Provide libcrypt and libcrypt-nss subpackages.

glibc has a Recommends: to prefer the NSS-based implementation.
glibc-devel requires that one of the two packages is installed.
This commit is contained in:
Florian Weimer 2016-07-22 17:06:37 +02:00
parent 87b6ed77db
commit 7ad97baa4f
2 changed files with 216 additions and 1 deletions

104
glibc-rh1324623.patch Normal file
View File

@ -0,0 +1,104 @@
This patch creates a crypt-glibc subdirectory which builds the
libgcrypt files, but this time against the glibc sources.
The default subdirs list does not include this subdirectory because
the file names conflict with the crypt directory. The spec file does
not use the install target to install the built libcrypt.so file,
either.
Index: b/crypt-glibc/Makefile
===================================================================
--- /dev/null
+++ b/crypt-glibc/Makefile
@@ -0,0 +1,51 @@
+# Build libcrypt against internal cryptographic algorithms.
+# Copyright (C) 1996-2016 Free Software Foundation, Inc.
+# This file is part of the GNU C Library.
+
+# The GNU C Library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# The GNU C Library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNU C Library; if not, see
+# <http://www.gnu.org/licenses/>.
+
+#
+# Sub-makefile for crypt() portion of the library.
+#
+subdir := crypt-glibc
+
+include ../Makeconfig
+
+extra-libs := libcrypt
+extra-libs-others := $(extra-libs)
+
+# Use the sources in the crypt subdirectory.
+vpath %.c ../crypt
+
+libcrypt-routines := \
+ crypt-entry md5-crypt sha256-crypt sha512-crypt crypt crypt_util
+
+tests := cert md5c-test sha256c-test sha512c-test badsalttest
+
+libcrypt-routines += md5 sha256 sha512
+
+tests += md5test sha256test sha512test
+
+# The test md5test-giant uses up to 400 MB of RSS and runs on a fast
+# machine over a minute.
+xtests = md5test-giant
+
+include ../Rules
+
+ifeq (yes,$(build-shared))
+$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so
+else
+$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a
+endif
Index: b/crypt/md5.c
===================================================================
--- a/crypt/md5.c
+++ b/crypt/md5.c
@@ -270,4 +270,4 @@ md5_process_bytes (const void *buffer, s
}
}
-#include <md5-block.c>
+#include "md5-block.c"
Index: b/crypt/sha256.c
===================================================================
--- a/crypt/sha256.c
+++ b/crypt/sha256.c
@@ -212,4 +212,4 @@ __sha256_process_bytes (const void *buff
}
}
-#include <sha256-block.c>
+#include "sha256-block.c"
Index: b/crypt/sha512.c
===================================================================
--- a/crypt/sha512.c
+++ b/crypt/sha512.c
@@ -235,4 +235,4 @@ __sha512_process_bytes (const void *buff
}
}
-#include <sha512-block.c>
+#include "sha512-block.c"
Index: b/crypt-glibc/Versions
===================================================================
--- /dev/null
+++ b/crypt-glibc/Versions
@@ -0,0 +1,5 @@
+libcrypt {
+ GLIBC_2.0 {
+ crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r;
+ }
+}

View File

@ -259,6 +259,9 @@ Patch0058: glibc-bug-regex-gcc5.patch
# Add C.UTF-8 locale into /usr/lib/locale/ # Add C.UTF-8 locale into /usr/lib/locale/
Patch0059: glibc-c-utf8-locale.patch Patch0059: glibc-c-utf8-locale.patch
# Build libcrypt twice, with and without NSS.
Patch0060: glibc-rh1324623.patch
############################################################################## ##############################################################################
# #
# Patches from upstream # Patches from upstream
@ -327,6 +330,11 @@ Provides: ld-linux.so.3(GLIBC_2.4)
Requires: glibc-common = %{version}-%{release} Requires: glibc-common = %{version}-%{release}
%if %{without bootstrap}
# Use the NSS-based cryptographic libraries by default.
Recommends: libcrypt-nss%{_isa}
%endif
Requires(pre): basesystem Requires(pre): basesystem
# This is for building auxiliary programs like memusage, nscd # This is for building auxiliary programs like memusage, nscd
@ -471,6 +479,48 @@ library binaries that will be selected instead when running under Xen.
Install glibc-xen if you might run your system under the Xen hypervisor. Install glibc-xen if you might run your system under the Xen hypervisor.
%endif %endif
######################################################################
# crypt subpackages
######################################################################
%package -n libcrypt
Summary: Password hashing library (non-NSS version)
Group: System Environment/Libraries
Requires: %{name}%{_isa} = %{version}-%{release}
Provides: libcrypt%{_isa}
Conflicts: libcrypt-nss
%description -n libcrypt
This package provides the crypt function, which implements password
hashing. The glibc implementation of the cryptographic algorithms is
used by this package.
%post -n libcrypt
/sbin/ldconfig
%postun -n libcrypt
/sbin/ldconfig
%if %{without bootstrap}
%package -n libcrypt-nss
Summary: Password hashing library (NSS version)
Group: System Environment/Libraries
Requires: %{name}%{_isa} = %{version}-%{release}
Provides: libcrypt%{_isa}
Conflicts: libcrypt
%description -n libcrypt-nss
This package provides the crypt function, which implements password
hashing. The cryptographic algorithm implementations are provided by
the low-level NSS libraries.
%post -n libcrypt-nss
/sbin/ldconfig
%postun -n libcrypt-nss
/sbin/ldconfig
%endif
############################################################################## ##############################################################################
# glibc "devel" sub-package # glibc "devel" sub-package
############################################################################## ##############################################################################
@ -482,6 +532,7 @@ Requires(pre): %{name}-headers
Requires: %{name}-headers = %{version}-%{release} Requires: %{name}-headers = %{version}-%{release}
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}
Requires: libgcc%{_isa} Requires: libgcc%{_isa}
Requires: libcrypt%{_isa}
%description devel %description devel
The glibc-devel package contains the object files necessary The glibc-devel package contains the object files necessary
@ -825,6 +876,7 @@ microbenchmark tests on the system.
%patch0057 -p1 %patch0057 -p1
%patch0058 -p1 %patch0058 -p1
%patch0059 -p1 %patch0059 -p1
%patch0060 -p1
%patch2036 -p1 %patch2036 -p1
%patch2037 -p1 %patch2037 -p1
%patch2038 -p1 %patch2038 -p1
@ -1056,6 +1108,12 @@ build nosegneg -mno-tls-direct-seg-refs
) )
%endif %endif
# Build libcrypt with glibc cryptographic implementations.
%if %{without bootstrap}
make %{?_smpflags} -C build-%{target} subdirs=crypt-glibc \
CFLAGS="$build_CFLAGS" %{silentrules}
%endif
############################################################################## ##############################################################################
# Build the glibc post-upgrade program: # Build the glibc post-upgrade program:
# We only build one of these with the default set of options. This program # We only build one of these with the default set of options. This program
@ -1149,6 +1207,31 @@ install_different()
done done
} }
#############################################################################
# Install libcrypt
#############################################################################
%if %{without bootstrap}
# Move the NSS-based implementation out of the way.
libcrypt_found=false
for libcrypt in ${RPM_BUILD_ROOT}/%{_lib}/libcrypt-*.so ; do
if $libcrypt_found; then
# Multiple libcrypt files
ls -l ${RPM_BUILD_ROOT}/%{_lib}/libcrypt-*.so
exit 1
fi
mv "$libcrypt" "$(echo "$libcrypt" | sed s/libcrypt-/libcrypt-nss-/)"
done
# Install the non-NSS implementation in the original path.
install -m 755 build-%{target}/crypt-glibc/libcrypt.so "$libcrypt"
unset libcrypt libcrypt_found
%endif
# This symbolic link will be generated by ldconfig.
rm -f ${RPM_BUILD_ROOT}/%{_lib}/libcrypt.so.1
############################################################################## ##############################################################################
# Install the xen build files. # Install the xen build files.
############################################################################## ##############################################################################
@ -1366,6 +1449,8 @@ rm -f $RPM_BUILD_ROOT%{_prefix}/lib/debug%{_libdir}/*_p.a
# - Contains the list of files for the static subpackage. # - Contains the list of files for the static subpackage.
# * nosegneg.filelist # * nosegneg.filelist
# - Contains the list of files for the xen subpackage. # - Contains the list of files for the xen subpackage.
# * libcrypt.filelist, libcrypt-nss.filelist
# - Contains the list of files for the crypt-related subpackages
# * nss_db.filelist, nss_nis.filelist, nss_hesiod.filelist # * nss_db.filelist, nss_nis.filelist, nss_hesiod.filelist
# - File lists for nss_* NSS module subpackages. # - File lists for nss_* NSS module subpackages.
# * nss-devel.filelist # * nss-devel.filelist
@ -1551,6 +1636,14 @@ sed -i -e '\,/libnss_.*\.so[0-9.]*$,d' \
# Restore the built-in NSS modules. # Restore the built-in NSS modules.
cat nss_files.filelist nss_dns.filelist >> rpm.filelist cat nss_files.filelist nss_dns.filelist >> rpm.filelist
# Prepare the libcrypt-related file lists.
grep '/libcrypt-[0-9.]*.so$' rpm.filelist > libcrypt.filelist
test $(wc -l < libcrypt.filelist) -eq 1
%if %{without bootstrap}
sed s/libcrypt/libcrypt-nss/ < libcrypt.filelist > libcrypt-nss.filelist
%endif
sed -i -e '\,/libcrypt,d' rpm.filelist
# Remove the zoneinfo files # Remove the zoneinfo files
# XXX: Why isn't this don't earlier when we are removing files? # XXX: Why isn't this don't earlier when we are removing files?
# Won't this impact what is shipped? # Won't this impact what is shipped?
@ -1676,6 +1769,10 @@ find_debuginfo_args="$find_debuginfo_args \
-p '.*/(sbin|libexec)/.*' \ -p '.*/(sbin|libexec)/.*' \
-o debuginfocommon.filelist \ -o debuginfocommon.filelist \
-l nss_db.filelist -l nss_nis.filelist -l nss_hesiod.filelist \ -l nss_db.filelist -l nss_nis.filelist -l nss_hesiod.filelist \
-l libcrypt.filelist \
%if %{without bootstrap}
-l libcrypt-nss.filelist \
%endif
-l rpm.filelist \ -l rpm.filelist \
%if %{with benchtests} %if %{with benchtests}
-l nosegneg.filelist -l benchtests.filelist" -l nosegneg.filelist -l benchtests.filelist"
@ -1857,6 +1954,10 @@ run_tests () {
echo ------------------------- echo -------------------------
done done
fi fi
# If the crypt-glibc test suite fails, something is completely
# broken, so fail the build in this case.
make %{?_smp_mflags} subdirs=crypt-glibc check %{silentrules}
} }
# Increase timeouts # Increase timeouts
@ -2084,7 +2185,8 @@ rm -f *.filelist*
%{_prefix}/lib/locale/C.utf8/* %{_prefix}/lib/locale/C.utf8/*
%dir %attr(755,root,root) /etc/default %dir %attr(755,root,root) /etc/default
%verify(not md5 size mtime) %config(noreplace) /etc/default/nss %verify(not md5 size mtime) %config(noreplace) /etc/default/nss
%doc documentation/* %doc documentation/README.timezone
%doc documentation/gai.conf
%files all-langpacks %files all-langpacks
%attr(0644,root,root) %verify(not md5 size mtime) %{_prefix}/lib/locale/locale-archive.tmpl %attr(0644,root,root) %verify(not md5 size mtime) %{_prefix}/lib/locale/locale-archive.tmpl
@ -2137,6 +2239,14 @@ rm -f *.filelist*
%doc hesiod/README.hesiod %doc hesiod/README.hesiod
%files -f nss-devel.filelist nss-devel %files -f nss-devel.filelist nss-devel
%files -f libcrypt.filelist -n libcrypt
%doc documentation/README.ufc-crypt
%ghost /%{_lib}/libcrypt.so.1
%if %{without bootstrap}
%files -f libcrypt-nss.filelist -n libcrypt-nss
%ghost /%{_lib}/libcrypt.so.1
%endif
%if 0%{?_enable_debug_packages} %if 0%{?_enable_debug_packages}
%files debuginfo -f debuginfo.filelist %files debuginfo -f debuginfo.filelist
%defattr(-,root,root) %defattr(-,root,root)
@ -2158,6 +2268,7 @@ rm -f *.filelist*
- Drop sendmsg/recvmsg compatibility patch (#1344830) - Drop sendmsg/recvmsg compatibility patch (#1344830)
- glibc-devel depends on libgcc%%{_isa} (#1289356) - glibc-devel depends on libgcc%%{_isa} (#1289356)
- Drop Requires(pre) on libgcc - Drop Requires(pre) on libgcc
- Introduce libcrypt and libcrypt-nss (#1324623)
* Wed Jul 20 2016 Florian Weimer <fweimer@redhat.com> - 2.23.90-29 * Wed Jul 20 2016 Florian Weimer <fweimer@redhat.com> - 2.23.90-29
- Move NSS modules to subpackages (#1338889) - Move NSS modules to subpackages (#1338889)