Re: [ptxdist] [PATCH v7] libxcrypt: new package

[Alexander Dahl <ada@thorsis.com>]

Hello Andreas,

from my side only some more nitpicks on the process, not the content …
see below. ;-)

Am Fri, May 06, 2022 at 01:27:35PM +0200 schrieb Andreas Helmcke:
> Also implement the needed logic to (optionally) replace
> the libcrypt from the selected libc with libxcrypt.
> 
> libxcrypt is a modern library for one-way hashing of passwords.
> It supports a wide variety of both modern and historical hashing
> methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt,
> sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt,
> and descrypt. It provides the traditional Unix crypt and crypt_r
> interfaces, as well as a set of extended interfaces pioneered by
> Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn,
> and crypt_gensalt_ra.
> 
> libxcrypt is intended to be used by login(1), passwd(1), and other
> similar programs; that is, to hash a small number of passwords
> during an interactive authentication dialogue with a human.  It is
> not suitable for use in bulk password-cracking applications, or in
> any other situation where speed is more important than careful
> handling of sensitive data.  However, it is intended to be fast and
> lightweight enough for use in servers that must field thousands of
> login attempts per minute.
> 
> Co-authored-by: Andreas Helmcke <ahe@helmcke.name>
> Signed-off-by: Andreas Helmcke <ahe@helmcke.name>
> Signed-off-by: Björn Esser <bes@pengutronix.de>

This looks now like you authored the patch (From:), co-authored it
(makes no sense), and Björn signed it, which is probably questionable
for v7.  Did you mean Co-authored-by: Björn …?

> ---
> v6 -> v7:
>   - Applied the changes recommend by Michael Olbrich
> 
> v5 -> v6: (by Andreas Helmcke)
>   - Updated commit message to properly address authors
> 
> v4 -> v5: (by Andreas Helmcke)
>   - Update libxcrypt 4.4.10 -> 4.4.24
>   - Changed download url to official tar, which does not need autoconf
>   - Changed the config variable names to reflect menu structure
>   - Corrected two typos
> 
> original work by Björn Esser :
> v3 -> v4:
>   - Update libxcrypt 4.4.9 -> 4.4.10
> 
> v2 -> v3:
>   - Added 3 files that also needed minor adaptions and I forgot to add
>     to the initial patch.
> 
> v1 -> v2:
>   - Adapt the two remarks pointed out by Dennis Osterland
> 
>  rules/glibc.in       |  3 +-
>  rules/libc.in        |  8 +++--
>  rules/libxcrypt.in   | 42 ++++++++++++++++++++++++++
>  rules/libxcrypt.make | 71 ++++++++++++++++++++++++++++++++++++++++++++
>  rules/uclibc.in      |  3 +-
>  5 files changed, 123 insertions(+), 4 deletions(-)
>  create mode 100644 rules/libxcrypt.in
>  create mode 100644 rules/libxcrypt.make

All the changes for the three non new files do not apply cleanly on
recent ptxdist master.  I would rebase or pass '--base xyz' to git
format-patch.

Greets
Alex

> 
> diff --git a/rules/glibc.in b/rules/glibc.in
> index 16e5e84d1..e574bc8f0 100644
> --- a/rules/glibc.in
> +++ b/rules/glibc.in
> @@ -81,7 +81,8 @@ config GLIBC_DL
> 
>  config GLIBC_CRYPT
>         bool
> -       prompt "Install libcrypt"
> +       prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT
> +       default no if !LIBC_CRYPT_NATIVE_CRYPT
>         help
>           The encryption/decryption library
> 
> diff --git a/rules/libc.in b/rules/libc.in
> index 1614affd9..f2e56fa62 100644
> --- a/rules/libc.in
> +++ b/rules/libc.in
> @@ -27,6 +27,10 @@ choice
>                 prompt "uClibc "
>  endchoice
> 
> +config LIBC_CRYPT_NATIVE_CRYPT
> +       bool
> +       default !LIBXCRYPT
> +
>  source "generated/libc.in"
> 
>  endif
> @@ -59,8 +63,8 @@ config LIBC_DL
> 
>  config LIBC_CRYPT
>         bool
> -       select GLIBC_CRYPT              if LIBC_GLIBC
> -       select UCLIBC_CRYPT             if LIBC_UCLIBC
> +       select GLIBC_CRYPT              if LIBC_GLIBC &&
> LIBC_CRYPT_NATIVE_CRYPT
> +       select UCLIBC_CRYPT             if LIBC_UCLIBC &&
> LIBC_CRYPT_NATIVE_CRYPT
> 
>  config LIBC_UTIL
>         bool
> diff --git a/rules/libxcrypt.in b/rules/libxcrypt.in
> new file mode 100644
> index 000000000..01f9dd4b1
> --- /dev/null
> +++ b/rules/libxcrypt.in
> @@ -0,0 +1,42 @@
> +## SECTION=system_libraries
> +
> +menuconfig LIBXCRYPT
> +       bool
> +       prompt "libxcrypt                     "
> +       help
> +         Extended crypt library for descrypt, md5crypt, bcrypt, and others.
> +
> +         libxcrypt is a modern library for one-way hashing of passwords.
> +         It supports a wide variety of both modern and historical hashing
> +         methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt,
> +         sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt,
> +         and descrypt.  It provides the traditional Unix crypt and crypt_r
> +         interfaces, as well as a set of extended interfaces pioneered by
> +         Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt,
> +         crypt_gensalt_rn, and crypt_gensalt_ra.
> +
> +         libxcrypt is intended to be used by login(1), passwd(1), and other
> +         similar programs; that is, to hash a small number of passwords
> +         during an interactive authentication dialogue with a human.  It is
> +         not suitable for use in bulk password-cracking applications, or in
> +         any other situation where speed is more important than careful
> +         handling of sensitive data.  However, it is intended to be fast
> and
> +         lightweight enough for use in servers that must field thousands of
> +         login attempts per minute.
> +
> +if LIBXCRYPT
> +
> +config LIBXCRYPT_OBSOLETE_STUBS
> +       bool
> +       prompt "Replace obsolete functions with non-functional stubs"
> +       help
> +         If enabled, this option replaces the obsolete APIs (fcrypt,
> +         encrypt{,_r}, and setkey{,_r}) with stubs that set errno to
> +         ENOSYS and return without performing any real operations.
> +
> +         For security reasons, the encrypt{,r} functions will also
> +         overwrite their data-block argument with random bits.
> +
> +         The fcrypt function will also always return NULL-pointer.
> +
> +endif
> diff --git a/rules/libxcrypt.make b/rules/libxcrypt.make
> new file mode 100644
> index 000000000..930d91e8b
> --- /dev/null
> +++ b/rules/libxcrypt.make
> @@ -0,0 +1,71 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2019 by Bjoern Esser <bes@pengutronix.de>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_LIBXCRYPT) += libxcrypt
> +
> +#
> +# Paths and names
> +#
> +LIBXCRYPT_VERSION      := 4.4.28
> +LIBXCRYPT_MD5          := 0b873e641ae201e5e7470cf791c0fe16
> +LIBXCRYPT              := libxcrypt-$(LIBXCRYPT_VERSION)
> +LIBXCRYPT_SUFFIX       := tar.xz
> +LIBXCRYPT_URL          := https://github.com/besser82/libxcrypt/releases/download/v$(LIBXCRYPT_VERSION)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX)
> +LIBXCRYPT_SOURCE       := $(SRCDIR)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX)
> +LIBXCRYPT_DIR          := $(BUILDDIR)/$(LIBXCRYPT)
> +LIBXCRYPT_LICENSE      := LGPL-2.1-or-later AND BSD-3-Clause AND
> BSD-2-Clause AND 0BSD AND public_domain
> +LIBXCRYPT_LICENSE_MD5  :=
> file://LICENSING;md5=3bb6614cf5880cbf1b9dbd9e3d145e2c
> +
> +#
> ----------------------------------------------------------------------------
> +# Prepare
> +#
> ----------------------------------------------------------------------------
> +
> +#
> +# options
> +#
> +
> +# Hash methods enabled by default.
> +HASH_METHODS := glibc,strong
> +
> +#
> +# autoconf
> +#
> +LIBXCRYPT_CONF_TOOL    := autoconf
> +LIBXCRYPT_CONF_OPT     := \
> +       $(CROSS_AUTOCONF_USR) \
> +       --disable-failure-tokens \
> +       --disable-static \
> +       --disable-valgrind \
> +       --enable-obsolete-api \
> +       --enable-obsolete-api-enosys=$(call
> ptx/ifdef,PTXCONF_LIBXCRYPT_OBSOLETE_STUBS,yes,no) \
> +       --enable-hashes=$(HASH_METHODS) \
> +       --enable-xcrypt-compat-files
> +
> +#
> ----------------------------------------------------------------------------
> +# Target-Install
> +#
> ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/libxcrypt.targetinstall:
> +       @$(call targetinfo)
> +
> +       @$(call install_init, libxcrypt)
> +       @$(call install_fixup, libxcrypt,PRIORITY,optional)
> +       @$(call install_fixup, libxcrypt,SECTION,base)
> +       @$(call install_fixup, libxcrypt,AUTHOR,"Bjoern Esser
> <bes@pengutronix.de>")
> +       @$(call install_fixup, libxcrypt,DESCRIPTION,Extended crypt library)
> +
> +       @$(call install_lib, libxcrypt, 0, 0, 0644, libcrypt)
> +
> +       @$(call install_finish, libxcrypt)
> +
> +       @$(call touch)
> +
> +# vim: syntax=make
> diff --git a/rules/uclibc.in b/rules/uclibc.in
> index 1fa99eba5..39d8ca3d7 100644
> --- a/rules/uclibc.in
> +++ b/rules/uclibc.in
> @@ -26,7 +26,8 @@ config UCLIBC_C
> 
>  config UCLIBC_CRYPT
>         bool
> -       prompt "Install libcrypt"
> +       prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT
> +       default no if !LIBC_CRYPT_NATIVE_CRYPT
>         help
>           The encryption/decryption library
> 
> -- 
> 2.34.1
>