From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.mars-solutions.de ([213.239.212.107]) by metis.ext.pengutronix.de with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1itfyn-0007D4-SR for ptxdist@pengutronix.de; Mon, 20 Jan 2020 23:57:10 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.mars-solutions.de (Postfix) with ESMTP id 6609F4F4342C for ; Mon, 20 Jan 2020 23:57:09 +0100 (CET) Received: from mail.mars-solutions.de ([127.0.0.1]) by localhost (mars-solutions.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZaGa5wvvncrS for ; Mon, 20 Jan 2020 23:57:09 +0100 (CET) Received: from ws-apr-old.office.loc (ipbcc2af82.dynamic.kabel-deutschland.de [188.194.175.130]) by mail.mars-solutions.de (Postfix) with ESMTPA id 3E1B94F4342C for ; Mon, 20 Jan 2020 23:57:09 +0100 (CET) From: Andreas Pretzsch Date: Mon, 20 Jan 2020 23:57:04 +0100 Message-Id: <1579561024-27501-3-git-send-email-apr@cn-eng.de> In-Reply-To: <1579561024-27501-1-git-send-email-apr@cn-eng.de> References: <1579561024-27501-1-git-send-email-apr@cn-eng.de> Subject: [ptxdist] [PATCH 2/2] haveged: systemd service: move from multi-user.target to sysinit.target List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de For devices with no or defective HW RNG, it takes quite long until the kernel random device is seeded, up to several 10 seconds. See kernel "random: crng init done" message for this. As a consequence, anything using /dev/random will block accordingly. This is even true for "ssh-keygen -l" invocations, which should just show the fingerprint of a pubkey. Which can be used e.g. to check for valid keys to be present. One way to expedite this is to run haveged, of course at the cost of reduced quality of the random numbers. But this start has to happen rather early in the boot process. By default (based upon this (old) haveged package), haveged is started late as user service in multi-user.target. So move the start of haveged from multi-user.target to sysinit.target. Also add a service dependency on after systemd-random-seed.service (responsible to seed from a stored random pool, if enabled) and systemd-tmpfiles-setup-dev.service (responsible to setup the dev files). Comparable is done within Fedora and SuSE. Signed-off-by: Andreas Pretzsch --- projectroot/usr/lib/systemd/system/haveged.service | 3 ++- rules/haveged.make | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/projectroot/usr/lib/systemd/system/haveged.service b/projectroot/usr/lib/systemd/system/haveged.service index 81070ca8b..5fab8c665 100644 --- a/projectroot/usr/lib/systemd/system/haveged.service +++ b/projectroot/usr/lib/systemd/system/haveged.service @@ -1,6 +1,7 @@ [Unit] Description=Entropy Daemon based on the HAVEGE algorithm Documentation=man:haveged(8) http://www.issihosts.com/haveged/ +After=systemd-random-seed.service systemd-tmpfiles-setup-dev.service [Service] Type=simple @@ -8,4 +9,4 @@ ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground SuccessExitStatus=143 [Install] -WantedBy=multi-user.target +WantedBy=sysinit.target diff --git a/rules/haveged.make b/rules/haveged.make index 80d1910f3..0c880b191 100644 --- a/rules/haveged.make +++ b/rules/haveged.make @@ -73,10 +73,10 @@ endif endif ifdef PTXCONF_HAVEGED_SYSTEMD_UNIT - @$(call install_copy, haveged, 0, 0, 0644, -, \ + @$(call install_alternative, haveged, 0, 0, 0644, \ /usr/lib/systemd/system/haveged.service) @$(call install_link, haveged, ../haveged.service, \ - /usr/lib/systemd/system/multi-user.target.wants/haveged.service) + /usr/lib/systemd/system/sysinit.target.wants/haveged.service) endif @$(call install_finish, haveged) -- 2.19.1 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de