← Back to team overview

touch-packages team mailing list archive

[Bug 706011] Re: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails

 

I quite frankly don't understand the rationale of all this bug report
nor why anyone has not thought of this.

You are pissed off by apt crying when there are unsigned packages? I
understand your pain. I develop stuff too, and it's annoying.

What I don't understand is the rationale for blaming the key generation
system and ask mantainers to add a "make it all fake" option. That's...
just going to attract flak because it breaks security (the whole point
of the key generator system).

It's beyond obvious.

There is a simple solution though that does not involve breaking
encryption system, so keep reading.

Disable package signature checking. Boom, problem solved, no need to
compromise encryption for everyone else.

this command is of course "disable for this package"

sudo apt-get --allow-unauthenticated install mypackage


If you want to disable for EVERY package which is NOT SAFE AT ALL thus NOT RECOMMENDED for most systems (but it is probably fine for a development VM)

drop a file called 99unsigned or whatever in /etc/apt/apt.conf.d/

and write this inside:

APT::Get::AllowUnauthenticated "true";


in either case apt will show a warning about unisgned packages but will proceed anyway without requiring user input.


Now can this bug be closed? This solves the opener's issue.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/706011

Title:
  gpg --key-gen doesn't have enough entropy and rng-tools install/start
  fails

Status in gnupg package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: gnupg

  Description:	Ubuntu 10.04.1 LTS
  Release:	10.04

  
  If you install gpg and then type: gpg --gen-key, it 'freezes up' during the entropy gathering phase.

  ....
  We need to generate a lot of random bytes. It is a good idea to perform
  some other action (type on the keyboard, move the mouse, utilize the
  disks) during the prime generation; this gives the random number
  generator a better chance to gain enough entropy.

  Not enough random bytes available.  Please do some other work to give
  the OS a chance to collect more entropy! (Need 278 more bytes)
  ....
  (freeze here)

  I found some reference on the interwebs suggesting to install rng-
  tools so that the rngd daemon can gather more entropy for the system
  because by default cat /proc/sys/kernel/random/entropy_avail has a
  very very low number.

  Thus, installation of rng-tools, fails to start the rngd daemon...

  Setting up rng-tools (2-unofficial-mt.12-1ubuntu3) ...
  Trying to create /dev/hwrng device inode...
  Starting Hardware RNG entropy gatherer daemon: (failed).
  invoke-rc.d: initscript rng-tools, action "start" failed.

  It is then required to do this: echo "HRNGDEVICE=/dev/urandom" >> /etc/default/rng-tools
  and then start rngd: /etc/init.d/rng-tools start

  After this process is done, gpg --gen-key is immediate...

  
  We need to generate a lot of random bytes. It is a good idea to perform
  some other action (type on the keyboard, move the mouse, utilize the
  disks) during the prime generation; this gives the random number
  generator a better chance to gain enough entropy.
  .........+++++
  ...+++++
  We need to generate a lot of random bytes. It is a good idea to perform
  some other action (type on the keyboard, move the mouse, utilize the
  disks) during the prime generation; this gives the random number
  generator a better chance to gain enough entropy.
  +++++
  .+++++

  And cat /proc/sys/kernel/random/entropy_avail has a much higher
  number.

  All in all, I think this process should be simplified by maybe making
  gpg depend on rng-tools. The whole reason why I need to generate a gpg
  key is because I want to sign the .deb debians that I'm creating for
  my repository.

  Thanks for your time.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011/+subscriptions