From e5a28e6f024d0110755695aaed86400a96618602 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Fri, 30 Aug 2024 19:25:16 +0200
Subject: [PATCH] curl.sh: disable `RANDOM_FILE`

---
 curl.sh | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/curl.sh b/curl.sh
index 5393a12cc..eef14b4c9 100755
--- a/curl.sh
+++ b/curl.sh
@@ -404,13 +404,23 @@ _VER="$1"
     # Ensure they are set as in native builds.
     options+=' -DHAVE_WRITABLE_ARGV=1'
     if [ "${_CRT}" = 'musl' ]; then
-      options+=' -DRANDOM_FILE=/dev/urandom'  # FIXME: Disable for all MUSL targets? (Not currently supported by curl's CMake.)
       options+=' -DHAVE_POLL_FINE=1'
-    else
-      options+=' -DRANDOM_FILE=/dev/urandom'
-      if [ "${CURL_VER_}" != '8.9.1' ]; then
-        options+=' -DHAVE_POLL_FINE=1'  # No longer needed after https://github.com/curl/curl/pull/14734
-      fi
+    elif [ "${CURL_VER_}" != '8.9.1' ]; then
+      options+=' -DHAVE_POLL_FINE=1'  # No longer needed after https://github.com/curl/curl/pull/14734
+    fi
+  fi
+
+  # /dev/urandom is only necessary in libcurl in some limited cases,
+  # e.g. Rustls, and mbedTLS without built-in random support.
+  # It is also not detected in cross-builds, making Linux binaries for
+  # non-native CPUs different. For MUSL builds in particular, there is no
+  # guarantee that the build machine's `/dev/urandom` is present at runtime.
+  # For macOS builds its likely there, but also unnecessary.
+  # Disable it for all Linux and macOS builds.
+  if [ "${CURL_VER_}" != '8.9.1' ] && \
+     [ "${CURL_VER_}" != '8.10.0' ]; then
+    if [ "${_OS}" = 'linux' ] || [ "${_OS}" = 'mac' ]; then
+      options+=' -DRANDOM_FILE=OFF'
     fi
   fi