diff --git a/libxcrypt.spec b/libxcrypt.spec index 16e15ef..cf62865 100644 --- a/libxcrypt.spec +++ b/libxcrypt.spec @@ -1,25 +1,58 @@ +# Build with new api? +#if 0%%{?fedora} >= 30 || 0%%{?rhel} >= 9 +#bcond_without new_api +#else +%bcond_with new_api +#endif + + # Shared object version of libcrypt. +%if %{with new_api} +%global soc 2 +%global sol 0 +%global sof 0 +%global sov %{soc}.%{sol}.%{sof} +%global csoc 1 +%global csol 1 +%global csof 0 +%global csov %{csoc}.%{csol}.%{csof} +%else %global soc 1 %global sol 1 %global sof 0 %global sov %{soc}.%{sol}.%{sof} +%endif + + +# Needed for out-of-tree builds. +%global _configure ../configure + # Add generation of HMAC checksums of the final stripped # binaries. %%define with lazy globbing is used here # intentionally, because using %%global does not work. -%define __spec_install_post \ -%{?__debug_package:%{__debug_install_post}} \ -%{__arch_install_post} \ -%{__os_install_post} \ -%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \ -%{__ln_s} .libcrypt.so.%{sov}.hmac \\\ - %{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \ +%define __spec_install_post \ +%{?__debug_package:%{__debug_install_post}} \ +%{__arch_install_post} \ +%{__os_install_post} \ +%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \ +%{__ln_s} .libcrypt.so.%{sov}.hmac \\\ + %{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \ +if [[ %{with new_api} == 1 ]]; then \ + %{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{csov} \ + %{__ln_s} .libcrypt.so.%{csov}.hmac \\\ + %{buildroot}/%{_lib}/.libcrypt.so.%{csoc}.hmac \ +fi \ %{nil} +# Needed for shared licensedir. +%global _pkglicensedir %{_defaultlicensedir}/%{name} + + Name: libxcrypt Version: 4.2.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Extended crypt library for DES, MD5, Blowfish and others # For explicit license breakdown, see the @@ -31,63 +64,105 @@ Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: fipscheck BuildRequires: libtool -Requires: glibc%{_isa} >= 2.26.9000-46 - # We do not need to keep this forever. -%if 0%{?fedora} && 0%{?fedora} <= 31 +%if %{without new_api} && (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10) # Inherited from former libcrypt package. -Obsoletes: libcrypt-nss <= 2.26.9000-33 +Obsoletes: libcrypt-nss <= 2.26.9000-33 # Obsolete former libcrypt properly. -Obsoletes: libcrypt <= 2.26.9000-46 +Obsoletes: libcrypt <= 2.26.9000-46 # Provide virtual libcrypt as it has been done # by former libcrypt{,-nss} packages from glibc. -Provides: libcrypt == 2.26.9000-46.1 -Provides: libcrypt%{?_isa} == 2.26.9000-46.1 +Provides: libcrypt == 2.26.9000-47 +Provides: libcrypt%{?_isa} == 2.26.9000-47 %endif +Requires: glibc%{_isa} >= 2.26.9000-46 +Requires: %{name}-common == %{version}-%{release} + + %description libxcrypt is a modern library for one-way hashing of passwords. It -supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password -hashes, and provides the traditional Unix 'crypt' and 'crypt_r' -interfaces, as well as a set of extended interfaces pioneered by -Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt', -'crypt_gensalt_rn', and 'crypt_gensalt_ra'. +supports a wide variety of both modern and historical hashing methods: +yescrypt, bcrypt, SHA-2-512, SHA-2-256, SHA-1, MD5 (two variants), +DES (three variants), and NTHASH. It provides the traditional Unix +crypt and crypt_r interfaces, as well as a set of extended interfaces +pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, +crypt_gensalt_rn, and crypt_gensalt_ra. libxcrypt is intended to be used by login(1), passwd(1), and other -similar programs; that is, to hash a small number of passwords during -an interactive authentication dialogue with a human. It is not -suitable for use in bulk password-cracking applications, or in any -other situation where speed is more important than careful handling of -sensitive data. However, it *is* intended to be fast and lightweight -enough for use in servers that must field thousands of login attempts -per minute. +similar applications; that is, to hash a small number of passwords +during an interactive authentication dialogue with a human. It is +not suitable for use in bulk password-cracking applications, or in +any other situation where speed is more important than careful +handling of sensitive data. However, it is intended to be fast and +lightweight enough for use in servers that must field thousands of +login attempts per minute. -On Linux-based systems, by default libxcrypt will be binary backward -compatible with the libcrypt.so.1 shipped as part of the GNU C Library. -This means that all existing binary executables linked against glibc's -libcrypt should work unmodified with this library's libcrypt.so.1. We -have taken pains to provide exactly the same "symbol versions" as were -used by glibc on various CPU architectures, and to account for the -variety of ways in which the Openwall extensions were patched into -glibc's libcrypt by some Linux distributions. (For instance, -compatibility symlinks for SuSE's "libowcrypt" are provided.) +This version of the library does not provide the legacy API functions +that have been provided by glibc's libcrypt.so.1. -However, the converse is not true: programs linked against libxcrypt -will not work with glibc's libcrypt. Also, programs that use certain -legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r', -'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt. + +%package common +Summary: Common files for %{name} +BuildArch: noarch + +%description common +This package contains common files for %{name}. + + +%if %{with new_api} +%package compat +Summary: Compatibility library providing legacy API functions + +# We do not need to keep this forever. +%if (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10) +# Inherited from former libcrypt package. +Obsoletes: libcrypt-nss <= 2.26.9000-33 + +# Obsolete former libcrypt properly. +Obsoletes: libcrypt <= 2.26.9000-46 + +# Provide virtual libcrypt as it has been done +# by former libcrypt{,-nss} packages from glibc. +Provides: libcrypt == 2.26.9000-47 +Provides: libcrypt%{?_isa} == 2.26.9000-47 +%endif + +Requires: glibc%{_isa} >= 2.26.9000-46 +Requires: %{name}-common == %{version}-%{release} + +%description compat +This package contains the library providing the compatibility API for +applications that are still using the unsafe and deprecated encrypt, +encrypt_r, setkey, setkey_r, and fcrypt functions. + +All existing binary executables linked against glibc's libcrypt should +work unmodified with this version of the libxcrypt. + + +%package compat-devel +Summary: Development files for %{name}-compat + +Requires: %{name}-compat%{?_isa} == %{version}-%{release} +Requires: %{name}-devel%{?_isa} == %{version}-%{release} + +%description compat-devel +You really do NOT need this package, unless your application needs to +be linked against one of the legacy API functions: encrypt, encrypt_r, +setkey, setkey_r, or fcrypt provided by libcrypt.so.1. +%endif %package devel Summary: Development files for %{name} -Conflicts: man-pages < 4.15-3 +Conflicts: man-pages < 4.15-3 -Requires: %{name}%{?_isa} == %{version}-%{release} -Requires: glibc-devel%{?_isa} >= 2.26.9000-46 -Requires: glibc-headers%{?_isa} >= 2.26.9000-46 +Requires: %{name}%{?_isa} == %{version}-%{release} +Requires: glibc-devel%{?_isa} >= 2.26.9000-46 +Requires: glibc-headers%{?_isa} >= 2.26.9000-46 %description devel The %{name}-devel package contains libraries and header files for @@ -97,21 +172,41 @@ developing applications that use %{name}. %package static Summary: Static library for -static linking with %{name} -Requires: %{name}-devel%{?_isa} == %{version}-%{release} -Requires: glibc-static%{?_isa} >= 2.26.9000-46 +Requires: %{name}-compat-devel%{?_isa} == %{version}-%{release} +Requires: %{name}-devel%{?_isa} == %{version}-%{release} +Requires: glibc-static%{?_isa} >= 2.26.9000-46 %description static This package contains the libxcrypt static libraries for -static -linking. You don't need this, unless you link statically, which -is highly discouraged. +linking. + +You don't need this, unless you link statically, which is highly +discouraged. %prep %autosetup -p 1 %{_bindir}/autoreconf -fiv +%{__mkdir_p} %{_vpath_builddir}{,-compat} %build +pushd %{_vpath_builddir} +%if %{with new_api} +%configure \ + --libdir=/%{_lib} \ + --disable-silent-rules \ + --enable-shared \ + --enable-static \ + --disable-failure-tokens \ + --enable-hashes=strong,glibc \ + --enable-obsolete-api=no \ + --srcdir=.. \ + --with-pkgconfigdir=%{_libdir}/pkgconfig +%make_build +popd +pushd %{_vpath_builddir}-compat +%endif %configure \ --libdir=/%{_lib} \ --disable-silent-rules \ @@ -120,12 +215,32 @@ is highly discouraged. --disable-failure-tokens \ --enable-hashes=all \ --enable-obsolete-api=glibc \ + --srcdir=.. \ --with-pkgconfigdir=%{_libdir}/pkgconfig %make_build +popd %install -%make_install +%if %{with new_api} +%make_install -C %{_vpath_builddir}-compat +%{__rm} -fr %{buildroot}%{_bindir} \ + %{buildroot}%{_includedir} \ + %{buildroot}%{_libdir}/pkgconfig/libcrypt.pc \ + %{buildroot}%{_mandir} \ + %{buildroot}%{_sbindir} +%{__mv} -f %{buildroot}/%{_lib}/libcrypt.so \ + %{buildroot}/%{_lib}/libcrypt%{csoc}.so +%{__mv} -f %{buildroot}/%{_lib}/libcrypt.a \ + %{buildroot}/%{_lib}/libcrypt%{csoc}.a +%{__mv} -f %{buildroot}%{_libdir}/pkgconfig/%{name}.pc \ + %{buildroot}%{_libdir}/pkgconfig/%{name}%{csoc}.pc +%{__sed} -i -e 's!\-lcrypt!&%{csoc}!g' -e 's!%{name}!&%{csoc}!g' \ + %{buildroot}%{_libdir}/pkgconfig/%{name}%{csoc}.pc +%{__ln_s} %{name}%{csoc}.pc \ + %{buildroot}%{_libdir}/pkgconfig/libcrypt%{csoc}.pc +%endif +%make_install -C %{_vpath_builddir} # Get rid of libtool crap. %{_bindir}/find %{buildroot} -name '*.la' -print -delete @@ -134,55 +249,89 @@ is highly discouraged. %{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \ ChangeLog NEWS README THANKS TODO +# Install license files to shared %%_licensedir. +%{__install} -Dpm 0644 -t %{buildroot}%{_pkglicensedir} \ + AUTHORS COPYING.LIB LICENSING + %check -%make_build check || \ - { - rc=$?; - echo "-----BEGIN TESTLOG-----"; - %{__cat} test-suite.log; - echo "-----END TESTLOG-----"; - exit $rc; - } +%if %{with new_api} +for dir in %{_vpath_builddir} %{_vpath_builddir}-compat; do +%else +for dir in %{_vpath_builddir}; do +%endif + %make_build -C ${dir} check || \ + { + rc=$?; + echo "-----BEGIN TESTLOG: ${dir}-----"; + %{__cat} ${dir}/test-suite.log; + echo "-----END TESTLOG: ${dir}-----"; + exit $rc; + } +done %ldconfig_scriptlets +%if %{with new_api} +%ldconfig_scriptlets compat +%endif %files -%license AUTHORS COPYING.LIB LICENSING +/%{_lib}/.libcrypt.so.{%{soc},%{sov}}.hmac +/%{_lib}/libcrypt.so.{%{soc},%{sov}} + + +%files common %doc %dir %{_pkgdocdir} %doc %{_pkgdocdir}/NEWS %doc %{_pkgdocdir}/README %doc %{_pkgdocdir}/THANKS -/%{_lib}/.libcrypt.so.%{soc}.hmac -/%{_lib}/.libcrypt.so.%{sov}.hmac -/%{_lib}/libcrypt.so.%{soc} -/%{_lib}/libcrypt.so.%{sov} +%license %dir %{_pkglicensedir} +%license %{_pkglicensedir}/AUTHORS +%license %{_pkglicensedir}/COPYING.LIB +%license %{_pkglicensedir}/LICENSING %{_mandir}/man5/crypt.5.* +%if %{with new_api} +%files compat +/%{_lib}/.libcrypt.so.{%{csoc},%{csov}}.hmac +/%{_lib}/libcrypt.so.{%{csoc},%{csov}} + + +%files compat-devel +/%{_lib}/libcrypt%{csoc}.so +%{_libdir}/pkgconfig/libcrypt%{csoc}.pc +%{_libdir}/pkgconfig/%{name}%{csoc}.pc +%endif + + %files devel %doc %{_pkgdocdir}/ChangeLog %doc %{_pkgdocdir}/TODO /%{_lib}/libcrypt.so %{_includedir}/crypt.h -%{_libdir}/pkgconfig/libcrypt.pc -%{_libdir}/pkgconfig/%{name}.pc -%{_mandir}/man3/crypt.3.* -%{_mandir}/man3/crypt_r.3.* -%{_mandir}/man3/crypt_ra.3.* -%{_mandir}/man3/crypt_rn.3.* -%{_mandir}/man3/crypt_gensalt.3.* -%{_mandir}/man3/crypt_gensalt_ra.3.* -%{_mandir}/man3/crypt_gensalt_rn.3.* +%{_libdir}/pkgconfig/{libcrypt,%{name}}.pc +%{_mandir}/man3/crypt{,_r,_ra,_rn}.3.* +%{_mandir}/man3/crypt_gensalt{,_ra,_rn}.3.* %files static /%{_lib}/libcrypt.a +%if %{with new_api} +/%{_lib}/libcrypt%{csoc}.a +%endif %changelog +* Sun Sep 30 2018 Björn Esser - 4.2.1-2 +- Build out-of-tree +- Split off noarch-bits into common sub-package +- Update %%description +- Prepare to remove legacy API from library and to provide a compatibilty + package for the legacy API + * Sat Sep 29 2018 Björn Esser - 4.2.1-1 - New upstream release - Add new manpages