Open krusynth opened 10 years ago
lack of hardware means it can't generate enough random bits to fill PGPs needs
This is fascinating.
I know, right? I noticed the keygen was hanging forever, and assumed it was a lack of RAM issue. Once that didn't fix it, I found this:
And then a bunch of threads saying you can generate entropy via keyboard, mouse, and harddrive spinning. Lack of all of these means it doesn't generate bits? I'm no expert on entropy or anything, so I might be misconfusinating the issue.
If Lavarand doesn't end up matching a curve of e
I'd be astounded. Everything is e
. ;)
lack of hardware means it can't generate enough random bits to fill PGPs needs
Hm... For dev environments maybe we should default the settings to use a small PGP key size (like 1024bit) instead of the very paranoid 4096bits currently set in the gpginit
command — then have the local_settings.py
override this for production environments. Should save people a lot of grief.
@krues8dr: If you want to see if this helps out your Vagrant box: can you try editing /authentication/authapp/management/commands/gpginit.py
, changing the key sizes down to 1024, then try setting up the GPG key again?
You could also try to install haveged which artificially increases the Linux entropy pool (which is unsafe for a user-facing website in production, but good enough for a dev VM).
Thanks, but I think I've already got past that point with rng-tools and am no longer receiving the lack-of-entropy error. This is a different error, and I'm still receiving it with 1024 bits. Again, I think this is related to the different homedir being used for key generation, or maybe needing gpg-agent ? I'm not entirely sure.
@mtigas Have you gotten this to run on anything outside of OS X? I know @vzvenyach is running it on Ubuntu with no problems. Could be something of the selinux
variety as well, or other RHEL-specific concerns, due to the better security model.
@krues8dr Can't test it out again until I get home later today — but no reason why it shouldn’t run smoothly on Linux, too. (For other VMs, I've definitely had crypto issues unless I set up haveged — not sure how well rng-tools
+ system PRNG compare to using that to fill.)
Might want to nuke the gpgdata
directory and try doing the init again. Also, setting GNUPG_BINARY
should be to the actual GPG binary and not a symlink (i.e. GNUPG_BINARY="/usr/bin/gpg2"
instead of "/usr/bin/gpg"
)
(Also helpful to help you get up and running: python2.7 manage.py gpginit | grep -e "^GNUPG_IDENTITY" >> local_settings.py
.)
Will be back with more later tonight.
Just wanted to let you know that haveged
worked wonders on an EC2 instance.
Hey guys, I've tried using haveged
but still getting the same error on CentOS. I tried launching it with -w 4096
and also decreasing the key size in /authentication/authapp/management/commands/gpginit.py
but it hasn't resolved the issue.
What version of centos?
6.4.2. This one, in fact:
https://github.com/2creatives/vagrant-centos/releases/download/v6.4.2/centos64-x86_64-20140116.box
Right-o. Will try tonight.
Thanks @vzvenyach ! Here's the Vagrantfile I'm using: https://gist.github.com/krues8dr/4a1528f05c5216e983b0
Thinking out loud. Any chance it's the 512 memory?
I tried bumping that to 2Gb but no luck.
Harrumph. Ok. Will give it a go when I get to a PC? Any progress on the documents
view?
Nope, spent all my time on that so far. I think I'll need that to get rolling, or is there already some fixture data I can load to get up and running?
Right. One other ask. Can you use ipython to give more debug details?
Can you run this command? cat /proc/sys/kernel/random/entropy_avail
Using pdb
to debug isn't getting me anywhere - it's occurring in a separate thread and for some reason it's not letting me drill down. Weird.
I've got 4096 for entropy_avail; I added setting the -w flag in the haveged
init script to bump it up from 1024.
Huh. It's hanging for me too. I've done this on several ubuntu machines now and it works fine, but CentOS definitely is behaving differently. Will keep banging away... just an update
Couldn't figure this out, but made headway on the documents
view...
I struggled all weekend to get this up and running, but still can't get the keygen step to run without error. Here's a summary of what I've done, based on Dave's work in the dockerfile:
I'm using python 2.7 because there appears to be 2.7-requiring packages among those
requirements.txt
, but I can't remove 2.6 entirely becauseyum
needs it. I'm also having to runrngd
fromrng-tools
(not listed above), since I'm running on a Vagrant box, and lack of hardware means it can't generate enough random bits to fill PGPs needs.The error is:
but it still says that the key is being generated. Further debugging shows that the error code is 65535, which I think may have something to do with the non-user homedir?