diff --git a/CHANGELOG.md b/CHANGELOG.md index b83034a325..7371771806 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ language runtime. The main focus is on user-observable behavior of the engine. * Added support for specifying generics on foreign classes, and inheriting from such classes. Especially when using Java classes that support generics, this allows expressing the generic types in Python type annotations as well. * Added a new `java` backend for the `pyexpat` module that uses a Java XML parser instead of the native `expat` library. It can be useful when running without native access or multiple-context scenarios. This backend is the default when embedding and can be switched back to native `expat` by setting `python.PyExpatModuleBackend` option to `native`. Standalone distribution still defaults to native expat backend. * Add a new context option `python.UnicodeCharacterDatabaseNativeFallback` to control whether the ICU database may fall back to the native unicode character database from CPython for features and characters not supported by ICU. This requires native access to be enabled and is disabled by default for embeddings. +* Add an experimental `python.InitializationEntropySource` option to control the entropy source used for initialization-only randomness such as hash secret generation and `random.Random(None)` seeding. This means embeddings and tests can select deterministic or externally provided initialization entropy without affecting cryptographically relevant APIs like `os.urandom()` or `random.SystemRandom()`. * Foreign temporal objects (dates, times, and timezones) are now given a Python class corresponding to their interop traits, i.e., `date`, `time`, `datetime`, or `tzinfo`. This allows any foreign objects with these traits to be used in place of the native Python types and Python methods available on these types work on the foreign types. ## Version 25.0.1 diff --git a/graalpython/com.oracle.graal.python.test/src/com/oracle/graal/python/test/runtime/PythonContextEntropyTests.java b/graalpython/com.oracle.graal.python.test/src/com/oracle/graal/python/test/runtime/PythonContextEntropyTests.java new file mode 100644 index 0000000000..7dcee55008 --- /dev/null +++ b/graalpython/com.oracle.graal.python.test/src/com/oracle/graal/python/test/runtime/PythonContextEntropyTests.java @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2026, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * The Universal Permissive License (UPL), Version 1.0 + * + * Subject to the condition set forth below, permission is hereby granted to any + * person obtaining a copy of this software, associated documentation and/or + * data (collectively the "Software"), free of charge and under any and all + * copyright rights in the Software, and any and all patent rights owned or + * freely licensable by each licensor hereunder covering either (i) the + * unmodified Software as contributed to or provided by such licensor, or (ii) + * the Larger Works (as defined below), to deal in both + * + * (a) the Software, and + * + * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if + * one is included with the Software each a "Larger Work" to which the Software + * is contributed by such licensors), + * + * without restriction, including without limitation the rights to copy, create + * derivative works of, display, perform, and distribute the Software and make, + * use, sell, offer for sale, import, export, have made, and have sold the + * Software and the Larger Work(s), and to sublicense the foregoing rights on + * either these or other terms. + * + * This license is subject to the following condition: + * + * The above copyright notice and either this complete permission notice or at a + * minimum a reference to the UPL must be included in all copies or substantial + * portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +package com.oracle.graal.python.test.runtime; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.Map; +import java.util.Random; + +import org.graalvm.polyglot.PolyglotException; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.Assume; + +import com.oracle.graal.python.runtime.PythonContext; +import com.oracle.graal.python.test.PythonTests; + +public class PythonContextEntropyTests { + + @Before + public void checkLinuxOnly() { + Assume.assumeTrue(System.getProperty("os.name").toLowerCase().contains("linux")); + } + + @After + public void tearDown() { + PythonTests.closeContext(); + } + + @Test + public void fixedInitializationEntropySourceSeedsHashSecretDeterministically() { + long seed = 0x1234ABCDL; + PythonTests.enterContext(Map.of("python.InitializationEntropySource", "fixed:0x1234ABCD"), new String[0]); + PythonContext context = PythonContext.get(null); + + byte[] expected = new byte[24]; + new Random(seed).nextBytes(expected); + + assertArrayEquals(expected, context.getHashSecret()); + } + + @Test + public void deviceInitializationEntropySourceSeedsHashSecretFromConfiguredPath() throws IOException { + byte[] expected = new byte[24]; + for (int i = 0; i < expected.length; i++) { + expected[i] = (byte) (i + 1); + } + byte[] source = new byte[expected.length + 8]; + System.arraycopy(expected, 0, source, 0, expected.length); + for (int i = expected.length; i < source.length; i++) { + source[i] = (byte) 0xFF; + } + Path tempFile = Files.createTempFile("graalpy-init-entropy-", ".bin"); + Files.write(tempFile, source); + + try { + PythonTests.enterContext(Map.of("python.InitializationEntropySource", "device:" + tempFile), new String[0]); + PythonContext context = PythonContext.get(null); + assertArrayEquals(expected, context.getHashSecret()); + } finally { + Files.deleteIfExists(tempFile); + } + } + + @Test + public void deviceInitializationEntropySourceThrowsProviderExceptionWhenExhausted() throws IOException { + Path tempFile = Files.createTempFile("graalpy-init-entropy-short-", ".bin"); + Files.write(tempFile, new byte[]{1, 2, 3, 4}); + + try { + try { + PythonTests.enterContext(Map.of("python.InitializationEntropySource", "device:" + tempFile), new String[0]); + fail("expected PolyglotException"); + } catch (PolyglotException e) { + assertTrue(e.getMessage().contains("ProviderException")); + assertTrue(e.getMessage().contains("initialization entropy device exhausted")); + } + } finally { + Files.deleteIfExists(tempFile); + } + } +} diff --git a/graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py b/graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py new file mode 100644 index 0000000000..379f88886c --- /dev/null +++ b/graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py @@ -0,0 +1,311 @@ +# Copyright (c) 2026, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# The Universal Permissive License (UPL), Version 1.0 +# +# Subject to the condition set forth below, permission is hereby granted to any +# person obtaining a copy of this software, associated documentation and/or +# data (collectively the "Software"), free of charge and under any and all +# copyright rights in the Software, and any and all patent rights owned or +# freely licensable by each licensor hereunder covering either (i) the +# unmodified Software as contributed to or provided by such licensor, or (ii) +# the Larger Works (as defined below), to deal in both +# +# (a) the Software, and +# +# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if +# one is included with the Software each a "Larger Work" to which the Software +# is contributed by such licensors), +# +# without restriction, including without limitation the rights to copy, create +# derivative works of, display, perform, and distribute the Software and make, +# use, sell, offer for sale, import, export, have made, and have sold the +# Software and the Larger Work(s), and to sublicense the foregoing rights on +# either these or other terms. +# +# This license is subject to the following condition: +# +# The above copyright notice and either this complete permission notice or at a +# minimum a reference to the UPL must be included in all copies or substantial +# portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +import os +import subprocess +import sys +import tempfile +import textwrap +import threading +import unittest + + +@unittest.skipUnless(sys.implementation.name == "graalpy" and sys.platform.startswith("linux"), "Linux GraalPy-specific test") +class EntropySubprocessTests(unittest.TestCase): + HASH_SECRET_BYTES = 24 + RANDOM_SEED_BYTES = 624 * 4 + RANDOM_INSTANCE_BYTES = HASH_SECRET_BYTES + RANDOM_SEED_BYTES + RANDOM_MODULE_BYTES = HASH_SECRET_BYTES + (2 * RANDOM_SEED_BYTES) + TEMPFILE_CANDIDATE_NAME_BYTES = HASH_SECRET_BYTES + (4 * RANDOM_SEED_BYTES) + SSL_DATA_DIR = os.path.join(os.path.dirname(__file__), "ssldata") + + def _run_with_init_pipe(self, byte_count: int, code: str): + with tempfile.TemporaryDirectory() as temp_dir: + path = os.path.join(temp_dir, "initrandom") + subprocess.run(["mkfifo", path], check=True) + writer_error = [] + bytes_written = 0 + + def feed_pipe(): + nonlocal bytes_written + try: + fd = os.open(path, os.O_WRONLY) + try: + remaining = byte_count + chunk = b"\x00" * min(4096, byte_count) + while remaining > 0: + written = os.write(fd, chunk[:remaining]) + bytes_written += written + remaining -= written + finally: + os.close(fd) + except BaseException as exc: # re-raised in the main thread + writer_error.append(exc) + + writer = threading.Thread(target=feed_pipe) + writer.start() + try: + result = self._run_with_init_source(f"device:{path}", code) + finally: + writer.join(timeout=10) + if writer.is_alive(): + self.fail("initrandom pipe writer thread did not finish") + if writer_error: + raise writer_error[0] + return result, bytes_written + + def _run_with_init_source(self, source: str, code: str): + env = os.environ.copy() + env.pop("PYTHONHASHSEED", None) + return subprocess.run( + [ + sys.executable, + "-S", + "--experimental-options=true", + f"--python.InitializationEntropySource={source}", + "-c", + code, + ], + capture_output=True, + text=True, + env=env, + ) + + def assert_initrandom_exhausted(self, result): + self.assertNotEqual(0, result.returncode, result) + combined = f"{result.stdout}\n{result.stderr}" + self.assertIn("initialization entropy device exhausted", combined) + + def assert_subprocess_ok(self, result): + self.assertEqual(0, result.returncode, result) + + def assert_initrandom_bytes_used(self, byte_count: int, code: str, stdout: str): + result, bytes_written = self._run_with_init_pipe(byte_count, code) + self.assert_subprocess_ok(result) + self.assertEqual(byte_count, bytes_written) + self.assertEqual(stdout, result.stdout.strip()) + + exhausted_result, exhausted_written = self._run_with_init_pipe(byte_count - 1, code) + self.assert_initrandom_exhausted(exhausted_result) + self.assertEqual(byte_count - 1, exhausted_written) + + def test_startup_hash_secret_uses_initrandom(self): + self.assert_initrandom_bytes_used(self.HASH_SECRET_BYTES, "print('ok')", "ok") + + def test__random_random_uses_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_INSTANCE_BYTES, + "import _random; _random.Random(); print('ok')", + "ok", + ) + + def test_random_module_import_uses_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_MODULE_BYTES, + "import random; print('ok')", + "ok", + ) + + def test_systemrandom_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_MODULE_BYTES, + "import random; random.SystemRandom().getrandbits(32); print('ok')", + "ok", + ) + + def test_secrets_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_MODULE_BYTES, + "import random; import secrets; secrets.token_hex(8); print('ok')", + "ok", + ) + + def test_os_urandom_does_not_use_initrandom(self): + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + "import os; print(len(os.urandom(16)))", + "16", + ) + + def test_multiprocessing_process_import_does_not_use_initrandom(self): + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + "import multiprocessing.process; print('ok')", + "ok", + ) + + def test_multiprocessing_deliver_challenge_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_MODULE_BYTES, + textwrap.dedent(""" + import random + import multiprocessing.connection as mc + auth = b'authkey' + + class Dummy: + def __init__(self): + self.sent = [] + + def send_bytes(self, data): + self.sent.append(data) + + def recv_bytes(self, _max): + msg = self.sent[-1][len(mc._CHALLENGE):] + return mc._create_response(auth, msg) + + d = Dummy() + mc.deliver_challenge(d, auth) + print('ok') + """), + "ok", + ) + + def test_tempfile_candidate_names_use_initrandom(self): + self.assert_initrandom_bytes_used( + self.TEMPFILE_CANDIDATE_NAME_BYTES, + "import tempfile; next(tempfile._get_candidate_names()); print('ok')", + "ok", + ) + + def test_tempfile_after_random_import_uses_initrandom(self): + self.assert_initrandom_bytes_used( + self.TEMPFILE_CANDIDATE_NAME_BYTES, + "import random; import tempfile; next(tempfile._get_candidate_names()); print('ok')", + "ok", + ) + + def test_email_generator_boundary_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_MODULE_BYTES, + "import random; from email.generator import Generator; Generator._make_boundary(); print('ok')", + "ok", + ) + + def test_imaplib_connect_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_MODULE_BYTES, + textwrap.dedent(""" + import random + import imaplib + + class Dummy(imaplib.IMAP4): + def open(self, host='', port=imaplib.IMAP4_PORT, timeout=None): + pass + + def _get_response(self): + self.untagged_responses = {'OK': [b'']} + return 'OK' + + def _get_capabilities(self): + self.capabilities = ('IMAP4REV1',) + + def shutdown(self): + pass + + d = Dummy.__new__(Dummy) + d.debug = imaplib.Debug + d.state = 'LOGOUT' + d.literal = None + d.tagged_commands = {} + d.untagged_responses = {} + d.continuation_response = '' + d.is_readonly = False + d.tagnum = 0 + d._tls_established = False + d._mode_ascii() + d._connect() + print('ok') + """), + "ok", + ) + + def test_pyexpat_import_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + "import pyexpat; print(pyexpat.__name__)", + "pyexpat", + ) + + def test_pyexpat_parsercreate_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + "import pyexpat; p = pyexpat.ParserCreate(); print(type(p).__name__)", + "xmlparser", + ) + + def test_sqlite3_import_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + "import _sqlite3; print(_sqlite3.__name__)", + "_sqlite3", + ) + + def test_sqlite3_randomblob_does_not_use_initrandom(self): + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + "import sqlite3; " + "conn = sqlite3.connect(':memory:'); " + "print(conn.execute('select length(randomblob(16))').fetchone()[0])", + "16", + ) + + def test_ssl_load_cert_chain_does_not_use_initrandom(self): + cert = os.path.join(self.SSL_DATA_DIR, "signed_cert.pem") + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + f"import ssl; " + f"ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER); " + f"ctx.load_cert_chain(r'{cert}'); " + f"print('ok')", + "ok", + ) + + def test_uuid1_does_not_use_additional_initrandom(self): + self.assert_initrandom_bytes_used( + self.RANDOM_MODULE_BYTES, + "import random; import uuid; uuid.uuid1(node=1); print('ok')", + "ok", + ) + + def test_uuid4_does_not_use_initrandom(self): + self.assert_initrandom_bytes_used( + self.HASH_SECRET_BYTES, + "import uuid; print(uuid.uuid4().version)", + "4", + ) diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/random/RandomBuiltins.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/random/RandomBuiltins.java index 1f4d3e8446..33b12a6040 100644 --- a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/random/RandomBuiltins.java +++ b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/random/RandomBuiltins.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2025, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2026, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * The Universal Permissive License (UPL), Version 1.0 @@ -47,7 +47,6 @@ import java.math.BigInteger; import java.nio.ByteBuffer; import java.nio.ByteOrder; -import java.security.SecureRandom; import java.util.List; import com.oracle.graal.python.PythonLanguage; @@ -132,11 +131,10 @@ public abstract static class SeedNode extends PythonBuiltinNode { @Specialization @TruffleBoundary PNone seedNone(PRandom random, @SuppressWarnings("unused") PNone none) { - SecureRandom secureRandom = getContext().getSecureRandom(); int[] seed = new int[PRandom.N]; - for (int i = 0; i < seed.length; ++i) { - seed[i] = secureRandom.nextInt(); - } + byte[] seedBytes = new byte[seed.length * Integer.BYTES]; + getContext().fillInitializationEntropyBytes(seedBytes); + ByteBuffer.wrap(seedBytes).order(ByteOrder.BIG_ENDIAN).asIntBuffer().get(seed); random.seed(seed); return PNone.NONE; } diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonContext.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonContext.java index b4b378e299..f7aa6368cd 100644 --- a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonContext.java +++ b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonContext.java @@ -76,7 +76,9 @@ import java.lang.ref.WeakReference; import java.lang.reflect.Field; import java.nio.file.LinkOption; +import java.nio.file.Path; import java.security.NoSuchAlgorithmException; +import java.security.ProviderException; import java.security.SecureRandom; import java.text.MessageFormat; import java.util.ArrayDeque; @@ -88,6 +90,7 @@ import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.Random; import java.util.WeakHashMap; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentSkipListMap; @@ -705,6 +708,7 @@ PythonThreadState getThreadState(Node n) { private final IDUtils idUtils = new IDUtils(); @CompilationFinal private SecureRandom secureRandom; + private InitializationEntropySource initializationEntropySource; // Equivalent of _Py_HashSecret @CompilationFinal(dimensions = 1) private byte[] hashSecret = new byte[24]; @@ -1460,6 +1464,44 @@ public SecureRandom getSecureRandom() { return secureRandom; } + public void fillInitializationEntropyBytes(byte[] bytes) { + getInitializationEntropySource().nextBytes(bytes); + } + + private InitializationEntropySource getInitializationEntropySource() { + assert !env.isPreInitialization(); + if (initializationEntropySource == null) { + CompilerDirectives.transferToInterpreterAndInvalidate(); + initializationEntropySource = createInitializationEntropySource(getOption(PythonOptions.InitializationEntropySource)); + } + return initializationEntropySource; + } + + private InitializationEntropySource createInitializationEntropySource(String spec) { + if ("default".equals(spec)) { + return new DefaultInitializationEntropySource(getSecureRandom()); + } + if (spec.startsWith("device:")) { + String path = spec.substring("device:".length()); + if (path.isEmpty()) { + throw new IllegalArgumentException("python.InitializationEntropySource device path must not be empty"); + } + return new DeviceInitializationEntropySource(path); + } + if (spec.startsWith("fixed:")) { + String seed = spec.substring("fixed:".length()); + if (seed.isEmpty()) { + throw new IllegalArgumentException("python.InitializationEntropySource fixed seed must not be empty"); + } + try { + return new FixedInitializationEntropySource(Long.decode(seed)); + } catch (NumberFormatException e) { + throw new IllegalArgumentException("python.InitializationEntropySource fixed seed must be a decimal or hexadecimal long", e); + } + } + throw new IllegalArgumentException("python.InitializationEntropySource must be 'default', 'device:', or 'fixed:'"); + } + public byte[] getHashSecret() { assert !env.isPreInitialization(); return hashSecret; @@ -1692,7 +1734,65 @@ private void initializeHashSecret() { } } else { // Generate random seed - getSecureRandom().nextBytes(hashSecret); + fillInitializationEntropyBytes(hashSecret); + } + } + + private interface InitializationEntropySource { + void nextBytes(byte[] bytes); + } + + private static final class DefaultInitializationEntropySource implements InitializationEntropySource { + private final SecureRandom secureRandom; + + DefaultInitializationEntropySource(SecureRandom secureRandom) { + this.secureRandom = secureRandom; + } + + @Override + public synchronized void nextBytes(byte[] bytes) { + secureRandom.nextBytes(bytes); + } + } + + private static final class DeviceInitializationEntropySource implements InitializationEntropySource { + private final InputStream inputStream; + + DeviceInitializationEntropySource(String path) { + try { + inputStream = java.nio.file.Files.newInputStream(Path.of(path)); + } catch (IOException e) { + throw new IllegalArgumentException("failed to open initialization entropy device: " + path, e); + } + } + + @Override + public synchronized void nextBytes(byte[] bytes) { + int offset = 0; + try { + while (offset < bytes.length) { + int read = inputStream.read(bytes, offset, bytes.length - offset); + if (read < 0) { + throw new ProviderException("initialization entropy device exhausted"); + } + offset += read; + } + } catch (IOException e) { + throw new ProviderException("failed to read initialization entropy device", e); + } + } + } + + private static final class FixedInitializationEntropySource implements InitializationEntropySource { + private final Random random; + + FixedInitializationEntropySource(long seed) { + this.random = new Random(seed); + } + + @Override + public synchronized void nextBytes(byte[] bytes) { + random.nextBytes(bytes); } } diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonOptions.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonOptions.java index 7080e7dc43..17131fd5e7 100644 --- a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonOptions.java +++ b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonOptions.java @@ -232,6 +232,11 @@ public static void checkBytecodeDSLEnv() { } })); + @Option(category = OptionCategory.EXPERT, help = "Entropy source used for reviewed initialization-time randomness. " + + "Use 'default' to reuse the default Java source, 'device:' to read bytes from a device or file, " + + "or 'fixed:' for deterministic testing.", usageSyntax = "default|device:|fixed:", stability = OptionStability.EXPERIMENTAL) // + public static final OptionKey InitializationEntropySource = new OptionKey<>("default"); + @EngineOption @Option(category = OptionCategory.USER, help = "Choose the backend for the POSIX module.", usageSyntax = "java|native", stability = OptionStability.STABLE) // public static final OptionKey PosixModuleBackend = new OptionKey<>(T_JAVA, TS_OPTION_TYPE);