Merge branch 'release/v2.7.0'

2019-02-12 17:50:18 +01:00 · 2019-02-12 17:50:18 +01:00 · 6f463764a9
parent 7ad0b1de6c d7abdc83f2
commit 6f463764a9
3 changed files with 33 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,7 +2,13 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).

-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.5.0...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.7.0...HEAD)
+
+## [2.7.0](https://github.com/passbolt/passbolt_docker/compare/v2.5.0...v2.7.0) - 2019-02-12
+
+### Fixed
+
+- Added small warning message when entropy is low at container startup [#121](https://github.com/passbolt/passbolt_docker/issues/121)

 ## [2.5.0](https://github.com/passbolt/passbolt_docker/compare/v2.4.0...v2.5.0) - 2018-11-15

--- a/bin/docker-entrypoint.sh
+++ b/bin/docker-entrypoint.sh
@ -10,6 +10,29 @@ ssl_cert='/etc/ssl/certs/certificate.crt'

 export GNUPGHOME="/home/www-data/.gnupg"

+entropy_check() {
+  local entropy_avail
+
+  entropy_avail=$(cat /proc/sys/kernel/random/entropy_avail)
+
+  if [ "$entropy_avail" -lt 2000 ]; then
+
+    cat <<EOF
+==================================================================================
+  Your entropy pool is low. This situation could lead GnuPG to not
+  be able to create the gpg serverkey so the container start process will hang
+  until enough entropy is obtained.
+  Please consider installing rng-tools and/or virtio-rng on your host as the
+  preferred method to generate random numbers using a TRNG.
+  If rngd (rng-tools) does not provide enough or fast enough randomness you could
+  consider installing haveged as a helper to speed up this process.
+  Using haveged as a replacement for rngd is not recommended. You can read more
+  about this topic here: https://lwn.net/Articles/525459/
+==================================================================================
+EOF
+  fi
+}
+
 gpg_gen_key() {
  key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
  key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
@ -17,6 +40,8 @@ gpg_gen_key() {
  subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
  expiration="${PASSBOLT_KEY_EXPIRATION:-0}"

+  entropy_check
+
  su -c "gpg --batch --no-tty --gen-key <<EOF
    Key-Type: default
 		Key-Length: $key_length
--- a/docker-compose-pro.yml
+++ b/docker-compose-pro.yml
@ -10,7 +10,7 @@ services:
      - "127.0.0.1:3306:3306"

  passbolt:
-    image: passbolt/passbolt:2.5.0-pro-debian
+    image: passbolt/passbolt:2.5.1-pro-debian
    tty: true
    depends_on:
      - db