Commit f8c46bc9 authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

Remove haveged

haveged was presumably added to increase entropy and prevent entropy
starvation.

A few things has changed since, most notable:
* the kernel actively tries to add entropy (jitter entropy)[1][2][3][4]
* /dev/random no longer blocks after CRNG initialization[5][6]

[1] https://github.com/torvalds/linux/commit/3f2dc2798b81531fd93a3b9b7c39da47ec689e55
[2] https://github.com/torvalds/linux/commit/50ee7529ec4500c88f8664560770a7a1b65db72b
[3] https://lore.kernel.org/lkml/alpine.DEB.2.21.1909290010500.2636@nanos.tec.linutronix.de/T/
[4] https://lwn.net/Articles/800509/
[5] https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32
[6] https://lwn.net/Articles/808575/
parent a2f40930
......@@ -74,7 +74,7 @@ EOF
echo "Server = ${MIRROR}" >mirrorlist
# We use the hosts package cache
pacstrap -c -C pacman.conf -M "${MOUNT}" base linux grub openssh sudo haveged btrfs-progs reflector
pacstrap -c -C pacman.conf -M "${MOUNT}" base linux grub openssh sudo btrfs-progs reflector
cp mirrorlist "${MOUNT}/etc/pacman.d/"
}
......
......@@ -24,8 +24,6 @@ function pre() {
cat <<EOF >"${MOUNT}/etc/systemd/system/pacman-init.service"
[Unit]
Description=Initializes Pacman keyring
Wants=haveged.service
After=haveged.service
Before=sshd.service cloud-final.service
ConditionFirstBoot=yes
......@@ -61,7 +59,6 @@ EOF
arch-chroot "${MOUNT}" /bin/bash -e <<EOF
source /etc/profile
systemctl enable sshd
systemctl enable haveged
systemctl enable systemd-networkd
systemctl enable systemd-resolved
systemctl enable systemd-timesyncd
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment