Due to the definition of getentropy by glibc, the /dev/urandom code is no longer compiled in: /** Generates a random vector of AUTH_VECTOR_LEN octets * * @param vector a buffer with at least %AUTH_VECTOR_LEN bytes. */ static void rc_random_vector(unsigned char *vector) { int randno; int i; #if defined(HAVE_GETENTROPY) if (getentropy(vector, AUTH_VECTOR_LEN) >= 0) { return; } /* else fall through */ #elif defined(HAVE_DEV_URANDOM) … #endif fallback: for (i = 0; i < AUTH_VECTOR_LEN;) { randno = random(); memcpy((char *)vector, (char *)&randno, sizeof(int)); vector += sizeof(int); i += sizeof(int); } return; } This means that radcli will use non-random bytes when radcli is run on older kernels (which is supported by Fedora).
I do not think we should push for userspace to auto-detect the kernel subsystem for providing random numbers. Shouldn't instead require the fedora release with that change to specify the minimum kernel it can run with?
A work-around for radcli in fedora could be the following: https://github.com/radcli/radcli/commit/7dd5af227d7b10e7eb3b5cb103adf24f44bcbad6
(In reply to Nikos Mavrogiannopoulos from comment #1) > I do not think we should push for userspace to auto-detect the kernel > subsystem for providing random numbers. Shouldn't instead require the fedora > release with that change to specify the minimum kernel it can run with? I was recently told that Fedora userland has to work on kernels from other other distributions: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/7BE66WZB64C3ECJ4NOGGRU5M7GBHGYKD/
radcli-1.2.7-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e435c2abd9
radcli-1.2.7-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e435c2abd9
radcli-1.2.7-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.