zhangyiss/spack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libgcrypt: patch 1.10.2 on macos (#37844)

Browse Source 
macOS doesn't have `getrandom`, and 1.10.2 fails to compile because of this.

There's an upstream fix at https://dev.gnupg.org/T6442 that will be in the next
`libgcrypt` release, but the patch is available now.
This commit is contained in:
Todd Gamblin 2023-05-23 12:03:13 +02:00 committed by GitHub
parent 5400b49ed6
commit 91a54029f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
var/spack/repos/builtin/packages/libgcrypt/package.py
View File

@ -38,6 +38,10 @@ def flag_handler(self, name, flags):
# flags, and the build system ensures that # flags, and the build system ensures that
return (None, flags, None) return (None, flags, None)
# 1.10.2 fails on macOS when trying to use the Linux getrandom() call
# https://dev.gnupg.org/T6442
patch("rndgetentropy_no_getrandom.patch", when="@=1.10.2 platform=darwin")
def check(self): def check(self):
# Without this hack, `make check` fails on macOS when SIP is enabled # Without this hack, `make check` fails on macOS when SIP is enabled
# https://bugs.gnupg.org/gnupg/issue2056 # https://bugs.gnupg.org/gnupg/issue2056

34
var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch Normal file
View File

@ -0,0 +1,34 @@
diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
index 513da0b..d8eedce 100644
--- a/random/rndgetentropy.c
+++ b/random/rndgetentropy.c
@@ -81,27 +81,8 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
do
{
_gcry_pre_syscall ();
- if (fips_mode ())
- {
- /* DRBG chaining defined in SP 800-90A (rev 1) specify
- * the upstream (kernel) DRBG needs to be reseeded for
- * initialization of downstream (libgcrypt) DRBG. For this
- * in RHEL, we repurposed the GRND_RANDOM flag of getrandom API.
- * The libgcrypt DRBG is initialized with 48B of entropy, but
- * the kernel can provide only 32B at a time after reseeding
- * so we need to limit our requests to 32B here.
- * This is clarified in IG 7.19 / IG D.K. for FIPS 140-2 / 3
- * and might not be applicable on other FIPS modules not running
- * RHEL kernel.
- */
- nbytes = length < 32 ? length : 32;
- ret = getrandom (buffer, nbytes, GRND_RANDOM);
- }
- else
- {
- nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
- ret = getentropy (buffer, nbytes);
- }
+ nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
+ ret = getentropy (buffer, nbytes);
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);