From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 06 May 2022 13:53:50 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nmwWs-003h90-Qv for lore@lore.pengutronix.de; Fri, 06 May 2022 13:53:50 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nmwWr-0004Zs-Tn; Fri, 06 May 2022 13:53:49 +0200 Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nmwWi-0004Zb-1M; Fri, 06 May 2022 13:53:41 +0200 Date: Fri, 6 May 2022 13:53:30 +0200 From: Alexander Dahl To: Andreas Helmcke Message-ID: Mail-Followup-To: Andreas Helmcke , ptxdist@pengutronix.de, m.olbrich@pengutronix.de References: <6c96f889fd74c14b7153d621e46cc1248ddfc0cb.camel@pengutronix.de> <20190923100706.1994-1-b.esser@pengutronix.de> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH v7] libxcrypt: new package X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: m.olbrich@pengutronix.de, ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Hello Andreas, from my side only some more nitpicks on the process, not the content … see below. ;-) Am Fri, May 06, 2022 at 01:27:35PM +0200 schrieb Andreas Helmcke: > Also implement the needed logic to (optionally) replace > the libcrypt from the selected libc with libxcrypt. > > libxcrypt is a modern library for one-way hashing of passwords. > It supports a wide variety of both modern and historical hashing > methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, > sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, > and descrypt. It provides the traditional Unix crypt and crypt_r > interfaces, as well as a set of extended interfaces pioneered by > Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn, > and crypt_gensalt_ra. > > libxcrypt is intended to be used by login(1), passwd(1), and other > similar programs; that is, to hash a small number of passwords > during an interactive authentication dialogue with a human. It is > not suitable for use in bulk password-cracking applications, or in > any other situation where speed is more important than careful > handling of sensitive data. However, it is intended to be fast and > lightweight enough for use in servers that must field thousands of > login attempts per minute. > > Co-authored-by: Andreas Helmcke > Signed-off-by: Andreas Helmcke > Signed-off-by: Björn Esser This looks now like you authored the patch (From:), co-authored it (makes no sense), and Björn signed it, which is probably questionable for v7. Did you mean Co-authored-by: Björn …? > --- > v6 -> v7: > - Applied the changes recommend by Michael Olbrich > > v5 -> v6: (by Andreas Helmcke) > - Updated commit message to properly address authors > > v4 -> v5: (by Andreas Helmcke) > - Update libxcrypt 4.4.10 -> 4.4.24 > - Changed download url to official tar, which does not need autoconf > - Changed the config variable names to reflect menu structure > - Corrected two typos > > original work by Björn Esser : > v3 -> v4: > - Update libxcrypt 4.4.9 -> 4.4.10 > > v2 -> v3: > - Added 3 files that also needed minor adaptions and I forgot to add > to the initial patch. > > v1 -> v2: > - Adapt the two remarks pointed out by Dennis Osterland > > rules/glibc.in | 3 +- > rules/libc.in | 8 +++-- > rules/libxcrypt.in | 42 ++++++++++++++++++++++++++ > rules/libxcrypt.make | 71 ++++++++++++++++++++++++++++++++++++++++++++ > rules/uclibc.in | 3 +- > 5 files changed, 123 insertions(+), 4 deletions(-) > create mode 100644 rules/libxcrypt.in > create mode 100644 rules/libxcrypt.make All the changes for the three non new files do not apply cleanly on recent ptxdist master. I would rebase or pass '--base xyz' to git format-patch. Greets Alex > > diff --git a/rules/glibc.in b/rules/glibc.in > index 16e5e84d1..e574bc8f0 100644 > --- a/rules/glibc.in > +++ b/rules/glibc.in > @@ -81,7 +81,8 @@ config GLIBC_DL > > config GLIBC_CRYPT > bool > - prompt "Install libcrypt" > + prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT > + default no if !LIBC_CRYPT_NATIVE_CRYPT > help > The encryption/decryption library > > diff --git a/rules/libc.in b/rules/libc.in > index 1614affd9..f2e56fa62 100644 > --- a/rules/libc.in > +++ b/rules/libc.in > @@ -27,6 +27,10 @@ choice > prompt "uClibc " > endchoice > > +config LIBC_CRYPT_NATIVE_CRYPT > + bool > + default !LIBXCRYPT > + > source "generated/libc.in" > > endif > @@ -59,8 +63,8 @@ config LIBC_DL > > config LIBC_CRYPT > bool > - select GLIBC_CRYPT if LIBC_GLIBC > - select UCLIBC_CRYPT if LIBC_UCLIBC > + select GLIBC_CRYPT if LIBC_GLIBC && > LIBC_CRYPT_NATIVE_CRYPT > + select UCLIBC_CRYPT if LIBC_UCLIBC && > LIBC_CRYPT_NATIVE_CRYPT > > config LIBC_UTIL > bool > diff --git a/rules/libxcrypt.in b/rules/libxcrypt.in > new file mode 100644 > index 000000000..01f9dd4b1 > --- /dev/null > +++ b/rules/libxcrypt.in > @@ -0,0 +1,42 @@ > +## SECTION=system_libraries > + > +menuconfig LIBXCRYPT > + bool > + prompt "libxcrypt " > + help > + Extended crypt library for descrypt, md5crypt, bcrypt, and others. > + > + libxcrypt is a modern library for one-way hashing of passwords. > + It supports a wide variety of both modern and historical hashing > + methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, > + sha256crypt, md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, > + and descrypt. It provides the traditional Unix crypt and crypt_r > + interfaces, as well as a set of extended interfaces pioneered by > + Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, > + crypt_gensalt_rn, and crypt_gensalt_ra. > + > + libxcrypt is intended to be used by login(1), passwd(1), and other > + similar programs; that is, to hash a small number of passwords > + during an interactive authentication dialogue with a human. It is > + not suitable for use in bulk password-cracking applications, or in > + any other situation where speed is more important than careful > + handling of sensitive data. However, it is intended to be fast > and > + lightweight enough for use in servers that must field thousands of > + login attempts per minute. > + > +if LIBXCRYPT > + > +config LIBXCRYPT_OBSOLETE_STUBS > + bool > + prompt "Replace obsolete functions with non-functional stubs" > + help > + If enabled, this option replaces the obsolete APIs (fcrypt, > + encrypt{,_r}, and setkey{,_r}) with stubs that set errno to > + ENOSYS and return without performing any real operations. > + > + For security reasons, the encrypt{,r} functions will also > + overwrite their data-block argument with random bits. > + > + The fcrypt function will also always return NULL-pointer. > + > +endif > diff --git a/rules/libxcrypt.make b/rules/libxcrypt.make > new file mode 100644 > index 000000000..930d91e8b > --- /dev/null > +++ b/rules/libxcrypt.make > @@ -0,0 +1,71 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2019 by Bjoern Esser > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_LIBXCRYPT) += libxcrypt > + > +# > +# Paths and names > +# > +LIBXCRYPT_VERSION := 4.4.28 > +LIBXCRYPT_MD5 := 0b873e641ae201e5e7470cf791c0fe16 > +LIBXCRYPT := libxcrypt-$(LIBXCRYPT_VERSION) > +LIBXCRYPT_SUFFIX := tar.xz > +LIBXCRYPT_URL := https://github.com/besser82/libxcrypt/releases/download/v$(LIBXCRYPT_VERSION)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX) > +LIBXCRYPT_SOURCE := $(SRCDIR)/$(LIBXCRYPT).$(LIBXCRYPT_SUFFIX) > +LIBXCRYPT_DIR := $(BUILDDIR)/$(LIBXCRYPT) > +LIBXCRYPT_LICENSE := LGPL-2.1-or-later AND BSD-3-Clause AND > BSD-2-Clause AND 0BSD AND public_domain > +LIBXCRYPT_LICENSE_MD5 := > file://LICENSING;md5=3bb6614cf5880cbf1b9dbd9e3d145e2c > + > +# > ---------------------------------------------------------------------------- > +# Prepare > +# > ---------------------------------------------------------------------------- > + > +# > +# options > +# > + > +# Hash methods enabled by default. > +HASH_METHODS := glibc,strong > + > +# > +# autoconf > +# > +LIBXCRYPT_CONF_TOOL := autoconf > +LIBXCRYPT_CONF_OPT := \ > + $(CROSS_AUTOCONF_USR) \ > + --disable-failure-tokens \ > + --disable-static \ > + --disable-valgrind \ > + --enable-obsolete-api \ > + --enable-obsolete-api-enosys=$(call > ptx/ifdef,PTXCONF_LIBXCRYPT_OBSOLETE_STUBS,yes,no) \ > + --enable-hashes=$(HASH_METHODS) \ > + --enable-xcrypt-compat-files > + > +# > ---------------------------------------------------------------------------- > +# Target-Install > +# > ---------------------------------------------------------------------------- > + > +$(STATEDIR)/libxcrypt.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, libxcrypt) > + @$(call install_fixup, libxcrypt,PRIORITY,optional) > + @$(call install_fixup, libxcrypt,SECTION,base) > + @$(call install_fixup, libxcrypt,AUTHOR,"Bjoern Esser > ") > + @$(call install_fixup, libxcrypt,DESCRIPTION,Extended crypt library) > + > + @$(call install_lib, libxcrypt, 0, 0, 0644, libcrypt) > + > + @$(call install_finish, libxcrypt) > + > + @$(call touch) > + > +# vim: syntax=make > diff --git a/rules/uclibc.in b/rules/uclibc.in > index 1fa99eba5..39d8ca3d7 100644 > --- a/rules/uclibc.in > +++ b/rules/uclibc.in > @@ -26,7 +26,8 @@ config UCLIBC_C > > config UCLIBC_CRYPT > bool > - prompt "Install libcrypt" > + prompt "Install libcrypt" if LIBC_CRYPT_NATIVE_CRYPT > + default no if !LIBC_CRYPT_NATIVE_CRYPT > help > The encryption/decryption library > > -- > 2.34.1 >