fix: seed fast pseudo-random numbers to differ across processes

[Amey Pawar (ameyypawar)]

What

gix-utils and gix-fs draw fast pseudo-random numbers from fastrand's global generators, whose per-thread seed is derived only from values that can coincide between separate processes — notably small thread IDs. Two concurrently running processes can therefore draw identical sequences, which:

• weakens the jitter on quadratic backoff (meant to avoid a thundering herd of retries, used e.g. in gix-lock), and
• makes the gix-fs capability probes collide on their temporary file names — the spurious "symlinks unsupported" failure seen on CI (Is `overwriting_files_and_lone_directories_works` flaky? #1789).

Fixes #1816.

How

Adds a small gix_utils::rng module: a per-thread fastrand::Rng seeded once from a high-entropy OS source via getrandom::u64(), so sequences differ across processes. The two production call sites are routed through it — the backoff jitter in gix-utils, and the three capability probes in gix-fs (whose now-unused direct fastrand dependency is dropped).

wasm handling

getrandom is added as a target-specific dependency, excluded on wasm32-unknown-unknown, which has no entropy backend by default (and is single-process, so the cross-process concern doesn't apply there). On that target the seed falls back to a best-effort value that deliberately avoids Instant::now(), since that panics on wasm32-unknown-unknown (#7319). On wasm32-wasi* targets getrandom is included and uses the wasi backend.

Note on the public API

This adds a new public gix_utils::rng module (so gix-fs can use it across the crate boundary) — flagging in case it affects the version bump.

Out of scope

The gix-testtools port-shuffle (case 3 in the issue) is left as-is — the issue notes it isn't really a problem, only a minor test slowdown.

Verification

• gix-utils + gix-fs build and tests pass; cargo clippy -- -D warnings and cargo fmt --check are clean.
• Builds on wasm32-unknown-unknown (getrandom excluded, fallback seed used) and wasm32-wasip1 (getrandom included). Note: these were verified as builds, not at runtime (no local wasm host).

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: faa19e3139

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "Codex (@codex) review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "Codex (@codex) address that feedback".

[Sebastian Thiel (Byron)]

Thanks for getting the fix in, and let's hope that truly works. It really depends on getrandom, but would also assume that it works better due to access to the OS entropy.

Also many thanks to Eliah Kagan (@EliahKagan) for chiming in and acknowledging Codex's auto-fix. I gave it another pass and assume it's what you had in mind (the review didn't make material changes).

[Sebastian Thiel (Byron)]

I think one windows job already failed because of exactly what this PR is supposed to improve:

  stderr ───
    failed to extract 'tests\fixtures\generated-archives\make_baseline.tar': Ignoring archive at 'tests\fixtures\generated-archives\make_baseline.tar' as GIX_TEST_IGNORE_ARCHIVES is set.
    thread 'pattern::matching::compare_baseline_with_ours' (832) panicked at gix-glob\tests\pattern\matching.rs:65:13:
    assertion `left == right` failed: baseline for matches must be false - check baseline and git version: GitMatch { pattern: "*/\\\'", value: "XXX/\\\'", is_match: true }
      left: true
     right: false

It's this job, but I am having trouble getting back to the first attempt, maybe because it kind of timed out and was extra-strange.

If it passes next time, I think we should still merge this as it nicely unifies our random number generation, independently of what it tries to achieve beyond that.

[Eliah Kagan (EliahKagan)]

I think one windows job already failed because of exactly what this PR is supposed to improve

I'm not aware of how that pattern::matching::compare_baseline_with_ours would be related to this PR or #1816 (which this PR fixes).

It's this job, but I am having trouble getting back to the first attempt, maybe because it kind of timed out and was extra-strange.

I think you're referring to the inability to expand the "Test (nextest)" step in the "test-fixtures-windows (windows-latest)" job in attempt 1 there. It shows as though the job is still running, even though its status shows as failed.

I believe this sometimes happens when a runner stops responding and the job is eventually stopped automatically for that reason. I've seen this much more often over the course of the past month. I think it's usually a flake in GitHub's infrastructure, rather than relating conceptually to whatever test is executing.

However, I'm guessing that the test failure you showed was something that happened in that step, prior to the connection to the runner being lost. My guess is that the problems are independent: we may have a flaky test that failed while nextest was runnning, and also GitHub's infrastructure may have been flaky later on. I'm not certain, though.