[SRU] add pollinate to precise, update all
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pollinate (Ubuntu) |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Precise |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Trusty |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Xenial |
Fix Released
|
Medium
|
Dustin Kirkland |
Bug Description
Please backport/SRU pollinate to 12.04 LTS, and update pollinate in 14.04 LTS and 16.04 LTS.
[Impact]
Pollinate doesn't exist in 12.04 LTS, but should. It has been steady and solid throughout the 14.04 and 16.04 releases of Ubuntu, improving the PRNG keys in cloud instances. And there are still plenty of Precise cloud instances out there. This upload also fixes a couple of bugs (which are already well validated on 16.04) in terms of when the systemd job runs, not running in containers, logging the correct PID, and timing out correctly.
[Test Case]
Pollinate can be tested on an existing system by specifying the -r|--reseed option. 'sudo pollinate -r' should exit 0 and appropriate, successful log messages should be displayed. You can also test the boot time run by removing the seeded flag with 'sudo rm -f /var/cache/
[Regression Potential]
Regression potential should be low, as entropy seeding is opportunistic. Boot should never hang or block. At most, it should add a second or two to boot, and it should fail gracefully, logging to syslog, and retrying again at each reboot.
Changed in pollinate (Ubuntu): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
importance: | Undecided → Medium |
status: | New → In Progress |
summary: |
- [SRU] add pollinate to precise + [SRU] add pollinate to precise, update all |
Changed in pollinate (Ubuntu Precise): | |
status: | New → In Progress |
Changed in pollinate (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in pollinate (Ubuntu Vivid): | |
status: | New → In Progress |
Changed in pollinate (Ubuntu Wily): | |
status: | New → In Progress |
Changed in pollinate (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in pollinate (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in pollinate (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in pollinate (Ubuntu Vivid): | |
importance: | Undecided → Medium |
Changed in pollinate (Ubuntu Wily): | |
importance: | Undecided → Medium |
Changed in pollinate (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in pollinate (Ubuntu Precise): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
Changed in pollinate (Ubuntu Trusty): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
Changed in pollinate (Ubuntu Vivid): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
Changed in pollinate (Ubuntu Wily): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
Changed in pollinate (Ubuntu Xenial): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
no longer affects: | pollinate (Ubuntu Vivid) |
no longer affects: | pollinate (Ubuntu Wily) |
description: | updated |
Changed in pollinate (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in pollinate (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
Changed in pollinate (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in pollinate (Ubuntu): | |
status: | In Progress → Fix Committed |
tags: | added: upgrade-software-version |
Verification in instances in AWS look good!
== Xenial == ip-172- 30-0-32: ~⟫ lsb_release -a ip-172- 30-0-32: ~⟫ dpkg -l pollinate Unknown/ Install/ Remove/ Purge/Hold Not/Inst/ Conf-files/ Unpacked/ halF-conf/ Half-inst/ trig-aWait/ Trig-pend /Reinst- required (Status,Err: uppercase=bad) ======= ======= ======= ======= ======= ======= ======= ======= -====== ======= ======= ======= ======= -====== ======= ======= ======= ======= -====== ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ====== ip-172- 30-0-32: ~⟫ pollinate ip-172- 30-0-32: ~⟫ sudo pollinate ip-172- 30-0-32: ~⟫ sudo pollinate -r /entropy. ubuntu. com/] /entropy. ubuntu. com/] /entropy. ubuntu. com/] ip-172- 30-0-32: ~⟫ sudo rm -f /var/cache/ pollinate/ * ip-172- 30-0-32: ~⟫ sudo reboot ip-172- 30-0-32: ~⟫ ls -l /var/cache/ pollinate/ seeded pollinate/ seeded ip-172- 30-0-32: ~⟫ grep pollinate /var/log/syslog /entropy. ubuntu. com/] /entropy. ubuntu. com/] /entropy. ubuntu. com/] /entropy. ubuntu. com/] /entropy. ubuntu. com/] /entropy. ubuntu. com/]
ubuntu@
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
ubuntu@
Desired=
| Status=
|/ Err?=(none)
||/ Name Version Architecture Description
+++-===
ii pollinate 4.21-0ubuntu1~16.04 all seed the pseudo random number generator
ubuntu@
<13>Jul 29 18:21:31 pollinate[9529]: ERROR: should execute as the [pollinate] user
1 ubuntu@
sudo: unable to resolve host ip-172-30-0-32
<13>Jul 29 18:21:37 pollinate[9635]: system was previously seeded at [2016-07-29 18:10:33.500000000 +0000]
<13>Jul 29 18:21:37 pollinate[9635]: To re-seed this system again, use the -r|--reseed option
ubuntu@
sudo: unable to resolve host ip-172-30-0-32
<13>Jul 29 18:21:42 pollinate[9725]: system was previously seeded at [2016-07-29 18:10:33.500000000 +0000]
<13>Jul 29 18:21:42 pollinate[9725]: client sent challenge to [https:/
<13>Jul 29 18:21:43 pollinate[9725]: client verified challenge/response with [https:/
<13>Jul 29 18:21:43 pollinate[9725]: client hashed response from [https:/
<13>Jul 29 18:21:43 pollinate[9725]: client successfully seeded [/dev/urandom]
ubuntu@
sudo: unable to resolve host ip-172-30-0-32
ubuntu@
...
ubuntu@
-rw-r--r-- 1 pollinate daemon 0 Jul 29 18:27 /var/cache/
ubuntu@
Jul 29 18:27:00 ip-172-30-0-32 pollinate[2606]: client sent challenge to [https:/
Jul 29 18:27:00 ip-172-30-0-32 pollinate[2606]: <13>Jul 29 18:26:59 pollinate[2606]: client sent challenge to [https:/
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: client verified challenge/response with [https:/
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: <13>Jul 29 18:27:01 pollinate[2606]: client verified challenge/response with [https:/
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: client hashed response from [https:/
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: <13>Jul 29 18:27:01 pollinate[2606]: client hashed response from [https:/
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: client successfully seeded [/dev/urandom]
Jul 29 ...