diff --git a/glibc-rh1324623.patch b/glibc-rh1324623.patch
new file mode 100644
index 0000000..3c87463
--- /dev/null
+++ b/glibc-rh1324623.patch
@@ -0,0 +1,104 @@
+This patch creates a crypt-glibc subdirectory which builds the
+libgcrypt files, but this time against the glibc sources.
+
+The default subdirs list does not include this subdirectory because
+the file names conflict with the crypt directory. The spec file does
+not use the install target to install the built libcrypt.so file,
+either.
+
+Index: b/crypt-glibc/Makefile
+===================================================================
+--- /dev/null
++++ b/crypt-glibc/Makefile
+@@ -0,0 +1,51 @@
++# Build libcrypt against internal cryptographic algorithms.
++# Copyright (C) 1996-2016 Free Software Foundation, Inc.
++# This file is part of the GNU C Library.
++
++# The GNU C Library is free software; you can redistribute it and/or
++# modify it under the terms of the GNU Lesser General Public
++# License as published by the Free Software Foundation; either
++# version 2.1 of the License, or (at your option) any later version.
++
++# The GNU C Library is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# Lesser General Public License for more details.
++
++# You should have received a copy of the GNU Lesser General Public
++# License along with the GNU C Library; if not, see
++# .
++
++#
++# Sub-makefile for crypt() portion of the library.
++#
++subdir := crypt-glibc
++
++include ../Makeconfig
++
++extra-libs := libcrypt
++extra-libs-others := $(extra-libs)
++
++# Use the sources in the crypt subdirectory.
++vpath %.c ../crypt
++
++libcrypt-routines := \
++ crypt-entry md5-crypt sha256-crypt sha512-crypt crypt crypt_util
++
++tests := cert md5c-test sha256c-test sha512c-test badsalttest
++
++libcrypt-routines += md5 sha256 sha512
++
++tests += md5test sha256test sha512test
++
++# The test md5test-giant uses up to 400 MB of RSS and runs on a fast
++# machine over a minute.
++xtests = md5test-giant
++
++include ../Rules
++
++ifeq (yes,$(build-shared))
++$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so
++else
++$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a
++endif
+Index: b/crypt/md5.c
+===================================================================
+--- a/crypt/md5.c
++++ b/crypt/md5.c
+@@ -270,4 +270,4 @@ md5_process_bytes (const void *buffer, s
+ }
+ }
+
+-#include
++#include "md5-block.c"
+Index: b/crypt/sha256.c
+===================================================================
+--- a/crypt/sha256.c
++++ b/crypt/sha256.c
+@@ -212,4 +212,4 @@ __sha256_process_bytes (const void *buff
+ }
+ }
+
+-#include
++#include "sha256-block.c"
+Index: b/crypt/sha512.c
+===================================================================
+--- a/crypt/sha512.c
++++ b/crypt/sha512.c
+@@ -235,4 +235,4 @@ __sha512_process_bytes (const void *buff
+ }
+ }
+
+-#include
++#include "sha512-block.c"
+Index: b/crypt-glibc/Versions
+===================================================================
+--- /dev/null
++++ b/crypt-glibc/Versions
+@@ -0,0 +1,5 @@
++libcrypt {
++ GLIBC_2.0 {
++ crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r;
++ }
++}
diff --git a/glibc.spec b/glibc.spec
index 388638d..54479bf 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -259,6 +259,9 @@ Patch0058: glibc-bug-regex-gcc5.patch
# Add C.UTF-8 locale into /usr/lib/locale/
Patch0059: glibc-c-utf8-locale.patch
+# Build libcrypt twice, with and without NSS.
+Patch0060: glibc-rh1324623.patch
+
##############################################################################
#
# Patches from upstream
@@ -327,6 +330,11 @@ Provides: ld-linux.so.3(GLIBC_2.4)
Requires: glibc-common = %{version}-%{release}
+%if %{without bootstrap}
+# Use the NSS-based cryptographic libraries by default.
+Recommends: libcrypt-nss%{_isa}
+%endif
+
Requires(pre): basesystem
# This is for building auxiliary programs like memusage, nscd
@@ -471,6 +479,48 @@ library binaries that will be selected instead when running under Xen.
Install glibc-xen if you might run your system under the Xen hypervisor.
%endif
+######################################################################
+# crypt subpackages
+######################################################################
+
+%package -n libcrypt
+Summary: Password hashing library (non-NSS version)
+Group: System Environment/Libraries
+Requires: %{name}%{_isa} = %{version}-%{release}
+Provides: libcrypt%{_isa}
+Conflicts: libcrypt-nss
+
+%description -n libcrypt
+This package provides the crypt function, which implements password
+hashing. The glibc implementation of the cryptographic algorithms is
+used by this package.
+
+%post -n libcrypt
+/sbin/ldconfig
+
+%postun -n libcrypt
+/sbin/ldconfig
+
+%if %{without bootstrap}
+%package -n libcrypt-nss
+Summary: Password hashing library (NSS version)
+Group: System Environment/Libraries
+Requires: %{name}%{_isa} = %{version}-%{release}
+Provides: libcrypt%{_isa}
+Conflicts: libcrypt
+
+%description -n libcrypt-nss
+This package provides the crypt function, which implements password
+hashing. The cryptographic algorithm implementations are provided by
+the low-level NSS libraries.
+
+%post -n libcrypt-nss
+/sbin/ldconfig
+
+%postun -n libcrypt-nss
+/sbin/ldconfig
+%endif
+
##############################################################################
# glibc "devel" sub-package
##############################################################################
@@ -482,6 +532,7 @@ Requires(pre): %{name}-headers
Requires: %{name}-headers = %{version}-%{release}
Requires: %{name} = %{version}-%{release}
Requires: libgcc%{_isa}
+Requires: libcrypt%{_isa}
%description devel
The glibc-devel package contains the object files necessary
@@ -825,6 +876,7 @@ microbenchmark tests on the system.
%patch0057 -p1
%patch0058 -p1
%patch0059 -p1
+%patch0060 -p1
%patch2036 -p1
%patch2037 -p1
%patch2038 -p1
@@ -1056,6 +1108,12 @@ build nosegneg -mno-tls-direct-seg-refs
)
%endif
+# Build libcrypt with glibc cryptographic implementations.
+%if %{without bootstrap}
+make %{?_smpflags} -C build-%{target} subdirs=crypt-glibc \
+ CFLAGS="$build_CFLAGS" %{silentrules}
+%endif
+
##############################################################################
# Build the glibc post-upgrade program:
# We only build one of these with the default set of options. This program
@@ -1149,6 +1207,31 @@ install_different()
done
}
+#############################################################################
+# Install libcrypt
+#############################################################################
+
+%if %{without bootstrap}
+# Move the NSS-based implementation out of the way.
+libcrypt_found=false
+for libcrypt in ${RPM_BUILD_ROOT}/%{_lib}/libcrypt-*.so ; do
+ if $libcrypt_found; then
+ # Multiple libcrypt files
+ ls -l ${RPM_BUILD_ROOT}/%{_lib}/libcrypt-*.so
+ exit 1
+ fi
+ mv "$libcrypt" "$(echo "$libcrypt" | sed s/libcrypt-/libcrypt-nss-/)"
+done
+
+# Install the non-NSS implementation in the original path.
+install -m 755 build-%{target}/crypt-glibc/libcrypt.so "$libcrypt"
+
+unset libcrypt libcrypt_found
+%endif
+
+# This symbolic link will be generated by ldconfig.
+rm -f ${RPM_BUILD_ROOT}/%{_lib}/libcrypt.so.1
+
##############################################################################
# Install the xen build files.
##############################################################################
@@ -1366,6 +1449,8 @@ rm -f $RPM_BUILD_ROOT%{_prefix}/lib/debug%{_libdir}/*_p.a
# - Contains the list of files for the static subpackage.
# * nosegneg.filelist
# - Contains the list of files for the xen subpackage.
+# * libcrypt.filelist, libcrypt-nss.filelist
+# - Contains the list of files for the crypt-related subpackages
# * nss_db.filelist, nss_nis.filelist, nss_hesiod.filelist
# - File lists for nss_* NSS module subpackages.
# * nss-devel.filelist
@@ -1551,6 +1636,14 @@ sed -i -e '\,/libnss_.*\.so[0-9.]*$,d' \
# Restore the built-in NSS modules.
cat nss_files.filelist nss_dns.filelist >> rpm.filelist
+# Prepare the libcrypt-related file lists.
+grep '/libcrypt-[0-9.]*.so$' rpm.filelist > libcrypt.filelist
+test $(wc -l < libcrypt.filelist) -eq 1
+%if %{without bootstrap}
+sed s/libcrypt/libcrypt-nss/ < libcrypt.filelist > libcrypt-nss.filelist
+%endif
+sed -i -e '\,/libcrypt,d' rpm.filelist
+
# Remove the zoneinfo files
# XXX: Why isn't this don't earlier when we are removing files?
# Won't this impact what is shipped?
@@ -1676,6 +1769,10 @@ find_debuginfo_args="$find_debuginfo_args \
-p '.*/(sbin|libexec)/.*' \
-o debuginfocommon.filelist \
-l nss_db.filelist -l nss_nis.filelist -l nss_hesiod.filelist \
+ -l libcrypt.filelist \
+%if %{without bootstrap}
+ -l libcrypt-nss.filelist \
+%endif
-l rpm.filelist \
%if %{with benchtests}
-l nosegneg.filelist -l benchtests.filelist"
@@ -1857,6 +1954,10 @@ run_tests () {
echo -------------------------
done
fi
+
+ # If the crypt-glibc test suite fails, something is completely
+ # broken, so fail the build in this case.
+ make %{?_smp_mflags} subdirs=crypt-glibc check %{silentrules}
}
# Increase timeouts
@@ -2084,7 +2185,8 @@ rm -f *.filelist*
%{_prefix}/lib/locale/C.utf8/*
%dir %attr(755,root,root) /etc/default
%verify(not md5 size mtime) %config(noreplace) /etc/default/nss
-%doc documentation/*
+%doc documentation/README.timezone
+%doc documentation/gai.conf
%files all-langpacks
%attr(0644,root,root) %verify(not md5 size mtime) %{_prefix}/lib/locale/locale-archive.tmpl
@@ -2137,6 +2239,14 @@ rm -f *.filelist*
%doc hesiod/README.hesiod
%files -f nss-devel.filelist nss-devel
+%files -f libcrypt.filelist -n libcrypt
+%doc documentation/README.ufc-crypt
+%ghost /%{_lib}/libcrypt.so.1
+%if %{without bootstrap}
+%files -f libcrypt-nss.filelist -n libcrypt-nss
+%ghost /%{_lib}/libcrypt.so.1
+%endif
+
%if 0%{?_enable_debug_packages}
%files debuginfo -f debuginfo.filelist
%defattr(-,root,root)
@@ -2158,6 +2268,7 @@ rm -f *.filelist*
- Drop sendmsg/recvmsg compatibility patch (#1344830)
- glibc-devel depends on libgcc%%{_isa} (#1289356)
- Drop Requires(pre) on libgcc
+- Introduce libcrypt and libcrypt-nss (#1324623)
* Wed Jul 20 2016 Florian Weimer - 2.23.90-29
- Move NSS modules to subpackages (#1338889)