[yocto] [meta-openssl102-fips][PATCH 2/3] openssh_fips.inc: remove rng-tools from sshd RRECOMMENDS

Hongxu Jia hongxu.jia at windriver.com
Sat Oct 12 01:17:09 PDT 2019


While kernel enable fips, the rng-tools takes a high cpu performance
which Operation not permitted
...
Oct 12 06:08:23 qemux86-64 rngd[122]: RNDADDENTROPY failed: Operation not permitted
...

Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
 recipes-connectivity/openssh/openssh_fips.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-connectivity/openssh/openssh_fips.inc b/recipes-connectivity/openssh/openssh_fips.inc
index 38db03b..0eafb98 100644
--- a/recipes-connectivity/openssh/openssh_fips.inc
+++ b/recipes-connectivity/openssh/openssh_fips.inc
@@ -3,6 +3,8 @@ DEPENDS += " \
     openssl-fips \
     fipscheck \
 "
+RRECOMMENDS_${PN}-sshd_remove = "rng-tools"
+
 SRC_URI += " \
     file://0001-openssh-8.0p1-fips.patch \
     file://0001-conditional-enable-fips-mode.patch \
-- 
2.7.4



More information about the yocto mailing list