You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Marc Girod <ma...@iona.com> on 2006/11/02 14:39:23 UTC

1.4.0 HP-UX lack of entropy

Hello,

This is a retry.
My previous post was lost.
Note that I already posted some related question a couple of weeks ago
to the dev list, but made some progress since then.

I built succesfully 1.4.0, with openssl (separately installed) support
(0.9.8c), using shared libraries, with a prefix, and using the libs from
under this prefix, on Solaris 8 and HP-UX 11.00 (with HP ANSI C).

In both cases, building neon (separately) reported that the use of egd
was not necessary because the version of openssl was higher than 0.9.7.

However, the result works with https on Solaris, and fails on HP-UX:

$ svn ls https://pdsubscm1/repos/playground
svn: PROPFIND request failed on '/repos/playground'
svn: PROPFIND of '/repos/playground': SSL negotiation failed: SSL disabled due \
to lack of entropy (https://pdsubscm1)
$ svn ls http://pdsubscm1/repos/playground
branches/
tags/
trunk/
cctest> svn --version
svn, version 1.4.0 (r21228)
   compiled Nov  1 2006, 10:41:07

Copyright (C) 2000-2006 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).

The following repository access (RA) modules are available:

* ra_dav : Module for accessing a repository via WebDAV (DeltaV) protocol.
  - handles 'http' scheme
  - handles 'https' scheme
* ra_svn : Module for accessing a repository using the svn network protocol.
  - handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
  - handles 'file' scheme


Any clue?
Marc

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: 1.4.0 HP-UX lack of entropy

Posted by Marc Girod <ma...@iona.com>.

Julien TOUCHE <julien.touche <at> lycos.com> writes:

> if you really want some, could look in
> http://www.josvisser.nl/hpux11-random/hpux11-random.html

Thanks.
It seems that I can do for now with egd...
The daemon seems to stay and work after the loader has dumped core.

And we'll move soon to 11.23 anyway.

Marc

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: 1.4.0 HP-UX lack of entropy

Posted by Julien TOUCHE <ju...@lycos.com>.

Marc Girod wrote on 03/11/2006 15:10:
> Ryan Schmidt <subversion-2006d <at> ryandesign.com> writes:
> 
>> a common suggestion on this mailing list for dealing with entropy
>> problems with /dev/random on certain platforms is to compile APR to
>> use /dev/ urandom instead.
> 
> There is none of either on my box. I know there is a depot available
> from HP to provide /dev/random on 11.11, but not on 11.00.

i've seen this kind of problem for HP ssh:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

and here was the Strong Random Number Generator (needed for ssh ...)
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
but it doesn't seem to support 11.00 (which is EOL at the end of this
year ...
http://www.hp.com/softwarereleases/releases-media2/notices/0303.htm)

if you really want some, could look in
http://www.josvisser.nl/hpux11-random/hpux11-random.html



Regards

		Julien

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: 1.4.0 HP-UX lack of entropy

Posted by Marc Girod <ma...@iona.com>.

Ryan Schmidt <subversion-2006d <at> ryandesign.com> writes:

> a common suggestion on this mailing list for dealing with entropy problems  
> with /dev/random on certain platforms is to compile APR to use /dev/ 
> urandom instead.

There is none of either on my box.
I know there is a depot available from HP to provide /dev/random on 11.11,
but not on 11.00.

I installed egd already earlier, but starting it doesn't seem very convincing:

# fuser -f /var/run/egd-pool
/var/run/egd-pool: 

# /vob/tools_HP-UX/perl/perl-5.8.7/bin/egd.pl /var/run/egd-pool
22 sources found
forking into background...
server starting
# sh: 1723 Memory fault(coredump)

# jobs
# fuser -f /var/run/egd-pool
/var/run/egd-pool: 

# ps -ef | grep -v grep | egrep '^ *root .*perl'
    root  1687     1  0 09:05:12 pts/td    0:02
/vob/tools_HP-UX/perl/perl-5.8.7/bin/perl -w /vob/tools_HP-U
    root 24374     1  0  Oct 13  ?         5:26
/vob/tools_HP-UX/perl/perl-5.8.7/bin/perl -w /vob/tools_HP-U
# 

Looks like there was a previous instance running...
Maybe.

Anyway. I didn't tell openssl, neon or subversion to use /var/run/egd-pool
and I guess they'd have skipped this anyway because of the openssl version.

Marc

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: 1.4.0 HP-UX lack of entropy

Posted by Ryan Schmidt <su...@ryandesign.com>.

On Nov 2, 2006, at 08:39, Marc Girod wrote:

> $ svn ls https://pdsubscm1/repos/playground
> svn: PROPFIND request failed on '/repos/playground'
> svn: PROPFIND of '/repos/playground': SSL negotiation failed: SSL  
> disabled due \
> to lack of entropy (https://pdsubscm1)

I'm not familiar with that specific error message, but a common  
suggestion on this mailing list for dealing with entropy problems  
with /dev/random on certain platforms is to compile APR to use /dev/ 
urandom instead.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Re: 1.4.0 HP-UX lack of entropy

Posted by Marc Girod <ma...@iona.com>.

Méresse Christophe <christophe.meresse <at> nagra.com> writes:

> Yes, sorry, I wanted to say neon !

Thanks.
However, I am confused now.

The error I got yesterday was the 'lack of entropy' one, but today 'version
mismatch', which made me run ldd on my svn binary, and notice that I had messed
up something myself: the libraries referenced for ssl and crypto were indeed old
ones by names with a '.1' extension, through the '.sl' softlinks.

Cheating by replacing those with soft links to the '.0.9.8' ones, and restarting
with egd daemon, resulted in a successful run of my test.

So in fact it seems that I can now report a successful build of neon without
explicit mention of egd, but that even on HP-UX 11.00, openssl 0.9.8c (and
probably earlier versions as advertised) can get entropy from some of the
expected sources (in my case: /var/run/egd-pool).

tools_HP-UX> uname -a
HP-UX pdhp4way B.11.00 U 9000/800 127424686 unlimited-user license
tools_HP-UX> svn ls https://pdsubscm1/repos/playground
branches/
tags/
trunk/
tools_HP-UX> type svn
svn is hashed (/vob/tools_HP-UX/bin/svn)
tools_HP-UX> ldd /vob/tools_HP-UX/bin/svn | grep neon
   /vob/tools_HP-UX/lib/libneon.sl.25 =>   /vob/tools_HP-UX/lib/libneon.sl.25
        /vob/tools_HP-UX/lib/libneon.sl.25 =>   \
/vob/tools_HP-UX/lib/libneon.sl.25
tools_HP-UX> ldd /vob/tools_HP-UX/bin/svn | egrep '(neon|ssl|crypto)'
   /vob/tools_HP-UX/lib/libcrypto.1 =>     /vob/tools_HP-UX/lib/libcrypto.1
        /vob/tools_HP-UX/lib/libssl.1 =>        /vob/tools_HP-UX/lib/libssl.1
        ./libcrypto.sl.0.9.8 => /vob/tools_HP-UX/lib/libcrypto.sl.0.9.8
        /vob/tools_HP-UX/lib/libneon.sl.25 =>   \
/vob/tools_HP-UX/lib/libneon.sl.25
        /vob/tools_HP-UX/lib/libcrypto.1 =>     /vob/tools_HP-UX/lib/libcrypto.1
        /vob/tools_HP-UX/lib/libssl.1 =>        /vob/tools_HP-UX/lib/libssl.1
        /vob/tools_HP-UX/lib/libneon.sl.25 =>   \
/vob/tools_HP-UX/lib/libneon.sl.25

Thanks again,
Marc

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: 1.4.0 HP-UX lack of entropy

Posted by Marc Girod <ma...@iona.com>.

Méresse Christophe <christophe.meresse <at> nagra.com> writes:

> After doing the .configure (with all options) I've manually modified the
> config.h file before doing the compilation.

Er... You get a config.h file after configuring subversion?
I don't...
Note that I have installed separately all the dependencies.

This may be for neon...?

> Note that you have to install prngd or egd on HP-UX as there is no
> /dev/random or /dev/urandom

I know that.
See my other message for my problems with egd.
I might try prngd...

Thanks!
Marc

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org