Bug 2077035

Summary:	recent rng-tools updates to run udevadm --settle hang in container [rhel-8.6.0.z]
Product:	Red Hat Enterprise Linux 8	Reporter:	RHEL Program Management Team <pgm-rhel-tools>
Component:	rng-tools	Assignee:	Vladis Dronov <vdronov>
Status:	CLOSED ERRATA	QA Contact:	Vilém Maršík <vmarsik>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	8.6	CC:	dbohanno, qguo, rvr, sbroz
Target Milestone:	rc	Keywords:	Triaged, ZStream
Target Release:	8.6
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:	2053160	Environment:
Last Closed:	2022-08-03 12:45:41 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2053160
Bug Blocks:	2079377

Comment 4 Vladis Dronov 2022-04-27 10:01:16 UTC

[CI] [GATING] [DONE] rng-tools-6.14-5.git.b2b7934e.el8_6 passed gating because all required tests passed
rng-tools-6.14-5.git.b2b7934e.el8_6 successfully moved from rhel-8.6.0-z-gate into rhel-8.6.0-z-candidate

brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=44869737
osci: https://dashboard.osci.redhat.com/#/artifact/brew-build/aid/44869737

yes, the test plan is the same as in bz2077036#c4.

Comment 5 Vladis Dronov 2022-04-28 15:50:20 UTC

[CI] [GATING] [DONE] rng-tools-6.14-6.git.b2b7934e.el8_6 passed gating because all required tests passed
rng-tools-6.14-6.git.b2b7934e.el8_6 successfully moved from rhel-8.6.0-z-gate into rhel-8.6.0-z-candidate

brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=44939476
osci: https://dashboard.osci.redhat.com/#/artifact/brew-build/aid/44939476

Comment 6 Vladis Dronov 2022-04-29 09:44:26 UTC

additional test step for a new build:

1) there were an issue with user/group creation in certain cases. test:

set "USERGROUPS_ENAB no" in /etc/login.defs

ensure no rngd user and group exist, check the USERGROUPS_ENAB setting:

# getent passwd rngd ; getent group rngd ; grep USERGROUPS_ENAB /etc/login.defs ; id rngd
USERGROUPS_ENAB no
id: ‘rngd’: no such user

install a package

ensure user and group exist and rngd user has rngd group (NOT some other) with the same command:

# getent passwd rngd ; getent group rngd ; grep USERGROUPS_ENAB /etc/login.defs ; id rngd

run the service. it should start without errors:
(a pause is needed for the jitter lib to initialize)

systemctl start rngd ; sleep 5 ; systemctl status rngd

Comment 7 Vladis Dronov 2022-04-30 14:19:39 UTC

*** Bug 2079377 has been marked as a duplicate of this bug. ***

Comment 10 Vilém Maršík 2022-06-15 22:47:25 UTC

Looks good in RHEL-8.6.0-updates-20220613.0:

[root@wlan-r2s40 ~]# userdel -r rngd
userdel: user 'rngd' does not exist
[root@wlan-r2s40 ~]#  rm -f /etc/sysconfig/rngd*
[root@wlan-r2s40 ~]# rpm -i http://download.eng.brq.redhat.com/brewroot/packages/rng-tools/6.14/6.git.b2b7934e.el8_6/x86_64/rng-tools-6.14-6.git.b2b7934e.el8_6.x86_64.rpm
[root@wlan-r2s40 ~]#  grep udevadm /usr/lib/systemd/system/rngd.service /usr/lib/systemd/system/rngd-wake-threshold.service
[root@wlan-r2s40 ~]#  getent passwd rngd
rngd:x:993:990:Random Number Generator Daemon:/:/sbin/nologin
[root@wlan-r2s40 ~]# pwck
[root@wlan-r2s40 ~]# wget http://download.eng.brq.redhat.com/brewroot/packages/rng-tools/6.14/6.git.b2b7934e.el8_6/src/rng-tools-6.14-6.git.b2b7934e.el8_6.src.rpm
(...)
[root@wlan-r2s40 ~]# rpm2cpio rng-tools-6.14-6.git.b2b7934e.el8_6.src.rpm |  cpio --extract --make-directories --no-absolute-filenames
330 blocks
[root@wlan-r2s40 ~]# tar xvfz rng-tools-6.14.tar.gz
(...)
[root@wlan-r2s40 ~]# cd rng-tools-6.14/tests/
[root@wlan-r2s40 tests]# vim rngtestzero.sh
[root@wlan-r2s40 tests]# vim rngtesturandom.sh
[root@wlan-r2s40 tests]# vim rngtestjitter.sh
[root@wlan-r2s40 tests]# ./rngtestzero.sh ; echo $?
rngtest: bits received from input: 2000064
rngtest: bits sent to output: 0
rngtest: FIPS 140-2 successes: 0
rngtest: FIPS 140-2 failures: 100
rngtest: FIPS 140-2(2001-10-10) Monobit: 100
rngtest: FIPS 140-2(2001-10-10) Poker: 100
rngtest: FIPS 140-2(2001-10-10) Runs: 100
rngtest: FIPS 140-2(2001-10-10) Long run: 100
rngtest: FIPS 140-2(2001-10-10) Continuous run: 100
rngtest: input channel speed: (min=1.330; avg=12.846; max=18.626)Gibits/s
rngtest: FIPS tests speed: (min=302.754; avg=570.209; max=681.196)Mibits/s
rngtest: output channel speed: (min=0.000; avg=0.000; max=0.000)bits/s
rngtest: Program run time: 3672 microseconds
0
[root@wlan-r2s40 tests]# ./rngtesturandom.sh ; echo $?
rngtest: bits received from input: 2000064
rngtest: bits sent to output: 2000000
rngtest: FIPS 140-2 successes: 100
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=26.751; avg=2317.556; max=19073.486)Mibits/s
rngtest: FIPS tests speed: (min=107.760; avg=150.043; max=171.833)Mibits/s
rngtest: output channel speed: (min=20000000000.000; avg=37037037037.037; max=0.000)bits/s
rngtest: Program run time: 17506 microseconds
0
[root@wlan-r2s40 tests]# ./rngtestjitter.sh ; echo $?
Disabling 0: Hardware RNG Device (hwrng)
Disabling 2: Intel RDRAND Instruction RNG (rdrand)
Disabling 1: TPM RNG Device (tpm)
Initializing available sources
[jitter]: Initializing AES buffer
[jitter]: Enabling JITTER rng support
[jitter]: Initialized
rngtest: bits received from input: 2000064
rngtest: bits sent to output: 2000000
rngtest: FIPS 140-2 successes: 100
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1.838; avg=73.897; max=19073.486)Mibits/s
rngtest: FIPS tests speed: (min=149.012; avg=155.638; max=157.632)Mibits/s
rngtest: output channel speed: (min=9.313; avg=27.801; max=18.626)Gibits/s
rngtest: Program run time: 2601646 microseconds
killing
0
[root@wlan-r2s40 tests]# rpm -e rng-tools
[root@wlan-r2s40 tests]# vim /etc/login.defs
[root@wlan-r2s40 tests]# grep USERGROUPS_ENAB /etc/login.defs
USERGROUPS_ENAB no
[root@wlan-r2s40 tests]# grep rngd /etc/passwd
[root@wlan-r2s40 tests]# grep rngd /etc/group
[root@wlan-r2s40 tests]#  getent passwd rngd ; getent group rngd ; grep USERGROUPS_ENAB /etc/login.defs ; id rngd
USERGROUPS_ENAB no
id: ‘rngd’: no such user
[root@wlan-r2s40 tests]# rpm -i http://download.eng.brq.redhat.com/brewroot/packages/rng-tools/6.14/6.git.b2b7934e.el8_6/x86_64/rng-tools-6.14-6.git.b2b7934e.el8_6.x86_64.rpm
[root@wlan-r2s40 tests]#  getent passwd rngd ; getent group rngd ; grep USERGROUPS_ENAB /etc/login.defs ; id rngd
rngd:x:993:990:Random Number Generator Daemon:/:/sbin/nologin
rngd:x:990:
USERGROUPS_ENAB no
uid=993(rngd) gid=990(rngd) groups=990(rngd)
[root@wlan-r2s40 tests]# systemctl start rngd ; sleep 5 ; systemctl status rngd
● rngd.service - Hardware RNG Entropy Gatherer Daemon
   Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-06-15 18:43:58 EDT; 5s ago
(...)

Comment 14 errata-xmlrpc 2022-08-03 12:45:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rng-tools bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:5807