Re: Support getrandom() for pg_strong_random() source

On Wed, Oct 15, 2025 at 9:03 AM Jacob Champion
<jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Mon, Oct 13, 2025 at 2:49 PM Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> wrote:
> > I think the second item fits better with the current thread's subject.
> > Having said that, these two items are somewhat related (for example,
> > adding getrandom() support would be a common change for both), so
> > perhaps we can start with the pg_strong_random() changes in this
> > thread?
>
> Sounds good.

I've drafted the patches for this item.

The 0001 patch allows the packager to select the random source:
"openssl" or "system", by using --with-random-source option. If it's
omitted and OpenSSL is used (--with-openssl or --with-ssl=openssl),
'openssl' source is automatically chosen. The selected random source
can be shown in read-only GUC parameter random_source.

The 0002 patch supports getrandom() as a 'system' random source where
available while keeping the method of reading /dev/urandom as a
fallback option.

Regards,

--
Masahiko Sawada
Amazon Web Services: https://aws.amazon.com