From 91a54029f9980a6b08c66263d0b69b6980cf1844 Mon Sep 17 00:00:00 2001
From: Todd Gamblin <tgamblin@llnl.gov>
Date: Tue, 23 May 2023 12:03:13 +0200
Subject: libgcrypt: patch 1.10.2 on macos (#37844)

macOS doesn't have `getrandom`, and 1.10.2 fails to compile because of this.

There's an upstream fix at https://dev.gnupg.org/T6442 that will be in the next
`libgcrypt` release, but the patch is available now.
---
 .../repos/builtin/packages/libgcrypt/package.py    |  4 +++
 .../libgcrypt/rndgetentropy_no_getrandom.patch     | 34 ++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch

(limited to 'var')

diff --git a/var/spack/repos/builtin/packages/libgcrypt/package.py b/var/spack/repos/builtin/packages/libgcrypt/package.py
index 120f3d0fdd..cd207db083 100644
--- a/var/spack/repos/builtin/packages/libgcrypt/package.py
+++ b/var/spack/repos/builtin/packages/libgcrypt/package.py
@@ -38,6 +38,10 @@ class Libgcrypt(AutotoolsPackage):
         # flags, and the build system ensures that
         return (None, flags, None)
 
+    # 1.10.2 fails on macOS when trying to use the Linux getrandom() call
+    # https://dev.gnupg.org/T6442
+    patch("rndgetentropy_no_getrandom.patch", when="@=1.10.2 platform=darwin")
+
     def check(self):
         # Without this hack, `make check` fails on macOS when SIP is enabled
         # https://bugs.gnupg.org/gnupg/issue2056
diff --git a/var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch b/var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch
new file mode 100644
index 0000000000..acb5b115a3
--- /dev/null
+++ b/var/spack/repos/builtin/packages/libgcrypt/rndgetentropy_no_getrandom.patch
@@ -0,0 +1,34 @@
+diff --git a/random/rndgetentropy.c b/random/rndgetentropy.c
+index 513da0b..d8eedce 100644
+--- a/random/rndgetentropy.c
++++ b/random/rndgetentropy.c
+@@ -81,27 +81,8 @@ _gcry_rndgetentropy_gather_random (void (*add)(const void*, size_t,
+       do
+         {
+           _gcry_pre_syscall ();
+-          if (fips_mode ())
+-            {
+-              /* DRBG chaining defined in SP 800-90A (rev 1) specify
+-               * the upstream (kernel) DRBG needs to be reseeded for
+-               * initialization of downstream (libgcrypt) DRBG. For this
+-               * in RHEL, we repurposed the GRND_RANDOM flag of getrandom API.
+-               * The libgcrypt DRBG is initialized with 48B of entropy, but
+-               * the kernel can provide only 32B at a time after reseeding
+-               * so we need to limit our requests to 32B here.
+-               * This is clarified in IG 7.19 / IG D.K. for FIPS 140-2 / 3
+-               * and might not be applicable on other FIPS modules not running
+-               * RHEL kernel.
+-               */
+-              nbytes = length < 32 ? length : 32;
+-              ret = getrandom (buffer, nbytes, GRND_RANDOM);
+-            }
+-          else
+-            {
+-              nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
+-              ret = getentropy (buffer, nbytes);
+-            }
++          nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
++          ret = getentropy (buffer, nbytes);
+           _gcry_post_syscall ();
+         }
+       while (ret == -1 && errno == EINTR);
-- 
cgit v1.2.3-70-g09d2