From Newsgroup: comp.sys.tandem

Hi Everyone,
I have discovered an issue with *something* relating to the generation of random numbers on NonStop (TNS/E, TNS/X, TNS/V). When git attempts to add files or package content for transmission, it uses randomization services. The OpenSSL 3.0 on L-series uses the x86 hardware randomizer, so it is not supposed to have to go to the CoreUtils PRNGD server to get a random number. This appears not to be exactly true.
What seems to be happening is either git is misusing OpenSSL (very unlikely), or some path through curl (the library, not the program), is going to PRNGD and ignoring the code that the ITUGLIB team put into OpenSSL to avoid this issue. What you will see in git, if you have this situation, is the following error that definitely correlates to PRNGD not running and goes away when it is running (and configured correctly):
error: unable to get random bytes for temporary file: I/O error
The upshot is that you need to have PRNGD running on your system in order to perform some git operations - for the time being. You also probably need it for some curl operations, but that is not a certainty.
Once I find the root cause, I will do my best to ensure that this situation is resolved and we can turn off PRNGD. Until then (and always on J-series because there is no hardware randomizer available), PRNGD needs to be running for git, probably curl, and likely other Open Source packages. It does not appear to be needed for OpenSSL itself but that is not 100% certainty at this stage.
Please stay tuned. We're on it.
Regards,
Randall Becker
On behalf of the ITUGLIB Technical Committee.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.sys.tandem

On Thursday, March 2, 2023 at 7:27:00rC>p.m. UTC-5, Randall wrote:

Hi Everyone,

I have discovered an issue with *something* relating to the generation of random numbers on NonStop (TNS/E, TNS/X, TNS/V). When git attempts to add files or package content for transmission, it uses randomization services. The OpenSSL 3.0 on L-series uses the x86 hardware randomizer, so it is not supposed to have to go to the CoreUtils PRNGD server to get a random number. This appears not to be exactly true.

What seems to be happening is either git is misusing OpenSSL (very unlikely), or some path through curl (the library, not the program), is going to PRNGD and ignoring the code that the ITUGLIB team put into OpenSSL to avoid this issue. What you will see in git, if you have this situation, is the following error that definitely correlates to PRNGD not running and goes away when it is running (and configured correctly):

error: unable to get random bytes for temporary file: I/O error

The upshot is that you need to have PRNGD running on your system in order to perform some git operations - for the time being. You also probably need it for some curl operations, but that is not a certainty.

Once I find the root cause, I will do my best to ensure that this situation is resolved and we can turn off PRNGD. Until then (and always on J-series because there is no hardware randomizer available), PRNGD needs to be running for git, probably curl, and likely other Open Source packages. It does not appear to be needed for OpenSSL itself but that is not 100% certainty at this stage.

Please stay tuned. We're on it.

Regards,
Randall Becker
On behalf of the ITUGLIB Technical Committee.

The teams are making progress on this issue. There are a few contributing causes, including limits in git, curl, and probably the most important one in the ITUGLIB build of OpenSSL 3.0. The current working hypothesis is that OpenSSL for nonstop-nse and nonstop-nsx inherit the default enable of the "egd" processor, which includes PRNGD. This configuration has desirable use cases, so the teams are not likely to recommend changing the default configuration. However, the ITUGLIB team is considering modifying the standard OpenSSL 3.0 unthreaded 32 bit build to disable PRNGD using the no-egd configuration argument. This will force the default usage for curl and git to only use the hardware random number generator. At least, that is the hypothesis. This is under test. OpenSSL build instructions for NonStop will be updated with whatever we end up doing. More to come in this thread.
-- Randall
--- Synchronet 3.21d-Linux NewsLink 1.2