No. It is an internal corporate repo sitting behind a firewall. In my eyes, the only point of creating the key and signing the packages is so that apt-get/aptitude doesn't cry like a baby (require me to type 'Yes') when I'm installing software on the servers.
Anyway, way to miss the whole point of this issue which is that, out of the box, Ubuntu doesn't produce enough randomness on its own for gpg --gen-key to work properly. It is also amazing to me that a package called rng-tools doesn't produce the 'correct' type of entropy. Why is it included in the repositories then? Maybe you can enlighten me with your infinite wisdom about how this daemon doesn't do the job well enough. I mean, is it outputting all AAAAAAAAAAAAAAAAA or something? jon On Sat, Jan 22, 2011 at 4:04 AM, Steve McIntyre <706...@bugs.launchpad.net>wrote: > If you don't care about randomness when creating a GPG key, then you > should not be using one. Reducing the entropy used when creating a key > makes it *much* weaker. Are you planning on uploading your signed > packages anywhere? > > -- > You received this bug notification because you are a direct subscriber > of the bug. > https://bugs.launchpad.net/bugs/706011 > > Title: > gpg --key-gen doesn't have enough entropy and rng-tools install/start > fails > > Status in “gnupg” package in Ubuntu: > New > > Bug description: > Binary package hint: gnupg > > Description: Ubuntu 10.04.1 LTS > Release: 10.04 > > > If you install gpg and then type: gpg --gen-key, it 'freezes up' during > the entropy gathering phase. > > .... > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > > Not enough random bytes available. Please do some other work to give > the OS a chance to collect more entropy! (Need 278 more bytes) > .... > (freeze here) > > I found some reference on the interwebs suggesting to install rng- > tools so that the rngd daemon can gather more entropy for the system > because by default cat /proc/sys/kernel/random/entropy_avail has a > very very low number. > > Thus, installation of rng-tools, fails to start the rngd daemon... > > Setting up rng-tools (2-unofficial-mt.12-1ubuntu3) ... > Trying to create /dev/hwrng device inode... > Starting Hardware RNG entropy gatherer daemon: (failed). > invoke-rc.d: initscript rng-tools, action "start" failed. > > It is then required to do this: echo "HRNGDEVICE=/dev/urandom" >> > /etc/default/rng-tools > and then start rngd: /etc/init.d/rng-tools start > > After this process is done, gpg --gen-key is immediate... > > > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > .........+++++ > ...+++++ > We need to generate a lot of random bytes. It is a good idea to perform > some other action (type on the keyboard, move the mouse, utilize the > disks) during the prime generation; this gives the random number > generator a better chance to gain enough entropy. > +++++ > .+++++ > > And cat /proc/sys/kernel/random/entropy_avail has a much higher > number. > > All in all, I think this process should be simplified by maybe making > gpg depend on rng-tools. The whole reason why I need to generate a gpg > key is because I want to sign the .deb debians that I'm creating for > my repository. > > Thanks for your time. > > To unsubscribe from this bug, go to: > https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011/+subscribe > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/706011 Title: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs