Added the random/urandom hack (ported from setuplxc).

Gary Poster (gary) wrote :

Thank you, Francesco. Please add an additional sentence to the help description that gives a serious warning about it. Draft of the kinds of things I'm thinking of: "This reduces the actual randomness of your system's random number generator and thereby reduces security. Use only if determined to be necessary for this machine, and only if the machine is only used for tasks identified as low-risk, such as running tests." Otherwise good.

12. By Francesco Banconi

Added a warning about --use-urandom option.

=== modified file 'lpsetup/subcommands/'
--- lpsetup/subcommands/ 2012-03-30 10:52:41 +0000
+++ lpsetup/subcommands/ 2012-04-10 09:27:39 +0000
@@ -114,7 +114,7 @@
115def initialize(115def initialize(
116 user, full_name, email, lpuser, private_key, public_key, valid_ssh_keys,116 user, full_name, email, lpuser, private_key, public_key, valid_ssh_keys,
117 ssh_key_path, dependencies_dir, directory):117 ssh_key_path, use_urandom, dependencies_dir, directory):
118 """Initialize host machine."""118 """Initialize host machine."""
119 # Install necessary deb packages. This requires Oneiric or later.119 # Install necessary deb packages. This requires Oneiric or later.
120 call('apt-get', 'update')120 call('apt-get', 'update')
@@ -165,6 +165,12 @@
165 for line in lines:165 for line in lines:
166 location = line.format(checkout_dir=checkout_dir, lpuser=lpuser)166 location = line.format(checkout_dir=checkout_dir, lpuser=lpuser)
167 file_append(bzr_locations, location)167 file_append(bzr_locations, location)
168 # rng-tools is used to set /dev/urandom as random data source, avoiding
169 # entropy exhaustion during automated parallel tests.
170 if use_urandom:
171 apt_get_install('rng-tools', caller=call)
172 file_append('/etc/default/rng-tools', 'HRNGDEVICE=/dev/urandom')
173 call('/etc/init.d/rng-tools', 'start')
170def setup_apt(no_repositories=True):176def setup_apt(no_repositories=True):
@@ -218,7 +224,7 @@
218 (initialize,224 (initialize,
219 'user', 'full_name', 'email', 'lpuser',225 'user', 'full_name', 'email', 'lpuser',
220 'private_key', 'public_key', 'valid_ssh_keys', 'ssh_key_path',226 'private_key', 'public_key', 'valid_ssh_keys', 'ssh_key_path',
221 'dependencies_dir', 'directory'),227 'use_urandom', 'dependencies_dir', 'directory'),
222 (setup_apt,228 (setup_apt,
223 'no_repositories'),229 'no_repositories'),
224 (setup_launchpad,230 (setup_launchpad,
@@ -289,3 +295,7 @@
289 parser.add_argument(295 parser.add_argument(
290 '-N', '--no-repositories', action='store_true',296 '-N', '--no-repositories', action='store_true',
291 help='Do not add APT repositories.')297 help='Do not add APT repositories.')
298 parser.add_argument(
299 '-U', '--use-urandom', action='store_true',
300 help='Use /dev/urandom to feed /dev/random and avoid '
301 'entropy exhaustion.')
=== modified file 'lpsetup/subcommands/'
--- lpsetup/subcommands/ 2012-03-30 16:52:14 +0000
+++ lpsetup/subcommands/ 2012-04-10 09:27:39 +0000
@@ -158,7 +158,7 @@
158 (install.initialize,158 (install.initialize,
159 'user', 'full_name', 'email', 'lpuser',159 'user', 'full_name', 'email', 'lpuser',
160 'private_key', 'public_key', 'valid_ssh_keys', 'ssh_key_path',160 'private_key', 'public_key', 'valid_ssh_keys', 'ssh_key_path',
161 'dependencies_dir', 'directory'),161 'use_urandom', 'dependencies_dir', 'directory'),
162 (create_lxc,162 (create_lxc,
163 'user', 'lxc_name', 'lxc_arch', 'lxc_os'),163 'user', 'lxc_name', 'lxc_arch', 'lxc_os'),
164 (start_lxc,164 (start_lxc,


