| Background information: |
| |
| https://sourceware.org/ml/libc-alpha/2017-08/msg01257.html |
| https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt |
| |
| Upstream-Status: Submitted [libc-alpha@sourceware.org] |
| Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
| |
| From: Zack Weinberg <zackw@panix.com> |
| Subject: [PATCH] Deprecate libcrypt and don't build it by default |
| |
| Back in June, Björn Esser proposed to add OpenBSD-compatible bcrypt |
| support to our implementation of crypt(3), and Zack Weinberg replied |
| that it might actually make more sense to _remove_ libcrypt from |
| glibc, freeing up libcrypt.so.1 and crypt.h to be provided by a |
| separate project that could move faster. (For instance, libxcrypt: |
| https://github.com/besser82/libxcrypt) |
| |
| This patch disables build and installation of libcrypt by default. It |
| can be re-enabled with --enable-obsolete-crypt to configure. Unlike |
| libnsl, we do *not* install a runtime shared library; that's left to |
| the replacement. (Unlike the SunRPC situation, I think we can |
| probably drop this code altogether in a release or two.) |
| |
| The function prototypes for crypt and encrypt are removed from |
| unistd.h, and the function prototype for setkey is removed from |
| stdlib.h; they do *not* come back with --enable-obsolete-crypt. This |
| means glibc no longer provides the POSIX CRYPT option, and the macro |
| _XOPEN_CRYPT is also removed from unistd.h to indicate that. |
| (_SC_XOPEN_CRYPT is still defined, but sysconf(_SC_XOPEN_CRYPT) will |
| return -1 at runtime.) These functions are also unconditionally |
| removed from conform/data/{stdlib,unistd}.h-data. |
| |
| * posix/unistd.h (_XOPEN_CRYPT, crypt, encrypt): Don't declare. |
| * stdlib/stdlib.h (setkey): Don't declare. |
| |
| * configure.ac (--enable-obsolete-crypt): New configure option. |
| * configure: Regenerate. |
| * config.make.in (build-obsolete-crypt): New makefile variable. |
| * crypt/Banner: Delete file. |
| * crypt/Makefile: Don't build anything unless |
| $(build-obsolete-crypt) is 'yes'. |
| * sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile: Only add things |
| to libcrypt-sysdep_routines when $(build-obsolete-crypt) is 'yes'. |
| * sysdeps/sparc/sparc64/multiarch/Makefile: Likewise. |
| * sysdeps/unix/sysv/linux/arm/Makefile: Likewise. |
| |
| * conform/Makefile: Only include libcrypt.a in linknamespace tests |
| when $(build-obsolete-crypt) is 'yes'. |
| * conform/data/stdlib.h-data (setkey): Don't expect. |
| * conform/data/unistd.h-data (crypt, encrypt): Don't expect. |
| * elf/Makefile: Only perform various tests of libcrypt.so/libcrypt.a |
| when $(build-obsolete-crypt) is 'yes'. |
| * elf/tst-linkall-static.c: Don't include crypt.h when USE_CRYPT |
| is false. |
| --- |
| NEWS | 18 ++++++++++++++++++ |
| config.make.in | 1 + |
| configure | 13 +++++++++++++ |
| configure.ac | 8 ++++++++ |
| conform/Makefile | 14 ++++++++++---- |
| conform/data/stdlib.h-data | 3 --- |
| conform/data/unistd.h-data | 6 ------ |
| crypt/Makefile | 5 +++++ |
| elf/Makefile | 16 ++++++++++++---- |
| elf/tst-linkall-static.c | 2 ++ |
| posix/unistd.h | 16 ---------------- |
| stdlib/stdlib.h | 6 ------ |
| sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile | 2 ++ |
| sysdeps/sparc/sparc64/multiarch/Makefile | 2 ++ |
| sysdeps/unix/sysv/linux/arm/Makefile | 2 ++ |
| 15 files changed, 75 insertions(+), 39 deletions(-) |
| |
| diff --git a/config.make.in b/config.make.in |
| index 9e5e24b2c6..8fe610d04d 100644 |
| --- a/config.make.in |
| +++ b/config.make.in |
| @@ -82,6 +82,7 @@ mach-interface-list = @mach_interface_list@ |
| |
| experimental-malloc = @experimental_malloc@ |
| |
| +build-obsolete-crypt = @build_obsolete_crypt@ |
| nss-crypt = @libc_cv_nss_crypt@ |
| static-nss-crypt = @libc_cv_static_nss_crypt@ |
| |
| diff --git a/configure b/configure |
| index 7a8bd3f817..46f6bd7f86 100755 |
| --- a/configure |
| +++ b/configure |
| @@ -672,6 +672,7 @@ base_machine |
| have_tunables |
| build_pt_chown |
| build_nscd |
| +build_obsolete_crypt |
| build_obsolete_nsl |
| link_obsolete_rpc |
| libc_cv_static_nss_crypt |
| @@ -782,6 +783,7 @@ enable_experimental_malloc |
| enable_nss_crypt |
| enable_obsolete_rpc |
| enable_obsolete_nsl |
| +enable_obsolete_crypt |
| enable_systemtap |
| enable_build_nscd |
| enable_nscd |
| @@ -1453,6 +1455,7 @@ Optional Features: |
| link-time usage |
| --enable-obsolete-nsl build and install the obsolete libnsl library and |
| depending NSS modules |
| + --enable-obsolete-crypt build and install the obsolete libcrypt library |
| --enable-systemtap enable systemtap static probe points [default=no] |
| --disable-build-nscd disable building and installing the nscd daemon |
| --disable-nscd library functions will not contact the nscd daemon |
| @@ -3632,6 +3635,16 @@ if test "$build_obsolete_nsl" = yes; then |
| |
| fi |
| |
| +# Check whether --enable-obsolete-crypt was given. |
| +if test "${enable_obsolete_crypt+set}" = set; then : |
| + enableval=$enable_obsolete_crypt; build_obsolete_crypt=$enableval |
| +else |
| + build_obsolete_crypt=no |
| +fi |
| + |
| + |
| + |
| + |
| # Check whether --enable-systemtap was given. |
| if test "${enable_systemtap+set}" = set; then : |
| enableval=$enable_systemtap; systemtap=$enableval |
| diff --git a/configure.ac b/configure.ac |
| index ca1282a6b3..0142353740 100644 |
| --- a/configure.ac |
| +++ b/configure.ac |
| @@ -378,6 +378,14 @@ if test "$build_obsolete_nsl" = yes; then |
| AC_DEFINE(LINK_OBSOLETE_NSL) |
| fi |
| |
| +AC_ARG_ENABLE([obsolete-crypt], |
| + AC_HELP_STRING([--enable-obsolete-crypt], |
| + [build and install the obsolete libcrypt library]), |
| + [build_obsolete_crypt=$enableval], |
| + [build_obsolete_crypt=no]) |
| +AC_SUBST(build_obsolete_crypt) |
| + |
| + |
| AC_ARG_ENABLE([systemtap], |
| [AS_HELP_STRING([--enable-systemtap], |
| [enable systemtap static probe points @<:@default=no@:>@])], |
| diff --git a/conform/Makefile b/conform/Makefile |
| index 864fdeca21..5ef474fb24 100644 |
| --- a/conform/Makefile |
| +++ b/conform/Makefile |
| @@ -193,22 +193,28 @@ linknamespace-libs-thr = $(linknamespace-libs-isoc) \ |
| $(common-objpfx)rt/librt.a $(static-thread-library) |
| linknamespace-libs-posix = $(linknamespace-libs-thr) \ |
| $(common-objpfx)dlfcn/libdl.a |
| -linknamespace-libs-xsi = $(linknamespace-libs-posix) \ |
| - $(common-objpfx)crypt/libcrypt.a |
| +linknamespace-libs-xsi = $(linknamespace-libs-posix) |
| linknamespace-libs-ISO = $(linknamespace-libs-isoc) |
| linknamespace-libs-ISO99 = $(linknamespace-libs-isoc) |
| linknamespace-libs-ISO11 = $(linknamespace-libs-isoc) |
| -linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) \ |
| - $(common-objpfx)crypt/libcrypt.a |
| +linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) |
| linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4) |
| linknamespace-libs-POSIX = $(linknamespace-libs-thr) |
| linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi) |
| linknamespace-libs-XOPEN2K = $(linknamespace-libs-xsi) |
| linknamespace-libs-POSIX2008 = $(linknamespace-libs-posix) |
| linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi) |
| + |
| +ifeq ($(build-obsolete-crypt),yes) |
| +linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a |
| +linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a |
| +endif |
| + |
| linknamespace-libs = $(foreach std,$(conformtest-standards),\ |
| $(linknamespace-libs-$(std))) |
| |
| + |
| + |
| $(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \ |
| $(linknamespace-libs) |
| LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \ |
| diff --git a/conform/data/stdlib.h-data b/conform/data/stdlib.h-data |
| index d8fcccc2fb..6913828196 100644 |
| --- a/conform/data/stdlib.h-data |
| +++ b/conform/data/stdlib.h-data |
| @@ -149,9 +149,6 @@ function {unsigned short int*} seed48 (unsigned short int[3]) |
| #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98 |
| function int setenv (const char*, const char*, int) |
| #endif |
| -#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008 |
| -function void setkey (const char*) |
| -#endif |
| #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008 |
| function {char*} setstate (char*) |
| #endif |
| diff --git a/conform/data/unistd.h-data b/conform/data/unistd.h-data |
| index ddf4f25132..aa070528e8 100644 |
| --- a/conform/data/unistd.h-data |
| +++ b/conform/data/unistd.h-data |
| @@ -437,9 +437,6 @@ function int chroot (const char*) |
| function int chown (const char*, uid_t, gid_t) |
| function int close (int) |
| function size_t confstr (int, char*, size_t) |
| -#if !defined POSIX && !defined POSIX2008 |
| -function {char*} crypt (const char*, const char*) |
| -#endif |
| #if defined XPG4 || defined XPG42 || defined UNIX98 |
| function {char*} ctermid (char*) |
| function {char*} cuserid (char*) |
| @@ -449,9 +446,6 @@ allow cuserid |
| #endif |
| function int dup (int) |
| function int dup2 (int, int) |
| -#if !defined POSIX && !defined POSIX2008 |
| -function void encrypt (char[64], int) |
| -#endif |
| function int execl (const char*, const char*, ...) |
| function int execle (const char*, const char*, ...) |
| function int execlp (const char*, const char*, ...) |
| diff --git a/crypt/Makefile b/crypt/Makefile |
| index 303800df73..024ec2c6ab 100644 |
| --- a/crypt/Makefile |
| +++ b/crypt/Makefile |
| @@ -22,6 +22,8 @@ subdir := crypt |
| |
| include ../Makeconfig |
| |
| +ifeq ($(build-obsolete-crypt),yes) |
| + |
| headers := crypt.h |
| |
| extra-libs := libcrypt |
| @@ -52,9 +54,11 @@ tests += md5test sha256test sha512test |
| # machine over a minute. |
| xtests = md5test-giant |
| endif |
| +endif |
| |
| include ../Rules |
| |
| +ifeq ($(build-obsolete-crypt),yes) |
| ifneq ($(nss-crypt),yes) |
| md5-routines := md5 $(filter md5%,$(libcrypt-sysdep_routines)) |
| sha256-routines := sha256 $(filter sha256%,$(libcrypt-sysdep_routines)) |
| @@ -71,3 +75,4 @@ $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so |
| else |
| $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a |
| endif |
| +endif |
| diff --git a/elf/Makefile b/elf/Makefile |
| index 2a432d8bee..366f7b80ec 100644 |
| --- a/elf/Makefile |
| +++ b/elf/Makefile |
| @@ -385,15 +385,19 @@ $(objpfx)tst-_dl_addr_inside_object: $(objpfx)dl-addr-obj.os |
| CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag) |
| endif |
| |
| -# By default tst-linkall-static should try to use crypt routines to test |
| -# static libcrypt use. |
| -CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1 |
| +ifeq ($(build-obsolete-crypt),yes) |
| +# If the libcrypt library is being built, tst-linkall-static should |
| +# try to use crypt routines to test static libcrypt use. |
| +CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=1 |
| # However, if we are using NSS crypto and we don't have a static |
| # library, then we exclude the use of crypt functions in the test. |
| # We similarly exclude libcrypt.a from the static link (see below). |
| ifeq (yesno,$(nss-crypt)$(static-nss-crypt)) |
| CFLAGS-tst-linkall-static.c += -UUSE_CRYPT -DUSE_CRYPT=0 |
| endif |
| +else |
| +CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=0 |
| +endif |
| |
| include ../Rules |
| |
| @@ -1113,8 +1117,10 @@ localplt-built-dso := $(addprefix $(common-objpfx),\ |
| rt/librt.so \ |
| dlfcn/libdl.so \ |
| resolv/libresolv.so \ |
| - crypt/libcrypt.so \ |
| ) |
| +ifeq ($(build-obsolete-crypt),yes) |
| +localplt-built-dso += $(addprefix $(common-objpfx), crypt/libcrypt.so) |
| +endif |
| ifeq ($(build-mathvec),yes) |
| localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so) |
| endif |
| @@ -1395,6 +1401,7 @@ $(objpfx)tst-linkall-static: \ |
| $(common-objpfx)resolv/libanl.a \ |
| $(static-thread-library) |
| |
| +ifeq ($(build-obsolete-crypt),yes) |
| # If we are using NSS crypto and we have the ability to link statically |
| # then we include libcrypt.a, otherwise we leave out libcrypt.a and |
| # link as much as we can into the tst-linkall-static test. This assumes |
| @@ -1410,6 +1417,7 @@ ifeq (no,$(nss-crypt)) |
| $(objpfx)tst-linkall-static: \ |
| $(common-objpfx)crypt/libcrypt.a |
| endif |
| +endif |
| |
| # The application depends on the DSO, and the DSO loads the plugin. |
| # The plugin also depends on the DSO. This creates the circular |
| diff --git a/elf/tst-linkall-static.c b/elf/tst-linkall-static.c |
| index e8df38f74e..0ffae7c723 100644 |
| --- a/elf/tst-linkall-static.c |
| +++ b/elf/tst-linkall-static.c |
| @@ -18,7 +18,9 @@ |
| |
| #include <math.h> |
| #include <pthread.h> |
| +#if USE_CRYPT |
| #include <crypt.h> |
| +#endif |
| #include <resolv.h> |
| #include <dlfcn.h> |
| #include <utmp.h> |
| diff --git a/posix/unistd.h b/posix/unistd.h |
| index 4d149f9945..e75ce4d4ec 100644 |
| --- a/posix/unistd.h |
| +++ b/posix/unistd.h |
| @@ -107,9 +107,6 @@ __BEGIN_DECLS |
| /* The X/Open Unix extensions are available. */ |
| #define _XOPEN_UNIX 1 |
| |
| -/* Encryption is present. */ |
| -#define _XOPEN_CRYPT 1 |
| - |
| /* The enhanced internationalization capabilities according to XPG4.2 |
| are present. */ |
| #define _XOPEN_ENH_I18N 1 |
| @@ -1118,20 +1115,7 @@ ssize_t copy_file_range (int __infd, __off64_t *__pinoff, |
| extern int fdatasync (int __fildes); |
| #endif /* Use POSIX199309 */ |
| |
| - |
| -/* XPG4.2 specifies that prototypes for the encryption functions must |
| - be defined here. */ |
| #ifdef __USE_XOPEN |
| -/* Encrypt at most 8 characters from KEY using salt to perturb DES. */ |
| -extern char *crypt (const char *__key, const char *__salt) |
| - __THROW __nonnull ((1, 2)); |
| - |
| -/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt |
| - block in place. */ |
| -extern void encrypt (char *__glibc_block, int __edflag) |
| - __THROW __nonnull ((1)); |
| - |
| - |
| /* Swab pairs bytes in the first N bytes of the area pointed to by |
| FROM and copy the result to TO. The value of TO must not be in the |
| range [FROM - N + 1, FROM - 1]. If N is odd the first byte in FROM |
| diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h |
| index 6b1ead31e0..8e23e93557 100644 |
| --- a/stdlib/stdlib.h |
| +++ b/stdlib/stdlib.h |
| @@ -958,12 +958,6 @@ extern int getsubopt (char **__restrict __optionp, |
| #endif |
| |
| |
| -#ifdef __USE_XOPEN |
| -/* Setup DES tables according KEY. */ |
| -extern void setkey (const char *__key) __THROW __nonnull ((1)); |
| -#endif |
| - |
| - |
| /* X/Open pseudo terminal handling. */ |
| |
| #ifdef __USE_XOPEN2KXSI |
| diff --git a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile |
| index a6d08f3a00..d8b8297fb0 100644 |
| --- a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile |
| +++ b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile |
| @@ -1,6 +1,8 @@ |
| ifeq ($(subdir),crypt) |
| +ifeq ($(build-obsolete-crypt),yes) |
| libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop |
| endif |
| +endif |
| |
| ifeq ($(subdir),locale) |
| localedef-aux += md5-crop |
| diff --git a/sysdeps/sparc/sparc64/multiarch/Makefile b/sysdeps/sparc/sparc64/multiarch/Makefile |
| index eaf758e7aa..0198f9886f 100644 |
| --- a/sysdeps/sparc/sparc64/multiarch/Makefile |
| +++ b/sysdeps/sparc/sparc64/multiarch/Makefile |
| @@ -1,6 +1,8 @@ |
| ifeq ($(subdir),crypt) |
| +ifeq ($(build-obsolete-crypt),yes) |
| libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop |
| endif |
| +endif |
| |
| ifeq ($(subdir),locale) |
| localedef-aux += md5-crop |
| diff --git a/sysdeps/unix/sysv/linux/arm/Makefile b/sysdeps/unix/sysv/linux/arm/Makefile |
| index 4adc35de04..6cab4f3a31 100644 |
| --- a/sysdeps/unix/sysv/linux/arm/Makefile |
| +++ b/sysdeps/unix/sysv/linux/arm/Makefile |
| @@ -19,8 +19,10 @@ endif |
| # Add a syscall function to each library that needs one. |
| |
| ifeq ($(subdir),crypt) |
| +ifeq ($(build-obsolete-crypt),yes) |
| libcrypt-sysdep_routines += libc-do-syscall |
| endif |
| +endif |
| |
| ifeq ($(subdir),rt) |
| librt-sysdep_routines += libc-do-syscall |
| -- |
| 2.16.0 |
| |