rpms/libxcrypt
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Build out-of-tree

Browse Source 
Split off noarch-bits into common sub-package
Update %%description
Prepare to remove legacy API from library and to provide a compatibilty
package for the legacy API
This commit is contained in:
Björn Esser 2018-10-01 19:27:08 +02:00
parent d9569d7037
commit cb277a8220
No known key found for this signature in database
GPG Key ID: F52E98007594C21D
1 changed files with 220 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

291
libxcrypt.spec
View File

@ -1,25 +1,58 @@
# Build with new api?
#if 0%%{?fedora} >= 30 || 0%%{?rhel} >= 9
#bcond_without new_api
#else
%bcond_with new_api
#endif
# Shared object version of libcrypt. # Shared object version of libcrypt.
%if %{with new_api}
%global soc 2
%global sol 0
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
%global csoc 1
%global csol 1
%global csof 0
%global csov %{csoc}.%{csol}.%{csof}
%else
%global soc 1 %global soc 1
%global sol 1 %global sol 1
%global sof 0 %global sof 0
%global sov %{soc}.%{sol}.%{sof} %global sov %{soc}.%{sol}.%{sof}
%endif
# Needed for out-of-tree builds.
%global _configure ../configure
# Add generation of HMAC checksums of the final stripped # Add generation of HMAC checksums of the final stripped
# binaries. %%define with lazy globbing is used here # binaries. %%define with lazy globbing is used here
# intentionally, because using %%global does not work. # intentionally, because using %%global does not work.
%define __spec_install_post \ %define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \ %{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \ %{__arch_install_post} \
%{__os_install_post} \ %{__os_install_post} \
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \ %{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \
%{__ln_s} .libcrypt.so.%{sov}.hmac \\\ %{__ln_s} .libcrypt.so.%{sov}.hmac \\\
%{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \ %{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \
if [[ %{with new_api} == 1 ]]; then \
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{csov} \
%{__ln_s} .libcrypt.so.%{csov}.hmac \\\
%{buildroot}/%{_lib}/.libcrypt.so.%{csoc}.hmac \
fi \
%{nil} %{nil}
# Needed for shared licensedir.
%global _pkglicensedir %{_defaultlicensedir}/%{name}
Name: libxcrypt Name: libxcrypt
Version: 4.2.1 Version: 4.2.1
Release: 1%{?dist} Release: 2%{?dist}
Summary: Extended crypt library for DES, MD5, Blowfish and others Summary: Extended crypt library for DES, MD5, Blowfish and others
# For explicit license breakdown, see the # For explicit license breakdown, see the
@ -31,63 +64,105 @@ Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRequires: fipscheck BuildRequires: fipscheck
BuildRequires: libtool BuildRequires: libtool
Requires: glibc%{_isa} >= 2.26.9000-46
# We do not need to keep this forever. # We do not need to keep this forever.
%if 0%{?fedora} && 0%{?fedora} <= 31 %if %{without new_api} && (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10)
# Inherited from former libcrypt package. # Inherited from former libcrypt package.
Obsoletes: libcrypt-nss <= 2.26.9000-33 Obsoletes: libcrypt-nss <= 2.26.9000-33
# Obsolete former libcrypt properly. # Obsolete former libcrypt properly.
Obsoletes: libcrypt <= 2.26.9000-46 Obsoletes: libcrypt <= 2.26.9000-46
# Provide virtual libcrypt as it has been done # Provide virtual libcrypt as it has been done
# by former libcrypt{,-nss} packages from glibc. # by former libcrypt{,-nss} packages from glibc.
Provides: libcrypt == 2.26.9000-46.1 Provides: libcrypt == 2.26.9000-47
Provides: libcrypt%{?_isa} == 2.26.9000-46.1 Provides: libcrypt%{?_isa} == 2.26.9000-47
%endif %endif
Requires: glibc%{_isa} >= 2.26.9000-46
Requires: %{name}-common == %{version}-%{release}
%description %description
libxcrypt is a modern library for one-way hashing of passwords. It libxcrypt is a modern library for one-way hashing of passwords. It
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password supports a wide variety of both modern and historical hashing methods:
hashes, and provides the traditional Unix 'crypt' and 'crypt_r' yescrypt, bcrypt, SHA-2-512, SHA-2-256, SHA-1, MD5 (two variants),
interfaces, as well as a set of extended interfaces pioneered by DES (three variants), and NTHASH. It provides the traditional Unix
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt', crypt and crypt_r interfaces, as well as a set of extended interfaces
'crypt_gensalt_rn', and 'crypt_gensalt_ra'. pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt,
crypt_gensalt_rn, and crypt_gensalt_ra.
libxcrypt is intended to be used by login(1), passwd(1), and other libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords during similar applications; that is, to hash a small number of passwords
an interactive authentication dialogue with a human. It is not during an interactive authentication dialogue with a human. It is
suitable for use in bulk password-cracking applications, or in any not suitable for use in bulk password-cracking applications, or in
other situation where speed is more important than careful handling of any other situation where speed is more important than careful
sensitive data. However, it *is* intended to be fast and lightweight handling of sensitive data. However, it is intended to be fast and
enough for use in servers that must field thousands of login attempts lightweight enough for use in servers that must field thousands of
per minute. login attempts per minute.
On Linux-based systems, by default libxcrypt will be binary backward This version of the library does not provide the legacy API functions
compatible with the libcrypt.so.1 shipped as part of the GNU C Library. that have been provided by glibc's libcrypt.so.1.
This means that all existing binary executables linked against glibc's
libcrypt should work unmodified with this library's libcrypt.so.1. We
have taken pains to provide exactly the same "symbol versions" as were
used by glibc on various CPU architectures, and to account for the
variety of ways in which the Openwall extensions were patched into
glibc's libcrypt by some Linux distributions. (For instance,
compatibility symlinks for SuSE's "libowcrypt" are provided.)
However, the converse is not true: programs linked against libxcrypt
will not work with glibc's libcrypt. Also, programs that use certain %package common
legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r', Summary: Common files for %{name}
'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt. BuildArch: noarch
%description common
This package contains common files for %{name}.
%if %{with new_api}
%package compat
Summary: Compatibility library providing legacy API functions
# We do not need to keep this forever.
%if (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10)
# Inherited from former libcrypt package.
Obsoletes: libcrypt-nss <= 2.26.9000-33
# Obsolete former libcrypt properly.
Obsoletes: libcrypt <= 2.26.9000-46
# Provide virtual libcrypt as it has been done
# by former libcrypt{,-nss} packages from glibc.
Provides: libcrypt == 2.26.9000-47
Provides: libcrypt%{?_isa} == 2.26.9000-47
%endif
Requires: glibc%{_isa} >= 2.26.9000-46
Requires: %{name}-common == %{version}-%{release}
%description compat
This package contains the library providing the compatibility API for
applications that are still using the unsafe and deprecated encrypt,
encrypt_r, setkey, setkey_r, and fcrypt functions.
All existing binary executables linked against glibc's libcrypt should
work unmodified with this version of the libxcrypt.
%package compat-devel
Summary: Development files for %{name}-compat
Requires: %{name}-compat%{?_isa} == %{version}-%{release}
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
%description compat-devel
You really do NOT need this package, unless your application needs to
be linked against one of the legacy API functions: encrypt, encrypt_r,
setkey, setkey_r, or fcrypt provided by libcrypt.so.1.
%endif
%package devel %package devel
Summary: Development files for %{name} Summary: Development files for %{name}
Conflicts: man-pages < 4.15-3 Conflicts: man-pages < 4.15-3
Requires: %{name}%{?_isa} == %{version}-%{release} Requires: %{name}%{?_isa} == %{version}-%{release}
Requires: glibc-devel%{?_isa} >= 2.26.9000-46 Requires: glibc-devel%{?_isa} >= 2.26.9000-46
Requires: glibc-headers%{?_isa} >= 2.26.9000-46 Requires: glibc-headers%{?_isa} >= 2.26.9000-46
%description devel %description devel
The %{name}-devel package contains libraries and header files for The %{name}-devel package contains libraries and header files for
@ -97,21 +172,41 @@ developing applications that use %{name}.
%package static %package static
Summary: Static library for -static linking with %{name} Summary: Static library for -static linking with %{name}
Requires: %{name}-devel%{?_isa} == %{version}-%{release} Requires: %{name}-compat-devel%{?_isa} == %{version}-%{release}
Requires: glibc-static%{?_isa} >= 2.26.9000-46 Requires: %{name}-devel%{?_isa} == %{version}-%{release}
Requires: glibc-static%{?_isa} >= 2.26.9000-46
%description static %description static
This package contains the libxcrypt static libraries for -static This package contains the libxcrypt static libraries for -static
linking. You don't need this, unless you link statically, which linking.
is highly discouraged.
You don't need this, unless you link statically, which is highly
discouraged.
%prep %prep
%autosetup -p 1 %autosetup -p 1
%{_bindir}/autoreconf -fiv %{_bindir}/autoreconf -fiv
%{__mkdir_p} %{_vpath_builddir}{,-compat}
%build %build
pushd %{_vpath_builddir}
%if %{with new_api}
%configure \
--libdir=/%{_lib} \
--disable-silent-rules \
--enable-shared \
--enable-static \
--disable-failure-tokens \
--enable-hashes=strong,glibc \
--enable-obsolete-api=no \
--srcdir=.. \
--with-pkgconfigdir=%{_libdir}/pkgconfig
%make_build
popd
pushd %{_vpath_builddir}-compat
%endif
%configure \ %configure \
--libdir=/%{_lib} \ --libdir=/%{_lib} \
--disable-silent-rules \ --disable-silent-rules \
@ -120,12 +215,32 @@ is highly discouraged.
--disable-failure-tokens \ --disable-failure-tokens \
--enable-hashes=all \ --enable-hashes=all \
--enable-obsolete-api=glibc \ --enable-obsolete-api=glibc \
--srcdir=.. \
--with-pkgconfigdir=%{_libdir}/pkgconfig --with-pkgconfigdir=%{_libdir}/pkgconfig
%make_build %make_build
popd
%install %install
%make_install %if %{with new_api}
%make_install -C %{_vpath_builddir}-compat
%{__rm} -fr %{buildroot}%{_bindir} \
%{buildroot}%{_includedir} \
%{buildroot}%{_libdir}/pkgconfig/libcrypt.pc \
%{buildroot}%{_mandir} \
%{buildroot}%{_sbindir}
%{__mv} -f %{buildroot}/%{_lib}/libcrypt.so \
%{buildroot}/%{_lib}/libcrypt%{csoc}.so
%{__mv} -f %{buildroot}/%{_lib}/libcrypt.a \
%{buildroot}/%{_lib}/libcrypt%{csoc}.a
%{__mv} -f %{buildroot}%{_libdir}/pkgconfig/%{name}.pc \
%{buildroot}%{_libdir}/pkgconfig/%{name}%{csoc}.pc
%{__sed} -i -e 's!\-lcrypt!&%{csoc}!g' -e 's!%{name}!&%{csoc}!g' \
%{buildroot}%{_libdir}/pkgconfig/%{name}%{csoc}.pc
%{__ln_s} %{name}%{csoc}.pc \
%{buildroot}%{_libdir}/pkgconfig/libcrypt%{csoc}.pc
%endif
%make_install -C %{_vpath_builddir}
# Get rid of libtool crap. # Get rid of libtool crap.
%{_bindir}/find %{buildroot} -name '*.la' -print -delete %{_bindir}/find %{buildroot} -name '*.la' -print -delete
@ -134,55 +249,89 @@ is highly discouraged.
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \ %{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
ChangeLog NEWS README THANKS TODO ChangeLog NEWS README THANKS TODO
# Install license files to shared %%_licensedir.
%{__install} -Dpm 0644 -t %{buildroot}%{_pkglicensedir} \
AUTHORS COPYING.LIB LICENSING
%check %check
%make_build check || \ %if %{with new_api}
{ for dir in %{_vpath_builddir} %{_vpath_builddir}-compat; do
rc=$?; %else
echo "-----BEGIN TESTLOG-----"; for dir in %{_vpath_builddir}; do
%{__cat} test-suite.log; %endif
echo "-----END TESTLOG-----"; %make_build -C ${dir} check || \
exit $rc; {
} rc=$?;
echo "-----BEGIN TESTLOG: ${dir}-----";
%{__cat} ${dir}/test-suite.log;
echo "-----END TESTLOG: ${dir}-----";
exit $rc;
}
done
%ldconfig_scriptlets %ldconfig_scriptlets
%if %{with new_api}
%ldconfig_scriptlets compat
%endif
%files %files
%license AUTHORS COPYING.LIB LICENSING /%{_lib}/.libcrypt.so.{%{soc},%{sov}}.hmac
/%{_lib}/libcrypt.so.{%{soc},%{sov}}
%files common
%doc %dir %{_pkgdocdir} %doc %dir %{_pkgdocdir}
%doc %{_pkgdocdir}/NEWS %doc %{_pkgdocdir}/NEWS
%doc %{_pkgdocdir}/README %doc %{_pkgdocdir}/README
%doc %{_pkgdocdir}/THANKS %doc %{_pkgdocdir}/THANKS
/%{_lib}/.libcrypt.so.%{soc}.hmac %license %dir %{_pkglicensedir}
/%{_lib}/.libcrypt.so.%{sov}.hmac %license %{_pkglicensedir}/AUTHORS
/%{_lib}/libcrypt.so.%{soc} %license %{_pkglicensedir}/COPYING.LIB
/%{_lib}/libcrypt.so.%{sov} %license %{_pkglicensedir}/LICENSING
%{_mandir}/man5/crypt.5.* %{_mandir}/man5/crypt.5.*
%if %{with new_api}
%files compat
/%{_lib}/.libcrypt.so.{%{csoc},%{csov}}.hmac
/%{_lib}/libcrypt.so.{%{csoc},%{csov}}
%files compat-devel
/%{_lib}/libcrypt%{csoc}.so
%{_libdir}/pkgconfig/libcrypt%{csoc}.pc
%{_libdir}/pkgconfig/%{name}%{csoc}.pc
%endif
%files devel %files devel
%doc %{_pkgdocdir}/ChangeLog %doc %{_pkgdocdir}/ChangeLog
%doc %{_pkgdocdir}/TODO %doc %{_pkgdocdir}/TODO
/%{_lib}/libcrypt.so /%{_lib}/libcrypt.so
%{_includedir}/crypt.h %{_includedir}/crypt.h
%{_libdir}/pkgconfig/libcrypt.pc %{_libdir}/pkgconfig/{libcrypt,%{name}}.pc
%{_libdir}/pkgconfig/%{name}.pc %{_mandir}/man3/crypt{,_r,_ra,_rn}.3.*
%{_mandir}/man3/crypt.3.* %{_mandir}/man3/crypt_gensalt{,_ra,_rn}.3.*
%{_mandir}/man3/crypt_r.3.*
%{_mandir}/man3/crypt_ra.3.*
%{_mandir}/man3/crypt_rn.3.*
%{_mandir}/man3/crypt_gensalt.3.*
%{_mandir}/man3/crypt_gensalt_ra.3.*
%{_mandir}/man3/crypt_gensalt_rn.3.*
%files static %files static
/%{_lib}/libcrypt.a /%{_lib}/libcrypt.a
%if %{with new_api}
/%{_lib}/libcrypt%{csoc}.a
%endif
%changelog %changelog
* Sun Sep 30 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-2
- Build out-of-tree
- Split off noarch-bits into common sub-package
- Update %%description
- Prepare to remove legacy API from library and to provide a compatibilty
package for the legacy API
* Sat Sep 29 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-1 * Sat Sep 29 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-1
- New upstream release - New upstream release
- Add new manpages - Add new manpages