mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Andreas Helmcke <ahe@helmcke.name>
Cc: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v7] libxcrypt: new package
Date: Fri, 6 May 2022 13:41:38 +0200	[thread overview]
Message-ID: <YnUJcif3QTejmWOf@pengutronix.de> (raw)
In-Reply-To: <b0ed8f66-cc32-e43d-af1b-2dedcd90a62a@helmcke.name>

On Fri, May 06, 2022 at 01:27:35PM +0200, Andreas Helmcke wrote:
> Also implement the needed logic to (optionally) replace
> the libcrypt from the selected libc with libxcrypt.
> 
> libxcrypt is a modern library for one-way hashing of passwords.
> It supports a wide variety of both modern and historical hashing
> methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt,
> sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt,
> and descrypt. It provides the traditional Unix crypt and crypt_r
> interfaces, as well as a set of extended interfaces pioneered by
> Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn,
> and crypt_gensalt_ra.
> 
> libxcrypt is intended to be used by login(1), passwd(1), and other
> similar programs; that is, to hash a small number of passwords
> during an interactive authentication dialogue with a human.  It is
> not suitable for use in bulk password-cracking applications, or in
> any other situation where speed is more important than careful
> handling of sensitive data.  However, it is intended to be fast and
> lightweight enough for use in servers that must field thousands of
> login attempts per minute.
> 
> Co-authored-by: Andreas Helmcke <ahe@helmcke.name>
> Signed-off-by: Andreas Helmcke <ahe@helmcke.name>
> Signed-off-by: Björn Esser <bes@pengutronix.de>

Your Signed-off-by should be the last one.

> ---
> v6 -> v7:
>   - Applied the changes recommend by Michael Olbrich
> 
> v5 -> v6: (by Andreas Helmcke)
>   - Updated commit message to properly address authors
> 
> v4 -> v5: (by Andreas Helmcke)
>   - Update libxcrypt 4.4.10 -> 4.4.24
>   - Changed download url to official tar, which does not need autoconf
>   - Changed the config variable names to reflect menu structure
>   - Corrected two typos
> 
> original work by Björn Esser :
> v3 -> v4:
>   - Update libxcrypt 4.4.9 -> 4.4.10
> 
> v2 -> v3:
>   - Added 3 files that also needed minor adaptions and I forgot to add
>     to the initial patch.
> 
> v1 -> v2:
>   - Adapt the two remarks pointed out by Dennis Osterland
> 
>  rules/glibc.in       |  3 +-
>  rules/libc.in        |  8 +++--
>  rules/libxcrypt.in   | 42 ++++++++++++++++++++++++++
>  rules/libxcrypt.make | 71 ++++++++++++++++++++++++++++++++++++++++++++
>  rules/uclibc.in      |  3 +-
>  5 files changed, 123 insertions(+), 4 deletions(-)
>  create mode 100644 rules/libxcrypt.in
>  create mode 100644 rules/libxcrypt.make
> 
> diff --git a/rules/glibc.in b/rules/glibc.in
> index 16e5e84d1..e574bc8f0 100644
> --- a/rules/glibc.in
> +++ b/rules/glibc.in
> @@ -81,7 +81,8 @@ config GLIBC_DL
> 
>  config GLIBC_CRYPT
>         bool
> -       prompt "Install libcrypt"
> +       prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT
> +       default no if !LIBC_CRYPT_NATIVE_CRYPT
>         help
>           The encryption/decryption library
> 
> diff --git a/rules/libc.in b/rules/libc.in
> index 1614affd9..f2e56fa62 100644
> --- a/rules/libc.in
> +++ b/rules/libc.in
> @@ -27,6 +27,10 @@ choice
>                 prompt "uClibc "
>  endchoice
> 
> +config LIBC_CRYPT_NATIVE_CRYPT
> +       bool
> +       default !LIBXCRYPT
> +
>  source "generated/libc.in"
> 
>  endif
> @@ -59,8 +63,8 @@ config LIBC_DL
> 
>  config LIBC_CRYPT
>         bool
> -       select GLIBC_CRYPT              if LIBC_GLIBC
> -       select UCLIBC_CRYPT             if LIBC_UCLIBC
> +       select GLIBC_CRYPT              if LIBC_GLIBC &&
> LIBC_CRYPT_NATIVE_CRYPT
> +       select UCLIBC_CRYPT             if LIBC_UCLIBC &&
> LIBC_CRYPT_NATIVE_CRYPT
> 
>  config LIBC_UTIL
>         bool
> diff --git a/rules/libxcrypt.in b/rules/libxcrypt.in
> new file mode 100644
> index 000000000..01f9dd4b1
> --- /dev/null
> +++ b/rules/libxcrypt.in
> @@ -0,0 +1,42 @@
> +## SECTION=system_libraries
> +
> +menuconfig LIBXCRYPT
> +       bool
> +       prompt "libxcrypt                     "
> +       help
> +         Extended crypt library for descrypt, md5crypt, bcrypt, and others.
> +
> +         libxcrypt is a modern library for one-way hashing of passwords.
> +         It supports a wide variety of both modern and historical hashing
> +         methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt,
> +         sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt,
> +         and descrypt.  It provides the traditional Unix crypt and crypt_r
> +         interfaces, as well as a set of extended interfaces pioneered by
> +         Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt,
> +         crypt_gensalt_rn, and crypt_gensalt_ra.
> +
> +         libxcrypt is intended to be used by login(1), passwd(1), and other
> +         similar programs; that is, to hash a small number of passwords
> +         during an interactive authentication dialogue with a human.  It is
> +         not suitable for use in bulk password-cracking applications, or in
> +         any other situation where speed is more important than careful
> +         handling of sensitive data.  However, it is intended to be fast
> and
> +         lightweight enough for use in servers that must field thousands of
> +         login attempts per minute.
> +
> +if LIBXCRYPT
> +
> +config LIBXCRYPT_OBSOLETE_STUBS
> +       bool
> +       prompt "Replace obsolete functions with non-functional stubs"
> +       help
> +         If enabled, this option replaces the obsolete APIs (fcrypt,
> +         encrypt{,_r}, and setkey{,_r}) with stubs that set errno to
> +         ENOSYS and return without performing any real operations.
> +
> +         For security reasons, the encrypt{,r} functions will also
> +         overwrite their data-block argument with random bits.
> +
> +         The fcrypt function will also always return NULL-pointer.
> +
> +endif
> diff --git a/rules/libxcrypt.make b/rules/libxcrypt.make
> new file mode 100644
> index 000000000..930d91e8b
> --- /dev/null
> +++ b/rules/libxcrypt.make
> @@ -0,0 +1,71 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2019 by Bjoern Esser <bes@pengutronix.de>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_LIBXCRYPT) += libxcrypt
> +
> +#
> +# Paths and names
> +#
> +LIBXCRYPT_VERSION      := 4.4.28
> +LIBXCRYPT_MD5          := 0b873e641ae201e5e7470cf791c0fe16
> +LIBXCRYPT              := libxcrypt-$(LIBXCRYPT_VERSION)
> +LIBXCRYPT_SUFFIX       := tar.xz
> +LIBXCRYPT_URL          := https://github.com/besser82/libxcrypt/releases/download/v$(LIBXCRYPT_VERSION)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX)
> +LIBXCRYPT_SOURCE       := $(SRCDIR)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX)
> +LIBXCRYPT_DIR          := $(BUILDDIR)/$(LIBXCRYPT)
> +LIBXCRYPT_LICENSE      := LGPL-2.1-or-later AND BSD-3-Clause AND
> BSD-2-Clause AND 0BSD AND public_domain
> +LIBXCRYPT_LICENSE_MD5  :=
> file://LICENSING;md5=3bb6614cf5880cbf1b9dbd9e3d145e2c

There are still extra line breaks here. Maybe send it as an attachment?

Michael

> +
> +#
> ----------------------------------------------------------------------------
> +# Prepare
> +#
> ----------------------------------------------------------------------------
> +
> +#
> +# options
> +#
> +
> +# Hash methods enabled by default.
> +HASH_METHODS := glibc,strong
> +
> +#
> +# autoconf
> +#
> +LIBXCRYPT_CONF_TOOL    := autoconf
> +LIBXCRYPT_CONF_OPT     := \
> +       $(CROSS_AUTOCONF_USR) \
> +       --disable-failure-tokens \
> +       --disable-static \
> +       --disable-valgrind \
> +       --enable-obsolete-api \
> +       --enable-obsolete-api-enosys=$(call
> ptx/ifdef,PTXCONF_LIBXCRYPT_OBSOLETE_STUBS,yes,no) \
> +       --enable-hashes=$(HASH_METHODS) \
> +       --enable-xcrypt-compat-files
> +
> +#
> ----------------------------------------------------------------------------
> +# Target-Install
> +#
> ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/libxcrypt.targetinstall:
> +       @$(call targetinfo)
> +
> +       @$(call install_init, libxcrypt)
> +       @$(call install_fixup, libxcrypt,PRIORITY,optional)
> +       @$(call install_fixup, libxcrypt,SECTION,base)
> +       @$(call install_fixup, libxcrypt,AUTHOR,"Bjoern Esser
> <bes@pengutronix.de>")
> +       @$(call install_fixup, libxcrypt,DESCRIPTION,Extended crypt library)
> +
> +       @$(call install_lib, libxcrypt, 0, 0, 0644, libcrypt)
> +
> +       @$(call install_finish, libxcrypt)
> +
> +       @$(call touch)
> +
> +# vim: syntax=make
> diff --git a/rules/uclibc.in b/rules/uclibc.in
> index 1fa99eba5..39d8ca3d7 100644
> --- a/rules/uclibc.in
> +++ b/rules/uclibc.in
> @@ -26,7 +26,8 @@ config UCLIBC_C
> 
>  config UCLIBC_CRYPT
>         bool
> -       prompt "Install libcrypt"
> +       prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT
> +       default no if !LIBC_CRYPT_NATIVE_CRYPT
>         help
>           The encryption/decryption library
> 
> -- 
> 2.34.1
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



  reply	other threads:[~2022-05-06 11:41 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-16 12:57 [ptxdist] [PATCH] " Björn Esser
2019-09-18  5:41 ` Denis OSTERLAND
2019-09-18  8:41   ` [ptxdist] [PATCH v2] " Björn Esser
2019-09-18  9:57   ` [ptxdist] [PATCH v3] " Björn Esser
2019-09-18 10:06     ` Ahmad Fatoum
2019-09-18 10:34       ` Björn Esser
2019-09-23 10:07         ` [ptxdist] [PATCH v4] " Björn Esser
2019-09-23 10:12           ` Lucas Stach
2019-09-23 10:42             ` Björn Esser
2022-05-04 16:58           ` [ptxdist] [PATCH v5] " Andreas Helmcke
2022-05-05  7:27             ` Alexander Dahl
2022-05-05 12:46               ` [ptxdist] [PATCH v6] " Andreas Helmcke
2022-05-06  8:49                 ` Michael Olbrich
2022-05-06 11:27                   ` [ptxdist] [PATCH v7] " Andreas Helmcke
2022-05-06 11:41                     ` Michael Olbrich [this message]
2022-05-07 20:44                       ` [ptxdist] [PATCH v8] " Andreas Helmcke
2023-10-16 17:01                         ` [ptxdist] [PATCH v9] " Andreas Helmcke
2023-11-10  7:25                           ` [ptxdist] [APPLIED] " Michael Olbrich
2023-11-10  7:32                           ` [ptxdist] [PATCH v9] " Michael Olbrich
2022-05-06 11:53                     ` [ptxdist] [PATCH v7] " Alexander Dahl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YnUJcif3QTejmWOf@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=ahe@helmcke.name \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox