Resolves: #1324623
Provide libcrypt and libcrypt-nss subpackages. glibc has a Recommends: to prefer the NSS-based implementation. glibc-devel requires that one of the two packages is installed.
This commit is contained in:
parent
87b6ed77db
commit
7ad97baa4f
104
glibc-rh1324623.patch
Normal file
104
glibc-rh1324623.patch
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
This patch creates a crypt-glibc subdirectory which builds the
|
||||||
|
libgcrypt files, but this time against the glibc sources.
|
||||||
|
|
||||||
|
The default subdirs list does not include this subdirectory because
|
||||||
|
the file names conflict with the crypt directory. The spec file does
|
||||||
|
not use the install target to install the built libcrypt.so file,
|
||||||
|
either.
|
||||||
|
|
||||||
|
Index: b/crypt-glibc/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/crypt-glibc/Makefile
|
||||||
|
@@ -0,0 +1,51 @@
|
||||||
|
+# Build libcrypt against internal cryptographic algorithms.
|
||||||
|
+# Copyright (C) 1996-2016 Free Software Foundation, Inc.
|
||||||
|
+# This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+# The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+# modify it under the terms of the GNU Lesser General Public
|
||||||
|
+# License as published by the Free Software Foundation; either
|
||||||
|
+# version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+# The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+# Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+# You should have received a copy of the GNU Lesser General Public
|
||||||
|
+# License along with the GNU C Library; if not, see
|
||||||
|
+# <http://www.gnu.org/licenses/>.
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Sub-makefile for crypt() portion of the library.
|
||||||
|
+#
|
||||||
|
+subdir := crypt-glibc
|
||||||
|
+
|
||||||
|
+include ../Makeconfig
|
||||||
|
+
|
||||||
|
+extra-libs := libcrypt
|
||||||
|
+extra-libs-others := $(extra-libs)
|
||||||
|
+
|
||||||
|
+# Use the sources in the crypt subdirectory.
|
||||||
|
+vpath %.c ../crypt
|
||||||
|
+
|
||||||
|
+libcrypt-routines := \
|
||||||
|
+ crypt-entry md5-crypt sha256-crypt sha512-crypt crypt crypt_util
|
||||||
|
+
|
||||||
|
+tests := cert md5c-test sha256c-test sha512c-test badsalttest
|
||||||
|
+
|
||||||
|
+libcrypt-routines += md5 sha256 sha512
|
||||||
|
+
|
||||||
|
+tests += md5test sha256test sha512test
|
||||||
|
+
|
||||||
|
+# The test md5test-giant uses up to 400 MB of RSS and runs on a fast
|
||||||
|
+# machine over a minute.
|
||||||
|
+xtests = md5test-giant
|
||||||
|
+
|
||||||
|
+include ../Rules
|
||||||
|
+
|
||||||
|
+ifeq (yes,$(build-shared))
|
||||||
|
+$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so
|
||||||
|
+else
|
||||||
|
+$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a
|
||||||
|
+endif
|
||||||
|
Index: b/crypt/md5.c
|
||||||
|
===================================================================
|
||||||
|
--- a/crypt/md5.c
|
||||||
|
+++ b/crypt/md5.c
|
||||||
|
@@ -270,4 +270,4 @@ md5_process_bytes (const void *buffer, s
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-#include <md5-block.c>
|
||||||
|
+#include "md5-block.c"
|
||||||
|
Index: b/crypt/sha256.c
|
||||||
|
===================================================================
|
||||||
|
--- a/crypt/sha256.c
|
||||||
|
+++ b/crypt/sha256.c
|
||||||
|
@@ -212,4 +212,4 @@ __sha256_process_bytes (const void *buff
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-#include <sha256-block.c>
|
||||||
|
+#include "sha256-block.c"
|
||||||
|
Index: b/crypt/sha512.c
|
||||||
|
===================================================================
|
||||||
|
--- a/crypt/sha512.c
|
||||||
|
+++ b/crypt/sha512.c
|
||||||
|
@@ -235,4 +235,4 @@ __sha512_process_bytes (const void *buff
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-#include <sha512-block.c>
|
||||||
|
+#include "sha512-block.c"
|
||||||
|
Index: b/crypt-glibc/Versions
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/crypt-glibc/Versions
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+libcrypt {
|
||||||
|
+ GLIBC_2.0 {
|
||||||
|
+ crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r;
|
||||||
|
+ }
|
||||||
|
+}
|
113
glibc.spec
113
glibc.spec
@ -259,6 +259,9 @@ Patch0058: glibc-bug-regex-gcc5.patch
|
|||||||
# Add C.UTF-8 locale into /usr/lib/locale/
|
# Add C.UTF-8 locale into /usr/lib/locale/
|
||||||
Patch0059: glibc-c-utf8-locale.patch
|
Patch0059: glibc-c-utf8-locale.patch
|
||||||
|
|
||||||
|
# Build libcrypt twice, with and without NSS.
|
||||||
|
Patch0060: glibc-rh1324623.patch
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#
|
#
|
||||||
# Patches from upstream
|
# Patches from upstream
|
||||||
@ -327,6 +330,11 @@ Provides: ld-linux.so.3(GLIBC_2.4)
|
|||||||
|
|
||||||
Requires: glibc-common = %{version}-%{release}
|
Requires: glibc-common = %{version}-%{release}
|
||||||
|
|
||||||
|
%if %{without bootstrap}
|
||||||
|
# Use the NSS-based cryptographic libraries by default.
|
||||||
|
Recommends: libcrypt-nss%{_isa}
|
||||||
|
%endif
|
||||||
|
|
||||||
Requires(pre): basesystem
|
Requires(pre): basesystem
|
||||||
|
|
||||||
# This is for building auxiliary programs like memusage, nscd
|
# This is for building auxiliary programs like memusage, nscd
|
||||||
@ -471,6 +479,48 @@ library binaries that will be selected instead when running under Xen.
|
|||||||
Install glibc-xen if you might run your system under the Xen hypervisor.
|
Install glibc-xen if you might run your system under the Xen hypervisor.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
# crypt subpackages
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
%package -n libcrypt
|
||||||
|
Summary: Password hashing library (non-NSS version)
|
||||||
|
Group: System Environment/Libraries
|
||||||
|
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||||
|
Provides: libcrypt%{_isa}
|
||||||
|
Conflicts: libcrypt-nss
|
||||||
|
|
||||||
|
%description -n libcrypt
|
||||||
|
This package provides the crypt function, which implements password
|
||||||
|
hashing. The glibc implementation of the cryptographic algorithms is
|
||||||
|
used by this package.
|
||||||
|
|
||||||
|
%post -n libcrypt
|
||||||
|
/sbin/ldconfig
|
||||||
|
|
||||||
|
%postun -n libcrypt
|
||||||
|
/sbin/ldconfig
|
||||||
|
|
||||||
|
%if %{without bootstrap}
|
||||||
|
%package -n libcrypt-nss
|
||||||
|
Summary: Password hashing library (NSS version)
|
||||||
|
Group: System Environment/Libraries
|
||||||
|
Requires: %{name}%{_isa} = %{version}-%{release}
|
||||||
|
Provides: libcrypt%{_isa}
|
||||||
|
Conflicts: libcrypt
|
||||||
|
|
||||||
|
%description -n libcrypt-nss
|
||||||
|
This package provides the crypt function, which implements password
|
||||||
|
hashing. The cryptographic algorithm implementations are provided by
|
||||||
|
the low-level NSS libraries.
|
||||||
|
|
||||||
|
%post -n libcrypt-nss
|
||||||
|
/sbin/ldconfig
|
||||||
|
|
||||||
|
%postun -n libcrypt-nss
|
||||||
|
/sbin/ldconfig
|
||||||
|
%endif
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# glibc "devel" sub-package
|
# glibc "devel" sub-package
|
||||||
##############################################################################
|
##############################################################################
|
||||||
@ -482,6 +532,7 @@ Requires(pre): %{name}-headers
|
|||||||
Requires: %{name}-headers = %{version}-%{release}
|
Requires: %{name}-headers = %{version}-%{release}
|
||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name} = %{version}-%{release}
|
||||||
Requires: libgcc%{_isa}
|
Requires: libgcc%{_isa}
|
||||||
|
Requires: libcrypt%{_isa}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
The glibc-devel package contains the object files necessary
|
The glibc-devel package contains the object files necessary
|
||||||
@ -825,6 +876,7 @@ microbenchmark tests on the system.
|
|||||||
%patch0057 -p1
|
%patch0057 -p1
|
||||||
%patch0058 -p1
|
%patch0058 -p1
|
||||||
%patch0059 -p1
|
%patch0059 -p1
|
||||||
|
%patch0060 -p1
|
||||||
%patch2036 -p1
|
%patch2036 -p1
|
||||||
%patch2037 -p1
|
%patch2037 -p1
|
||||||
%patch2038 -p1
|
%patch2038 -p1
|
||||||
@ -1056,6 +1108,12 @@ build nosegneg -mno-tls-direct-seg-refs
|
|||||||
)
|
)
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# Build libcrypt with glibc cryptographic implementations.
|
||||||
|
%if %{without bootstrap}
|
||||||
|
make %{?_smpflags} -C build-%{target} subdirs=crypt-glibc \
|
||||||
|
CFLAGS="$build_CFLAGS" %{silentrules}
|
||||||
|
%endif
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# Build the glibc post-upgrade program:
|
# Build the glibc post-upgrade program:
|
||||||
# We only build one of these with the default set of options. This program
|
# We only build one of these with the default set of options. This program
|
||||||
@ -1149,6 +1207,31 @@ install_different()
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# Install libcrypt
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
%if %{without bootstrap}
|
||||||
|
# Move the NSS-based implementation out of the way.
|
||||||
|
libcrypt_found=false
|
||||||
|
for libcrypt in ${RPM_BUILD_ROOT}/%{_lib}/libcrypt-*.so ; do
|
||||||
|
if $libcrypt_found; then
|
||||||
|
# Multiple libcrypt files
|
||||||
|
ls -l ${RPM_BUILD_ROOT}/%{_lib}/libcrypt-*.so
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
mv "$libcrypt" "$(echo "$libcrypt" | sed s/libcrypt-/libcrypt-nss-/)"
|
||||||
|
done
|
||||||
|
|
||||||
|
# Install the non-NSS implementation in the original path.
|
||||||
|
install -m 755 build-%{target}/crypt-glibc/libcrypt.so "$libcrypt"
|
||||||
|
|
||||||
|
unset libcrypt libcrypt_found
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# This symbolic link will be generated by ldconfig.
|
||||||
|
rm -f ${RPM_BUILD_ROOT}/%{_lib}/libcrypt.so.1
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# Install the xen build files.
|
# Install the xen build files.
|
||||||
##############################################################################
|
##############################################################################
|
||||||
@ -1366,6 +1449,8 @@ rm -f $RPM_BUILD_ROOT%{_prefix}/lib/debug%{_libdir}/*_p.a
|
|||||||
# - Contains the list of files for the static subpackage.
|
# - Contains the list of files for the static subpackage.
|
||||||
# * nosegneg.filelist
|
# * nosegneg.filelist
|
||||||
# - Contains the list of files for the xen subpackage.
|
# - Contains the list of files for the xen subpackage.
|
||||||
|
# * libcrypt.filelist, libcrypt-nss.filelist
|
||||||
|
# - Contains the list of files for the crypt-related subpackages
|
||||||
# * nss_db.filelist, nss_nis.filelist, nss_hesiod.filelist
|
# * nss_db.filelist, nss_nis.filelist, nss_hesiod.filelist
|
||||||
# - File lists for nss_* NSS module subpackages.
|
# - File lists for nss_* NSS module subpackages.
|
||||||
# * nss-devel.filelist
|
# * nss-devel.filelist
|
||||||
@ -1551,6 +1636,14 @@ sed -i -e '\,/libnss_.*\.so[0-9.]*$,d' \
|
|||||||
# Restore the built-in NSS modules.
|
# Restore the built-in NSS modules.
|
||||||
cat nss_files.filelist nss_dns.filelist >> rpm.filelist
|
cat nss_files.filelist nss_dns.filelist >> rpm.filelist
|
||||||
|
|
||||||
|
# Prepare the libcrypt-related file lists.
|
||||||
|
grep '/libcrypt-[0-9.]*.so$' rpm.filelist > libcrypt.filelist
|
||||||
|
test $(wc -l < libcrypt.filelist) -eq 1
|
||||||
|
%if %{without bootstrap}
|
||||||
|
sed s/libcrypt/libcrypt-nss/ < libcrypt.filelist > libcrypt-nss.filelist
|
||||||
|
%endif
|
||||||
|
sed -i -e '\,/libcrypt,d' rpm.filelist
|
||||||
|
|
||||||
# Remove the zoneinfo files
|
# Remove the zoneinfo files
|
||||||
# XXX: Why isn't this don't earlier when we are removing files?
|
# XXX: Why isn't this don't earlier when we are removing files?
|
||||||
# Won't this impact what is shipped?
|
# Won't this impact what is shipped?
|
||||||
@ -1676,6 +1769,10 @@ find_debuginfo_args="$find_debuginfo_args \
|
|||||||
-p '.*/(sbin|libexec)/.*' \
|
-p '.*/(sbin|libexec)/.*' \
|
||||||
-o debuginfocommon.filelist \
|
-o debuginfocommon.filelist \
|
||||||
-l nss_db.filelist -l nss_nis.filelist -l nss_hesiod.filelist \
|
-l nss_db.filelist -l nss_nis.filelist -l nss_hesiod.filelist \
|
||||||
|
-l libcrypt.filelist \
|
||||||
|
%if %{without bootstrap}
|
||||||
|
-l libcrypt-nss.filelist \
|
||||||
|
%endif
|
||||||
-l rpm.filelist \
|
-l rpm.filelist \
|
||||||
%if %{with benchtests}
|
%if %{with benchtests}
|
||||||
-l nosegneg.filelist -l benchtests.filelist"
|
-l nosegneg.filelist -l benchtests.filelist"
|
||||||
@ -1857,6 +1954,10 @@ run_tests () {
|
|||||||
echo -------------------------
|
echo -------------------------
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# If the crypt-glibc test suite fails, something is completely
|
||||||
|
# broken, so fail the build in this case.
|
||||||
|
make %{?_smp_mflags} subdirs=crypt-glibc check %{silentrules}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Increase timeouts
|
# Increase timeouts
|
||||||
@ -2084,7 +2185,8 @@ rm -f *.filelist*
|
|||||||
%{_prefix}/lib/locale/C.utf8/*
|
%{_prefix}/lib/locale/C.utf8/*
|
||||||
%dir %attr(755,root,root) /etc/default
|
%dir %attr(755,root,root) /etc/default
|
||||||
%verify(not md5 size mtime) %config(noreplace) /etc/default/nss
|
%verify(not md5 size mtime) %config(noreplace) /etc/default/nss
|
||||||
%doc documentation/*
|
%doc documentation/README.timezone
|
||||||
|
%doc documentation/gai.conf
|
||||||
|
|
||||||
%files all-langpacks
|
%files all-langpacks
|
||||||
%attr(0644,root,root) %verify(not md5 size mtime) %{_prefix}/lib/locale/locale-archive.tmpl
|
%attr(0644,root,root) %verify(not md5 size mtime) %{_prefix}/lib/locale/locale-archive.tmpl
|
||||||
@ -2137,6 +2239,14 @@ rm -f *.filelist*
|
|||||||
%doc hesiod/README.hesiod
|
%doc hesiod/README.hesiod
|
||||||
%files -f nss-devel.filelist nss-devel
|
%files -f nss-devel.filelist nss-devel
|
||||||
|
|
||||||
|
%files -f libcrypt.filelist -n libcrypt
|
||||||
|
%doc documentation/README.ufc-crypt
|
||||||
|
%ghost /%{_lib}/libcrypt.so.1
|
||||||
|
%if %{without bootstrap}
|
||||||
|
%files -f libcrypt-nss.filelist -n libcrypt-nss
|
||||||
|
%ghost /%{_lib}/libcrypt.so.1
|
||||||
|
%endif
|
||||||
|
|
||||||
%if 0%{?_enable_debug_packages}
|
%if 0%{?_enable_debug_packages}
|
||||||
%files debuginfo -f debuginfo.filelist
|
%files debuginfo -f debuginfo.filelist
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -2158,6 +2268,7 @@ rm -f *.filelist*
|
|||||||
- Drop sendmsg/recvmsg compatibility patch (#1344830)
|
- Drop sendmsg/recvmsg compatibility patch (#1344830)
|
||||||
- glibc-devel depends on libgcc%%{_isa} (#1289356)
|
- glibc-devel depends on libgcc%%{_isa} (#1289356)
|
||||||
- Drop Requires(pre) on libgcc
|
- Drop Requires(pre) on libgcc
|
||||||
|
- Introduce libcrypt and libcrypt-nss (#1324623)
|
||||||
|
|
||||||
* Wed Jul 20 2016 Florian Weimer <fweimer@redhat.com> - 2.23.90-29
|
* Wed Jul 20 2016 Florian Weimer <fweimer@redhat.com> - 2.23.90-29
|
||||||
- Move NSS modules to subpackages (#1338889)
|
- Move NSS modules to subpackages (#1338889)
|
||||||
|
Loading…
Reference in New Issue
Block a user