Skip to content
This repository was archived by the owner on Jan 1, 2021. It is now read-only.

Commit ab6b28e

Browse files
tianontianon
committed
Remove haveged in favor of backported upstream kernel commit
Quoting the `Dockerfile` comment: > apply kernel entropy patch from 5.4; this same patch was backported in Debian in 5.3.9-1 > > - https://git.kernel.org/linus/50ee7529ec4500c88f8664560770a7a1b65db72b > - https://salsa.debian.org/kernel-team/linux/commit/c323c453b2485a33bfb33635a07f3a50bc1db1ee > - https://lists.debian.org/debian-boot/2019/11/msg00077.html > > specifically, this solves the problem of early-boot entropy (SSH key generation, for example), avoiding the need for userspace solutions like haveged
1 parent 54ba875 commit ab6b28e

3 files changed

Lines changed: 9 additions & 96 deletions

File tree

Dockerfile

Lines changed: 9 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -214,6 +214,15 @@ RUN wget -O /linux.tar.xz "https://cdn.kernel.org/pub/linux/kernel/v${LINUX_VERS
214214
ln -sT "linux-$LINUX_VERSION" /usr/src/linux; \
215215
[ -d /usr/src/linux ]
216216

217+
# apply kernel entropy patch from 5.4; this same patch was backported in Debian in 5.3.9-1
218+
# - https://git.kernel.org/linus/50ee7529ec4500c88f8664560770a7a1b65db72b
219+
# - https://salsa.debian.org/kernel-team/linux/commit/c323c453b2485a33bfb33635a07f3a50bc1db1ee
220+
# - https://lists.debian.org/debian-boot/2019/11/msg00077.html
221+
# specifically, this solves the problem of early-boot entropy (SSH key generation, for example), avoiding the need for userspace solutions like haveged
222+
RUN wget -O kernel-entropy.patch 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50ee7529ec4500c88f8664560770a7a1b65db72b'; \
223+
patch -p1 --input "$PWD/kernel-entropy.patch" --directory /usr/src/linux; \
224+
rm kernel-entropy.patch
225+
217226
RUN { \
218227
echo '#!/usr/bin/env bash'; \
219228
echo 'set -Eeuo pipefail'; \
@@ -331,20 +340,6 @@ RUN echo 'for i in /usr/local/etc/profile.d/*.sh ; do if [ -r "$i" ]; then . $i;
331340
# install kernel headers so we can use them for building xen-utils, etc
332341
RUN make -C /usr/src/linux INSTALL_HDR_PATH=/usr/local headers_install
333342

334-
# https://lkml.org/lkml/2018/4/12/711 (https://github.com/boot2docker/boot2docker/pull/1322)
335-
# https://github.com/jirka-h/haveged/releases
336-
ENV HAVEGED_VERSION 1.9.4
337-
RUN wget -O /haveged.tgz "https://github.com/jirka-h/haveged/archive/${HAVEGED_VERSION}.tar.gz"; \
338-
mkdir /usr/src/haveged; \
339-
tar --extract --file /haveged.tgz --directory /usr/src/haveged --strip-components 1; \
340-
rm /haveged.tgz
341-
# https://debbugs.gnu.org/11064 (libtool eats "-static", gcc doesn't mind getting "--static" even more than once)
342-
RUN ( cd /usr/src/haveged && ./configure LDFLAGS='-static --static' ); \
343-
make -C /usr/src/haveged/src -j "$(nproc)" haveged; \
344-
cp -v /usr/src/haveged/src/haveged usr/local/sbin/; \
345-
strip usr/local/sbin/haveged; \
346-
tcl-chroot haveged --run 1
347-
348343
# http://download.virtualbox.org/virtualbox/
349344
# updated via "update.sh"
350345
ENV VBOX_VERSION 5.2.34

files/bootsync.sh

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -71,10 +71,6 @@ done
7171

7272
/usr/local/etc/init.d/acpid start
7373

74-
# https://github.com/boot2docker/boot2docker/pull/1322
75-
/etc/init.d/haveged conditional
76-
# (if the system doesn't have enough entropy, "dockerd" hangs without any output until it get a sufficient amount)
77-
7874
if [ -e /var/lib/boot2docker/bootsync.sh ]; then
7975
sh /var/lib/boot2docker/bootsync.sh
8076
fi

files/init.d/haveged

Lines changed: 0 additions & 78 deletions
This file was deleted.

0 commit comments

Comments
 (0)