[oe-commits] [openembedded-core] 10/15: openssh: recommend rng-tools with sshd

git at git.openembedded.org git at git.openembedded.org
Thu May 9 21:05:09 UTC 2019 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit 7076f94949f854b293408dcbed020cef9d9e12fc
Author: Mikko Rapeli <mikko.rapeli at bmw.de>
AuthorDate: Thu May 9 10:22:44 2019 +0300

    openssh: recommend rng-tools with sshd
    
    Since openssl 1.1.1 and openssh which uses it, sshd
    startup is delayed. The delays range from few seconds
    to minutes and even to hours. The delays are visible
    in host keys generation and when sshd process is started
    in response to incoming TCP connection but is failing
    to provide SSH version string and clients or tests time out.
    
    In all cases traces show that sshd is waiting for getentropy()
    system call to return from Linux kernel, which returns only
    after kernel side random number pool is initialized. The pool
    is initialized via various entropy source which may be
    missing on embedded development boards or via rngd from
    rng-tools package from userspace. HW random number generation
    and kernel support help but rngd is till needed to feed that data
    back to the Linux kernel.
    
    Example from an NXP imx8 board shows that kernel random number pool
    initialization can take over 400 seconds without rngd,
    and with rngd it is initialized at around 4 seconds after boot.
    The completion of initialization is visible in kernel dmesg with line
    "random: crng init done".
    
    More details are available from:
    
     * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087
     * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572
     * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33
     * http://www.man7.org/linux/man-pages/man2/getrandom.2.html
    
    Signed-off-by: Mikko Rapeli <mikko.rapeli at bmw.de>
    Cc: Mark Hatle <mark.hatle at windriver.com>
    Cc: Rasmus Villemoes <rasmus.villemoes at prevas.dk>
    Cc: Adrian Bunk <bunk at stusta.de>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 meta/recipes-connectivity/openssh/openssh_7.9p1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
index b971b2b..976bcc5 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
@@ -148,6 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
 
 RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
 RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+RRECOMMENDS_${PN}-sshd += "rng-tools"
 RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed"
 
 RPROVIDES_${PN}-ssh = "ssh"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list