[Bug 1605635] Re: [SRU] Please backport pollen

Dustin Kirkland  dustin.kirkland at gmail.com
Fri Jul 29 18:44:06 UTC 2016 

I've performed some testing on Trusty's pollen package, and everything
looks good!

ubuntu at ip-172-30-0-237:~⟫ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.4 LTS
Release:        14.04
Codename:       trusty
ubuntu at ip-172-30-0-237:~⟫ dpkg -l pollen
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                                        Version                            Architecture                       Description
+++-===========================================================-==================================-==================================-============================================================================================================================
ii  pollen                                                      4.21-0ubuntu1~14.04                amd64                              Entropy-as-a-Service web server


ubuntu at ip-172-30-0-237:~⟫ sudo apt install pollen
sudo: unable to resolve host ip-172-30-0-237
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  ent rng-tools
The following NEW packages will be installed:
  ent pollen rng-tools
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,338 kB of archives.
After this operation, 7,554 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ trusty/universe ent amd64 1.1debian-3 [13.9 kB]
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ trusty-proposed/universe pollen amd64 4.21-0ubuntu1~14.04 [1,302 kB]
Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/universe rng-tools amd64 4-0ubuntu2.1 [21.8 kB]
Fetched 1,338 kB in 0s (8,036 kB/s)
Selecting previously unselected package ent.
(Reading database ... 76900 files and directories currently installed.)
Preparing to unpack .../ent_1.1debian-3_amd64.deb ...
Unpacking ent (1.1debian-3) ...
Selecting previously unselected package pollen.
Preparing to unpack .../pollen_4.21-0ubuntu1~14.04_amd64.deb ...
Unpacking pollen (4.21-0ubuntu1~14.04) ...
Selecting previously unselected package rng-tools.
Preparing to unpack .../rng-tools_4-0ubuntu2.1_amd64.deb ...
Unpacking rng-tools (4-0ubuntu2.1) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up ent (1.1debian-3) ...
Setting up pollen (4.21-0ubuntu1~14.04) ...
Generating a 4096 bit RSA private key
..........................................................++
..............................................++
writing new private key to '/etc/pollen/key.pem'
-----
pollen-restart start/running, process 4124
pollen start/running, process 4170
Setting up rng-tools (4-0ubuntu2.1) ...
Trying to create /dev/hwrng device inode...
Starting Hardware RNG entropy gatherer daemon: rngd.
Processing triggers for ureadahead (0.100.0-16) ...

ubuntu at ip-172-30-0-237:~⟫ sudo pollinate -s http://localhost:80
sudo: unable to resolve host ip-172-30-0-237
pollinate: system was previously seeded at [2016-07-29 18:35:31.536507000 +0000]
pollinate: To re-seed this system again, use the -r|--reseed option
ubuntu at ip-172-30-0-237:~⟫ sudo pollinate -s http://localhost:80 -r
sudo: unable to resolve host ip-172-30-0-237
pollinate: system was previously seeded at [2016-07-29 18:35:31.536507000 +0000]
pollinate: client sent challenge to [http://localhost:80]
pollinate: client verified challenge/response with [http://localhost:80]
pollinate: client hashed response from [http://localhost:80]
pollinate: client successfully seeded [/dev/urandom]
ubuntu at ip-172-30-0-237:~⟫ sudo pollinate -s http://localhost:80 -r
sudo: unable to resolve host ip-172-30-0-237
pollinate: system was previously seeded at [2016-07-29 18:41:22.500805583 +0000]
pollinate: client sent challenge to [http://localhost:80]
pollinate: client verified challenge/response with [http://localhost:80]
pollinate: client hashed response from [http://localhost:80]
pollinate: client successfully seeded [/dev/urandom]
ubuntu at ip-172-30-0-237:~⟫ sudo pollinate -s http://localhost:80 -r
sudo: unable to resolve host ip-172-30-0-237
pollinate: system was previously seeded at [2016-07-29 18:41:30.108805583 +0000]
pollinate: client sent challenge to [http://localhost:80]
pollinate: client verified challenge/response with [http://localhost:80]
pollinate: client hashed response from [http://localhost:80]
pollinate: client successfully seeded [/dev/urandom]
ubuntu at ip-172-30-0-237:~⟫ sudo pollinate -s https://localhost:443 -r                                                                                                                                                                                                   
sudo: unable to resolve host ip-172-30-0-237
pollinate: system was previously seeded at [2016-07-29 18:41:31.864805583 +0000]
pollinate: client sent challenge to [https://localhost:443]
Jul 29 18:41:57 ip-172-30-0-237 pollinate: WARNING: Network communication failed [0]\n18:41:57.604418 * Rebuilt URL to: https://localhost:443/
18:41:57.604501 * Hostname was NOT found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     018:41:57.608989 *   Trying 127.0.0.1...
18:41:57.609614 * Connected to localhost (127.0.0.1) port 443 (#0)
18:41:57.610109 * successfully set certificate verify locations:
18:41:57.610133 *   CAfile: /etc/pollinate/entropy.ubuntu.com.pem
  CApath: /dev/null
18:41:57.614255 * SSLv3, TLS handshake, Client hello (1):
18:41:57.614281 } [data not shown]
18:41:57.614344 * SSLv3, TLS handshake, Server hello (2):
18:41:57.614362 { [data not shown]
18:41:57.614405 * SSLv3, TLS handshake, CERT (11):
18:41:57.614423 { [data not shown]
18:41:57.614578 * SSLv3, TLS alert, Server hello (2):
18:41:57.614601 } [data not shown]
18:41:57.614653 * SSL certificate problem: self signed certificate
18:41:57.614674 * Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
ubuntu at ip-172-30-0-237:~⟫ sudo pollinate -s https://localhost:443 -r --insecure
sudo: unable to resolve host ip-172-30-0-237
pollinate: system was previously seeded at [2016-07-29 18:41:31.864805583 +0000]
pollinate: client sent challenge to [https://localhost:443]
pollinate: client verified challenge/response with [https://localhost:443]
pollinate: client hashed response from [https://localhost:443]
pollinate: client successfully seeded [/dev/urandom]


ubuntu at ip-172-30-0-237:~⟫ tail -f /var/log/syslog  | grep pollen
Jul 29 18:40:42 ip-172-30-0-237 kernel: [  318.322041] init: pollen-restart main process (4124) terminated with status 1
Jul 29 18:40:42 ip-172-30-0-237 pollen[4170]: pollen starting at [1469817642774105618]
Jul 29 18:40:42 ip-172-30-0-237 kernel: [  318.598660] type=1400 audit(1469817642.964:15): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/pollen" pid=4178 comm="apparmor_parser"


Jul 29 18:41:22 ip-172-30-0-237 pollen[4170]: Server received challenge from [127.0.0.1:58344, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817682497520057] with [e3110] available
Jul 29 18:41:22 ip-172-30-0-237 pollen[4170]: Server sent response to [127.0.0.1:58344, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817682497592495] in [0.000123s] with [e2430] available
Jul 29 18:41:30 ip-172-30-0-237 pollen[4170]: Server received challenge from [127.0.0.1:58345, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817690105111041] with [e3087] available
Jul 29 18:41:30 ip-172-30-0-237 pollen[4170]: Server sent response to [127.0.0.1:58345, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817690105175112] in [0.000121s] with [e2423] available
Jul 29 18:41:31 ip-172-30-0-237 pollen[4170]: Server received challenge from [127.0.0.1:58346, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817691860329191] with [e3081] available
Jul 29 18:41:31 ip-172-30-0-237 pollen[4170]: Server sent response to [127.0.0.1:58346, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817691860396677] in [0.000136s] with [e2441] available
Jul 29 18:42:04 ip-172-30-0-237 pollen[4170]: Server received challenge from [127.0.0.1:33630, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817724277826067] with [e3106] available
Jul 29 18:42:04 ip-172-30-0-237 pollen[4170]: Server sent response to [127.0.0.1:33630, pollinate/4.21-0ubuntu1~14.04 curl/7.35.0-1ubuntu2.7 cloud-init/0.7.5-0ubuntu1.19 Ubuntu/14.04 GNU/Linux/3.13.0-93-generic/x86_64 Intel(R)/Xeon(R)/CPU/E5-2676/v3/@/2.40GHz] at [1469817724282455502] in [0.004709s] with [e2726] available


** Tags added: verification-needed

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to pollen in Ubuntu.
https://bugs.launchpad.net/bugs/1605635

Title:
  [SRU] Please backport pollen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollen/+bug/1605635/+subscriptions

More information about the Ubuntu-server-bugs mailing list