在为zero配置python3时,一些包需要更高的版本,因此需要升级buildroot
一口气更新到最新版,启动没问题。
但是在开启openssh时,发现启动后系统会阻塞很长时间
[ 1.810100] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
Starting syslogd: OK
Starting klogd: OK
Running sysctl: OK
Saving random seed: [ 2.176386] random: dd: uninitialized urandom read (512 bytes read)
OK
Starting network: OK
[ 4.606975] random: fast init done
[ 213.609597] random: crng init done
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
Starting sshd: OK
可以看到,在random:fast init 与 crng init 之间,相差了接近三分钟。
换回旧版,对比启动信息
Initializing random number generator... [ 2.081098] random: dd: uninitialized urandom read (512 bytes read)
done.
Starting network: OK
[ 2.283275] random: ssh-keygen: uninitialized urandom read (32 bytes read)
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
Starting sshd: [ 4.880638] random: sshd: uninitialized urandom read (32 bytes read)
OK
可以看到启动时间不到5s,相差还是很多的,并且没有
[ 4.606975] random: fast init done
[ 213.609597] random: crng init done
这两行提示。
开始以为新版openssh多了什么功能造成的,
在折腾一番buildroot无果后,感觉问题应该出在这里random: crng init
这里。
百度一下,果然问题很多
在博主uninitialized urandom read_xiaofeng_yan的专栏-CSDN博客
的博客中,提到了
。通过dmesg | grep -I randdom 发现需要400多秒才能初始化完成。
dmesg | grep -i random
[ 0.051406] random: get_random_bytes called from setup_net+0x33/0x120 with crng_init=0
[ 0.637733] random: hwclock: uninitialized urandom read (8 bytes read)
[ 0.821425] random: sh: uninitialized urandom read (8 bytes read)
[ 11.923501] random: fast init done
[ 13.111697] random: modprobe: uninitialized urandom read (8 bytes read)
[ 20.464349] random: modprobe: uninitialized urandom read (8 bytes read)
[ 20.475650] random: head: uninitialized urandom read (8192 bytes read)
[ 23.335865] random: modprobe: uninitialized urandom read (8 bytes read)
[ 28.286856] random: modprobe: uninitialized urandom read (8 bytes read)
[ 28.747431] random: modprobe: uninitialized urandom read (8 bytes read)
[ 33.718262] random: modprobe: uninitialized urandom read (8 bytes read)
[ 33.736726] random: modprobe: uninitialized urandom read (8 bytes read)
[ 429.269251] random: crng init done所以一些应用程序在调用random的函数可能会阻塞。
同时给出了两个方案
方案一:打入以下内核patch
内核的patch:https://lkml.org/lkml/2018/7/17/1279
增加了config RANDOM_TRUST_CPU这个选项,默认此选择没有打开。
用户态的方案:
Haveged使用HAVEGE(HArdware Volatile Entropy Gathering and Expansion)来维护一个1M的随机字节池,
当/dev/random中的随机位供应低于设备的低水位时(/proc/sys/kernel/random/entropy_avail),这个随机字节池用于填充/dev/random。
实际上在2017年,就有人给linux内核提交了该补丁[LKML: Theodore Ts'o: PATCH] random: add a config option to trust the CPU's hwrng
但是RANDOM_TRUST_CPU
不支持armv7,并且荔枝派不能使用yum等包管理器安装haveged,因此不太好解决。
又找了找,在文章随机子系统初始化慢,导致依赖其的服务启动慢问题修复方法 - Mic_chen - 博客园 (cnblogs.com)种提到了,buildroot中有haveged。
Symbol: BR2_PACKAGE_HAVEGED [=n]
Type : bool
Prompt: haveged
Location:
-> Target packages
(1) -> Miscellaneous
开启即可
Saving random seed: [ 2.177285] random: dd: uninitialized urandom read (512 bytes read)
OK
Starting haveged: haveged: command socket is listening at fd 3
OK
Starting network: OK
[ 2.829545] random: crng init done
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
Starting sshd: OK
可以看到,开启haveged后,启动时间和之前基本一致了。