Summary: | sys-apps/rng-tools: rngd tries to open nonfunctional /dev/hwrng | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Peter Gantner (a.k.a. nephros) <gentoo> |
Component: | Current packages | Assignee: | Göktürk Yüksek <gokturk> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | base-system |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | /etc/init.d/rngd |
Description
Peter Gantner (a.k.a. nephros)
2010-01-10 16:49:36 UTC
Created attachment 216012 [details]
/etc/init.d/rngd
new init script trying to work around the issue.
This also works in the case:
wifi start
rngd start (selects hwrng)
wifi stop (hwrng becomes unusable)
rngd restart (now urandom is selected)
Near-identical code is already implemented in the -r2 init script, which will shortly be available in the -r3 build (-r2 got package.masked due to an issue with the TPM patch). The entropy in /dev/urandom is derived from the same entropy pool as /dev/random. Using /dev/urandom as an entropy source for /dev/random thus creates a negative feedback loop and isn't preferred. Therefore falling back to /dev/urandom in the absence of a usable /dev/hwrng node is wrong. See bug 292239 for more info. I confirm that this problem still exists with the current version. However, I am not sure what the fix is. Trying to run rngd without a functional hwrng is a bit like trying to run nginx on a VPN before starting OpenVPN. Perhaps configuring openrc (or your favorite init system) to start rngd after turning the wifi card on is what's required here? Even if we fix it in the init script, there is nothing stopping your from turning your wifi off post-init and breaking rngd. The current init script will pass the non functional /dev/hwrng to rngd and it will fail. If we check for this in the init script and receive ENODEV, we will also have to fail. To me, rgnd failing with an unusable hwrng is the expected behavior so I am closing this as WONTFIX. Please feel free to reopen if you have a suggestion and I'd be happy to see this fixed. |