Entropy source for pipelines builds

Our test suite takes about 20 minutes to run locally and 60-90 minutes to run in pipelines. We tracked the problem to `SecureRandom` blocking on reads of /dev/random. I've been trying to fix this by adding another entropy source using haveged. Unfortunately I can't run it inside a docker container (fails on an ioctl call). Has anyone else found a nice way to work around this? Is there any hope of Atlassian adding haveged to the host VMs if they don't already have it? This closed issue suggests it's not a high priority.

2 answers

1 accepted

0 votes

Answer accepted

Hi @Anthony Schmieder

You can use a non blocking source of randomness by using /dev/urandom instead of /dev/random.

Assuming you are on Java, you should be able to pass a sys prop use the alternative source:

-Djava.security.egd=file:/dev/urandom

Alternatively, in your pipeline you can remove /dev/random and symlink /dev/urandom in its place:

rm -f /dev/random && ln -s /dev/urandom /dev/random

Cheers

Graham

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Thanks, @Graham Gatus! Your first suggestion is what we ended up using. The resources we found recommend

-Djava.security.egd=file:/dev/./urandom

Since the JVM assumes you mean "/dev/random" when you write "/dev/urandom" (ref: option 2)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Entropy source for pipelines builds

2 answers

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events