diff options
| author | Todd Gamblin <tgamblin@llnl.gov> | 2023-05-23 12:03:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-23 06:03:13 -0400 |
| commit | 91a54029f9980a6b08c66263d0b69b6980cf1844 (patch) | |
| tree | fa98289d0669367a008bae4c920e92c672d4f913 | |
| parent | 5400b49ed6dc7001b1645b5d31bbcc7d830c15c2 (diff) | |
| download | spack-91a54029f9980a6b08c66263d0b69b6980cf1844.tar.gz spack-91a54029f9980a6b08c66263d0b69b6980cf1844.tar.bz2 spack-91a54029f9980a6b08c66263d0b69b6980cf1844.tar.xz spack-91a54029f9980a6b08c66263d0b69b6980cf1844.zip | |
libgcrypt: patch 1.10.2 on macos (#37844)
macOS doesn't have `getrandom`, and 1.10.2 fails to compile because of this.
There's an upstream fix at https://dev.gnupg.org/T6442 that will be in the next
`libgcrypt` release, but the patch is available now.
| -rw-r--r-- | var/spack/repos/builtin/packages/libgcrypt/package.py | 4 | ||||
| -rw-r--r-- | var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch | 34 |
2 files changed, 38 insertions, 0 deletions
diff --git a/var/spack/repos/builtin/packages/libgcrypt/package.py b/var/spack/repos/builtin/packages/libgcrypt/package.py index 120f3d0fdd..cd207db083 100644 --- a/var/spack/repos/builtin/packages/libgcrypt/package.py +++ b/var/spack/repos/builtin/packages/libgcrypt/package.py @@ -38,6 +38,10 @@ class Libgcrypt(AutotoolsPackage): # flags, and the build system ensures that return (None, flags, None) + # 1.10.2 fails on macOS when trying to use the Linux getrandom() call + # https://dev.gnupg.org/T6442 + patch("rndgetentropy_no_getrandom.patch", when="@=1.10.2 platform=darwin") + def check(self): # Without this hack, `make check` fails on macOS when SIP is enabled # https://bugs.gnupg.org/gnupg/issue2056 diff --git a/var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch b/var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch new file mode 100644 index 0000000000..acb5b115a3 --- /dev/null +++ b/var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch @@ -0,0 +1,34 @@ +diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c +index 513da0b..d8eedce 100644 +--- a/random/rndgetentropy.c ++++ b/random/rndgetentropy.c +@@ -81,27 +81,8 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t, + do + { + _gcry_pre_syscall (); +- if (fips_mode ()) +- { +- /* DRBG chaining defined in SP 800-90A (rev 1) specify +- * the upstream (kernel) DRBG needs to be reseeded for +- * initialization of downstream (libgcrypt) DRBG. For this +- * in RHEL, we repurposed the GRND_RANDOM flag of getrandom API. +- * The libgcrypt DRBG is initialized with 48B of entropy, but +- * the kernel can provide only 32B at a time after reseeding +- * so we need to limit our requests to 32B here. +- * This is clarified in IG 7.19 / IG D.K. for FIPS 140-2 / 3 +- * and might not be applicable on other FIPS modules not running +- * RHEL kernel. +- */ +- nbytes = length < 32 ? length : 32; +- ret = getrandom (buffer, nbytes, GRND_RANDOM); +- } +- else +- { +- nbytes = length < sizeof (buffer) ? length : sizeof (buffer); +- ret = getentropy (buffer, nbytes); +- } ++ nbytes = length < sizeof (buffer) ? length : sizeof (buffer); ++ ret = getentropy (buffer, nbytes); + _gcry_post_syscall (); + } + while (ret == -1 && errno == EINTR); |