Bug 1888823

Summary: systemd: presets: Do not enable rngd by default
Product: [Fedora] Fedora Reporter: Vladis Dronov <vdronov>
Component: fedora-releaseAssignee: Mohan Boddu <mboddu>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: dennis, jkeating, kellin, kevin, mboddu, pbrobinson, sgallagh, thrcka, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-19 07:58:39 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vladis Dronov 2020-10-15 19:58:41 UTC 
With the introduction of jitter-rng in the kernel (upstream 50ee7529ec45 ("random: try to actively add entropy rather than passively wait for it") as of v5.4-rc1 we generally have enough entropy in all cases and do not need rngd to run in userspace anymore.

We should therefore not enable rngd by default in Fedora and RHEL-8 going forward and let users explicitly enable it as needed. This will save some cycles by default, also good for future minimization.

This bug was initially created as a copy of RHEL8's Bug #1888695.
Comment 1 Vladis Dronov 2020-10-15 20:00:23 UTC 
The simplest and a proper way to do that is systemctl presets.
As of now they enable rngd both in Fedora and RHEL8:

# grep -ri rng /usr/lib/systemd/system-preset/ /usr/lib/systemd/user-preset/
/usr/lib/systemd/system-preset/90-default.preset:enable rngd.service

We need to change "enable" to "disable" or remove this line.
Comment 2 Vladis Dronov 2020-10-15 20:04:26 UTC 
bz1222495 states that a proper component for this is 'fedora-release'.
Comment 3 Kevin Fenzi 2020-10-16 18:32:05 UTC 
So, actually, it was removed from the standard group in comps: 

https://pagure.io/fedora-comps/pull-request/533

So, it's no longer installed by default. I don't think we want to drop the presets, I think just dropping it like we did took care of it?
Comment 4 Peter Robinson 2020-10-16 20:41:34 UTC 
> So, it's no longer installed by default. I don't think we want to drop the
> presets, I think just dropping it like we did took care of it?

Agreed, if people wish to install it I think it's useful to be enabled by default if there's an available HW RNG.
Comment 5 Vladis Dronov 2020-10-16 22:31:14 UTC 
(In reply to Kevin Fenzi from comment #3)
> So, it's no longer installed by default. I don't think we want to drop the
> presets, I think just dropping it like we did took care of it?

Thanks, Kevin. Agreed, not installing rngd by default should be enough.
Comment 6 Zbigniew Jędrzejewski-Szmek 2020-10-19 07:58:39 UTC 
OK, let's close this then.