From d2850f1c13c80e45b1f0c1f3e42e609f8a430c30 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Jun 18 2018 13:56:58 +0000
Subject: avoid blocking in getrandom system call


---

diff --git a/chrony-getrandom.patch b/chrony-getrandom.patch
new file mode 100644
index 0000000..06581e4
--- /dev/null
+++ b/chrony-getrandom.patch
@@ -0,0 +1,34 @@
+commit 7c5bd948bb7e21fa0ee22f29e97748b2d0360319
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu May 17 14:16:58 2018 +0200
+
+    util: fall back to reading /dev/urandom when getrandom() blocks
+    
+    With recent changes in the Linux kernel, the getrandom() system call may
+    block for a long time after boot on machines that don't have enough
+    entropy. It blocks the chronyd's initialization before it can detach
+    from the terminal and may cause a chronyd service to fail to start due
+    to a timeout.
+    
+    At least for now, enable the GRND_NONBLOCK flag to make the system call
+    non-blocking and let the code fall back to reading /dev/urandom (which
+    never blocks) if the system call failed with EAGAIN or any other error.
+    
+    This makes the start of chronyd non-deterministic with respect to files
+    that it needs to open and possibly also makes it slightly easier to
+    guess the transmit/receive timestamp in client requests until the
+    urandom source is fully initialized.
+
+diff --git a/util.c b/util.c
+index 4b3e455..76417d5 100644
+--- a/util.c
++++ b/util.c
+@@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, unsigned int len)
+       if (disabled)
+         break;
+ 
+-      if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) {
++      if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof (rand_buf)) {
+         disabled = 1;
+         break;
+       }
diff --git a/chrony.spec b/chrony.spec
index b530804..cac7a27 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -23,6 +23,8 @@ Source10:       https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/c
 Patch1:         chrony-pidfile.patch
 # add NTP servers from DHCP when starting service
 Patch2:         chrony-service-helper.patch
+# avoid blocking in getrandom system call
+Patch3:         chrony-getrandom.patch
 
 BuildRequires:  libcap-devel libedit-devel nettle-devel pps-tools-devel
 %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
@@ -55,6 +57,7 @@ service to other computers in the network.
 %{?gitpatch:%patch0 -p1}
 %patch1 -p1 -b .pidfile
 %patch2 -p1 -b .service-helper
+%patch3 -p1 -b .getrandom
 
 %{?gitpatch: echo %{version}-%{gitpatch} > version.txt}