417 lines
15 KiB
Diff
417 lines
15 KiB
Diff
Background information:
|
|
|
|
https://sourceware.org/ml/libc-alpha/2017-08/msg01257.html
|
|
https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
|
|
|
|
From: Zack Weinberg <zackw@panix.com>
|
|
Subject: [PATCH] Deprecate libcrypt and don't build it by default
|
|
|
|
Back in June, Björn Esser proposed to add OpenBSD-compatible bcrypt
|
|
support to our implementation of crypt(3), and Zack Weinberg replied
|
|
that it might actually make more sense to _remove_ libcrypt from
|
|
glibc, freeing up libcrypt.so.1 and crypt.h to be provided by a
|
|
separate project that could move faster. (For instance, libxcrypt:
|
|
https://github.com/besser82/libxcrypt)
|
|
|
|
This patch disables build and installation of libcrypt by default. It
|
|
can be re-enabled with --enable-obsolete-crypt to configure. Unlike
|
|
libnsl, we do *not* install a runtime shared library; that's left to
|
|
the replacement. (Unlike the SunRPC situation, I think we can
|
|
probably drop this code altogether in a release or two.)
|
|
|
|
The function prototypes for crypt and encrypt are removed from
|
|
unistd.h, and the function prototype for setkey is removed from
|
|
stdlib.h; they do *not* come back with --enable-obsolete-crypt. This
|
|
means glibc no longer provides the POSIX CRYPT option, and the macro
|
|
_XOPEN_CRYPT is also removed from unistd.h to indicate that.
|
|
(_SC_XOPEN_CRYPT is still defined, but sysconf(_SC_XOPEN_CRYPT) will
|
|
return -1 at runtime.) These functions are also unconditionally
|
|
removed from conform/data/{stdlib,unistd}.h-data.
|
|
|
|
* posix/unistd.h (_XOPEN_CRYPT, crypt, encrypt): Don't declare.
|
|
* stdlib/stdlib.h (setkey): Don't declare.
|
|
|
|
* configure.ac (--enable-obsolete-crypt): New configure option.
|
|
* configure: Regenerate.
|
|
* config.make.in (build-obsolete-crypt): New makefile variable.
|
|
* crypt/Banner: Delete file.
|
|
* crypt/Makefile: Don't build anything unless
|
|
$(build-obsolete-crypt) is 'yes'.
|
|
* sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile: Only add things
|
|
to libcrypt-sysdep_routines when $(build-obsolete-crypt) is 'yes'.
|
|
* sysdeps/sparc/sparc64/multiarch/Makefile: Likewise.
|
|
* sysdeps/unix/sysv/linux/arm/Makefile: Likewise.
|
|
|
|
* conform/Makefile: Only include libcrypt.a in linknamespace tests
|
|
when $(build-obsolete-crypt) is 'yes'.
|
|
* conform/data/stdlib.h-data (setkey): Don't expect.
|
|
* conform/data/unistd.h-data (crypt, encrypt): Don't expect.
|
|
* elf/Makefile: Only perform various tests of libcrypt.so/libcrypt.a
|
|
when $(build-obsolete-crypt) is 'yes'.
|
|
* elf/tst-linkall-static.c: Don't include crypt.h when USE_CRYPT
|
|
is false.
|
|
---
|
|
NEWS | 18 ++++++++++++++++++
|
|
config.make.in | 1 +
|
|
configure | 13 +++++++++++++
|
|
configure.ac | 8 ++++++++
|
|
conform/Makefile | 14 ++++++++++----
|
|
conform/data/stdlib.h-data | 3 ---
|
|
conform/data/unistd.h-data | 6 ------
|
|
crypt/Makefile | 5 +++++
|
|
elf/Makefile | 16 ++++++++++++----
|
|
elf/tst-linkall-static.c | 2 ++
|
|
posix/unistd.h | 16 ----------------
|
|
stdlib/stdlib.h | 6 ------
|
|
sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile | 2 ++
|
|
sysdeps/sparc/sparc64/multiarch/Makefile | 2 ++
|
|
sysdeps/unix/sysv/linux/arm/Makefile | 2 ++
|
|
15 files changed, 75 insertions(+), 39 deletions(-)
|
|
|
|
diff --git a/config.make.in b/config.make.in
|
|
index 9e5e24b2c6..8fe610d04d 100644
|
|
--- a/config.make.in
|
|
+++ b/config.make.in
|
|
@@ -82,6 +82,7 @@ mach-interface-list = @mach_interface_list@
|
|
|
|
experimental-malloc = @experimental_malloc@
|
|
|
|
+build-obsolete-crypt = @build_obsolete_crypt@
|
|
nss-crypt = @libc_cv_nss_crypt@
|
|
static-nss-crypt = @libc_cv_static_nss_crypt@
|
|
|
|
diff --git a/configure b/configure
|
|
index 7a8bd3f817..46f6bd7f86 100755
|
|
--- a/configure
|
|
+++ b/configure
|
|
@@ -672,6 +672,7 @@ base_machine
|
|
have_tunables
|
|
build_pt_chown
|
|
build_nscd
|
|
+build_obsolete_crypt
|
|
build_obsolete_nsl
|
|
link_obsolete_rpc
|
|
libc_cv_static_nss_crypt
|
|
@@ -782,6 +783,7 @@ enable_experimental_malloc
|
|
enable_nss_crypt
|
|
enable_obsolete_rpc
|
|
enable_obsolete_nsl
|
|
+enable_obsolete_crypt
|
|
enable_systemtap
|
|
enable_build_nscd
|
|
enable_nscd
|
|
@@ -1453,6 +1455,7 @@ Optional Features:
|
|
link-time usage
|
|
--enable-obsolete-nsl build and install the obsolete libnsl library and
|
|
depending NSS modules
|
|
+ --enable-obsolete-crypt build and install the obsolete libcrypt library
|
|
--enable-systemtap enable systemtap static probe points [default=no]
|
|
--disable-build-nscd disable building and installing the nscd daemon
|
|
--disable-nscd library functions will not contact the nscd daemon
|
|
@@ -3632,6 +3635,16 @@ if test "$build_obsolete_nsl" = yes; then
|
|
|
|
fi
|
|
|
|
+# Check whether --enable-obsolete-crypt was given.
|
|
+if test "${enable_obsolete_crypt+set}" = set; then :
|
|
+ enableval=$enable_obsolete_crypt; build_obsolete_crypt=$enableval
|
|
+else
|
|
+ build_obsolete_crypt=no
|
|
+fi
|
|
+
|
|
+
|
|
+
|
|
+
|
|
# Check whether --enable-systemtap was given.
|
|
if test "${enable_systemtap+set}" = set; then :
|
|
enableval=$enable_systemtap; systemtap=$enableval
|
|
diff --git a/configure.ac b/configure.ac
|
|
index ca1282a6b3..0142353740 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -378,6 +378,14 @@ if test "$build_obsolete_nsl" = yes; then
|
|
AC_DEFINE(LINK_OBSOLETE_NSL)
|
|
fi
|
|
|
|
+AC_ARG_ENABLE([obsolete-crypt],
|
|
+ AC_HELP_STRING([--enable-obsolete-crypt],
|
|
+ [build and install the obsolete libcrypt library]),
|
|
+ [build_obsolete_crypt=$enableval],
|
|
+ [build_obsolete_crypt=no])
|
|
+AC_SUBST(build_obsolete_crypt)
|
|
+
|
|
+
|
|
AC_ARG_ENABLE([systemtap],
|
|
[AS_HELP_STRING([--enable-systemtap],
|
|
[enable systemtap static probe points @<:@default=no@:>@])],
|
|
diff --git a/conform/Makefile b/conform/Makefile
|
|
index 864fdeca21..5ef474fb24 100644
|
|
--- a/conform/Makefile
|
|
+++ b/conform/Makefile
|
|
@@ -193,22 +193,28 @@ linknamespace-libs-thr = $(linknamespace-libs-isoc) \
|
|
$(common-objpfx)rt/librt.a $(static-thread-library)
|
|
linknamespace-libs-posix = $(linknamespace-libs-thr) \
|
|
$(common-objpfx)dlfcn/libdl.a
|
|
-linknamespace-libs-xsi = $(linknamespace-libs-posix) \
|
|
- $(common-objpfx)crypt/libcrypt.a
|
|
+linknamespace-libs-xsi = $(linknamespace-libs-posix)
|
|
linknamespace-libs-ISO = $(linknamespace-libs-isoc)
|
|
linknamespace-libs-ISO99 = $(linknamespace-libs-isoc)
|
|
linknamespace-libs-ISO11 = $(linknamespace-libs-isoc)
|
|
-linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) \
|
|
- $(common-objpfx)crypt/libcrypt.a
|
|
+linknamespace-libs-XPG4 = $(linknamespace-libs-isoc)
|
|
linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4)
|
|
linknamespace-libs-POSIX = $(linknamespace-libs-thr)
|
|
linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi)
|
|
linknamespace-libs-XOPEN2K = $(linknamespace-libs-xsi)
|
|
linknamespace-libs-POSIX2008 = $(linknamespace-libs-posix)
|
|
linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi)
|
|
+
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
+linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a
|
|
+linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a
|
|
+endif
|
|
+
|
|
linknamespace-libs = $(foreach std,$(conformtest-standards),\
|
|
$(linknamespace-libs-$(std)))
|
|
|
|
+
|
|
+
|
|
$(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
|
|
$(linknamespace-libs)
|
|
LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \
|
|
diff --git a/conform/data/stdlib.h-data b/conform/data/stdlib.h-data
|
|
index d8fcccc2fb..6913828196 100644
|
|
--- a/conform/data/stdlib.h-data
|
|
+++ b/conform/data/stdlib.h-data
|
|
@@ -149,9 +149,6 @@ function {unsigned short int*} seed48 (unsigned short int[3])
|
|
#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98
|
|
function int setenv (const char*, const char*, int)
|
|
#endif
|
|
-#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008
|
|
-function void setkey (const char*)
|
|
-#endif
|
|
#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008
|
|
function {char*} setstate (char*)
|
|
#endif
|
|
diff --git a/conform/data/unistd.h-data b/conform/data/unistd.h-data
|
|
index ddf4f25132..aa070528e8 100644
|
|
--- a/conform/data/unistd.h-data
|
|
+++ b/conform/data/unistd.h-data
|
|
@@ -437,9 +437,6 @@ function int chroot (const char*)
|
|
function int chown (const char*, uid_t, gid_t)
|
|
function int close (int)
|
|
function size_t confstr (int, char*, size_t)
|
|
-#if !defined POSIX && !defined POSIX2008
|
|
-function {char*} crypt (const char*, const char*)
|
|
-#endif
|
|
#if defined XPG4 || defined XPG42 || defined UNIX98
|
|
function {char*} ctermid (char*)
|
|
function {char*} cuserid (char*)
|
|
@@ -449,9 +446,6 @@ allow cuserid
|
|
#endif
|
|
function int dup (int)
|
|
function int dup2 (int, int)
|
|
-#if !defined POSIX && !defined POSIX2008
|
|
-function void encrypt (char[64], int)
|
|
-#endif
|
|
function int execl (const char*, const char*, ...)
|
|
function int execle (const char*, const char*, ...)
|
|
function int execlp (const char*, const char*, ...)
|
|
diff --git a/crypt/Makefile b/crypt/Makefile
|
|
index 303800df73..024ec2c6ab 100644
|
|
--- a/crypt/Makefile
|
|
+++ b/crypt/Makefile
|
|
@@ -22,6 +22,8 @@ subdir := crypt
|
|
|
|
include ../Makeconfig
|
|
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
+
|
|
headers := crypt.h
|
|
|
|
extra-libs := libcrypt
|
|
@@ -52,9 +54,11 @@ tests += md5test sha256test sha512test
|
|
# machine over a minute.
|
|
xtests = md5test-giant
|
|
endif
|
|
+endif
|
|
|
|
include ../Rules
|
|
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
ifneq ($(nss-crypt),yes)
|
|
md5-routines := md5 $(filter md5%,$(libcrypt-sysdep_routines))
|
|
sha256-routines := sha256 $(filter sha256%,$(libcrypt-sysdep_routines))
|
|
@@ -71,3 +75,4 @@ $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so
|
|
else
|
|
$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a
|
|
endif
|
|
+endif
|
|
diff --git a/elf/Makefile b/elf/Makefile
|
|
index 2a432d8bee..366f7b80ec 100644
|
|
--- a/elf/Makefile
|
|
+++ b/elf/Makefile
|
|
@@ -385,15 +385,19 @@ $(objpfx)tst-_dl_addr_inside_object: $(objpfx)dl-addr-obj.os
|
|
CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag)
|
|
endif
|
|
|
|
-# By default tst-linkall-static should try to use crypt routines to test
|
|
-# static libcrypt use.
|
|
-CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
+# If the libcrypt library is being built, tst-linkall-static should
|
|
+# try to use crypt routines to test static libcrypt use.
|
|
+CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=1
|
|
# However, if we are using NSS crypto and we don't have a static
|
|
# library, then we exclude the use of crypt functions in the test.
|
|
# We similarly exclude libcrypt.a from the static link (see below).
|
|
ifeq (yesno,$(nss-crypt)$(static-nss-crypt))
|
|
CFLAGS-tst-linkall-static.c += -UUSE_CRYPT -DUSE_CRYPT=0
|
|
endif
|
|
+else
|
|
+CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=0
|
|
+endif
|
|
|
|
include ../Rules
|
|
|
|
@@ -1113,8 +1117,10 @@ localplt-built-dso := $(addprefix $(common-objpfx),\
|
|
rt/librt.so \
|
|
dlfcn/libdl.so \
|
|
resolv/libresolv.so \
|
|
- crypt/libcrypt.so \
|
|
)
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
+localplt-built-dso += $(addprefix $(common-objpfx), crypt/libcrypt.so)
|
|
+endif
|
|
ifeq ($(build-mathvec),yes)
|
|
localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so)
|
|
endif
|
|
@@ -1395,6 +1401,7 @@ $(objpfx)tst-linkall-static: \
|
|
$(common-objpfx)resolv/libanl.a \
|
|
$(static-thread-library)
|
|
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
# If we are using NSS crypto and we have the ability to link statically
|
|
# then we include libcrypt.a, otherwise we leave out libcrypt.a and
|
|
# link as much as we can into the tst-linkall-static test. This assumes
|
|
@@ -1410,6 +1417,7 @@ ifeq (no,$(nss-crypt))
|
|
$(objpfx)tst-linkall-static: \
|
|
$(common-objpfx)crypt/libcrypt.a
|
|
endif
|
|
+endif
|
|
|
|
# The application depends on the DSO, and the DSO loads the plugin.
|
|
# The plugin also depends on the DSO. This creates the circular
|
|
diff --git a/elf/tst-linkall-static.c b/elf/tst-linkall-static.c
|
|
index e8df38f74e..0ffae7c723 100644
|
|
--- a/elf/tst-linkall-static.c
|
|
+++ b/elf/tst-linkall-static.c
|
|
@@ -18,7 +18,9 @@
|
|
|
|
#include <math.h>
|
|
#include <pthread.h>
|
|
+#if USE_CRYPT
|
|
#include <crypt.h>
|
|
+#endif
|
|
#include <resolv.h>
|
|
#include <dlfcn.h>
|
|
#include <utmp.h>
|
|
diff --git a/posix/unistd.h b/posix/unistd.h
|
|
index 4d149f9945..e75ce4d4ec 100644
|
|
--- a/posix/unistd.h
|
|
+++ b/posix/unistd.h
|
|
@@ -107,9 +107,6 @@ __BEGIN_DECLS
|
|
/* The X/Open Unix extensions are available. */
|
|
#define _XOPEN_UNIX 1
|
|
|
|
-/* Encryption is present. */
|
|
-#define _XOPEN_CRYPT 1
|
|
-
|
|
/* The enhanced internationalization capabilities according to XPG4.2
|
|
are present. */
|
|
#define _XOPEN_ENH_I18N 1
|
|
@@ -1118,20 +1115,7 @@ ssize_t copy_file_range (int __infd, __off64_t *__pinoff,
|
|
extern int fdatasync (int __fildes);
|
|
#endif /* Use POSIX199309 */
|
|
|
|
-
|
|
-/* XPG4.2 specifies that prototypes for the encryption functions must
|
|
- be defined here. */
|
|
#ifdef __USE_XOPEN
|
|
-/* Encrypt at most 8 characters from KEY using salt to perturb DES. */
|
|
-extern char *crypt (const char *__key, const char *__salt)
|
|
- __THROW __nonnull ((1, 2));
|
|
-
|
|
-/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
|
|
- block in place. */
|
|
-extern void encrypt (char *__glibc_block, int __edflag)
|
|
- __THROW __nonnull ((1));
|
|
-
|
|
-
|
|
/* Swab pairs bytes in the first N bytes of the area pointed to by
|
|
FROM and copy the result to TO. The value of TO must not be in the
|
|
range [FROM - N + 1, FROM - 1]. If N is odd the first byte in FROM
|
|
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
|
|
index 6b1ead31e0..8e23e93557 100644
|
|
--- a/stdlib/stdlib.h
|
|
+++ b/stdlib/stdlib.h
|
|
@@ -958,12 +958,6 @@ extern int getsubopt (char **__restrict __optionp,
|
|
#endif
|
|
|
|
|
|
-#ifdef __USE_XOPEN
|
|
-/* Setup DES tables according KEY. */
|
|
-extern void setkey (const char *__key) __THROW __nonnull ((1));
|
|
-#endif
|
|
-
|
|
-
|
|
/* X/Open pseudo terminal handling. */
|
|
|
|
#ifdef __USE_XOPEN2KXSI
|
|
diff --git a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile
|
|
index a6d08f3a00..d8b8297fb0 100644
|
|
--- a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile
|
|
+++ b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile
|
|
@@ -1,6 +1,8 @@
|
|
ifeq ($(subdir),crypt)
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop
|
|
endif
|
|
+endif
|
|
|
|
ifeq ($(subdir),locale)
|
|
localedef-aux += md5-crop
|
|
diff --git a/sysdeps/sparc/sparc64/multiarch/Makefile b/sysdeps/sparc/sparc64/multiarch/Makefile
|
|
index eaf758e7aa..0198f9886f 100644
|
|
--- a/sysdeps/sparc/sparc64/multiarch/Makefile
|
|
+++ b/sysdeps/sparc/sparc64/multiarch/Makefile
|
|
@@ -1,6 +1,8 @@
|
|
ifeq ($(subdir),crypt)
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop
|
|
endif
|
|
+endif
|
|
|
|
ifeq ($(subdir),locale)
|
|
localedef-aux += md5-crop
|
|
diff --git a/sysdeps/unix/sysv/linux/arm/Makefile b/sysdeps/unix/sysv/linux/arm/Makefile
|
|
index 4adc35de04..6cab4f3a31 100644
|
|
--- a/sysdeps/unix/sysv/linux/arm/Makefile
|
|
+++ b/sysdeps/unix/sysv/linux/arm/Makefile
|
|
@@ -19,8 +19,10 @@ endif
|
|
# Add a syscall function to each library that needs one.
|
|
|
|
ifeq ($(subdir),crypt)
|
|
+ifeq ($(build-obsolete-crypt),yes)
|
|
libcrypt-sysdep_routines += libc-do-syscall
|
|
endif
|
|
+endif
|
|
|
|
ifeq ($(subdir),rt)
|
|
librt-sysdep_routines += libc-do-syscall
|
|
--
|
|
2.16.0
|
|
|