Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[19.09] Backport rng improvements #73314

Closed
wants to merge 5 commits into from

Conversation

@kmcopper
Copy link
Contributor

kmcopper commented Nov 13, 2019

Motivation for this change

Backports many rng improvements in master back down to the stable channel.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @c0bw3b @JohnAZoidberg @r-ryantm @teto

Copy link
Contributor

bjornfor left a comment

Please use git cherry-pick -x ... to get the commit reference of the original commit into the git history.

Copy link
Contributor

c0bw3b left a comment

What exactly doesn't work with current rngd on r19.09 that would warrant a backport?

@Mic92
Copy link
Contributor

Mic92 commented Nov 13, 2019

some context: #73007 (comment)

@kmcopper kmcopper force-pushed the kmcopper:r19.09-backport-rng branch from c094b63 to d49990f Nov 13, 2019
@kmcopper
Copy link
Contributor Author

kmcopper commented Nov 13, 2019

I figured the rng bias security improvement, adding jitterentropy, allowing qemu-guest to use rngd, general bug fixes, and no apparent breaking changes were good enough to backport. Feel free to correct me if I am wrong I am unclear with the nix backports policy but I feel it's good enough to warrant a backport of anything as long as it doesn't break anything else.

@ofborg ofborg bot requested a review from c0bw3b Nov 13, 2019
teto and others added 4 commits Sep 17, 2019
... otherwise enabling it causes a merge conflict.

Enabling it was necessary to give enough entropy for the sshd daemon in
my libvirt/nixops VM to generate keys see
NixOS/nixops#1199.

(cherry picked from commit c27360a)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/jitterentropy/versions

(cherry picked from commit 0158bc0)
+ run tests
+ enable jitterentropy by default
+ add c0bw3b to maintainers

(cherry picked from commit 810abeb)
(cherry picked from commit d0aec3b)
@kmcopper kmcopper force-pushed the kmcopper:r19.09-backport-rng branch from d49990f to 527eebc Nov 18, 2019
@stale
Copy link

stale bot commented Jun 1, 2020

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the
    related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
    irc.freenode.net.
@stale stale bot added the 2.status: stale label Jun 1, 2020
@Mic92 Mic92 closed this Jun 1, 2020
@Mic92
Copy link
Contributor

Mic92 commented Jun 1, 2020

We have 20.03 now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

7 participants
You can’t perform that action at this time.