Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 1 | Background information: |
| 2 | |
| 3 | https://sourceware.org/ml/libc-alpha/2017-08/msg01257.html |
| 4 | https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt |
| 5 | |
| 6 | Upstream-Status: Submitted [libc-alpha@sourceware.org] |
| 7 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
| 8 | |
| 9 | From: Zack Weinberg <zackw@panix.com> |
| 10 | Subject: [PATCH] Deprecate libcrypt and don't build it by default |
| 11 | |
| 12 | Back in June, Björn Esser proposed to add OpenBSD-compatible bcrypt |
| 13 | support to our implementation of crypt(3), and Zack Weinberg replied |
| 14 | that it might actually make more sense to _remove_ libcrypt from |
| 15 | glibc, freeing up libcrypt.so.1 and crypt.h to be provided by a |
| 16 | separate project that could move faster. (For instance, libxcrypt: |
| 17 | https://github.com/besser82/libxcrypt) |
| 18 | |
| 19 | This patch disables build and installation of libcrypt by default. It |
| 20 | can be re-enabled with --enable-obsolete-crypt to configure. Unlike |
| 21 | libnsl, we do *not* install a runtime shared library; that's left to |
| 22 | the replacement. (Unlike the SunRPC situation, I think we can |
| 23 | probably drop this code altogether in a release or two.) |
| 24 | |
| 25 | The function prototypes for crypt and encrypt are removed from |
| 26 | unistd.h, and the function prototype for setkey is removed from |
| 27 | stdlib.h; they do *not* come back with --enable-obsolete-crypt. This |
| 28 | means glibc no longer provides the POSIX CRYPT option, and the macro |
| 29 | _XOPEN_CRYPT is also removed from unistd.h to indicate that. |
| 30 | (_SC_XOPEN_CRYPT is still defined, but sysconf(_SC_XOPEN_CRYPT) will |
| 31 | return -1 at runtime.) These functions are also unconditionally |
| 32 | removed from conform/data/{stdlib,unistd}.h-data. |
| 33 | |
| 34 | * posix/unistd.h (_XOPEN_CRYPT, crypt, encrypt): Don't declare. |
| 35 | * stdlib/stdlib.h (setkey): Don't declare. |
| 36 | |
| 37 | * configure.ac (--enable-obsolete-crypt): New configure option. |
| 38 | * configure: Regenerate. |
| 39 | * config.make.in (build-obsolete-crypt): New makefile variable. |
| 40 | * crypt/Banner: Delete file. |
| 41 | * crypt/Makefile: Don't build anything unless |
| 42 | $(build-obsolete-crypt) is 'yes'. |
| 43 | * sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile: Only add things |
| 44 | to libcrypt-sysdep_routines when $(build-obsolete-crypt) is 'yes'. |
| 45 | * sysdeps/sparc/sparc64/multiarch/Makefile: Likewise. |
| 46 | * sysdeps/unix/sysv/linux/arm/Makefile: Likewise. |
| 47 | |
| 48 | * conform/Makefile: Only include libcrypt.a in linknamespace tests |
| 49 | when $(build-obsolete-crypt) is 'yes'. |
| 50 | * conform/data/stdlib.h-data (setkey): Don't expect. |
| 51 | * conform/data/unistd.h-data (crypt, encrypt): Don't expect. |
| 52 | * elf/Makefile: Only perform various tests of libcrypt.so/libcrypt.a |
| 53 | when $(build-obsolete-crypt) is 'yes'. |
| 54 | * elf/tst-linkall-static.c: Don't include crypt.h when USE_CRYPT |
| 55 | is false. |
| 56 | --- |
| 57 | NEWS | 18 ++++++++++++++++++ |
| 58 | config.make.in | 1 + |
| 59 | configure | 13 +++++++++++++ |
| 60 | configure.ac | 8 ++++++++ |
| 61 | conform/Makefile | 14 ++++++++++---- |
| 62 | conform/data/stdlib.h-data | 3 --- |
| 63 | conform/data/unistd.h-data | 6 ------ |
| 64 | crypt/Makefile | 5 +++++ |
| 65 | elf/Makefile | 16 ++++++++++++---- |
| 66 | elf/tst-linkall-static.c | 2 ++ |
| 67 | posix/unistd.h | 16 ---------------- |
| 68 | stdlib/stdlib.h | 6 ------ |
| 69 | sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile | 2 ++ |
| 70 | sysdeps/sparc/sparc64/multiarch/Makefile | 2 ++ |
| 71 | sysdeps/unix/sysv/linux/arm/Makefile | 2 ++ |
| 72 | 15 files changed, 75 insertions(+), 39 deletions(-) |
| 73 | |
| 74 | diff --git a/config.make.in b/config.make.in |
| 75 | index 9e5e24b2c6..8fe610d04d 100644 |
| 76 | --- a/config.make.in |
| 77 | +++ b/config.make.in |
| 78 | @@ -82,6 +82,7 @@ mach-interface-list = @mach_interface_list@ |
| 79 | |
| 80 | experimental-malloc = @experimental_malloc@ |
| 81 | |
| 82 | +build-obsolete-crypt = @build_obsolete_crypt@ |
| 83 | nss-crypt = @libc_cv_nss_crypt@ |
| 84 | static-nss-crypt = @libc_cv_static_nss_crypt@ |
| 85 | |
| 86 | diff --git a/configure b/configure |
| 87 | index 7a8bd3f817..46f6bd7f86 100755 |
| 88 | --- a/configure |
| 89 | +++ b/configure |
| 90 | @@ -672,6 +672,7 @@ base_machine |
| 91 | have_tunables |
| 92 | build_pt_chown |
| 93 | build_nscd |
| 94 | +build_obsolete_crypt |
| 95 | build_obsolete_nsl |
| 96 | link_obsolete_rpc |
| 97 | libc_cv_static_nss_crypt |
| 98 | @@ -782,6 +783,7 @@ enable_experimental_malloc |
| 99 | enable_nss_crypt |
| 100 | enable_obsolete_rpc |
| 101 | enable_obsolete_nsl |
| 102 | +enable_obsolete_crypt |
| 103 | enable_systemtap |
| 104 | enable_build_nscd |
| 105 | enable_nscd |
| 106 | @@ -1453,6 +1455,7 @@ Optional Features: |
| 107 | link-time usage |
| 108 | --enable-obsolete-nsl build and install the obsolete libnsl library and |
| 109 | depending NSS modules |
| 110 | + --enable-obsolete-crypt build and install the obsolete libcrypt library |
| 111 | --enable-systemtap enable systemtap static probe points [default=no] |
| 112 | --disable-build-nscd disable building and installing the nscd daemon |
| 113 | --disable-nscd library functions will not contact the nscd daemon |
| 114 | @@ -3632,6 +3635,16 @@ if test "$build_obsolete_nsl" = yes; then |
| 115 | |
| 116 | fi |
| 117 | |
| 118 | +# Check whether --enable-obsolete-crypt was given. |
| 119 | +if test "${enable_obsolete_crypt+set}" = set; then : |
| 120 | + enableval=$enable_obsolete_crypt; build_obsolete_crypt=$enableval |
| 121 | +else |
| 122 | + build_obsolete_crypt=no |
| 123 | +fi |
| 124 | + |
| 125 | + |
| 126 | + |
| 127 | + |
| 128 | # Check whether --enable-systemtap was given. |
| 129 | if test "${enable_systemtap+set}" = set; then : |
| 130 | enableval=$enable_systemtap; systemtap=$enableval |
| 131 | diff --git a/configure.ac b/configure.ac |
| 132 | index ca1282a6b3..0142353740 100644 |
| 133 | --- a/configure.ac |
| 134 | +++ b/configure.ac |
| 135 | @@ -378,6 +378,14 @@ if test "$build_obsolete_nsl" = yes; then |
| 136 | AC_DEFINE(LINK_OBSOLETE_NSL) |
| 137 | fi |
| 138 | |
| 139 | +AC_ARG_ENABLE([obsolete-crypt], |
| 140 | + AC_HELP_STRING([--enable-obsolete-crypt], |
| 141 | + [build and install the obsolete libcrypt library]), |
| 142 | + [build_obsolete_crypt=$enableval], |
| 143 | + [build_obsolete_crypt=no]) |
| 144 | +AC_SUBST(build_obsolete_crypt) |
| 145 | + |
| 146 | + |
| 147 | AC_ARG_ENABLE([systemtap], |
| 148 | [AS_HELP_STRING([--enable-systemtap], |
| 149 | [enable systemtap static probe points @<:@default=no@:>@])], |
| 150 | diff --git a/conform/Makefile b/conform/Makefile |
| 151 | index 864fdeca21..5ef474fb24 100644 |
| 152 | --- a/conform/Makefile |
| 153 | +++ b/conform/Makefile |
| 154 | @@ -193,22 +193,28 @@ linknamespace-libs-thr = $(linknamespace-libs-isoc) \ |
| 155 | $(common-objpfx)rt/librt.a $(static-thread-library) |
| 156 | linknamespace-libs-posix = $(linknamespace-libs-thr) \ |
| 157 | $(common-objpfx)dlfcn/libdl.a |
| 158 | -linknamespace-libs-xsi = $(linknamespace-libs-posix) \ |
| 159 | - $(common-objpfx)crypt/libcrypt.a |
| 160 | +linknamespace-libs-xsi = $(linknamespace-libs-posix) |
| 161 | linknamespace-libs-ISO = $(linknamespace-libs-isoc) |
| 162 | linknamespace-libs-ISO99 = $(linknamespace-libs-isoc) |
| 163 | linknamespace-libs-ISO11 = $(linknamespace-libs-isoc) |
| 164 | -linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) \ |
| 165 | - $(common-objpfx)crypt/libcrypt.a |
| 166 | +linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) |
| 167 | linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4) |
| 168 | linknamespace-libs-POSIX = $(linknamespace-libs-thr) |
| 169 | linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi) |
| 170 | linknamespace-libs-XOPEN2K = $(linknamespace-libs-xsi) |
| 171 | linknamespace-libs-POSIX2008 = $(linknamespace-libs-posix) |
| 172 | linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi) |
| 173 | + |
| 174 | +ifeq ($(build-obsolete-crypt),yes) |
| 175 | +linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a |
| 176 | +linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a |
| 177 | +endif |
| 178 | + |
| 179 | linknamespace-libs = $(foreach std,$(conformtest-standards),\ |
| 180 | $(linknamespace-libs-$(std))) |
| 181 | |
| 182 | + |
| 183 | + |
| 184 | $(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \ |
| 185 | $(linknamespace-libs) |
| 186 | LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \ |
| 187 | diff --git a/conform/data/stdlib.h-data b/conform/data/stdlib.h-data |
| 188 | index d8fcccc2fb..6913828196 100644 |
| 189 | --- a/conform/data/stdlib.h-data |
| 190 | +++ b/conform/data/stdlib.h-data |
| 191 | @@ -149,9 +149,6 @@ function {unsigned short int*} seed48 (unsigned short int[3]) |
| 192 | #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98 |
| 193 | function int setenv (const char*, const char*, int) |
| 194 | #endif |
| 195 | -#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008 |
| 196 | -function void setkey (const char*) |
| 197 | -#endif |
| 198 | #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008 |
| 199 | function {char*} setstate (char*) |
| 200 | #endif |
| 201 | diff --git a/conform/data/unistd.h-data b/conform/data/unistd.h-data |
| 202 | index ddf4f25132..aa070528e8 100644 |
| 203 | --- a/conform/data/unistd.h-data |
| 204 | +++ b/conform/data/unistd.h-data |
| 205 | @@ -437,9 +437,6 @@ function int chroot (const char*) |
| 206 | function int chown (const char*, uid_t, gid_t) |
| 207 | function int close (int) |
| 208 | function size_t confstr (int, char*, size_t) |
| 209 | -#if !defined POSIX && !defined POSIX2008 |
| 210 | -function {char*} crypt (const char*, const char*) |
| 211 | -#endif |
| 212 | #if defined XPG4 || defined XPG42 || defined UNIX98 |
| 213 | function {char*} ctermid (char*) |
| 214 | function {char*} cuserid (char*) |
| 215 | @@ -449,9 +446,6 @@ allow cuserid |
| 216 | #endif |
| 217 | function int dup (int) |
| 218 | function int dup2 (int, int) |
| 219 | -#if !defined POSIX && !defined POSIX2008 |
| 220 | -function void encrypt (char[64], int) |
| 221 | -#endif |
| 222 | function int execl (const char*, const char*, ...) |
| 223 | function int execle (const char*, const char*, ...) |
| 224 | function int execlp (const char*, const char*, ...) |
| 225 | diff --git a/crypt/Makefile b/crypt/Makefile |
| 226 | index 303800df73..024ec2c6ab 100644 |
| 227 | --- a/crypt/Makefile |
| 228 | +++ b/crypt/Makefile |
| 229 | @@ -22,6 +22,8 @@ subdir := crypt |
| 230 | |
| 231 | include ../Makeconfig |
| 232 | |
| 233 | +ifeq ($(build-obsolete-crypt),yes) |
| 234 | + |
| 235 | headers := crypt.h |
| 236 | |
| 237 | extra-libs := libcrypt |
| 238 | @@ -52,9 +54,11 @@ tests += md5test sha256test sha512test |
| 239 | # machine over a minute. |
| 240 | xtests = md5test-giant |
| 241 | endif |
| 242 | +endif |
| 243 | |
| 244 | include ../Rules |
| 245 | |
| 246 | +ifeq ($(build-obsolete-crypt),yes) |
| 247 | ifneq ($(nss-crypt),yes) |
| 248 | md5-routines := md5 $(filter md5%,$(libcrypt-sysdep_routines)) |
| 249 | sha256-routines := sha256 $(filter sha256%,$(libcrypt-sysdep_routines)) |
| 250 | @@ -71,3 +75,4 @@ $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so |
| 251 | else |
| 252 | $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a |
| 253 | endif |
| 254 | +endif |
| 255 | diff --git a/elf/Makefile b/elf/Makefile |
| 256 | index 2a432d8bee..366f7b80ec 100644 |
| 257 | --- a/elf/Makefile |
| 258 | +++ b/elf/Makefile |
| 259 | @@ -385,15 +385,19 @@ $(objpfx)tst-_dl_addr_inside_object: $(objpfx)dl-addr-obj.os |
| 260 | CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag) |
| 261 | endif |
| 262 | |
| 263 | -# By default tst-linkall-static should try to use crypt routines to test |
| 264 | -# static libcrypt use. |
| 265 | -CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1 |
| 266 | +ifeq ($(build-obsolete-crypt),yes) |
| 267 | +# If the libcrypt library is being built, tst-linkall-static should |
| 268 | +# try to use crypt routines to test static libcrypt use. |
| 269 | +CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=1 |
| 270 | # However, if we are using NSS crypto and we don't have a static |
| 271 | # library, then we exclude the use of crypt functions in the test. |
| 272 | # We similarly exclude libcrypt.a from the static link (see below). |
| 273 | ifeq (yesno,$(nss-crypt)$(static-nss-crypt)) |
| 274 | CFLAGS-tst-linkall-static.c += -UUSE_CRYPT -DUSE_CRYPT=0 |
| 275 | endif |
| 276 | +else |
| 277 | +CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=0 |
| 278 | +endif |
| 279 | |
| 280 | include ../Rules |
| 281 | |
| 282 | @@ -1113,8 +1117,10 @@ localplt-built-dso := $(addprefix $(common-objpfx),\ |
| 283 | rt/librt.so \ |
| 284 | dlfcn/libdl.so \ |
| 285 | resolv/libresolv.so \ |
| 286 | - crypt/libcrypt.so \ |
| 287 | ) |
| 288 | +ifeq ($(build-obsolete-crypt),yes) |
| 289 | +localplt-built-dso += $(addprefix $(common-objpfx), crypt/libcrypt.so) |
| 290 | +endif |
| 291 | ifeq ($(build-mathvec),yes) |
| 292 | localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so) |
| 293 | endif |
| 294 | @@ -1395,6 +1401,7 @@ $(objpfx)tst-linkall-static: \ |
| 295 | $(common-objpfx)resolv/libanl.a \ |
| 296 | $(static-thread-library) |
| 297 | |
| 298 | +ifeq ($(build-obsolete-crypt),yes) |
| 299 | # If we are using NSS crypto and we have the ability to link statically |
| 300 | # then we include libcrypt.a, otherwise we leave out libcrypt.a and |
| 301 | # link as much as we can into the tst-linkall-static test. This assumes |
| 302 | @@ -1410,6 +1417,7 @@ ifeq (no,$(nss-crypt)) |
| 303 | $(objpfx)tst-linkall-static: \ |
| 304 | $(common-objpfx)crypt/libcrypt.a |
| 305 | endif |
| 306 | +endif |
| 307 | |
| 308 | # The application depends on the DSO, and the DSO loads the plugin. |
| 309 | # The plugin also depends on the DSO. This creates the circular |
| 310 | diff --git a/elf/tst-linkall-static.c b/elf/tst-linkall-static.c |
| 311 | index e8df38f74e..0ffae7c723 100644 |
| 312 | --- a/elf/tst-linkall-static.c |
| 313 | +++ b/elf/tst-linkall-static.c |
| 314 | @@ -18,7 +18,9 @@ |
| 315 | |
| 316 | #include <math.h> |
| 317 | #include <pthread.h> |
| 318 | +#if USE_CRYPT |
| 319 | #include <crypt.h> |
| 320 | +#endif |
| 321 | #include <resolv.h> |
| 322 | #include <dlfcn.h> |
| 323 | #include <utmp.h> |
| 324 | diff --git a/posix/unistd.h b/posix/unistd.h |
| 325 | index 4d149f9945..e75ce4d4ec 100644 |
| 326 | --- a/posix/unistd.h |
| 327 | +++ b/posix/unistd.h |
| 328 | @@ -107,9 +107,6 @@ __BEGIN_DECLS |
| 329 | /* The X/Open Unix extensions are available. */ |
| 330 | #define _XOPEN_UNIX 1 |
| 331 | |
| 332 | -/* Encryption is present. */ |
| 333 | -#define _XOPEN_CRYPT 1 |
| 334 | - |
| 335 | /* The enhanced internationalization capabilities according to XPG4.2 |
| 336 | are present. */ |
| 337 | #define _XOPEN_ENH_I18N 1 |
| 338 | @@ -1118,20 +1115,7 @@ ssize_t copy_file_range (int __infd, __off64_t *__pinoff, |
| 339 | extern int fdatasync (int __fildes); |
| 340 | #endif /* Use POSIX199309 */ |
| 341 | |
| 342 | - |
| 343 | -/* XPG4.2 specifies that prototypes for the encryption functions must |
| 344 | - be defined here. */ |
| 345 | #ifdef __USE_XOPEN |
| 346 | -/* Encrypt at most 8 characters from KEY using salt to perturb DES. */ |
| 347 | -extern char *crypt (const char *__key, const char *__salt) |
| 348 | - __THROW __nonnull ((1, 2)); |
| 349 | - |
| 350 | -/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt |
| 351 | - block in place. */ |
| 352 | -extern void encrypt (char *__glibc_block, int __edflag) |
| 353 | - __THROW __nonnull ((1)); |
| 354 | - |
| 355 | - |
| 356 | /* Swab pairs bytes in the first N bytes of the area pointed to by |
| 357 | FROM and copy the result to TO. The value of TO must not be in the |
| 358 | range [FROM - N + 1, FROM - 1]. If N is odd the first byte in FROM |
| 359 | diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h |
| 360 | index 6b1ead31e0..8e23e93557 100644 |
| 361 | --- a/stdlib/stdlib.h |
| 362 | +++ b/stdlib/stdlib.h |
| 363 | @@ -958,12 +958,6 @@ extern int getsubopt (char **__restrict __optionp, |
| 364 | #endif |
| 365 | |
| 366 | |
| 367 | -#ifdef __USE_XOPEN |
| 368 | -/* Setup DES tables according KEY. */ |
| 369 | -extern void setkey (const char *__key) __THROW __nonnull ((1)); |
| 370 | -#endif |
| 371 | - |
| 372 | - |
| 373 | /* X/Open pseudo terminal handling. */ |
| 374 | |
| 375 | #ifdef __USE_XOPEN2KXSI |
| 376 | diff --git a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile |
| 377 | index a6d08f3a00..d8b8297fb0 100644 |
| 378 | --- a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile |
| 379 | +++ b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile |
| 380 | @@ -1,6 +1,8 @@ |
| 381 | ifeq ($(subdir),crypt) |
| 382 | +ifeq ($(build-obsolete-crypt),yes) |
| 383 | libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop |
| 384 | endif |
| 385 | +endif |
| 386 | |
| 387 | ifeq ($(subdir),locale) |
| 388 | localedef-aux += md5-crop |
| 389 | diff --git a/sysdeps/sparc/sparc64/multiarch/Makefile b/sysdeps/sparc/sparc64/multiarch/Makefile |
| 390 | index eaf758e7aa..0198f9886f 100644 |
| 391 | --- a/sysdeps/sparc/sparc64/multiarch/Makefile |
| 392 | +++ b/sysdeps/sparc/sparc64/multiarch/Makefile |
| 393 | @@ -1,6 +1,8 @@ |
| 394 | ifeq ($(subdir),crypt) |
| 395 | +ifeq ($(build-obsolete-crypt),yes) |
| 396 | libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop |
| 397 | endif |
| 398 | +endif |
| 399 | |
| 400 | ifeq ($(subdir),locale) |
| 401 | localedef-aux += md5-crop |
| 402 | diff --git a/sysdeps/unix/sysv/linux/arm/Makefile b/sysdeps/unix/sysv/linux/arm/Makefile |
| 403 | index 4adc35de04..6cab4f3a31 100644 |
| 404 | --- a/sysdeps/unix/sysv/linux/arm/Makefile |
| 405 | +++ b/sysdeps/unix/sysv/linux/arm/Makefile |
| 406 | @@ -19,8 +19,10 @@ endif |
| 407 | # Add a syscall function to each library that needs one. |
| 408 | |
| 409 | ifeq ($(subdir),crypt) |
| 410 | +ifeq ($(build-obsolete-crypt),yes) |
| 411 | libcrypt-sysdep_routines += libc-do-syscall |
| 412 | endif |
| 413 | +endif |
| 414 | |
| 415 | ifeq ($(subdir),rt) |
| 416 | librt-sysdep_routines += libc-do-syscall |
| 417 | -- |
| 418 | 2.16.0 |
| 419 | |