[oe-commits] [openembedded-core] 10/15: openssh: recommend rng-tools with sshd
git at git.openembedded.org
git at git.openembedded.org
Thu May 9 21:05:09 UTC 2019
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit 7076f94949f854b293408dcbed020cef9d9e12fc
Author: Mikko Rapeli <mikko.rapeli at bmw.de>
AuthorDate: Thu May 9 10:22:44 2019 +0300
openssh: recommend rng-tools with sshd
Since openssl 1.1.1 and openssh which uses it, sshd
startup is delayed. The delays range from few seconds
to minutes and even to hours. The delays are visible
in host keys generation and when sshd process is started
in response to incoming TCP connection but is failing
to provide SSH version string and clients or tests time out.
In all cases traces show that sshd is waiting for getentropy()
system call to return from Linux kernel, which returns only
after kernel side random number pool is initialized. The pool
is initialized via various entropy source which may be
missing on embedded development boards or via rngd from
rng-tools package from userspace. HW random number generation
and kernel support help but rngd is till needed to feed that data
back to the Linux kernel.
Example from an NXP imx8 board shows that kernel random number pool
initialization can take over 400 seconds without rngd,
and with rngd it is initialized at around 4 seconds after boot.
The completion of initialization is visible in kernel dmesg with line
"random: crng init done".
More details are available from:
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
* http://www.man7.org/linux/man-pages/man2/getrandom.2.html
Signed-off-by: Mikko Rapeli <mikko.rapeli at bmw.de>
Cc: Mark Hatle <mark.hatle at windriver.com>
Cc: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
Cc: Adrian Bunk <bunk at stusta.de>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
index b971b2b..976bcc5 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
@@ -148,6 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+RRECOMMENDS_${PN}-sshd += "rng-tools"
RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed"
RPROVIDES_${PN}-ssh = "ssh"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list