From: merch-redmine@... Date: 2021-03-10T00:23:55+00:00 Subject: [ruby-core:102794] [Ruby master Bug#14716] SecureRandom throwing an error in Ruby 2.5.1 Issue #14716 has been updated by jeremyevans0 (Jeremy Evans). Status changed from Open to Feedback Can anyone prepare a reproducible example of this happening with Ruby 2.7 or 3.0 (Ruby 2.6 goes into security maintenance at the end of the month)? I think many of the reported failures with Ruby 2.5 and 2.6 could be due to the file descriptor limit being hit (assuming SecureRandom is using the `/dev/urandom` file for entropy), but it is hard to confirm that without a reproducible example. ---------------------------------------- Bug #14716: SecureRandom throwing an error in Ruby 2.5.1 https://bugs.ruby-lang.org/issues/14716#change-90816 * Author: snehavas (sneha vasanth) * Status: Feedback * Priority: Normal * ruby -v: 2.6.3 * Backport: 2.3: DONTNEED, 2.4: DONTNEED, 2.5: REQUIRED ---------------------------------------- Hi, We recently upgraded from ruby 2.3.6 to 2.5.1. We use SecureRandom.uuid to generate a random number for our session. Post the upgrade we have been getting the following error intermittently ``` app error: failed to get urandom (RuntimeError) E, [2018-04-27T04:55:08.741859 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `urandom' E, [2018-04-27T04:55:08.741898 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `gen_random_urandom' E, [2018-04-27T04:55:08.741932 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:129:in `random_bytes' E, [2018-04-27T04:55:08.741965 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:219:in `uuid' E, [2018-04-27T04:55:08.741997 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:74:in `create_session_info' E, [2018-04-27T04:55:08.742036 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:11:in `context' ``` We understand that there was a change in ruby 2.5.1 where we now look at OS sources as the first point of contact to generate random numbers as opposed to OpenSSL. Any idea why this could be happening? -- https://bugs.ruby-lang.org/ Unsubscribe: