This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 4/4] New configure option --disable-crypt.
On 05/06/2018 07:51 PM, Zack Weinberg wrote:
diff --git a/INSTALL b/INSTALL
index 052b1b6f89..6de609c9d6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -197,6 +197,17 @@ if 'CFLAGS' is specified it must enable optimization. For example:
libnss_nisplus are not built at all. Use this option to enable
libnsl with all depending NSS modules and header files.
+'--disable-crypt'
+ Do not install the password-hashing library 'libcrypt' or the
+ header file 'crypt.h'. 'unistd.h' will still declare the function
+ 'crypt', as required by POSIX. Using this option does not change
+ the set of programs that may need to be linked with '-lcrypt'; it
+ only means that the GNU C Library will not provide that library.
Two spaces after dot; see below.
+ This option is for hackers and distributions experimenting with
+ independently-maintained implementations of libcrypt. It may
+ become the default in a future release.
Okay.
diff --git a/Makeconfig b/Makeconfig
index 1afe86475c..608ffe648c 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -566,7 +566,7 @@ link-libc-printers-tests = $(link-libc-rpath) \
$(link-libc-tests-after-rpath-link)
# This is how to find at build-time things that will be installed there.
-rpath-dirs = math elf dlfcn nss nis rt resolv crypt mathvec support
+rpath-dirs = math elf dlfcn nss nis rt resolv mathvec support
rpath-link = \
$(common-objdir):$(subst $(empty) ,:,$(patsubst ../$(subdir),.,$(rpath-dirs:%=$(common-objpfx)%)))
else # build-static
@@ -1205,9 +1205,14 @@ all-subdirs = csu assert ctype locale intl catgets math setjmp signal \
stdlib stdio-common libio malloc string wcsmbs time dirent \
grp pwd posix io termios resource misc socket sysvipc gmon \
gnulib iconv iconvdata wctype manual shadow gshadow po argp \
- crypt localedata timezone rt conform debug mathvec support \
+ localedata timezone rt conform debug mathvec support \
dlfcn elf
+ifeq ($(build-crypt),yes)
+all-subdirs += crypt
+rpath-dirs += crypt
+endif
Okay.
ifndef avoid-generated
# sysd-sorted itself will contain rules making the sysd-sorted target
# depend on Depend files. But if you just added a Depend file to an
diff --git a/NEWS b/NEWS
index 2fe2da8b59..cfc58f71bb 100644
--- a/NEWS
+++ b/NEWS
@@ -71,6 +71,18 @@ Deprecated and removed features, and other changes affecting compatibility:
encrypt and setkey are not thread-safe. Software that still uses these
functions should switch to a modern cryptography library, such as GnuTLS.
+* We have tentative plans to deprecate glibc's implementation of the
+ password-hashing functions 'crypt' and 'crypt_r'. We will continue
+ to declare crypt in <unistd.h>, as required by POSIX, and programs
+ that use crypt or crypt_r should not need to change at all. However,
+ the header file <crypt.h> and library libcrypt.{a,so} will come from
+ a separate development project that will, we hope, keep up better with
+ new password-hashing algorithms.
+
+ In this release, if the configure option --disable-crypt is used,
+ glibc will not install <crypt.h> or libcrypt. The plan is to make
+ this the default behavior in a future release.
Okay.
diff --git a/config.make.in b/config.make.in
index 9e5e24b2c6..d9891b2cd8 100644
--- a/config.make.in
+++ b/config.make.in
@@ -96,6 +96,7 @@ cross-compiling = @cross_compiling@
force-install = @force_install@
link-obsolete-rpc = @link_obsolete_rpc@
build-obsolete-nsl = @build_obsolete_nsl@
+build-crypt = @build_crypt@
build-nscd = @build_nscd@
use-nscd = @use_nscd@
build-hardcoded-path-in-tests= @hardcoded_path_in_tests@
Okay.
diff --git a/configure b/configure
index 7a8bd3f817..7317c1aee4 100755
--- a/configure
+++ b/configure
Okay (generated file).
diff --git a/configure.ac b/configure.ac
index ca1282a6b3..05e03f2f72 100644
--- a/configure.ac
+++ b/configure.ac
@@ -302,11 +302,22 @@ AC_ARG_ENABLE([experimental-malloc],
[experimental_malloc=yes])
AC_SUBST(experimental_malloc)
+AC_ARG_ENABLE([crypt],
+ AC_HELP_STRING([--disable-crypt],
+ [do not build nor install the password hashing library, libcrypt]),
+ [build_crypt=$enableval],
+ [build_crypt=yes])
+AC_SUBST(build_crypt)
Okay.
AC_ARG_ENABLE([nss-crypt],
AC_HELP_STRING([--enable-nss-crypt],
[enable libcrypt to use nss]),
[nss_crypt=$enableval],
[nss_crypt=no])
+if test x$build_libcrypt = xno && test x$nss_crypt = xyes; then
+ AC_MSG_WARN([--enable-nss-crypt has no effect when libcrypt is disabled])
+ nss_crypt=no
+fi
Okay.
if test x$nss_crypt = xyes; then
nss_includes=-I$(nss-config --includedir 2>/dev/null)
if test $? -ne 0; then
diff --git a/conform/Makefile b/conform/Makefile
index 864fdeca21..74fbda0786 100644
--- a/conform/Makefile
+++ b/conform/Makefile
@@ -193,13 +193,11 @@ linknamespace-libs-thr = $(linknamespace-libs-isoc) \
$(common-objpfx)rt/librt.a $(static-thread-library)
linknamespace-libs-posix = $(linknamespace-libs-thr) \
$(common-objpfx)dlfcn/libdl.a
-linknamespace-libs-xsi = $(linknamespace-libs-posix) \
- $(common-objpfx)crypt/libcrypt.a
+linknamespace-libs-xsi = $(linknamespace-libs-posix)
linknamespace-libs-ISO = $(linknamespace-libs-isoc)
linknamespace-libs-ISO99 = $(linknamespace-libs-isoc)
linknamespace-libs-ISO11 = $(linknamespace-libs-isoc)
-linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) \
- $(common-objpfx)crypt/libcrypt.a
+linknamespace-libs-XPG4 = $(linknamespace-libs-isoc)
linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4)
linknamespace-libs-POSIX = $(linknamespace-libs-thr)
linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi)
@@ -209,6 +207,11 @@ linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi)
linknamespace-libs = $(foreach std,$(conformtest-standards),\
$(linknamespace-libs-$(std)))
+ifeq ($(build-crypt),yes)
+linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a
+linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a
+endif
+
Okay.
$(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
$(linknamespace-libs)
LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \
diff --git a/crypt/Makefile b/crypt/Makefile
index e122bcebf0..1e2f21bf52 100644
--- a/crypt/Makefile
+++ b/crypt/Makefile
@@ -35,10 +35,6 @@ tests := cert md5c-test sha256c-test sha512c-test badsalttest
# cert.c tests the deprecated setkey/encrypt interface
CFLAGS-cert.c = -Wno-deprecated-declarations
-ifeq ($(crypt-in-libc),yes)
-routines += $(libcrypt-routines)
-endif
-
Okay.
ifeq ($(nss-crypt),yes)
nss-cpp-flags := -DUSE_NSS \
-I$(shell nss-config --includedir) -I$(shell nspr-config --includedir)
diff --git a/crypt/crypt.h b/crypt/crypt.h
index 22cf13ff89..4f928901f3 100644
--- a/crypt/crypt.h
+++ b/crypt/crypt.h
@@ -28,7 +28,10 @@
__BEGIN_DECLS
-/* Encrypt at most 8 characters from KEY using salt to perturb DES. */
+/* Hash a password, KEY, for storage in /etc/shadow. SALT selects the
+ hashing algorithm to be used, and ensures that no two users' passwords
+ are hashed to the same string. The return value points to static
+ storage which will be overwritten by the next call to crypt. */
extern char *crypt (const char *__key, const char *__salt)
__THROW __nonnull ((1, 2));
Okay.
diff --git a/elf/Makefile b/elf/Makefile
index e658928305..ef9155dbd7 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -385,14 +385,21 @@ $(objpfx)tst-_dl_addr_inside_object: $(objpfx)dl-addr-obj.os
CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag)
endif
-# By default tst-linkall-static should try to use crypt routines to test
-# static libcrypt use.
+# We can only test static libcrypt use if libcrypt has been built,
+# and either NSS crypto is not in use, or static NSS libraries are
+# available.
+ifeq ($(build-crypt),no)
+CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=0
+else
+ifeq ($(nss-crypt),no)
+CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
+else
+ifeq ($(static-nss-crypt),no)
+CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=0
+else
CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
-# However, if we are using NSS crypto and we don't have a static
-# library, then we exclude the use of crypt functions in the test.
-# We similarly exclude libcrypt.a from the static link (see below).
-ifeq (yesno,$(nss-crypt)$(static-nss-crypt))
-CFLAGS-tst-linkall-static.c += -UUSE_CRYPT -DUSE_CRYPT=0
+endif
+endif
endif
Okay.
@@ -1113,7 +1120,6 @@ localplt-built-dso := $(addprefix $(common-objpfx),\
rt/librt.so \
dlfcn/libdl.so \
resolv/libresolv.so \
- crypt/libcrypt.so \
)
ifeq ($(build-mathvec),yes)
localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so)
@@ -1121,6 +1127,9 @@ endif
ifeq ($(have-thread-library),yes)
localplt-built-dso += $(filter-out %_nonshared.a, $(shared-thread-library))
endif
+ifeq ($(build-crypt),yes)
+localplt-built-dso += $(addprefix $(common-objpfx), crypt/libcrypt.so)
+endif
Okay.
@@ -1395,6 +1404,7 @@ $(objpfx)tst-linkall-static: \
$(common-objpfx)resolv/libanl.a \
$(static-thread-library)
+ifeq ($(build-crypt),yes)
# If we are using NSS crypto and we have the ability to link statically
# then we include libcrypt.a, otherwise we leave out libcrypt.a and
# link as much as we can into the tst-linkall-static test. This assumes
@@ -1410,6 +1420,7 @@ ifeq (no,$(nss-crypt))
$(objpfx)tst-linkall-static: \
$(common-objpfx)crypt/libcrypt.a
endif
+endif
Okay.
# The application depends on the DSO, and the DSO loads the plugin.
# The plugin also depends on the DSO. This creates the circular
diff --git a/elf/tst-linkall-static.c b/elf/tst-linkall-static.c
index e8df38f74e..d0f2592e67 100644
--- a/elf/tst-linkall-static.c
+++ b/elf/tst-linkall-static.c
@@ -18,7 +18,9 @@
#include <math.h>
#include <pthread.h>
-#include <crypt.h>
+#if USE_CRYPT
+# include <crypt.h>
+#endif
#include <resolv.h>
#include <dlfcn.h>
#include <utmp.h>
Okay.
diff --git a/manual/install.texi b/manual/install.texi
index 4bbbfcffa5..ce2d049f1a 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -230,6 +230,18 @@ libnss_nisplus are not built at all.
Use this option to enable libnsl with all depending NSS modules and
header files.
+@item --disable-crypt
+Do not install the password-hashing library @file{libcrypt} or the
+header file @file{crypt.h}. @file{unistd.h} will still declare the
+function @code{crypt}, as required by POSIX. Using this option does
+not change the set of programs that may need to be linked with
+@option{-lcrypt}; it only means that @theglibc{} will not provide that
+library.
You need to use “POSIX@.” instead of “POSIX.” here.
+This option is for hackers and distributions experimenting with
+independently-maintained implementations of libcrypt. It may become
+the default in a future release.
Okay.
@item --disable-experimental-malloc
By default, a per-thread cache is enabled in @code{malloc}. While
this cache can be disabled on a per-application basis using tunables
diff --git a/posix/unistd.h b/posix/unistd.h
index 5d4e07f6c8..fdf2d4b208 100644
--- a/posix/unistd.h
+++ b/posix/unistd.h
@@ -1119,10 +1119,11 @@ extern int fdatasync (int __fildes);
#endif /* Use POSIX199309 */
-/* XPG4.2 specifies that prototypes for the encryption functions must
- be defined here. */
#ifdef __USE_XOPEN
-/* Encrypt at most 8 characters from KEY using salt to perturb DES. */
+/* Hash a password, KEY, for storage in /etc/shadow. SALT selects the
+ hashing algorithm to be used, and ensures that no two users' passwords
+ are hashed to the same string. The return value points to static
+ storage which will be overwritten by the next call to crypt. */
extern char *crypt (const char *__key, const char *__salt)
__THROW __nonnull ((1, 2));
Okay.
Thanks,
Florian