New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unit: drop Before=sysinit.target from systemd-random-seed.service #13263
unit: drop Before=sysinit.target from systemd-random-seed.service #13263
Conversation
Follow-up for 26ded55. The commit says, > Note that with this change sysinit.target (and thus early boot) is NOT systematically delayed until the entropy pool is initialized, But the dependency was not dropped. This was found by David Seifert (@SoapGentoo).
Hm, won't this change the semantices of |
@mbiebl that was the intention of the initial commit in the first place? "[...] and would mean that regular services using /dev/urandom would have to be individually ordered against systemd-random-seed.service" |
Urgh, then I'm not convinced this is a good idea as this will cause a lot of churn |
Sorry, but this needs a more comprehensive fix. My suggestion would be to turn the service into Type=notify, and send out READY=1 as soon as we have fed the kernel, and do the remaining step without blocking sysinit.target. |
But how would a unit order itself after the second step in that case ? should services needing "real" entropy check what the kernel says themselves ? |
Services needing real entropy should just call |
Thing is there are various uses that use /dev/urandom directly, most prominently cryptsetup when configured for swap with a key that is picked randomly during boot generally lists /dev/urandom as password file in /etc/crypttab. Our cryptsetup-generator already adds an ordering dependency towards this unit, assuming this helps, but so far it didn't. I think this PR is actually correct, and is what I intended to do, but didn't by mistake: make the unit blocking, so that code can order itself behind it, if it needs an initialized pool. Specifically, the cryptsetup swap case is now finally safe. I don't see any reason to delay sysinit.target at all for neither proper initialization nor fake initialization, there's not much gained if we do that. I mean, either you want the pool initialized or you don't care. But requiring that the disk random seed is added to the pool without also requiring the pool fully initialized is bit weird I think. Moreover, if we really wanted to add two sync points we'd need to separate units: one unit that just writes the seed to the kernel, and then the other one that waits until the pool is initialized. It can't be the same unit waiting for both, that's semantcially not expressible in systemd. And given that I fail to see the usecase let's just not do it... Hence, I think it's right to just merge this patch. Does this make sense? |
Yeah... OK. Since we didn't credit entropy before, the service didn't really mean much. So by dropping it from sysinit.target we're not really changing any expectations. |
I can't confirm the fix. See #13252 (comment) |
Follow-up for 26ded55.
The commit says,
This was found by David Seifert (@SoapGentoo). See #4271 (comment)
Hopefully fixes #13252.