Re: entropy: pid 17200 (python) blocking due to lack of entropy

[Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>]

> Date: Wed, 22 Mar 2023 16:33:55 +0100
> From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
> 
> I upgraded a Xen guest from -7 to 10, and run into:
> entropy: pid 17200 (python) blocking due to lack of entropy
> 
> how do I get out of this ? I tried various things with rndctl, including
> copying /var/db/entropy-file from another host (with hardware RNG),

If you copy /var/db/entropy-file from another host (or, better, create
a new one with `rndctl -S') _and load it_ with `rndctl -L' on this
host, this will add nonzero entropy to the system; then use
`/etc/rc.d/random_seed stop' to save it to disk for the next boot in
case you shut down uncleanly.

See `Adding entropy' in <https://man.netbsd.org/entropy.7>.

You can verify whether the seed file you created with `rndctl -S' (or
copied from /var/db/entropy-file) has nonzero entropy by checking the
first four bytes, e.g. with:

   head -c 4 < seed | hexdump -C

> and ping -f to generate a faira amount of network traffic, but nothing seems
> to work. I can't switch any of my devices to estimate.

You can, but network drivers don't claim to the kernel that their
sampling process has nonzero entropy.  So each sample contributes data
to the pool but adds zero to the total, which doesn't affect the total
even if you ask the kernel to add it.