Switch rand_os to use fuchsia-cprng crate in rand-0.6

[erickt]

The fuchsia team has spun out a new crate, fuchsia-cprng, which reduces your exposure to changes in our syscalls, which are still not stable. This crate just exposes the CPRNG syscall, which we do not expect to change.

Also note, the underlying syscall, zx_cprng_draw no longer needs the loop. Instead, we guarantee that the buffer always be filled with randomness.

If this patch is accepted, would it be possible to get a release of rand_os? We also have some dependencies that are using 0.3, 0.4, and 0.5, so would you also be interested in patches for those versions as well?

Thanks!

[erickt]

I think the travis failure is unrelated to this PR. I poked around, and it looks like it's unrelated broken doc links. I filed #710 to track it.

[dhardy]

Okay, nice!

Why do you still have users on such old versions of Rand?

• 0.3 has a shim to build around 0.4
• 0.4 has seen some backports since it is the last version before we started making big changes (including adding rand_core); I won't say no to more backports but would prefer users to upgrade
• 0.5 should be easy to upgrade to 0.6; we could in theory add a compatibility shim but haven't

[erickt]

Thanks @dhardy!

Unfortunately we have a bunch of dependencies that are still using the older versions:

On 0.3:

• multipart 0.13.6 (hopefully we'll get a release soon Cutting a release? abonander/multipart#119)
• rust-crypto 0.2.36

On 0.4:

• rouille 2.2.0
• tempdir 0.3.7

On 0.5:

• futures-util-preview 0.3.0-alpha.12
• num 0.2.0
• parking-lot 0.3.1
• proptest 0.8.7
• uuid 0.7.1

It just takes time for us to get upstream packages to update, then get their dependents to update, and etc.