libxcrypt/libxcrypt.spec
2018-11-14 13:55:52 +01:00

484 lines
15 KiB
RPMSpec

# Build with new api?
#if 0%%{?fedora} >= 30 || 0%%{?rhel} >= 9
#bcond_without new_api
#else
%bcond_with new_api
#endif
# Run memcheck?
# Valgrind does not work well on %%{power64} arches.
%ifnarch %{power64}
%bcond_without memcheck
%else
%bcond_with memcheck
%endif
# Shared object version of libcrypt.
%if %{with new_api}
%global soc 2
%global sol 0
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
%global csoc 1
%global csol 1
%global csof 0
%global csov %{csoc}.%{csol}.%{csof}
%else
%global soc 1
%global sol 1
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
%endif
# Hash methods and API supported by libcrypt.
# NEVER EVER touch this, if you do NOT know what you are doing!
%if %{with new_api}
%global hash_methods glibc,strong
%global obsolete_api no
%global compat_methods glibc
%global compat_api glibc
%else
%global hash_methods all
%global obsolete_api glibc
%endif
# Needed for out-of-tree builds.
%global _configure ../configure
# Common configure options.
%global common_configure_options \\\
--libdir=/%{_lib} \\\
--disable-silent-rules \\\
--enable-shared \\\
--enable-static \\\
--disable-failure-tokens \\\
%if %{with memcheck} \
--enable-valgrind \\\
%else \
--disable-valgrind \\\
%endif \
--srcdir=.. \\\
--with-pkgconfigdir=%{_libdir}/pkgconfig
# Add generation of HMAC checksums of the final stripped
# binaries. %%define with lazy globbing is used here
# intentionally, because using %%global does not work.
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \
%{__ln_s} .libcrypt.so.%{sov}.hmac \\\
%{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \
if [[ %{with new_api} == 1 ]]; then \
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{csov} \
%{__ln_s} .libcrypt.so.%{csov}.hmac \\\
%{buildroot}/%{_lib}/.libcrypt.so.%{csoc}.hmac \
fi \
%{nil}
# Needed for shared licensedir.
%global _pkglicensedir %{_defaultlicensedir}/%{name}
Name: libxcrypt
Version: 4.3.3
Release: 3%{?dist}
Summary: Extended crypt library for DES, MD5, Blowfish and others
# For explicit license breakdown, see the
# LICENSING file in the source tarball.
License: LGPLv2+ and BSD and Public Domain
URL: https://github.com/besser82/%{name}
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
# Patch 0001 - 3000: Backported patches from upstream.
Patch0001: %{url}/commit/5e9199f293473a0c14f836b3df8ecf6aeed1e315.patch#/%{name}-4.3.3-alg_sha512_make_PAD_const.patch
Patch0002: %{url}/commit/65485d7891cfe50db941ab14e864bb485a54d71c.patch#/%{name}-4.3.3-skip_bcrypt_test_if_not_enabled.patch
# Patch 3001 - 6000: Backported patches from pull requests.
# Patch 6001 - 9999: Downstream patches.
Patch6001: %{name}-4.3.3-gensalt_r_as_macro.patch
BuildRequires: fipscheck
BuildRequires: libtool
%if %{with memcheck}
BuildRequires: valgrind
%endif
# We do not need to keep this forever.
%if %{without new_api} && (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10)
# Inherited from former libcrypt package.
Obsoletes: libcrypt-nss <= 2.26.9000-33
# Obsolete former libcrypt properly.
Obsoletes: libcrypt <= 2.26.9000-46
# Provide virtual libcrypt as it has been done
# by former libcrypt{,-nss} packages from glibc.
Provides: libcrypt == 2.26.9000-47
Provides: libcrypt%{?_isa} == 2.26.9000-47
%endif
Requires: glibc%{_isa} >= 2.26.9000-46
Requires: %{name}-common == %{version}-%{release}
%description
libxcrypt is a modern library for one-way hashing of passwords. It
supports a wide variety of both modern and historical hashing methods:
yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt,
md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.
It provides the traditional Unix crypt and crypt_r interfaces, as well
as a set of extended interfaces pioneered by Openwall Linux, crypt_rn,
crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra.
libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords during
an interactive authentication dialogue with a human. It is not suitable
for use in bulk password-cracking applications, or in any other situation
where speed is more important than careful handling of sensitive data.
However, it is intended to be fast and lightweight enough for use in
servers that must field thousands of login attempts per minute.
%if %{with new_api}
This version of the library does not provide the legacy API functions
that have been provided by glibc's libcrypt.so.1.
%endif
%package common
Summary: Common files for %{name}
BuildArch: noarch
%description common
This package contains common files for %{name}.
%if %{with new_api}
%package compat
Summary: Compatibility library providing legacy API functions
# We do not need to keep this forever.
%if (0%{?fedora} && 0%{?fedora} <= 31) || (0%{?rhel} && 0%{?rhel} <= 10)
# Inherited from former libcrypt package.
Obsoletes: libcrypt-nss <= 2.26.9000-33
# Obsolete former libcrypt properly.
Obsoletes: libcrypt <= 2.26.9000-46
# Provide virtual libcrypt as it has been done
# by former libcrypt{,-nss} packages from glibc.
Provides: libcrypt == 2.26.9000-47
Provides: libcrypt%{?_isa} == 2.26.9000-47
%endif
Requires: glibc%{_isa} >= 2.26.9000-46
Requires: %{name}-common == %{version}-%{release}
%description compat
This package contains the library providing the compatibility API for
applications that are still using the unsafe and deprecated encrypt,
encrypt_r, setkey, setkey_r, and fcrypt functions.
All existing binary executables linked against glibc's libcrypt should
work unmodified with this version of the libxcrypt.
%endif
%package devel
Summary: Development files for %{name}
Conflicts: man-pages < 4.15-3
Requires: %{name}%{?_isa} == %{version}-%{release}
Requires: glibc-devel%{?_isa} >= 2.26.9000-46
Requires: glibc-headers%{?_isa} >= 2.26.9000-46
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package static
Summary: Static library for -static linking with %{name}
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
Requires: glibc-static%{?_isa} >= 2.26.9000-46
%description static
This package contains the libxcrypt static library for -static
linking.
You don't need this, unless you link statically, which is highly
discouraged.
%prep
%autosetup -p 1
./bootstrap
%{__mkdir_p} %{_vpath_builddir}{,-compat}
%build
pushd %{_vpath_builddir}
%configure \
%{common_configure_options} \
--enable-hashes=%{hash_methods} \
--enable-obsolete-api=%{obsolete_api}
%make_build
popd
%if %{with new_api}
pushd %{_vpath_builddir}-compat
%configure \
%{common_configure_options} \
--enable-hashes=%{compat_methods} \
--enable-obsolete-api=%{compat_api}
%make_build
popd
%endif
%install
%if %{with new_api}
%make_install -C %{_vpath_builddir}-compat
%{__rm} -fr %{buildroot}%{_bindir} \
%{buildroot}%{_includedir} \
%{buildroot}%{_libdir}/libcrypt.{a,so} \
%{buildroot}%{_libdir}/pkgconfig \
%{buildroot}%{_mandir} \
%{buildroot}%{_sbindir}
%endif
%make_install -C %{_vpath_builddir}
# Get rid of libtool crap.
%{_bindir}/find %{buildroot} -name '*.la' -print -delete
# Install documentation to shared %%_pkgdocdir.
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
ChangeLog NEWS README THANKS TODO
if [ -f README.fedora ]; then
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
README.fedora
fi
# Install license files to shared %%_licensedir.
%{__install} -Dpm 0644 -t %{buildroot}%{_pkglicensedir} \
AUTHORS COPYING.LIB LICENSING
%check
%if %{with new_api}
for dir in %{_vpath_builddir} %{_vpath_builddir}-compat; do
%else
for dir in %{_vpath_builddir}; do
%endif
%make_build -C ${dir} check || \
{
rc=$?;
echo "-----BEGIN TESTLOG: ${dir}-----";
%{__cat} ${dir}/test-suite.log;
echo "-----END TESTLOG: ${dir}-----";
exit $rc;
}
%if %{with memcheck}
%make_build -C ${dir} check-valgrind-memcheck || \
{
rc=$?;
echo "-----BEGIN TESTLOG: ${dir}-----";
%{__cat} ${dir}/test-suite-memcheck.log;
echo "-----END TESTLOG: ${dir}-----";
exit $rc;
}
%endif
done
%ldconfig_scriptlets
%if %{with new_api}
%ldconfig_scriptlets compat
%endif
%files
/%{_lib}/.libcrypt.so.{%{soc},%{sov}}.hmac
/%{_lib}/libcrypt.so.{%{soc},%{sov}}
%files common
%doc %dir %{_pkgdocdir}
%doc %{_pkgdocdir}/NEWS
%doc %{_pkgdocdir}/README*
%doc %{_pkgdocdir}/THANKS
%license %dir %{_pkglicensedir}
%license %{_pkglicensedir}/AUTHORS
%license %{_pkglicensedir}/COPYING.LIB
%license %{_pkglicensedir}/LICENSING
%{_mandir}/man5/crypt.5.*
%if %{with new_api}
%files compat
/%{_lib}/.libcrypt.so.{%{csoc},%{csov}}.hmac
/%{_lib}/libcrypt.so.{%{csoc},%{csov}}
%endif
%files devel
%doc %{_pkgdocdir}/ChangeLog
%doc %{_pkgdocdir}/TODO
/%{_lib}/libcrypt.so
%{_includedir}/crypt.h
%{_libdir}/pkgconfig/{libcrypt,%{name}}.pc
%{_mandir}/man3/crypt{,_r,_ra,_rn}.3.*
%{_mandir}/man3/crypt_checksalt.3.*
%{_mandir}/man3/crypt_gensalt{,_ra,_rn}.3.*
%files static
/%{_lib}/libcrypt.a
%changelog
* Wed Nov 14 2018 Björn Esser <besser82@fedoraproject.org> - 4.3.3-3
- Add two upstream patches with minor fixes
* Tue Nov 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.3.3-2
- Add a patch to define crypt_gensalt_r as macro, so applications
link the identical crypt_gensalt_rn directly
* Sun Nov 11 2018 Björn Esser <besser82@fedoraproject.org> - 4.3.3-1
- New upstream release
* Sun Nov 11 2018 Björn Esser <besser82@fedoraproject.org> - 4.3.2-1
- New upstream release
* Sun Nov 11 2018 Björn Esser <besser82@fedoraproject.org> - 4.3.1-2
- Backport two patches from upstream fixing the gensalt function for
NT to properly terminate its returned output
* Sat Nov 10 2018 Björn Esser <besser82@fedoraproject.org> - 4.3.1-1
- New upstream release
* Sat Nov 10 2018 Björn Esser <besser82@fedoraproject.org> - 4.3.0-1
- New upstream release
* Fri Oct 26 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.3-1
- New upstream release
* Thu Oct 25 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.2-2
- Add patch updating to recent development version
- Run valgrind-memcheck
- Use bootstrap script
* Thu Oct 18 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.2-1
- New upstream release
* Mon Oct 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-3
- Drop compat-devel package
- Set configure options from globals
* Sun Sep 30 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-2
- Build out-of-tree
- Split off noarch-bits into common sub-package
- Update %%description
- Prepare to remove legacy API from library and to provide a compatibilty
package for the legacy API
* Sat Sep 29 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.1-1
- New upstream release
- Add new manpages
* Sat Sep 29 2018 Björn Esser <besser82@fedoraproject.org> - 4.2.0-1
- New upstream release
* Fri Aug 24 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.2-1
- New upstream release
* Wed Aug 08 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-4
- Move *.3 manpages to devel subpackage (#1613762)
- Add needed Conflicts: man-pages < 4.15-3
* Wed Aug 08 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-3
- Make crypt{,_r} return NULL on failure (#1611784)
* Sat Aug 04 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-2
- Add manpages for crypt{,_r,_ra}.3 (#1610307)
* Wed Aug 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-1
- New upstream release
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.0-1
- New upstream release
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-6
- Make testsuite fail on error again
- Update patch0 with more upstream fixes
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-5
- Add patch to update to recent development branch
- Re-enable SUNMD5 support as it is BSD licensed now
- Build compatibility symbols for glibc only
- Skip failing testsuite once
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-3
- Remove CDDL from license list (#1592445)
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-2
- Remove SUNMD5 support (#1592445)
* Wed May 16 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-1
- New upstream release
* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-5
- Switch to %%ldconfig_scriptlets
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Feb 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-3
- Add patch to fix unintialize value in badsalt test
* Wed Jan 31 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-2
- Add patch to fix bcrypt test with GCC8
* Sat Jan 27 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-1
- New upstream release
* Mon Jan 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.0.0-0.204.20180120git3436e7b
- Fix Obsoletes
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.203.20180120git3436e7b
- Update to new snapshot fixing cast-align
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.202.20180120gitde99d27
- Update to new snapshot (rhbz#1536752)
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.201.20171109git15447aa
- Use archful Obsoletes for libcrypt
- Add versioned Requires on glibc packages not shipping libcrypt
- Add comments about the packaging logic for replacing former libcrypt
* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.200.20171109git15447aa
- Initial import (rhbz#1532794)
- Add Obsoletes/Provides for libcrypt
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.101.20171109git15447aa
- Fix style of %%git_{rel,ver}
* Tue Jan 09 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.100.git20171109.15447aa
- Initial rpm release (rhbz#1532794)
- Start revision at 0.100 to superseed builds from COPR