Package: chrony
Version: 3.3-2
Severity: important
Tags: patch
Dear Maintainer,
When trying out buster using fai-cloud-image scripts on Google cloud I
noticed that system took around 180 seconds to boot rather than 15
seconds (stretch).
After investigating, I detected it was a lack of entropy early on system
startup that caused chrony to be blocked when calling getrandom(). That
is an issue being reported on different projects[1][2] but I didn't see
anyone reporting it for chrony at the moment. (Maybe the lack of entropy
was not spotted when using buster outside of cloud providers?)
The upstream project is patched already[3], but there is no new release
for the moment. I contacted the maintainer[4] and there should be a new
release in the following month that would contain that fix[5]. I chose
to report this bug and provide a patch in order to avoid others facing
this issue which is not so trivial to understand what is going on.
Also this kind of bug is lately being discussed by debian community[6]
[1] https://github.com/libressl-portable/portable/issues/274
[2]
https://github.com/openbsd/src/commit/edb2eeb7da8494998d0073f8aaeb8478cee5e00b
[3]
https://git.tuxfamily.org/chrony/chrony.git/commit/?id=7c5bd948bb7e21fa0ee22f29e97748b2d0360319
[4] https://www.mail-archive.com/chrony-dev@chrony.tuxfamily.org/msg01898.html
[5] https://www.mail-archive.com/chrony-dev@chrony.tuxfamily.org/msg01899.html
[6] https://lists.debian.org/debian-release/2018/05/msg00130.html
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.17.0-1-amd64 (SMP w/1 CPU core)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages chrony depends on:
ii adduser 3.117
ii iproute2 4.17.0-2
ii libc6 2.27-5
ii libcap2 1:2.25-1.2
ii libedit2 3.1-20180525-1
ii libnettle6 3.4-1
ii libseccomp2 2.3.3-3
ii lsb-base 9.20170808
ii ucf 3.0038
chrony recommends no packages.
Versions of packages chrony suggests:
pn dnsutils <none>
-- debconf information excluded
--- chrony-3.3.orig/util.c
+++ chrony-3.3/util.c
@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, un
if (disabled)
break;
- if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
+ if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof
(rand_buf)) {
disabled = 1;
break;
}
--- chrony-3.3.orig/util.c
+++ chrony-3.3/util.c
@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, un
if (disabled)
break;
- if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
+ if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof
(rand_buf)) {
disabled = 1;
break;
}
