On Mon, Jul 21, 2025 at 11:43:35PM -0700, Masahiko Sawada wrote: > The patch supports the getrandom() function as a new source of > pg_strong_random(). The getrandom() function uses the same source as > the /dev/urandom device but it seems much faster than opening, > reading, and closing /dev/urandom. Here is the execution time of > generating 1 million UUIDv4 data measured on my environment: > > HEAD(/dev/urandom): 1863.064 ms > Patched(getrandom()): 516.627 ms
Interesting. Are there platforms where this is not available? I'd be pretty sure that some animals in the buildfarm would not like this suggestion but I'm saying it anyway. Perhaps we could even drop /dev/urandom? > I guess that while OpenSSL's RAND_bytes() should still be prioritized > where available it might be a good idea to support getrandom() for > builds where RAND_bytes() is not available. > > Feedback is very welcome. I am wondering how much non-OpenSSL builds matter these days, TBH, so I am not sure that this is worth the addition of an extra configure/meson check and this stuff has its cost just for such builds. I am not saying that we should make OpenSSL mandatory, of course not, but all production instances of Postgres have likely OpenSSL enabled anyway. Perhaps some embedded deployments like --without-openssl, who knows.. -- Michael
signature.asc
Description: PGP signature
