Skip to content

OPENJDK-4113: stop adjusting securerandom.source #613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2025
Merged

OPENJDK-4113: stop adjusting securerandom.source #613

merged 1 commit into from
Oct 7, 2025
+0 −14

Conversation

jmtd
Copy link
Member

@jmtd jmtd commented Oct 2, 2025

Since kernel v5.6 (2020), /dev/random no longer blocks and is functionally equivalent to /dev/urandom. So there's no point in adjusting securerandom.source.

OPENJDK-4113

@jmtd
[OPENJDK-4113] don't adjust securerandom.source
e07b557 
Since kernel v5.6 (2020), /dev/random no longer blocks and
is functionally equivalent to /dev/urandom. So there's  no
point in adjusting securerandom.source.

Signed-off-by: Jonathan Dowland <[email protected]>
@jmtd jmtd requested a review from jerboaa October 2, 2025 09:37
@jmtd jmtd added the ubi10 RHEL UBI10 label Oct 2, 2025
@jmtd jmtd mentioned this pull request Oct 2, 2025
Merged
@jmtd
Copy link
Member Author

jmtd commented Oct 2, 2025

Should we consider this for ubi9 too?

jerboaa
jerboaa approved these changes Oct 2, 2025
View reviewed changes
Copy link
Contributor

@jerboaa jerboaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. This should be in some form of release note and mentioning the -Djava.security.egd=file:/dev/urandom workaround. Note that while newer kernels treat them, /dev/random and /dev/urandom, equivalently, we don't know on which host system the image will run. It might be RHEL-9, or ... The container compatibility matrix from OCP might come in handy here.

@jerboaa
Copy link
Contributor

jerboaa commented Oct 2, 2025

Should we consider this for ubi9 too?

No. Similar to other "larger" changes. Let's leave ubi9 alone as much as possible.

@jerboaa
Copy link
Contributor

jerboaa commented Oct 2, 2025

Aside: Can we disable the label/JIRA issue action until it's fixed?

@jmtd
Copy link
Member Author

jmtd commented Oct 2, 2025

Aside: Can we disable the label/JIRA issue action until it's fixed?

Sure. I've no idea why it's broken. It worked for about a day, and then stopped.

@jmtd jmtd merged commit d60e191 into rh-openjdk:ubi10 Oct 7, 2025
2 of 4 checks passed
@jmtd jmtd deleted the 4113-securrandom branch October 7, 2025 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jerboaa jerboaa jerboaa approved these changes

Assignees
No one assigned
Labels
ubi10 RHEL UBI10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmtd @jerboaa