Bug 2491739
| Summary: | Upgraded system can fail to boot with recent haveged updates if service has run but is not enabled | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> |
| Component: | haveged | Assignee: | Jiri Hladky <hladky.jiri> |
| Status: | VERIFIED --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | hladky.jiri, jhladky |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Adam Williamson
2026-06-23 14:38:01 UTC
FEDORA-2026-cf1b1b3d16 (haveged-1.9.25-1.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-cf1b1b3d16 FEDORA-2026-6a17c7864b (haveged-1.9.25-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-6a17c7864b FEDORA-EPEL-2026-504948f7d0 (haveged-1.9.25-1.el10_2) has been submitted as an update to Fedora EPEL 10.2. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-504948f7d0 FEDORA-EPEL-2026-40258434d5 (haveged-1.9.25-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-40258434d5 FEDORA-EPEL-2026-74f2be0676 (haveged-1.9.25-1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-74f2be0676 Thank you for the excellent bug report, Adam! Root cause: The v1.9.24 haveged.service added --no-command (which disables the command socket) and PrivateNetwork=true. The dracut module installed this same service file into the initramfs, breaking the switch-root handoff. The haveged-switch-root.service could no longer tell the running haveged to chroot and re-exec into the real root. On systems where haveged was started but not enabled, haveged didn't survive the initramfs-to-real-root transition, creating an entropy gap that triggered emergency mode. Fix (v1.9.25): Added a separate haveged-initramfs.service without --no-command and without PrivateNetwork=true. The dracut module now installs this file as haveged.service inside the initramfs, so the switch-root mechanism works again. The real-root service keeps the hardened configuration. - Upstream release: https://github.com/jirka-h/haveged/releases/tag/v1.9.25 - Bodhi update (F44): https://bodhi.fedoraproject.org/updates/FEDORA-2026-cf1b1b3d16 - Updates also submitted for F43, EPEL10.2, EPEL10, and EPEL9. - The EPEL8 v1.9.24 update has been unpushed; EPEL8 stays on v1.9.23 for now. Testing so far: I verified the fix on a Fedora 44 VM by installing the package from koji, rebuilding the initramfs with dracut -f, and confirming with lsinitrd that the initramfs haveged.service no longer contains --no-command or PrivateNetwork=true, while the real-root service retains both. I have not yet tested the full boot scenario. Adam, could you please help to verify the fix? Thank you! Jirka FEDORA-2026-cf1b1b3d16 has been pushed to the Fedora 44 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-cf1b1b3d16` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-cf1b1b3d16 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2026-504948f7d0 has been pushed to the Fedora EPEL 10.2 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-504948f7d0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2026-40258434d5 has been pushed to the Fedora EPEL 10.3 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-40258434d5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2026-74f2be0676 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-74f2be0676 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2026-6a17c7864b has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-6a17c7864b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-6a17c7864b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. https://openqa.stg.fedoraproject.org/tests/6576185#live should tell us whether this is good (testing the 1.9.26 update for Rawhide). FEDORA-2026-28f26f5294 (haveged-1.9.26-1.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-28f26f5294 FEDORA-2026-5ddd0941a8 (haveged-1.9.26-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-5ddd0941a8 FEDORA-EPEL-2026-e15fb7f042 (haveged-1.9.26-1.el10_2) has been submitted as an update to Fedora EPEL 10.2. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e15fb7f042 FEDORA-EPEL-2026-e6d245c837 (haveged-1.9.26-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e6d245c837 FEDORA-EPEL-2026-4245f60523 (haveged-1.9.26-1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4245f60523 It looks like the fix is good, the test progressed past the point where it previously failed to emergency mode. Thank you for the verification, Adam! FEDORA-2026-28f26f5294 has been pushed to the Fedora 44 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-28f26f5294` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-28f26f5294 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2026-e6d245c837 has been pushed to the Fedora EPEL 10.3 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e6d245c837 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2026-4245f60523 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4245f60523 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2026-e15fb7f042 has been pushed to the Fedora EPEL 10.2 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e15fb7f042 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2026-5ddd0941a8 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-5ddd0941a8` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-5ddd0941a8 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. |