Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp2500469ybe; Sat, 14 Sep 2019 16:44:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqw9Z7MqR3qt86I5aHkfmS3JEtkN4FkzcfY77MIc51FR27EsPDL+3OguOpAs+xiBBUCB/Ma+ X-Received: by 2002:a50:ac0a:: with SMTP id v10mr4106363edc.83.1568504648512; Sat, 14 Sep 2019 16:44:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568504648; cv=none; d=google.com; s=arc-20160816; b=Cahwm4dHSEa/nG2sfklPHEPlG9muqrf1zZMp2h42AbWsVq+Pz75dY7yBI9ULlaCPs8 hVk5i1z0Ii/ukS/FIxWYOa6firUw8+6bK8VZIFuPQFDmaYJ5MSZR96b3uExF1e4DqHCZ X9zdv3KZDGNwxUm9/jsJhNse1bbrDjGi2fzm1JWFNH7psrWEjcq/Mdkp8c75/OTj3Vy2 HkICarz4kDK+dQcwLrnahmJBua96NoklQvzjEPFGDF/QJaiG/C3B+qTChPXheMzCUPew CsVq7sFB1tDsWHklrZZ/f9sA/rGmzOugTNAOFMlt7XKeNpm1O9lFNUVx87M4WJouYw5E af5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=T57VWPPVzwvNND/m+JO6R9qAEvfDvTLud+7YlhqCejs=; b=oi9dJdSSfuPFcMKIuO7V6q6FNN4IhB9mPbGwDqiIT4eqQL3uSB8eGAV18ZsW2yEOg5 UJRx1QztOIIpGh2fVy7V+mcJjdBJlAC5bhGeQ8rs9CWLGXyjRhYA+B3x2o2WI4JwB0PN JuG4oQ1dU+81QBgg1Cruc8F+hH4Khpg4Ta9h9U2PPRFJ79sj+5RgYjScCHcxBvbctX9v B8cQtw1OUHUGi9wN513aqyLyUy19n6mPiiYl5pA17Jlb4V28esaT5CcQjyTpZrMXFzCX v/77ii1Rc43SA7dpRq5LkSmo4o6RS+++/B640g4DaAKD4oBkKSi/JI7na7MvAyvHEyv/ kZnQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bt13si2361645edb.245.2019.09.14.16.43.44; Sat, 14 Sep 2019 16:44:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725985AbfINWO7 convert rfc822-to-8bit (ORCPT + 99 others); Sat, 14 Sep 2019 18:14:59 -0400 Received: from luna.lichtvoll.de ([194.150.191.11]:33051 "EHLO mail.lichtvoll.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725835AbfINWO7 (ORCPT ); Sat, 14 Sep 2019 18:14:59 -0400 X-Greylist: delayed 571 seconds by postgrey-1.27 at vger.kernel.org; Sat, 14 Sep 2019 18:14:58 EDT Received: from 127.0.0.1 (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.lichtvoll.de (Postfix) with ESMTPSA id CEDC47667D; Sun, 15 Sep 2019 00:05:24 +0200 (CEST) From: Martin Steigerwald To: "Ahmed S. Darwish" Cc: Linus Torvalds , "Theodore Y. Ts'o" , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, Lennart Poettering , lkml Subject: Re: Linux 5.3-rc8 Date: Sun, 15 Sep 2019 00:05:24 +0200 Message-ID: <9686307.bD1gDyONvH@merkaba> In-Reply-To: <20190914211126.GA4355@darwi-home-pc> References: <20190914211126.GA4355@darwi-home-pc> MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Content-Type: text/plain; charset="iso-8859-1" Authentication-Results: mail.lichtvoll.de; auth=pass smtp.auth=martin smtp.mailfrom=martin@lichtvoll.de Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Ahmed S. Darwish - 14.09.19, 23:11:26 CEST: > > Yeah, the above is yet another example of completely broken garbage. > > > > You can't just wait and block at boot. That is simply 100% > > unacceptable, and always has been, exactly because that may > > potentially mean waiting forever since you didn't do anything that > > actually is likely to add any entropy. > > ACK, the systemd commit which introduced that code also does: > > => 26ded5570994 (random-seed: rework systemd-random-seed.service..) > [...] > --- a/units/systemd-random-seed.service.in > +++ b/units/systemd-random-seed.service.in > @@ -22,4 +22,9 @@ Type=oneshot > RemainAfterExit=yes > ExecStart=@rootlibexecdir@/systemd-random-seed load > ExecStop=@rootlibexecdir@/systemd-random-seed save > -TimeoutSec=30s > + > +# This service waits until the kernel's entropy pool is > +# initialized, and may be used as ordering barrier for service > +# that require an initialized entropy pool. Since initialization > +# can take a while on entropy-starved systems, let's increase the > +# time-out substantially here. > +TimeoutSec=10min > > This 10min wait thing is really broken... it's basically "forever". I am so happy to use Sysvinit on my systems again. Depending on entropy for just booting a machine is broken?. Of course regenerating SSH keys on boot, probably due to cloud-init replacing the old key after a VM has been cloned from template, may still be a challenge to handle well?. I'd probably replace SSH keys in the background and restart the service then, but this may lead to spurious man in the middle warnings. [1] Debian Buster release notes: 5.1.4. Daemons fail to start or system appears to hang during boot https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#entropy-starvation [2] Openssh taking minutes to become available, booting takes half an hour ... because your server waits for a few bytes of randomness https://daniel-lange.com/archives/152-hello-buster.html Thanks, -- Martin