-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "C. Dominik Bodi" <dominik.b...@gmx.de> writes:
> After installing mandos [...], booting a mandos-enabled kernel, > mandos will not run. The cryptsetup password prompt appears and I > have to type in the crypt volume's password manually to make the > system continue to boot. > At virtually the same time the cryptsetup password prompt appears, > an error message is printed on the console: > Fatal: no entropy gathering module detected I agree that this is bad and should not happen. We have never seen this problem, so it must be some new factor. Let's see if we can find out what it is. > According to google that message seems to be related to gnutls. > However, as mandos-client doesn't seem to have a debug mode when run > from initrd, I wasn't able to dig deeper. Good news: it is actually possible to run mandos-client in debug mode in the initrd. If you uncomment the line: - --options-for=mandos-client:--debug in "/etc/mandos/plugin-runner.conf" and rebuild your initrd image file with "update-initrd -u -k all", the mandos-client plugin should be extremely generous with debug messages when booting. > There is no such error message when testing mandos-client as > described in README.Debian You could boot your system with the kernel parameter "break", you should get a shell running in the initrd environment. You could check if the problem is the lack of a proper readable /dev/urandom - this is what the search results suggest is the usual cause of this message. Would it be possible for you to do that and report back? We don't have many machines running testing or unstable, and I don't have access to any at the moment. > Kernel: Linux 2.6.30-2-amd64 (SMP w/1 CPU core) I suspect that - Linux 2.6.30 - to be the cause. We probably need to force some specific module to be loaded in the initrd - which used to be loaded by default or compiled in - to provide the random device drivers. In that case, the question is: what module? /Teddy Hogeborn - -- The Mandos Project http://www.fukt.bsnet.se/mandos -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFKyNtpOWBmT5XqI90RAk9jAJ47AXTtespMGUIrI1HXff5Ku2mMwACguVx0 OVwvLHWavVIUKXD3gP9GM2Y= =SFSQ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org