No, ideally we should target 10+ these days as 9 is out of support. But even building for 9+ should be fine here.
On Sat 26 Feb 2022, 19:22 Jeffrey Walton, <[email protected]> wrote: > On Sat, Feb 26, 2022 at 2:14 PM Jeffrey Walton <[email protected]> wrote: > > > > On Fri, Feb 25, 2022 at 10:52 AM Ben Walton <[email protected]> wrote: > > > > > > On Fri 25 Feb 2022, 11:39 Jeffrey Walton via users, < > [email protected]> wrote: > > >> > > >> I was looking at the libexpat recipe again. This kind of jumps out > > >> from > https://sourceforge.net/p/gar/code/HEAD/tree/csw/mgar/pkg/libexpat1/trunk/Makefile#l42 > : > > >> > > >> # No high-entropy random in old Solaris versions > > >> EXTRA_CPPFLAGS += -DXML_POOR_ENTROPY > > >> > > >> Solaris has /dev/urandom. It meets requirements. As far as I know, > > >> even the earlier versions of the device were sufficient for > > >> cryptographic needs. It may be time to revisit that define. > > > > > > Yeah, I'd drop it and see that it passes the test suite. Not sure how > far back you'd need to go os and hardware worse to still need it, but arms > pretty ancient to me. > > > > Here's some more reading on XML_POOR_ENTROPY: > > https://github.com/libexpat/libexpat/issues/172. > > > > It looks like libexpat needs a good random source for some hash > > tables. Or more specifically, to avoid collisions due to a poor > > entropy source. If the entropy source produces collisions, then it is > > considered poor. > > > > I personally think this problem should probably be addressed > > differently. Instead of asking users to evaluate their entropy source, > > I think libexpat should obtain a uniform distribution via something > > like operating system random source + SipHash. SipHash should produce > > a uniform distribution and it only requires entropy once to key the > > algorithm. It does not need a constant stream of bytes. > > > > Getting back to libexpat, it looks like /dev/urandom is sufficient > > nowadays. Also see > > > https://github.com/libexpat/libexpat/blob/master/expat/lib/xmlparse.c#L122 > . > > You would get into trouble if the /dev/urandom device was missing. > > Ok, here's the missing piece. According to > https://docs.oracle.com/cd/E88353_01/html/E37851/urandom-4d.html , > /dev/random and /dev/urandom was added at Solaris 9 with a patch for > Solaris 8. > > I'm not sure how that affects the define. Does OpenCSW support Solaris > 7 and below? > > Jeff >
