On Wed, Jan 11, 2017 at 06:06:44PM -0500, Daniel Kahn Gillmor wrote: > If we believe that no test suites or build processes should need system > entropy at all (not implausible in these days of reproducible builds and > hopefully-deterministic test suites), another approach would be to > symlink /dev/random to /dev/urandom on all buildd's, and then the > builders just get what they get, rather than starving the system of > entropy. > > thanks for continuing to push on this stuff. If you have any better > suggestions for resolution, i'd be happy to hear them. > > I probably need to open an upstream bug with gnupg about subkey > generation when there is limited system entropy too, but i tend to > actually have system entropy on my own hardware and haven't had the time > to set up a deliberately-starved machine for the test process.
I've been able to (more or less) reproduce this bug while working on a bunch of other test suite failures here. Just run the test suite on a loop and you'll exhaust any entropy pool fairly quickly. (Of course, the test suite in Debian fails way before we reach that point right now, but on git that's fixed so we actually hit key generation now. :) That said, I was able to workaround the issue by installing haveged here. I know, it's not a good general solution to entropy starvation in production, as it relies on CPU features which might be absent on virtual machines, for example. It might just make sense, however, to add it as a build-dep to fix the test suite. A.
signature.asc
Description: PGP signature
