[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16415881#comment-16415881
]
Hoss Man commented on SOLR-10338:
-
{quote}And the order of test execution can be randomized.
{quote}
I now have a better understanding of what you ment by "randomly occurs" – the
inference i drew from your earlier comments was that you were frustrated by
some "randomized situation" that was _deliberately_ {{random()}}-ized.
However, this increased understanding does not fundamentally change my primary
concern: If you feel like a change should be made, then this conversation
should be moved to a new (linked) jira, with a specific example of situations
where the current code is problematic, ideally with a proposed change.
I don't feel that the comments of an issue resolved almost a year ago (that's
already been in 3 released versions of Solr) is the appropriate place to
discuss improvements to how it works.
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
>Priority: Major
> Fix For: 7.1, master (8.0)
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16415793#comment-16415793
]
David Smiley commented on SOLR-10338:
-
Sorry for ambiguity but the "this" I refer to is the following assertion:
{code:java}
assertFalse("SecureRandom algorithm '" + algorithm + "' is in use by your
JVM, " +
"which is a potentially blocking algorithm on some
environments. " +
"Please report the details of this failure (and your JVM
vendor/version) to solr-u...@lucene.apache.org. " +
"You can try to run your tests with -D"+EGD+"="+URANDOM+" or
bypass this check using " +
"-Dtest.solr.allowed.securerandom="+ algorithm +" as a JVM
option when running tests.",
// be permissive in our checks and blacklist only algorithms
// that are known to be blocking under some circumstances
algorithm.equals("NativePRNG") ||
algorithm.equals("NativePRNGBlocking"));
{code}
Please hear me out one one point:
bq. the changes made SOLR-10338 do not involve SolrTestCaseJ4 do not involve
anything that should "randomly occur" ... any assertion from the code committed
in this issue should occur reliably 100% of the time assuming they are re-run
on the same JVM.
I can imagine this may come as a surprise but I can reliably reproduce a
situation in which this Assertion gets thrown randomly -- thus your claim is
false. I've dug into the root cause. The first use of SecureRandom in the JVM
is the only time at which the {{java.security.egd}} system property is
considered. {{SolrTestCaseJ4.assertNonBlockingRandomGeneratorAvailable}} will
set this property. Nothing new here; anyone reading this thread knows that.
But Solr won't necessarily be able to do this first. For example, if there are
other tests that don't extend SolrTestCaseJ4 that use SecureRandom then this
won't happen. And the order of test execution can be randomized. Note that
SecureRandom is used for, of all things, creating a temp file in Java, and lots
of code directly or indirectly will do that -- especially in tests.
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
>Priority: Major
> Fix For: 7.1, master (8.0)
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16414597#comment-16414597 ] Hoss Man commented on SOLR-10338: - bq. I think SolrTestCaseJ4's insistence on this is a bit of an over-reach for external projects that want to use solr-test-framework. It's well intentioned but creates an annoying hassle that randomly occurs. I'm no longer convinced i even understand what "this" is in the context of our current discussion, since the changes made SOLR-10338 do not involve SolrTestCaseJ4 do not involve anything that should "randomly occur" ... any assertion from the code committed in this issue should occur reliably 100% of the time assuming they are re-run on the same JVM. I think this dicussion should be moved to a new jira, with a new subject, and a detailed description of exactly what error message you are seeing, and what your test code looks like, and the specifics of your JVM. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller >Priority: Major > Fix For: 7.1, master (8.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16414571#comment-16414571 ] David Smiley commented on SOLR-10338: - I think SolrTestCaseJ4's insistence on this is a bit of an over-reach for external projects that want to use solr-test-framework. It's well intentioned but creates an annoying hassle that randomly occurs. When it happens, yes the exception is helpful but then I have to go modify my build to pass the system property both in a pom.xml (or equivalent to other build tools) and my IDE config. I can see that Solr itself wants this, but solr-test-framework not only serves testing Solr itself but external players. Curious: do you know what randomized situation causes this to trip? It's not clear; I have a reproducible seed but I don't know (without lots of digging) why usually it won't trip. FWIW I run on a Mac with Java 8. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller >Priority: Major > Fix For: 7.1, master (8.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412163#comment-16412163 ] Hoss Man commented on SOLR-10338: - I'm not sure i follow your concern David: Even if you _think_ your plugin doesn't care about encryption, the test baseclass still randomizes it and wants to ensure that it's going to work -- so that when your custom plugin tests are run you can _verify_ that your plugin doesn't fail if the user enables encryption. And besides: doesn't the assertion failure message make it very clear what you can do if you *really* don't care about testing this? > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller >Priority: Major > Fix For: 7.1, master (8.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412118#comment-16412118 ] David Smiley commented on SOLR-10338: - I don't think the Solr plugin ecosystem was considered in the choice to throw an AssertionError here (vs. perhaps a warning or make no fuss). IMO a Solr plugin that doesn't care about encryption at all should not have to concern itself with SSL/entropy. Or am I being naive? > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller >Priority: Major > Fix For: 7.1, master (8.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16361014#comment-16361014 ] ASF subversion and git services commented on SOLR-10338: Commit cda002d9e3ea3ce1da0669065be11ef2c1889a32 in lucene-solr's branch refs/heads/branch_7x from [~thetaphi] [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=cda002d ] SOLR-10338: Remove test class / command line program that was only used during development > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller >Priority: Major > Fix For: 7.1, master (8.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16361003#comment-16361003 ] ASF subversion and git services commented on SOLR-10338: Commit 3019913c8536b728d02fdeb94243bcddd597d263 in lucene-solr's branch refs/heads/master from [~thetaphi] [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=3019913 ] SOLR-10338: Remove test class / command line program that was only used during development > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller >Priority: Major > Fix For: 7.1, master (8.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16095824#comment-16095824 ] ASF subversion and git services commented on SOLR-10338: Commit 9566c1bf6ad589e4ddbbce5d8cc215f4dd920849 in lucene-solr's branch refs/heads/branch_7x from markrmiller [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=9566c1b ] SOLR-10338: Fix CHANGES entry > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (8.0), 7.1 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16095823#comment-16095823 ] ASF subversion and git services commented on SOLR-10338: Commit edce911f9bda44f8e318ab0e967361226cb75d8c in lucene-solr's branch refs/heads/branch_7x from markrmiller [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=edce911 ] SOLR-10338: Configure SecureRandom non blocking for tests. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (8.0), 7.1 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16095083#comment-16095083 ] ASF subversion and git services commented on SOLR-10338: Commit ad24f53018c5aee8c9ff322ab756b1556be7171c in lucene-solr's branch refs/heads/master from markrmiller [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=ad24f53 ] SOLR-10338: Fix CHANGES entry > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 7.0, 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16095057#comment-16095057 ] ASF subversion and git services commented on SOLR-10338: Commit ffd76a69773196813271f4372052d07481d602cb in lucene-solr's branch refs/heads/master from markrmiller [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=ffd76a6 ] SOLR-10338: Configure SecureRandom non blocking for tests. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 7.0, 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16094033#comment-16094033 ] Mark Miller commented on SOLR-10338: Alright, this seems alright to go - I'm headed out for a bit tonight though, so I'll commit in the morning. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 7.0, 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16092351#comment-16092351 ] Mihaly Toth commented on SOLR-10338: Great, thank you. I will check the status tomorrow then. ;) > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 7.0, 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16092340#comment-16092340 ] Mark Miller commented on SOLR-10338: Sure thing. Sorry this had to drag on so long ;) I've been on a bit of a downswing lately on this type of thing. I'll get it in by tomorrow if all goes well. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 7.0, 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16092317#comment-16092317 ] Mihaly Toth commented on SOLR-10338: Well, this is my first issue to which I contributed, and I have to learn a lot. For example not to let attention fade away. :) And to answer promptly to questions myself. [~markrmil...@gmail.com], though I know you are always busy ... could we wrap this up eventually? > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 7.0, 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16052038#comment-16052038 ] Mark Miller commented on SOLR-10338: It tested out well for me as well, just got stuck in some other things. I need to review the patch once more, but I'll try and finally wrap this up soon. Thanks for sticking with it [~mihaly.toth]! Between this and it's parent issue, far too much time has been spent on this :) Fun issue to dig into in many ways as well though. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16047581#comment-16047581 ] Mihaly Toth commented on SOLR-10338: I looked into the your latest patch [~hossman]. I have tested with the different properties set/unset. That version looks good to me. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.7 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16033456#comment-16033456 ] Mark Miller commented on SOLR-10338: I've been checking out the latest patch in the background over the past week. Will try and wrap this up relatively soon. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021555#comment-16021555
]
Hoss Man commented on SOLR-10338:
-
no major concerns.
minor concerns...
* the {{log.info}} about java.security.egd being null should probably be a
warning
** shouldn't there *also* be a warning if java.security.egd is non-null but not
equals to {{"file:/dev/./urandom"}} ?
* shouldn't the very first thing in the assertion failure message be a
suggestion to try setting {{-Djava.security.egd=file:/dev/./urandom}} and only
if that doesn't work use the {{test.solr}} property to disable these checks?
* I'd feel more comfortable with something like the {{final String allowed =
System.getProperty("test.solr.allowed.securerandom");}} and associated
validation/logging in the snipped i suggested above (instead of a simple
{{Boolean.parseBoolean(System.getProperty("test.solr.allow.any.securerandom","false")}})
** same amount of work from an end user to bypass the checks (add 1 sys prop
they cut and past from failure msg)
** would help ensure that if/when they do bypass with that system property,
they'll get an error to revisit that decision if/when something happens to
change the SecureRandom in the future (ie: perhaps later upgrade their JVM, or
change how they run the tests such that our attempts at setting
"java.security.egd" start working)
** ie: i'd rather they get a nice error that they said they expect to be
running algortihm=foo, but it's not so maybe they should remove the
"test.solr.allowed.securerandom" and try setting "java.security.egd" again then
just silently be using a blocking SecureRandom forever.
* even if nothing else changes, the quick {{return}} if the user has disabled
these checks (with whatever {{test.solr}} sysprop we use) should probably
log something about bypassing the non-blocking SecureRandom checks.
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch, SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021502#comment-16021502 ] Mark Miller commented on SOLR-10338: I like this approach. I have to finish testing it, mostly with Java 9, but I like this. Any concerns [~hossman]? > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019725#comment-16019725 ] Mark Miller commented on SOLR-10338: I'm looking at the latest here again today. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16012739#comment-16012739 ] Mark Miller commented on SOLR-10338: Sorry, been on vacation. Have a ton to catch up on, but I'll keep this high on my priority list. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15998182#comment-15998182 ] Mihaly Toth commented on SOLR-10338: [~hossman], [~markrmil...@gmail.com] do you have any comments, feedback, thoughts on this comment or on the proposed change? > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15993634#comment-15993634 ] Mihaly Toth commented on SOLR-10338: Yes, let me try again. :) [~hossman] Let me do some testing around that tomorrow. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991522#comment-15991522 ] Mark Miller commented on SOLR-10338: I also was a little skeptical of the timed checking but was focusing on whether the patch worked alright first. Have another iteration [~mihaly.toth]? > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15982128#comment-15982128
]
Hoss Man commented on SOLR-10338:
-
bq. ... try to set java.security.egd if it is unset. ...
off the top of my head, I suspect that won't work at all because IIRC the
java.security.\* sysprops are all read on JVM startup as part of initializing
the SecurityManager. So it most likely won't have any effect other then to
confuse any subsequent Solr test-framework specific code that may try to read
that sysprop to sanity check things.
(And even if it does work today, I don't know that the JVM spec guarantees it
will work with future versions of the JVM tomorrow.)
If any part of the spec *does* guarantee that it can/will work, then we should
should use *only* that approach to set "java.security.egd" on test startup (via
a {{static}} block somewhere) and skip all the changes to our build.xml,
eclipse/IDEA configs, etc...
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15976243#comment-15976243
]
Mihaly Toth commented on SOLR-10338:
Even though generating a random number is pretty fast in case it is
nonblocking... but I agree that the tests would be more deterministic with just
checking the algorithm, and less prone to timing issues. So lets do that.
An additional enhancement proposed by [~manokovacs] is to try to set
{{java.security.egd}} if it is unset. This would try to set the algorithm to
non blocking on a best effort basis. Like:
{code}
if (null == allowed) {
if(egdfile == null)
System.setProperty("java.security.egd", "file:/dev/./urandom");
else
assertEquals("Solr tests expect a non-blocking SecureRandom to be
configured. " +
"Use -Djava.security.egd=file:/dev/./urandom as a JVM
option when running tests to bypass this check.",
"file:/dev/./urandom", egdfile);
}
{code}
What do you think?
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15973787#comment-15973787
]
Hoss Man commented on SOLR-10338:
-
I don't think we should have tests that assert something happens "fast enough"
... past experience shows that leads nothing but pain.
I think for a check like this, it's fine to just be more permissive about the
expected types of non-blocking algorithms we might encounter -- as long as
there's an easy work around for people on a the bleeding edge of
new/alternative JVMs.
how about something like ...
{code}
final String egdfile = System.getProperty("java.security.egd");
final String allowed = System.getProperty("test.solr.allowed.securerandom");
// NOTE: we're checking egdfile *BEFORE* we init a SecureRandom, since we
want this check to
// be as fast as possible, and if it's not correct, the SecureRandom
constructor might block and slow us down
if (null == allowed) {
assertEquals("Solr tests expect a non-blocking SecureRandom to be
configured. " +
"Use -Djava.security.egd=file:/dev/./urandom as a JVM option
when running tests to bypass this check.",
"file:/dev/./urandom", egdfile);
}
final String actual = (new SecureRandom()).getAlgorithm();
if (null != allowed) {
assertEquals("SecureRandom algorithm does not match the specified
-Dtest.solr.allowed.securerandom=" + allowed + " JVM option. " +
"Set -Djava.security.egd=... accordingly, or remove the
test.solr.allowed.securerandom option",
allowed, actual);
} else {
assertTrue("SecureRandom algorithm '"+actual+"' is in use by your JVM, " +
"but does not match any of the known non-blocking algorithms
that are expected. " +
"Please report the details of this failure (and your JVM
vendor/version) to solr-u...@lucene.apache.org. " +
"You can bypass this check in the meantime by specifying
-Dtest.solr.allowed.securerandom=" +
actual + " as a JVM option when running tests.",
// be permissive in our checks to try and account for future
variations
(actual.contains("NonBlocking") || actual.contains("SHA") ||
actual.contains("DRBG")));
}
{code}
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch,
> SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971526#comment-15971526 ] Mihaly Toth commented on SOLR-10338: Thanks [~markrmil...@gmail.com]. Let me know if there is anything I should investigate further. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971426#comment-15971426 ] Mark Miller commented on SOLR-10338: Hmm, I seem to see more flakey fails with Java 9, but initially doesn't look related to https. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971318#comment-15971318 ] Mark Miller commented on SOLR-10338: Well, this works with Java9 for me. I'll spend just a bit more time with it before I commit. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 6.6, master (7.0) > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15969060#comment-15969060 ] Mark Miller commented on SOLR-10338: Thanks [~mihaly.toth], let me see about getting Java 9 installed so I can test. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15956629#comment-15956629 ] Mihaly Toth commented on SOLR-10338: Ok, [~markrmil...@gmail.com] :) Just noticed that the new patch I uploaded was not linked with my previous comment. So please note that there is a new patch with a proposed fix. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15955224#comment-15955224 ] Mark Miller commented on SOLR-10338: Don't sweat it [~mihaly.toth], things like Java 9 issues are what we have Jenkins to catch at this point in time. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch, > SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954874#comment-15954874
]
Mihaly Toth commented on SOLR-10338:
Sorry, next time I will have a closer look on the test failures ...
The assert is not very perfect indeed. In its current state it is sensitive for
changes and not really for failure. And now that a new recommendation is
implemented in JDK 9 the assert failed without a real bug.
The real test is that there is enough random available within reasonable time.
I am now testing a fix locally that takes 100 bytes seed and 500 random bytes
and checks that the result is available within a few seconds. On my local
machine this takes 0.3-0.4 seconds, which can be considered negligible compared
to the overall execution time of a test case. And on low entropy servers this
assert will hit if ran in blocking mode.
An alternative would be to change the assert that the algorithm is not
{{NativePRNG}}. That would be fast but would still not test the real need.
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
> Fix For: master (7.0), 6.6
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954436#comment-15954436 ] Ishan Chattopadhyaya commented on SOLR-10338: - In the interim, it is possible to increase the Jenkins boxes' entropy by installing rng-tools or haveged to speed up the SSL tests. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954430#comment-15954430 ] ASF subversion and git services commented on SOLR-10338: Commit 4f028dfb47afe3ea30bf52b3baf792c9e10364f8 in lucene-solr's branch refs/heads/branch_6x from [~mark.mil...@oblivion.ch] [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=4f028df ] SOLR-10338: Revert configure SecureRandom non blocking for tests. (reverted from commit 0445f8200e0630e1bb8b7117f200529ed1259747) > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954428#comment-15954428 ] ASF subversion and git services commented on SOLR-10338: Commit 0bf7a5ff335d2825a014862f5d04e70a7f5c016e in lucene-solr's branch refs/heads/master from [~mark.mil...@oblivion.ch] [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=0bf7a5f ] SOLR-10338: Revert configure SecureRandom non blocking for tests. (reverted from commit 0445f8200e0630e1bb8b7117f200529ed1259747) > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954030#comment-15954030 ] Mark Miller commented on SOLR-10338: Yup, sorry away for the weekend. I'll take a look. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15953893#comment-15953893
]
Hoss Man commented on SOLR-10338:
-
Jekinks JDK9 builds are freaking out over this change...
{noformat}
765 tests failed.
FAILED:
junit.framework.TestSuite.org.apache.solr.analysis.TestFoldingMultitermExtrasQuery
Error Message:
expected:<[SHA1PRN]G> but was:<[DRB]G>
Stack Trace:
org.junit.ComparisonFailure: expected:<[SHA1PRN]G> but was:<[DRB]G>
at __randomizedtesting.SeedInfo.seed([C3B5A016F8A4D7E1]:0)
at org.junit.Assert.assertEquals(Assert.java:125)
at org.junit.Assert.assertEquals(Assert.java:147)
at
org.apache.solr.SolrTestCaseJ4.assertNonBlockingRandomGeneratorAvailable(SolrTestCaseJ4.java:2440)
{noformat}
[~markrmil...@gmail.com] - i think we need to roll this back and re-consider?
(i suspect we just need to tweak the assert to accept some new options, but
rollback seem appropriate until we have time for more testing)
> Configure SecureRandom non blocking for tests.
> --
>
> Key: SOLR-10338
> URL: https://issues.apache.org/jira/browse/SOLR-10338
> Project: Solr
> Issue Type: Sub-task
>Reporter: Mihaly Toth
>Assignee: Mark Miller
> Fix For: master (7.0), 6.6
>
> Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we
> could get rid of random entropy exhaustion issue related to all usages of
> SecureRandom.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951083#comment-15951083 ] Mark Miller commented on SOLR-10338: Thanks everyone! > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: master (7.0), 6.6 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951080#comment-15951080 ] ASF subversion and git services commented on SOLR-10338: Commit d37570cdc67d08e6c1e3b4ec00a67971846a86bd in lucene-solr's branch refs/heads/branch_6x from markrmiller [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=d37570c ] SOLR-10338: Configure SecureRandom non blocking for tests. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 4.9, 6.0 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking for tests.
[ https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951056#comment-15951056 ] ASF subversion and git services commented on SOLR-10338: Commit 0445f8200e0630e1bb8b7117f200529ed1259747 in lucene-solr's branch refs/heads/master from markrmiller [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=0445f82 ] SOLR-10338: Configure SecureRandom non blocking for tests. > Configure SecureRandom non blocking for tests. > -- > > Key: SOLR-10338 > URL: https://issues.apache.org/jira/browse/SOLR-10338 > Project: Solr > Issue Type: Sub-task >Reporter: Mihaly Toth >Assignee: Mark Miller > Fix For: 4.9, 6.0 > > Attachments: SOLR-10338.patch, SOLR-10338.patch, SOLR-10338.patch > > > It would be best if SecureRandom could be made non blocking. In that case we > could get rid of random entropy exhaustion issue related to all usages of > SecureRandom. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
