Ubuntu
chrony package

Merge ~paelzer/ubuntu/+source/chrony:ubuntu/cosmic-devel into ubuntu/+source/chrony:ubuntu/cosmic-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/chrony
  3. ubuntu/cosmic-devel
  4. Merge into ubuntu/cosmic-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: c1a0e7b902ecf7b7ba2003fc3e20fa8e15f2a546
Proposed branch: ~paelzer/ubuntu/+source/chrony:ubuntu/cosmic-devel
Merge into: ubuntu/+source/chrony:ubuntu/cosmic-devel
Diff against target: 69 lines (+49/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp-1787366-fall-back-to-urandom.patch (+41/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Seth Arnold (community) Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+353232@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Trivial single patch backport from upstream in preparation of newer kernels.
4.17 should have been the one bringing the random changes, if not they will hit sooner or later.
Please follow the liks from the Bug Description for some background on this.

Note: added a ~ubuntu-security review slot for the potential drawback of the lower quality bits which might in theory make it easier to spoof replies.

Bug: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1787366
PPA for Testing: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3359

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I don't love it but I understand it. Thanks!

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

Please also mention that this closes debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906276

(dep3 header, d/changelog with Closes: #)

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hey the bug was reported AFTER I created this (well minutes) - so I had to forget about it.
Thanks for both of your acks.

The Debian changes are identical to ours, plus a few packaging buffs.
This means we can surely drop this Delta on the next merge.

But since we already tested the here proposed version I'd go on with the fix as proposed here and NOT merge the latest Debian right now for the packaging cleanups (while the changes should be a no-op Murphy is everywhere and FF close - this will be fine later on).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tag pushed and uploaded to Cosmic

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 46a8195..21fcea8 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+chrony (3.3-2ubuntu2) cosmic; urgency=medium
7+
8+ * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
9+ the service on newer kernels by falling back to urandom (LP: #1787366)
10+
11+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Aug 2018 11:48:38 +0200
12+
13 chrony (3.3-2ubuntu1) cosmic; urgency=medium
14
15 * Merge with Debian unstable (LP: #1771061). Remaining changes:
16diff --git a/debian/patches/lp-1787366-fall-back-to-urandom.patch b/debian/patches/lp-1787366-fall-back-to-urandom.patch
17new file mode 100644
18index 0000000..d7e687a
19--- /dev/null
20+++ b/debian/patches/lp-1787366-fall-back-to-urandom.patch
21@@ -0,0 +1,41 @@
22+From 7c5bd948bb7e21fa0ee22f29e97748b2d0360319 Mon Sep 17 00:00:00 2001
23+From: Miroslav Lichvar <mlichvar@redhat.com>
24+Date: Thu, 17 May 2018 14:16:58 +0200
25+Subject: [PATCH] util: fall back to reading /dev/urandom when getrandom()
26+ blocks
27+
28+With recent changes in the Linux kernel, the getrandom() system call may
29+block for a long time after boot on machines that don't have enough
30+entropy. It blocks the chronyd's initialization before it can detach
31+from the terminal and may cause a chronyd service to fail to start due
32+to a timeout.
33+
34+At least for now, enable the GRND_NONBLOCK flag to make the system call
35+non-blocking and let the code fall back to reading /dev/urandom (which
36+never blocks) if the system call failed with EAGAIN or any other error.
37+
38+This makes the start of chronyd non-deterministic with respect to files
39+that it needs to open and possibly also makes it slightly easier to
40+guess the transmit/receive timestamp in client requests until the
41+urandom source is fully initialized.
42+
43+Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
44+Original-Author: Miroslav Lichvar <mlichvar@redhat.com>
45+Origin: backport, https://git.tuxfamily.org/chrony/chrony.git/commit/?id=7c5bd948bb7e21fa0ee22f29e97748b2d0360319
46+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1787366
47+Last-Update: 2018-08-16
48+---
49+ util.c | 2 +-
50+ 1 file changed, 1 insertion(+), 1 deletion(-)
51+
52+--- a/util.c
53++++ b/util.c
54+@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, un
55+ if (disabled)
56+ break;
57+
58+- if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
59++ if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof (rand_buf)) {
60+ disabled = 1;
61+ break;
62+ }
63diff --git a/debian/patches/series b/debian/patches/series
64index 21d48ce..425fb09 100644
65--- a/debian/patches/series
66+++ b/debian/patches/series
67@@ -1 +1,2 @@
68 lp-1718227-nm-dispatcher-for-networkd.patch
69+lp-1787366-fall-back-to-urandom.patch

Subscribers

People subscribed via source and target branches