From e9a9f0ca25667106b369b76f8500c4f40ee781e7 Mon Sep 17 00:00:00 2001
From: jarek <jkrochmalski@gmail.com>
Date: Thu, 26 Mar 2026 08:23:12 +0100
Subject: [PATCH] shims for the baseline build

---
 shims/getrandom-shim.c | 53 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 shims/getrandom-shim.c

diff --git a/shims/getrandom-shim.c b/shims/getrandom-shim.c
new file mode 100644
index 0000000..dd2e14f
--- /dev/null
+++ b/shims/getrandom-shim.c
@@ -0,0 +1,53 @@
+/*
+ * getrandom() shim for old kernels (< 3.17) that lack the syscall.
+ *
+ * musl libc calls getrandom() which returns ENOSYS on kernel 3.10.x
+ * (e.g. Synology DS1513+). This shim intercepts the call and falls
+ * back to /dev/urandom, which is cryptographically secure after boot
+ * and is the same entropy source getrandom() reads from on modern kernels.
+ *
+ * Usage: LD_PRELOAD=/usr/lib/libgetrandom-shim.so <command>
+ */
+
+#define _GNU_SOURCE
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/syscall.h>
+#include <unistd.h>
+
+#ifndef SYS_getrandom
+#  ifdef __x86_64__
+#    define SYS_getrandom 318
+#  elif defined(__aarch64__)
+#    define SYS_getrandom 278
+#  else
+#    error "Unsupported architecture"
+#  endif
+#endif
+
+ssize_t getrandom(void *buf, size_t buflen, unsigned int flags) {
+    /* Try the real syscall first */
+    long ret = syscall(SYS_getrandom, buf, buflen, flags);
+    if (ret >= 0 || errno != ENOSYS)
+        return (ssize_t)ret;
+
+    /* Kernel too old — fall back to /dev/urandom */
+    int fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
+    if (fd < 0)
+        return -1;
+
+    ssize_t total = 0;
+    while ((size_t)total < buflen) {
+        ssize_t n = read(fd, (char *)buf + total, buflen - (size_t)total);
+        if (n <= 0) {
+            if (n < 0 && errno == EINTR)
+                continue;
+            close(fd);
+            return -1;
+        }
+        total += n;
+    }
+
+    close(fd);
+    return total;
+}