12:35 +0000 sys-apps/rng-tools: rewrite initd and confd (6.6-r1 only) Restructure the openrc init script and the accompanying confd file to reflect the recent changes to rngd. - Instead of having individual NO_FOO="1" style variables in the confd file for each entropy source, maintain a single list of entropy sources to enable. Likewise, maintain a list of entropy sources to disable. - Allow per-entropy-source options to be set inside the confd file. - The init file defines $description now. - Use $command_args_background instead of $command_args to specify the daemon behavior. - Allow default setting of --fill-watermark. - Allow extra arguments to be passed to rngd from the confd file. Bug: https://bugs.gentoo.org/650622 Bug: https://bugs.gentoo.org/673120 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> sys-apps/rng-tools/files/rngd-confd-6 | 82 ++++++++++++++++++++++++++++++ sys-apps/rng-tools/files/rngd-initd-6-r1 | 60 ++++++++++++++++++++++ sys-apps/rng-tools/rng-tools-6.6-r1.ebuild | 68 +++++++++++++++++++++++++ 3 files changed, 210 insertions(+)
Hi, I've pushed a new pair of initd, confd files with the version 6.6-r1. If possible, can you give them a try and let me know? Thanks
The default fill watermark works for me with 6.6-r1. Looks good. Thanks.
