Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[19.09] Backport rng improvements #73314

Closed
wants to merge 5 commits into from

Conversation

kmcopper
Copy link
Contributor

Motivation for this change

Backports many rng improvements in master back down to the stable channel.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @c0bw3b @JohnAZoidberg @r-ryantm @teto

Copy link
Contributor

@bjornfor bjornfor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use git cherry-pick -x ... to get the commit reference of the original commit into the git history.

Copy link
Contributor

@c0bw3b c0bw3b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What exactly doesn't work with current rngd on r19.09 that would warrant a backport?

@Mic92
Copy link
Member

Mic92 commented Nov 13, 2019

some context: #73007 (comment)

@kmcopper
Copy link
Contributor Author

kmcopper commented Nov 13, 2019

I figured the rng bias security improvement, adding jitterentropy, allowing qemu-guest to use rngd, general bug fixes, and no apparent breaking changes were good enough to backport. Feel free to correct me if I am wrong I am unclear with the nix backports policy but I feel it's good enough to warrant a backport of anything as long as it doesn't break anything else.

@ofborg ofborg bot requested a review from c0bw3b November 13, 2019 20:27
teto and others added 4 commits November 18, 2019 18:57
... otherwise enabling it causes a merge conflict.

Enabling it was necessary to give enough entropy for the sshd daemon in
my libvirt/nixops VM to generate keys see
NixOS/nixops#1199.

(cherry picked from commit c27360a)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/jitterentropy/versions

(cherry picked from commit 0158bc0)
+ run tests
+ enable jitterentropy by default
+ add c0bw3b to maintainers

(cherry picked from commit 810abeb)
@stale
Copy link

stale bot commented Jun 1, 2020

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the
    related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
    irc.freenode.net.

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 1, 2020
@Mic92 Mic92 closed this Jun 1, 2020
@Mic92
Copy link
Member

Mic92 commented Jun 1, 2020

We have 20.03 now.

@kmcopper kmcopper deleted the r19.09-backport-rng branch September 23, 2020 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

7 participants