Ubuntu
autopkgtest package

Requires high quality entropy on first run

Bug #1472691 reported by Robie Basak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
autopkgtest (Ubuntu)
Fix Released
Low
Martin Pitt

Bug Description

On first run, I see:

+ gpg --homedir=/home/ubuntu/.cache/autopkgtest --batch --no-random-seed-file --gen-key key-gen-params
gpg: keyring `/home/ubuntu/.cache/autopkgtest/secring.gpg' created
gpg: keyring `/home/ubuntu/.cache/autopkgtest/pubring.gpg' created
+++++.+++++++++++++++.++++++++++.+++++++++++++++++++++++++.+++++++++++++++.+++++..+++++++++++++++++++++++++++++++++++++++++++++++++++++++>+++++.+++++......>.+++++..........+++++

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 222 more bytes)

I often end up running adt-run on a freshly deployed development machine, and this blocks me every time, even on bare metal. Workaround: Ctrl-C, rm -rf ~/.cache/autopkgtest, replace /dev/random with a symlink to /dev/urandom and rerun.

There is no reason for adt-run to need this level of cryptographically secure entropy. gpg key generation is expected to be run very rarely, rather than in routine development. Please could we remove this requirement? Is there a way to use [trusted=yes] in sources.list so no internal signing is required, for example, or at least to generate a key less pedantically if it must be create? I'm not sure what options exist to cause gpg to be less pedantic though.

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: autopkgtest 3.13
ProcVersionSignature: User Name 3.19.0-22.22-generic 3.19.8-ckt1
Uname: Linux 3.19.0-22-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Wed Jul 8 16:16:55 2015
PackageArchitecture: all
SourcePackage: autopkgtest
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Related branches

lp:debian/autopkgtest
Revision history for this message
Robie Basak (racb) wrote :
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

> I'm not sure what options exist to cause gpg to be less pedantic though.

I looked a long time ago, unfortunately there is no way to make gpg use /dev/urandom :-(

In most deployments I run autopkgtest from git and use --gnupg-home "$AUTOPKGTEST_BASE/tests/home/.cache/autopkgtest" to use the pre-generated key from git.

But "[trusted=yes]" sounds interesting, if that works we can get rid of the whole gpg madness. Thanks for pointing out!

Changed in autopkgtest (Ubuntu):
status: New → Triaged
assignee: nobody → Martin Pitt (pitti)
Martin Pitt (pitti)
Changed in autopkgtest (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

So much easier now! http://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/commit/?id=fed8cdbe00

Changed in autopkgtest (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package autopkgtest - 3.16

---------------
autopkgtest (3.16) unstable; urgency=medium

  Behaviour changes and improvements:
  * ssh-setup/nova: Re-try nova boot up to three times if it fails, and sleep
    5 minutes in between. This occasionally fails due to exceeding quota or
    temporary glitches.
  * Drop gpg-signing local archive and mark it as [trusted=yes] instead. This
    gets rid of the requirement to generate a gpg key on first run. Drop
    corresponding --gnupg-home option. (LP: #1472691)
  * Drop long-obsolete --tmp-dir backwards compat option.
  * ssh-setup/snappy: Adjust ubuntu-device-flash arguments to new
    release/channel structure from Ubuntu 15.10, and default to rolling/edge.
    Add new --release option.

  Bug fixes:
  * ssh-setup/nova: Silence "invalid command wait-reboot" warning.
  * setup-commands/cloud-vm-setup: Purge cloud-init too. It sometimes causes
    longer hangs on boot and might interfere with tests in other ways, and we
    only need it for first-time initialization anyway.
  * adt-virt-qemu: adt-buildvm-ubuntu-cloud: Don't use -enable-kvm QEMU option
    if /dev/kvm does not exist. (Closes: #790650)
  * Quiesce warnings from tar. Avoids "time stamp is in the future" log spew.
    (LP: #1468868)
  * Move apt sources setup from setup-commands/cloud-vm-setup to
    ssh-setup/nova. --apt-pocket does not work with the former as that runs
    too late.
  * Use Dpkg::Deps to evaluate/reduce build dependencies for expanding
    "@builddeps@". This handles build profiles. (Closes: #787093)
  * Resolve build profiles when installing build dependencies to build tested
    package.
  * Adjust NullRunner.test_tmp_install_perl test case to use
    libtest-requires-perl instead of libtest-tester-perl; the latter got
    removed from Debian.

 -- Martin Pitt <email address hidden> Fri, 10 Jul 2015 11:26:36 +0200

Changed in autopkgtest (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.