Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[19.09] Backport rng improvements #73314

wants to merge 5 commits into from


Copy link

@kmcopper kmcopper commented Nov 13, 2019

Motivation for this change

Backports many rng improvements in master back down to the stable channel.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits
Notify maintainers

cc @c0bw3b @JohnAZoidberg @r-ryantm @teto

Copy link

@bjornfor bjornfor left a comment

Please use git cherry-pick -x ... to get the commit reference of the original commit into the git history.

Copy link

@c0bw3b c0bw3b left a comment

What exactly doesn't work with current rngd on r19.09 that would warrant a backport?

Copy link

@Mic92 Mic92 commented Nov 13, 2019

some context: #73007 (comment)

@kmcopper kmcopper force-pushed the r19.09-backport-rng branch from c094b63 to d49990f Nov 13, 2019
Copy link
Contributor Author

@kmcopper kmcopper commented Nov 13, 2019

I figured the rng bias security improvement, adding jitterentropy, allowing qemu-guest to use rngd, general bug fixes, and no apparent breaking changes were good enough to backport. Feel free to correct me if I am wrong I am unclear with the nix backports policy but I feel it's good enough to warrant a backport of anything as long as it doesn't break anything else.

@ofborg ofborg bot requested a review from c0bw3b Nov 13, 2019
teto and others added 4 commits Nov 18, 2019
... otherwise enabling it causes a merge conflict.

Enabling it was necessary to give enough entropy for the sshd daemon in
my libvirt/nixops VM to generate keys see

(cherry picked from commit c27360a)
Semi-automatic update generated by tools. This update was made
based on information from

(cherry picked from commit 0158bc0)
+ run tests
+ enable jitterentropy by default
+ add c0bw3b to maintainers

(cherry picked from commit 810abeb)
@kmcopper kmcopper force-pushed the r19.09-backport-rng branch from d49990f to 527eebc Nov 18, 2019
Copy link

@stale stale bot commented Jun 1, 2020

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the
    related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on

@stale stale bot added the 2.status: stale label Jun 1, 2020
@Mic92 Mic92 closed this Jun 1, 2020
Copy link

@Mic92 Mic92 commented Jun 1, 2020

We have 20.03 now.

@kmcopper kmcopper deleted the r19.09-backport-rng branch Sep 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

7 participants