touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #84925
[Bug 706011] Re: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails
I quite frankly don't understand the rationale of all this bug report
nor why anyone has not thought of this.
You are pissed off by apt crying when there are unsigned packages? I
understand your pain. I develop stuff too, and it's annoying.
What I don't understand is the rationale for blaming the key generation
system and ask mantainers to add a "make it all fake" option. That's...
just going to attract flak because it breaks security (the whole point
of the key generator system).
It's beyond obvious.
There is a simple solution though that does not involve breaking
encryption system, so keep reading.
Disable package signature checking. Boom, problem solved, no need to
compromise encryption for everyone else.
this command is of course "disable for this package"
sudo apt-get --allow-unauthenticated install mypackage
If you want to disable for EVERY package which is NOT SAFE AT ALL thus NOT RECOMMENDED for most systems (but it is probably fine for a development VM)
drop a file called 99unsigned or whatever in /etc/apt/apt.conf.d/
and write this inside:
APT::Get::AllowUnauthenticated "true";
in either case apt will show a warning about unisgned packages but will proceed anyway without requiring user input.
Now can this bug be closed? This solves the opener's issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/706011
Title:
gpg --key-gen doesn't have enough entropy and rng-tools install/start
fails
Status in gnupg package in Ubuntu:
Confirmed
Bug description:
Binary package hint: gnupg
Description: Ubuntu 10.04.1 LTS
Release: 10.04
If you install gpg and then type: gpg --gen-key, it 'freezes up' during the entropy gathering phase.
....
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 278 more bytes)
....
(freeze here)
I found some reference on the interwebs suggesting to install rng-
tools so that the rngd daemon can gather more entropy for the system
because by default cat /proc/sys/kernel/random/entropy_avail has a
very very low number.
Thus, installation of rng-tools, fails to start the rngd daemon...
Setting up rng-tools (2-unofficial-mt.12-1ubuntu3) ...
Trying to create /dev/hwrng device inode...
Starting Hardware RNG entropy gatherer daemon: (failed).
invoke-rc.d: initscript rng-tools, action "start" failed.
It is then required to do this: echo "HRNGDEVICE=/dev/urandom" >> /etc/default/rng-tools
and then start rngd: /etc/init.d/rng-tools start
After this process is done, gpg --gen-key is immediate...
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.........+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
.+++++
And cat /proc/sys/kernel/random/entropy_avail has a much higher
number.
All in all, I think this process should be simplified by maybe making
gpg depend on rng-tools. The whole reason why I need to generate a gpg
key is because I want to sign the .deb debians that I'm creating for
my repository.
Thanks for your time.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/706011/+subscriptions
