Don't use getentropy() on Linux

Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
read from /dev/urandom to get random bytes, for example in os.urandom().  On
Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
os.urandom() should not block.

Misc/NEWS

@@ -23,6 +23,11 @@ Extension Modules
 Library
 -------
 
+- Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function
+  but read from /dev/urandom to get random bytes, for example in os.urandom().
+  On Linux, getentropy() is implemented which getrandom() is blocking mode,
+  whereas os.urandom() should not block.
+
 - Issue #29142: In urllib, suffixes in no_proxy environment variable with
   leading dots could match related hostnames again (e.g. .b.c matches a.b.c).
   Patch by Milan Oberkirch.

Python/random.c

@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
 }
 
 /* Issue #25003: Don't use getentropy() on Solaris (available since
- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
-#elif defined(HAVE_GETENTROPY) && !defined(sun)
+   Solaris 11.3), it is blocking whereas os.urandom() should not block.
+
+   Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
+   implements it with the getrandom() syscall which can fail with ENOSYS,
+   and this error is not supported in py_getentropy() and getrandom() is called
+   with flags=0 which blocks until system urandom is initialized, which is not
+   the desired behaviour to seed the Python hash secret nor for os.urandom():
+   see the PEP 524 which was only implemented in Python 3.6. */
+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
 #define PY_GETENTROPY 1
 
 /* Fill buffer with size pseudo-random bytes generated by getentropy().