[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: The attached patch (against 20160330) addresses the issue for me on Linux; it has not been tested on other platforms. It adds the GRND_NONBLOCK flag to the getrandom() call and sends the appropriate failure return if it returns due to lack of entropy. The enclos

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: Oh; it's not actually hashlib which is calling getrandom(), it's the main runtime - the initialization of the per-process secret hash seed in _PyRandom_Init Don't know enough about the internal logic here to comment on what the Right Thing is; but I second the

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: It's worth noting that this issue now affects every installation of Debian testing track with systemd and systemd-cron installed; the python program /lib/systemd/system-generators/systemd-crontab-generator is called very early in the boot process; it imports has

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Marc-Andre Lemburg added the comment: As mentioned on the other issue #25420, this is a regression and a change in documented behavior of os.urandom(), which is expected to be non-blocking, regardless of whether entropy is available or not. The fix should be easy (from reading the man page ht

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Stefan Krah added the comment: I did not claim that it magically creates entropy. -- Many VMs are throwaway test beds. It would be annoying to setup some entropy gathering mechanism just so that Python starts. -- ___ Python tracker

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

STINNER Victor added the comment: Since many years, Linux systems store entropy on disk to quickly feed the entropy pool at startup. It doesn't create magically entropy on VM where you start with zero entropy at the first boot. -- ___ Python tracker

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Stefan Krah added the comment: It is clear how /dev/urandom works. I just think that securing enough entropy on startup should be done by the init scripts (if systemd still allows that :) and not by an application. [Unless the application is gpg or similar.] --

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Changes by STINNER Victor : -- title: Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module -> Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on get