From qboosh at pld-linux.org Mon Jul 1 19:25:28 2024 From: qboosh at pld-linux.org (Jakub Bogusz) Date: Mon, 1 Jul 2024 19:25:28 +0200 Subject: ssh configuration on builders [Re: [all] builder queue problem] In-Reply-To: References: Message-ID: <20240701172528.GA11447@mail> openssh 9.8p1 dropped DSA keys support by default (could be brought back by --enable-dsa-keys), so "+ssh_dss" (which apparently exists in current configuration) became invalid. So either these options should be removed from builder configuration or DSA keys support restored in openssh.spec. On Mon, Jul 01, 2024 at 05:10:17PM +0000, PLD all builder wrote: > there were problems sending files from queue /home/pld/builderth/pld-builder.new/spool/ftp: > problems: > [src: /home/pld/builderth/pld-builder.new/spool/ftp/3f092c05-a1fe-410a-adca-148f6352e974] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/d87c4b67-5928-4a38-a62c-ff51f3e968a0] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/bd8c22ad-70ad-4a80-83f0-dfa0deb2d425] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/f0fba842-a9ad-4361-800b-aa21fe6b419b] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/fabdfca0-2c08-47ed-aab9-a5e4d0483346] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/8b0b4f93-ee8b-4595-99ea-f02e23663838] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/d27e529e-a7eb-427b-a08a-700a971586b2] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/3dd5e745-df9a-4552-996c-698bdc3112b2] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/4e2ab5ad-9845-47a8-bede-2d23ce0fd430] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/3c1ef473-42c8-4d5b-ad48-cb7bf662ca30] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/4248ad23-2dc2-4140-b7b6-551833807619] > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 55: Applying options for * > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > /etc/ssh/ssh_config: terminating, 2 bad configuration options > scp: Connection closed > -- Jakub Bogusz http://qboosh.pl/ From baggins at pld-linux.org Tue Jul 2 00:00:28 2024 From: baggins at pld-linux.org (Jan =?utf-8?Q?R=C4=99korajski?=) Date: Tue, 2 Jul 2024 00:00:28 +0200 Subject: ssh configuration on builders [Re: [all] builder queue problem] In-Reply-To: <20240701172528.GA11447@mail> References: <20240701172528.GA11447@mail> Message-ID: On Mon, 01 Jul 2024, Jakub Bogusz wrote: > openssh 9.8p1 dropped DSA keys support by default (could be brought back > by --enable-dsa-keys), so "+ssh_dss" (which apparently exists in current > configuration) became invalid. > > So either these options should be removed from builder configuration or > DSA keys support restored in openssh.spec. Disabled DSA on ep09. > On Mon, Jul 01, 2024 at 05:10:17PM +0000, PLD all builder wrote: > > there were problems sending files from queue /home/pld/builderth/pld-builder.new/spool/ftp: > > problems: > > [src: /home/pld/builderth/pld-builder.new/spool/ftp/3f092c05-a1fe-410a-adca-148f6352e974] > > > > Executing: program /usr/bin/ssh host ep09.pld-linux.org, user pldth, command sftp > > OpenSSH_9.8p1, OpenSSL 3.3.1 4 Jun 2024 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: /etc/ssh/ssh_config line 55: Applying options for * > > /etc/ssh/ssh_config line 65: Bad key types '+ssh-dss'. > > /etc/ssh/ssh_config line 66: Bad key types '+ssh-dss'. > > /etc/ssh/ssh_config: terminating, 2 bad configuration options > > scp: Connection closed [...] -- Jan R?korajski | PLD/Linux SysAdm | bagginspld-linux.org | http://www.pld-linux.org/ From glen at pld-linux.org Fri Jul 19 12:48:18 2024 From: glen at pld-linux.org (=?UTF-8?Q?Elan_Ruusam=C3=A4e?=) Date: Fri, 19 Jul 2024 13:48:18 +0300 Subject: Fatal glibc error: cannot get entropy for arc4random Message-ID: <2345527f-ed26-43c5-afa7-e3ca8849b699@pld-linux.org> openssh is unable startup # service sshd restart Fatal glibc error: cannot get entropy for arc4random Aborted # rpm -q glibc openssh-server glibc-2.39-6-th.x86_64 openssh-server-9.8p1-1-th.x86_64 # uname -r 3.13.0-32-generic from quick internet search 3.15 kernel is needed? but not specified in .spec? From arekm at maven.pl Fri Jul 19 20:00:30 2024 From: arekm at maven.pl (=?UTF-8?Q?Arkadiusz_Mi=C5=9Bkiewicz?=) Date: Fri, 19 Jul 2024 20:00:30 +0200 Subject: Fatal glibc error: cannot get entropy for arc4random In-Reply-To: <2345527f-ed26-43c5-afa7-e3ca8849b699@pld-linux.org> References: <2345527f-ed26-43c5-afa7-e3ca8849b699@pld-linux.org> Message-ID: <893124bf-2f31-4c4e-b350-75633fef8645@maven.pl> On 19/07/2024 12:48, Elan Ruusam?e wrote: > openssh is unable startup > > # service sshd restart > Fatal glibc error: cannot get entropy for arc4random > Aborted > > # rpm -q glibc openssh-server > glibc-2.39-6-th.x86_64 > openssh-server-9.8p1-1-th.x86_64 > > # uname -r > 3.13.0-32-generic > > from quick internet search 3.15 kernel is needed? but not specified > in .spec? Hm, why 3.15? Looking at the arc4random code it fallbacks to /dev/random and /dev/urandom if syscall is not available (getrandom syscall was introduced in 3.17). Maybe sshd is not allowing access to these at that point? strace could tell us something. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) From glen at pld-linux.org Mon Jul 22 17:16:28 2024 From: glen at pld-linux.org (=?UTF-8?Q?Elan_Ruusam=C3=A4e?=) Date: Mon, 22 Jul 2024 18:16:28 +0300 Subject: Fatal glibc error: cannot get entropy for arc4random In-Reply-To: <893124bf-2f31-4c4e-b350-75633fef8645@maven.pl> References: <2345527f-ed26-43c5-afa7-e3ca8849b699@pld-linux.org> <893124bf-2f31-4c4e-b350-75633fef8645@maven.pl> Message-ID: <0f60b4ad-ec37-4403-8e60-3b84bee23031@pld-linux.org> On 19.07.2024 21:00, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > On 19/07/2024 12:48, Elan Ruusam?e wrote: >> openssh is unable startup >> >> # service sshd restart >> Fatal glibc error: cannot get entropy for arc4random >> Aborted >> >> # rpm -q glibc openssh-server >> glibc-2.39-6-th.x86_64 >> openssh-server-9.8p1-1-th.x86_64 >> >> # uname -r >> 3.13.0-32-generic >> >> from quick internet search 3.15 kernel is needed? but not specified >> in .spec? > > Hm, why 3.15? > > Looking at the arc4random code it fallbacks to /dev/random and > /dev/urandom if syscall is not available (getrandom syscall was > introduced in 3.17). > > Maybe sshd is not allowing access to these at that point? > > strace could tell us something. > # strace /usr/sbin/sshd -D ... getrandom(0x7f12e109d270, 48, 0)??????? = -1 ENOSYS (Function not implemented) getrandom(0x7f12e109d270, 48, 0)??????? = -1 ENOSYS (Function not implemented) shmget(0x72, 1, 000)??????????????????? = 0 shmat(0, NULL, SHM_RDONLY)????????????? = 0x7f12df674000 openat(AT_FDCWD, "/dev/urandom", O_RDONLY) = 7 fstat(7, {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x9), ...}) = 0 read(7, "`\16\373H\261\343\331\203\231\262\376\263\251\31f\2051\0\212D98\177'\313P\254LT{,\v"..., 48) = 48 getrandom(0x7fff4f092bd0, 48, 0)??????? = -1 ENOSYS (Function not implemented) writev(2, [{iov_base="Fatal glibc error: cannot get en"..., iov_len=53}], 1Fatal glibc error: cannot get entropy for arc4random ) = 53 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12df673000 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 gettid()??????????????????????????????? = 3681 getpid()??????????????????????????????? = 3681 tgkill(3681, 3681, SIGABRT)???????????? = 0 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=3681, si_uid=0} --- +++ killed by SIGABRT +++ Aborted From arekm at maven.pl Tue Jul 23 09:57:38 2024 From: arekm at maven.pl (=?UTF-8?Q?Arkadiusz_Mi=C5=9Bkiewicz?=) Date: Tue, 23 Jul 2024 09:57:38 +0200 Subject: Fatal glibc error: cannot get entropy for arc4random In-Reply-To: <0f60b4ad-ec37-4403-8e60-3b84bee23031@pld-linux.org> References: <2345527f-ed26-43c5-afa7-e3ca8849b699@pld-linux.org> <893124bf-2f31-4c4e-b350-75633fef8645@maven.pl> <0f60b4ad-ec37-4403-8e60-3b84bee23031@pld-linux.org> Message-ID: <66f8eba5-fc90-4b25-be06-cb668eed0609@maven.pl> On 22/07/2024 17:16, Elan Ruusam?e wrote: > cannot get entropy for arc4random Try maybe this code to see if it works (+ strace for it). It blocks getrandom syscall (ENOSYS) on x86_64 with seccomp. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) -------------- next part -------------- #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #ifndef __NR_getrandom #define __NR_getrandom 318 #endif int main() { struct sock_filter filter[] = { BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, arch)), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, AUDIT_ARCH_X86_64, 1, 0), BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_KILL), BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, nr)), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, __NR_getrandom, 1, 0), BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ERRNO | ENOSYS), }; struct sock_fprog prog = { .len = (unsigned short)(sizeof(filter) / sizeof(filter[0])), .filter = filter, }; if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { perror("prctl(PR_SET_NO_NEW_PRIVS)"); return 1; } if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { perror("prctl(PR_SET_SECCOMP)"); return 1; } printf("Testing arc4random() after blocking getrandom syscall:\n"); unsigned int random_value = arc4random(); printf("arc4random() returned: %u\n", random_value); return 0; } From glen at pld-linux.org Wed Jul 24 19:16:15 2024 From: glen at pld-linux.org (=?UTF-8?Q?Elan_Ruusam=C3=A4e?=) Date: Wed, 24 Jul 2024 20:16:15 +0300 Subject: Fatal glibc error: cannot get entropy for arc4random In-Reply-To: <66f8eba5-fc90-4b25-be06-cb668eed0609@maven.pl> References: <2345527f-ed26-43c5-afa7-e3ca8849b699@pld-linux.org> <893124bf-2f31-4c4e-b350-75633fef8645@maven.pl> <0f60b4ad-ec37-4403-8e60-3b84bee23031@pld-linux.org> <66f8eba5-fc90-4b25-be06-cb668eed0609@maven.pl> Message-ID: On 23.07.2024 10:57, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > On 22/07/2024 17:16, Elan Ruusam?e wrote: >> cannot get entropy for arc4random > > Try maybe this code to see if it works (+ strace for it). > > It blocks getrandom syscall (ENOSYS) on x86_64 with seccomp. strace of that program # strace ./seccomp-test execve("./seccomp-test", ["./seccomp-test"], 0x7fff233e1f50 /* 39 vars */) = 0 brk(NULL)?????????????????????????????? = 0x15a6000 access("/etc/ld.so.preload", R_OK)????? = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=32151, ...}) = 0 mmap(NULL, 32151, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7873452000 close(3)??????????????????????????????? = 0 openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20b\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 fstat(3, {st_mode=S_IFREG|0755, st_size=1966536, ...}) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7873450000 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 mmap(NULL, 2018704, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7873263000 mmap(0x7f7873287000, 1441792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7f7873287000 mmap(0x7f78733e7000, 352256, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x184000) = 0x7f78733e7000 mmap(0x7f787343d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d9000) = 0x7f787343d000 mmap(0x7f7873443000, 52624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7873443000 close(3)??????????????????????????????? = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7873260000 arch_prctl(ARCH_SET_FS, 0x7f7873260740) = 0 set_tid_address(0x7f7873260a10)???????? = 22077 set_robust_list(0x7f7873260a20, 24)???? = 0 rseq(0x7f7873261060, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) mprotect(0x7f787343d000, 16384, PROT_READ) = 0 mprotect(0x403000, 4096, PROT_READ)???? = 0 mprotect(0x7f787348d000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7f7873452000, 32151)?????????? = 0 prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)? = 0 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=7, filter=0x7fffb093fd90}) = 0 fstat(1, {st_mode=S_IFCHR|0622, st_rdev=makedev(0x88, 0x5), ...}) = 0 getrandom(0x7f7873448178, 8, GRND_NONBLOCK) = -1 ENOSYS (Function not implemented) brk(NULL)?????????????????????????????? = -1 ENOSYS (Function not implemented) brk(0x15c7000)????????????????????????? = -1 ENOSYS (Function not implemented) Testing arc4random() after blocking getrandom syscall: write(1, "Testing arc4random() after block"..., 55) = -1 ENOSYS (Function not implemented) writev(2, [{iov_base="Fatal glibc error: cannot get en"..., iov_len=53}], 1Fatal glibc error: cannot get entropy for arc4random ) = 53 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7873459000 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 gettid()??????????????????????????????? = 22077 getpid()??????????????????????????????? = 22077 tgkill(22077, 22077, SIGABRT)?????????? = 0 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=22077, si_uid=0} --- +++ killed by SIGABRT +++ Aborted i also updated libseccomp. it didn't change a thing U libseccomp-(2.5.1 => 2.5.5)-1.x86_64 From atler at pld-linux.org Thu Jul 25 10:05:01 2024 From: atler at pld-linux.org (Jan Palus) Date: Thu, 25 Jul 2024 10:05:01 +0200 Subject: Fatal glibc error: cannot get entropy for arc4random In-Reply-To: <893124bf-2f31-4c4e-b350-75633fef8645@maven.pl> References: <2345527f-ed26-43c5-afa7-e3ca8849b699@pld-linux.org> <893124bf-2f31-4c4e-b350-75633fef8645@maven.pl> Message-ID: On 19.07.2024 20:00, Arkadiusz Mi?kiewicz via pld-devel-en wrote: > On 19/07/2024 12:48, Elan Ruusam?e wrote: > > openssh is unable startup > > > > # service sshd restart > > Fatal glibc error: cannot get entropy for arc4random > > Aborted > > > > # rpm -q glibc openssh-server > > glibc-2.39-6-th.x86_64 > > openssh-server-9.8p1-1-th.x86_64 > > > > # uname -r > > 3.13.0-32-generic > > > > from quick internet search 3.15 kernel is needed? but not specified in > > .spec? > > Hm, why 3.15? > > Looking at the arc4random code it fallbacks to /dev/random and /dev/urandom > if syscall is not available (getrandom syscall was introduced in 3.17). Actually glibc-2.39-6 does not fallback to /dev/*random due to bug in arc4random fallback logic (return value checked for ENOSYS instead of errno). It was fixed on Jul 8 (glibc 2.40 does not suffer from it): https://sourceware.org/git/?p=glibc.git;a=commit;h=184b9e530e6326e668709826903b6d30dc6cac3f > > Maybe sshd is not allowing access to these at that point? > > strace could tell us something. > > -- > Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org ) > _______________________________________________ > pld-devel-en mailing list > pld-devel-en at lists.pld-linux.org > http://lists.pld-linux.org/mailman/listinfo/pld-devel-en