Build out-of-tree

Split off noarch-bits into common sub-package
Update %%description
Prepare to remove legacy API from library and to provide a compatibilty
package for the legacy API
This commit is contained in:
Björn Esser 2018-10-01 19:27:08 +02:00
parent d9569d7037
commit cb277a8220
No known key found for this signature in database
GPG Key ID: F52E98007594C21D

View File

@ -1,8 +1,32 @@
# Build with new api?
#if 0%%{?fedora} >= 30 || 0%%{?rhel} >= 9
#bcond_without new_api
#else
%bcond_with new_api
#endif
# Shared object version of libcrypt.
%if %{with new_api}
%global soc 2
%global sol 0
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
%global csoc 1
%global csol 1
%global csof 0
%global csov %{csoc}.%{csol}.%{csof}
%else
%global soc 1
%global sol 1
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
%endif
# Needed for out-of-tree builds.
%global _configure ../configure
# Add generation of HMAC checksums of the final stripped
# binaries. %%define with lazy globbing is used here
@ -14,12 +38,21 @@
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \
%{__ln_s} .libcrypt.so.%{sov}.hmac \\\
%{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \
if [[ %{with new_api} == 1 ]]; then \
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{csov} \
%{__ln_s} .libcrypt.so.%{csov}.hmac \\\
%{buildroot}/%{_lib}/.libcrypt.so.%{csoc}.hmac \
fi \
%{nil}
# Needed for shared licensedir.
%global _pkglicensedir %{_defaultlicensedir}/%{name}
Name: libxcrypt
Version: 4.2.1
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Extended crypt library for DES, MD5, Blowfish and others
# For explicit license breakdown, see the
@ -31,10 +64,8 @@ Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRequires: fipscheck
BuildRequires: libtool
Requires: glibc%{_isa} >= 2.26.9000-46
# We do not need to keep this forever.
%if 0%{?fedora} && 0%{?fedora} <= 31
%if %{without new_api} && (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10)
# Inherited from former libcrypt package.
Obsoletes: libcrypt-nss <= 2.26.9000-33
@ -43,41 +74,85 @@ Obsoletes: libcrypt <= 2.26.9000-46
# Provide virtual libcrypt as it has been done
# by former libcrypt{,-nss} packages from glibc.
Provides: libcrypt == 2.26.9000-46.1
Provides: libcrypt%{?_isa} == 2.26.9000-46.1
Provides: libcrypt == 2.26.9000-47
Provides: libcrypt%{?_isa} == 2.26.9000-47
%endif
Requires: glibc%{_isa} >= 2.26.9000-46
Requires: %{name}-common == %{version}-%{release}
%description
libxcrypt is a modern library for one-way hashing of passwords. It
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
interfaces, as well as a set of extended interfaces pioneered by
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
'crypt_gensalt_rn', and 'crypt_gensalt_ra'.
supports a wide variety of both modern and historical hashing methods:
yescrypt, bcrypt, SHA-2-512, SHA-2-256, SHA-1, MD5 (two variants),
DES (three variants), and NTHASH. It provides the traditional Unix
crypt and crypt_r interfaces, as well as a set of extended interfaces
pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt,
crypt_gensalt_rn, and crypt_gensalt_ra.
libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords during
an interactive authentication dialogue with a human. It is not
suitable for use in bulk password-cracking applications, or in any
other situation where speed is more important than careful handling of
sensitive data. However, it *is* intended to be fast and lightweight
enough for use in servers that must field thousands of login attempts
per minute.
similar applications; that is, to hash a small number of passwords
during an interactive authentication dialogue with a human. It is
not suitable for use in bulk password-cracking applications, or in
any other situation where speed is more important than careful
handling of sensitive data. However, it is intended to be fast and
lightweight enough for use in servers that must field thousands of
login attempts per minute.
On Linux-based systems, by default libxcrypt will be binary backward
compatible with the libcrypt.so.1 shipped as part of the GNU C Library.
This means that all existing binary executables linked against glibc's
libcrypt should work unmodified with this library's libcrypt.so.1. We
have taken pains to provide exactly the same "symbol versions" as were
used by glibc on various CPU architectures, and to account for the
variety of ways in which the Openwall extensions were patched into
glibc's libcrypt by some Linux distributions. (For instance,
compatibility symlinks for SuSE's "libowcrypt" are provided.)
This version of the library does not provide the legacy API functions
that have been provided by glibc's libcrypt.so.1.
However, the converse is not true: programs linked against libxcrypt
will not work with glibc's libcrypt. Also, programs that use certain
legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r',
'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt.
%package common
Summary: Common files for %{name}
BuildArch: noarch
%description common
This package contains common files for %{name}.
%if %{with new_api}
%package compat
Summary: Compatibility library providing legacy API functions
# We do not need to keep this forever.
%if (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10)
# Inherited from former libcrypt package.
Obsoletes: libcrypt-nss <= 2.26.9000-33
# Obsolete former libcrypt properly.
Obsoletes: libcrypt <= 2.26.9000-46
# Provide virtual libcrypt as it has been done
# by former libcrypt{,-nss} packages from glibc.
Provides: libcrypt == 2.26.9000-47
Provides: libcrypt%{?_isa} == 2.26.9000-47
%endif
Requires: glibc%{_isa} >= 2.26.9000-46
Requires: %{name}-common == %{version}-%{release}
%description compat
This package contains the library providing the compatibility API for
applications that are still using the unsafe and deprecated encrypt,
encrypt_r, setkey, setkey_r, and fcrypt functions.
All existing binary executables linked against glibc's libcrypt should
work unmodified with this version of the libxcrypt.
%package compat-devel
Summary: Development files for %{name}-compat
Requires: %{name}-compat%{?_isa} == %{version}-%{release}
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
%description compat-devel
You really do NOT need this package, unless your application needs to
be linked against one of the legacy API functions: encrypt, encrypt_r,
setkey, setkey_r, or fcrypt provided by libcrypt.so.1.
%endif
%package devel
@ -97,21 +172,41 @@ developing applications that use %{name}.
%package static
Summary: Static library for -static linking with %{name}
Requires: %{name}-compat-devel%{?_isa} == %{version}-%{release}
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
Requires: glibc-static%{?_isa} >= 2.26.9000-46
%description static
This package contains the libxcrypt static libraries for -static
linking. You don't need this, unless you link statically, which
is highly discouraged.
linking.
You don't need this, unless you link statically, which is highly
discouraged.
%prep
%autosetup -p 1
%{_bindir}/autoreconf -fiv
%{__mkdir_p} %{_vpath_builddir}{,-compat}
%build
pushd %{_vpath_builddir}
%if %{with new_api}
%configure \
--libdir=/%{_lib} \
--disable-silent-rules \
--enable-shared \
--enable-static \
--disable-failure-tokens \
--enable-hashes=strong,glibc \
--enable-obsolete-api=no \
--srcdir=.. \
--with-pkgconfigdir=%{_libdir}/pkgconfig
%make_build
popd
pushd %{_vpath_builddir}-compat
%endif
%configure \
--libdir=/%{_lib} \
--disable-silent-rules \
@ -120,12 +215,32 @@ is highly discouraged.
--disable-failure-tokens \
--enable-hashes=all \
--enable-obsolete-api=glibc \
--srcdir=.. \
--with-pkgconfigdir=%{_libdir}/pkgconfig
%make_build
popd
%install
%make_install
%if %{with new_api}
%make_install -C %{_vpath_builddir}-compat
%{__rm} -fr %{buildroot}%{_bindir} \
%{buildroot}%{_includedir} \
%{buildroot}%{_libdir}/pkgconfig/libcrypt.pc \
%{buildroot}%{_mandir} \
%{buildroot}%{_sbindir}
%{__mv} -f %{buildroot}/%{_lib}/libcrypt.so \
%{buildroot}/%{_lib}/libcrypt%{csoc}.so
%{__mv} -f %{buildroot}/%{_lib}/libcrypt.a \
%{buildroot}/%{_lib}/libcrypt%{csoc}.a
%{__mv} -f %{buildroot}%{_libdir}/pkgconfig/%{name}.pc \
%{buildroot}%{_libdir}/pkgconfig/%{name}%{csoc}.pc
%{__sed} -i -e 's!\-lcrypt!&%{csoc}!g' -e 's!%{name}!&%{csoc}!g' \
%{buildroot}%{_libdir}/pkgconfig/%{name}%{csoc}.pc
%{__ln_s} %{name}%{csoc}.pc \
%{buildroot}%{_libdir}/pkgconfig/libcrypt%{csoc}.pc
%endif
%make_install -C %{_vpath_builddir}
# Get rid of libtool crap.
%{_bindir}/find %{buildroot} -name '*.la' -print -delete
@ -134,55 +249,89 @@ is highly discouraged.
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
ChangeLog NEWS README THANKS TODO
# Install license files to shared %%_licensedir.
%{__install} -Dpm 0644 -t %{buildroot}%{_pkglicensedir} \
AUTHORS COPYING.LIB LICENSING
%check
%make_build check || \
%if %{with new_api}
for dir in %{_vpath_builddir} %{_vpath_builddir}-compat; do
%else
for dir in %{_vpath_builddir}; do
%endif
%make_build -C ${dir} check || \
{
rc=$?;
echo "-----BEGIN TESTLOG-----";
%{__cat} test-suite.log;
echo "-----END TESTLOG-----";
echo "-----BEGIN TESTLOG: ${dir}-----";
%{__cat} ${dir}/test-suite.log;
echo "-----END TESTLOG: ${dir}-----";
exit $rc;
}
done
%ldconfig_scriptlets
%if %{with new_api}
%ldconfig_scriptlets compat
%endif
%files
%license AUTHORS COPYING.LIB LICENSING
/%{_lib}/.libcrypt.so.{%{soc},%{sov}}.hmac
/%{_lib}/libcrypt.so.{%{soc},%{sov}}
%files common
%doc %dir %{_pkgdocdir}
%doc %{_pkgdocdir}/NEWS
%doc %{_pkgdocdir}/README
%doc %{_pkgdocdir}/THANKS
/%{_lib}/.libcrypt.so.%{soc}.hmac
/%{_lib}/.libcrypt.so.%{sov}.hmac
/%{_lib}/libcrypt.so.%{soc}
/%{_lib}/libcrypt.so.%{sov}
%license %dir %{_pkglicensedir}
%license %{_pkglicensedir}/AUTHORS
%license %{_pkglicensedir}/COPYING.LIB
%license %{_pkglicensedir}/LICENSING
%{_mandir}/man5/crypt.5.*
%if %{with new_api}
%files compat
/%{_lib}/.libcrypt.so.{%{csoc},%{csov}}.hmac
/%{_lib}/libcrypt.so.{%{csoc},%{csov}}
%files compat-devel
/%{_lib}/libcrypt%{csoc}.so
%{_libdir}/pkgconfig/libcrypt%{csoc}.pc
%{_libdir}/pkgconfig/%{name}%{csoc}.pc
%endif
%files devel
%doc %{_pkgdocdir}/ChangeLog
%doc %{_pkgdocdir}/TODO
/%{_lib}/libcrypt.so
%{_includedir}/crypt.h
%{_libdir}/pkgconfig/libcrypt.pc
%{_libdir}/pkgconfig/%{name}.pc
%{_mandir}/man3/crypt.3.*
%{_mandir}/man3/crypt_r.3.*
%{_mandir}/man3/crypt_ra.3.*
%{_mandir}/man3/crypt_rn.3.*
%{_mandir}/man3/crypt_gensalt.3.*
%{_mandir}/man3/crypt_gensalt_ra.3.*
%{_mandir}/man3/crypt_gensalt_rn.3.*
%{_libdir}/pkgconfig/{libcrypt,%{name}}.pc
%{_mandir}/man3/crypt{,_r,_ra,_rn}.3.*
%{_mandir}/man3/crypt_gensalt{,_ra,_rn}.3.*
%files static
/%{_lib}/libcrypt.a
%if %{with new_api}
/%{_lib}/libcrypt%{csoc}.a
%endif
%changelog
* Sun Sep 30 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-2
- Build out-of-tree
- Split off noarch-bits into common sub-package
- Update %%description
- Prepare to remove legacy API from library and to provide a compatibilty
package for the legacy API
* Sat Sep 29 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-1
- New upstream release
- Add new manpages