macOS use SecRandomCopyBytes instead of getentropy

[iffy]

This changes the urandom proc to use SecRandomCopyBytes on macOS instead of getentropy because:

• SecRandomCopyBytes is available on iOS 2.0+ and macOS 10.7+ https://developer.apple.com/documentation/security/1399291-secrandomcopybytes?language=objc
• getentropy is only available on macOS 10.12+

This fixes my application that I currently build for a macOS 10.10 machine after upgrading to Nim 1.6 from Nim 1.4. This supersedes and closes #20460

[iffy]

Ooo, nice side benefit: I can now compile nim on macOS 10.10 again!

[iffy]

@ringabout I just realized that this change I'm proposing is pretty much the same as what you did in ringabout@c467017 Any reason why you didn't end up merging that change in?

[iffy]

CI is only failing for the unrelated problem fixed by #20495. Can this be merged?

[Araq]

Ping @ringabout

[ringabout]

I just realized that this change I'm proposing is pretty much the same as what you did in ringabout@c467017 Any reason why you didn't end up merging that change in?

Because I don't want to introduce dependency -framework Security when having a better solution for newer macOS. Depends on how old OS we are willing to support, it is fine to merge this if we stick to backwards compatibility.

[iffy]

FWIW, some people have experienced Apple not allowing apps that use getentropy: https://dev.gnupg.org/T5375

What's the reason for not wanting to pull in the Security framework? I think it's available on all macOS machines.

If it's really undesirable to pull in the Security framework, this post makes me think it might be possible to use CCRandomGenerateBytes which might be in libSystem. I haven't had time to check yet.

[ringabout]

See also rust-random/getrandom#38 (comment)

[github-actions]

Thanks for your hard work on this PR!
The lines below are statistics of the Nim compiler built from 594e93a

Hint: mm: orc; opt: speed; options: -d:release
162672 lines; 8.026s; 665.031MiB peakmem