311 lines
11 KiB
Diff
311 lines
11 KiB
Diff
commit e69d994a63afc2d367f286a2a7df28cbf710f0fe
|
|
Author: Zack Weinberg <zackw@panix.com>
|
|
Date: Fri Jun 29 16:53:47 2018 +0200
|
|
|
|
New configure option --disable-crypt.
|
|
|
|
Some Linux distributions are experimenting with a new, separately
|
|
maintained and hopefully more agile implementation of the crypt
|
|
API. To facilitate this, add a configure option which disables
|
|
glibc's embedded libcrypt. When this option is given, libcrypt.*
|
|
and crypt.h will not be built nor installed.
|
|
|
|
diff --git a/INSTALL b/INSTALL
|
|
index 64dec3473e1f0c1f..87c9cf97c81b49bc 100644
|
|
--- a/INSTALL
|
|
+++ b/INSTALL
|
|
@@ -188,6 +188,17 @@ will be used, and CFLAGS sets optimization options for the compiler.
|
|
libnss_nisplus are not built at all. Use this option to enable
|
|
libnsl with all depending NSS modules and header files.
|
|
|
|
+'--disable-crypt'
|
|
+ Do not install the passphrase-hashing library 'libcrypt' or the
|
|
+ header file 'crypt.h'. 'unistd.h' will still declare the function
|
|
+ 'crypt'. Using this option does not change the set of programs
|
|
+ that may need to be linked with '-lcrypt'; it only means that the
|
|
+ GNU C Library will not provide that library.
|
|
+
|
|
+ This option is for hackers and distributions experimenting with
|
|
+ independently-maintained implementations of libcrypt. It may
|
|
+ become the default in a future release.
|
|
+
|
|
'--disable-experimental-malloc'
|
|
By default, a per-thread cache is enabled in 'malloc'. While this
|
|
cache can be disabled on a per-application basis using tunables
|
|
diff --git a/Makeconfig b/Makeconfig
|
|
index 86a71e580213f6e5..de0eb1b5e99e752a 100644
|
|
--- a/Makeconfig
|
|
+++ b/Makeconfig
|
|
@@ -566,7 +566,7 @@ link-libc-printers-tests = $(link-libc-rpath) \
|
|
$(link-libc-tests-after-rpath-link)
|
|
|
|
# This is how to find at build-time things that will be installed there.
|
|
-rpath-dirs = math elf dlfcn nss nis rt resolv crypt mathvec support
|
|
+rpath-dirs = math elf dlfcn nss nis rt resolv mathvec support
|
|
rpath-link = \
|
|
$(common-objdir):$(subst $(empty) ,:,$(patsubst ../$(subdir),.,$(rpath-dirs:%=$(common-objpfx)%)))
|
|
else # build-static
|
|
@@ -1201,9 +1201,14 @@ all-subdirs = csu assert ctype locale intl catgets math setjmp signal \
|
|
stdlib stdio-common libio malloc string wcsmbs time dirent \
|
|
grp pwd posix io termios resource misc socket sysvipc gmon \
|
|
gnulib iconv iconvdata wctype manual shadow gshadow po argp \
|
|
- crypt localedata timezone rt conform debug mathvec support \
|
|
+ localedata timezone rt conform debug mathvec support \
|
|
dlfcn elf
|
|
|
|
+ifeq ($(build-crypt),yes)
|
|
+all-subdirs += crypt
|
|
+rpath-dirs += crypt
|
|
+endif
|
|
+
|
|
ifndef avoid-generated
|
|
# sysd-sorted itself will contain rules making the sysd-sorted target
|
|
# depend on Depend files. But if you just added a Depend file to an
|
|
diff --git a/config.make.in b/config.make.in
|
|
index 9e5e24b2c685bef6..d9891b2cd8ec3fbf 100644
|
|
--- a/config.make.in
|
|
+++ b/config.make.in
|
|
@@ -96,6 +96,7 @@ cross-compiling = @cross_compiling@
|
|
force-install = @force_install@
|
|
link-obsolete-rpc = @link_obsolete_rpc@
|
|
build-obsolete-nsl = @build_obsolete_nsl@
|
|
+build-crypt = @build_crypt@
|
|
build-nscd = @build_nscd@
|
|
use-nscd = @use_nscd@
|
|
build-hardcoded-path-in-tests= @hardcoded_path_in_tests@
|
|
diff --git a/configure b/configure
|
|
index 7a8bd3f817be359c..ef1830221522b7a5 100755
|
|
--- a/configure
|
|
+++ b/configure
|
|
@@ -676,6 +676,7 @@ build_obsolete_nsl
|
|
link_obsolete_rpc
|
|
libc_cv_static_nss_crypt
|
|
libc_cv_nss_crypt
|
|
+build_crypt
|
|
experimental_malloc
|
|
enable_werror
|
|
all_warnings
|
|
@@ -779,6 +780,7 @@ enable_all_warnings
|
|
enable_werror
|
|
enable_multi_arch
|
|
enable_experimental_malloc
|
|
+enable_crypt
|
|
enable_nss_crypt
|
|
enable_obsolete_rpc
|
|
enable_obsolete_nsl
|
|
@@ -1448,6 +1450,8 @@ Optional Features:
|
|
architectures
|
|
--disable-experimental-malloc
|
|
disable experimental malloc features
|
|
+ --disable-crypt do not build nor install the passphrase hashing
|
|
+ library, libcrypt
|
|
--enable-nss-crypt enable libcrypt to use nss
|
|
--enable-obsolete-rpc build and install the obsolete RPC code for
|
|
link-time usage
|
|
@@ -3505,6 +3509,15 @@ fi
|
|
|
|
|
|
|
|
+# Check whether --enable-crypt was given.
|
|
+if test "${enable_crypt+set}" = set; then :
|
|
+ enableval=$enable_crypt; build_crypt=$enableval
|
|
+else
|
|
+ build_crypt=yes
|
|
+fi
|
|
+
|
|
+
|
|
+
|
|
# Check whether --enable-nss-crypt was given.
|
|
if test "${enable_nss_crypt+set}" = set; then :
|
|
enableval=$enable_nss_crypt; nss_crypt=$enableval
|
|
@@ -3512,6 +3525,11 @@ else
|
|
nss_crypt=no
|
|
fi
|
|
|
|
+if test x$build_libcrypt = xno && test x$nss_crypt = xyes; then
|
|
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-nss-crypt has no effect when libcrypt is disabled" >&5
|
|
+$as_echo "$as_me: WARNING: --enable-nss-crypt has no effect when libcrypt is disabled" >&2;}
|
|
+ nss_crypt=no
|
|
+fi
|
|
if test x$nss_crypt = xyes; then
|
|
nss_includes=-I$(nss-config --includedir 2>/dev/null)
|
|
if test $? -ne 0; then
|
|
diff --git a/configure.ac b/configure.ac
|
|
index ca1282a6b3f8c536..dc517017f588626a 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -302,11 +302,22 @@ AC_ARG_ENABLE([experimental-malloc],
|
|
[experimental_malloc=yes])
|
|
AC_SUBST(experimental_malloc)
|
|
|
|
+AC_ARG_ENABLE([crypt],
|
|
+ AC_HELP_STRING([--disable-crypt],
|
|
+ [do not build nor install the passphrase hashing library, libcrypt]),
|
|
+ [build_crypt=$enableval],
|
|
+ [build_crypt=yes])
|
|
+AC_SUBST(build_crypt)
|
|
+
|
|
AC_ARG_ENABLE([nss-crypt],
|
|
AC_HELP_STRING([--enable-nss-crypt],
|
|
[enable libcrypt to use nss]),
|
|
[nss_crypt=$enableval],
|
|
[nss_crypt=no])
|
|
+if test x$build_libcrypt = xno && test x$nss_crypt = xyes; then
|
|
+ AC_MSG_WARN([--enable-nss-crypt has no effect when libcrypt is disabled])
|
|
+ nss_crypt=no
|
|
+fi
|
|
if test x$nss_crypt = xyes; then
|
|
nss_includes=-I$(nss-config --includedir 2>/dev/null)
|
|
if test $? -ne 0; then
|
|
diff --git a/conform/Makefile b/conform/Makefile
|
|
index 864fdeca2168dff6..74fbda078618c902 100644
|
|
--- a/conform/Makefile
|
|
+++ b/conform/Makefile
|
|
@@ -193,13 +193,11 @@ linknamespace-libs-thr = $(linknamespace-libs-isoc) \
|
|
$(common-objpfx)rt/librt.a $(static-thread-library)
|
|
linknamespace-libs-posix = $(linknamespace-libs-thr) \
|
|
$(common-objpfx)dlfcn/libdl.a
|
|
-linknamespace-libs-xsi = $(linknamespace-libs-posix) \
|
|
- $(common-objpfx)crypt/libcrypt.a
|
|
+linknamespace-libs-xsi = $(linknamespace-libs-posix)
|
|
linknamespace-libs-ISO = $(linknamespace-libs-isoc)
|
|
linknamespace-libs-ISO99 = $(linknamespace-libs-isoc)
|
|
linknamespace-libs-ISO11 = $(linknamespace-libs-isoc)
|
|
-linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) \
|
|
- $(common-objpfx)crypt/libcrypt.a
|
|
+linknamespace-libs-XPG4 = $(linknamespace-libs-isoc)
|
|
linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4)
|
|
linknamespace-libs-POSIX = $(linknamespace-libs-thr)
|
|
linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi)
|
|
@@ -209,6 +207,11 @@ linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi)
|
|
linknamespace-libs = $(foreach std,$(conformtest-standards),\
|
|
$(linknamespace-libs-$(std)))
|
|
|
|
+ifeq ($(build-crypt),yes)
|
|
+linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a
|
|
+linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a
|
|
+endif
|
|
+
|
|
$(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
|
|
$(linknamespace-libs)
|
|
LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \
|
|
diff --git a/crypt/Makefile b/crypt/Makefile
|
|
index 303800df73496cb3..3811b6e298509567 100644
|
|
--- a/crypt/Makefile
|
|
+++ b/crypt/Makefile
|
|
@@ -32,10 +32,6 @@ libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \
|
|
|
|
tests := cert md5c-test sha256c-test sha512c-test badsalttest
|
|
|
|
-ifeq ($(crypt-in-libc),yes)
|
|
-routines += $(libcrypt-routines)
|
|
-endif
|
|
-
|
|
ifeq ($(nss-crypt),yes)
|
|
nss-cpp-flags := -DUSE_NSS \
|
|
-I$(shell nss-config --includedir) -I$(shell nspr-config --includedir)
|
|
diff --git a/elf/Makefile b/elf/Makefile
|
|
index 2113871ff79d2313..8625dd80575977d0 100644
|
|
--- a/elf/Makefile
|
|
+++ b/elf/Makefile
|
|
@@ -395,14 +395,21 @@ $(objpfx)tst-_dl_addr_inside_object: $(objpfx)dl-addr-obj.os
|
|
CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag)
|
|
endif
|
|
|
|
-# By default tst-linkall-static should try to use crypt routines to test
|
|
-# static libcrypt use.
|
|
+# We can only test static libcrypt use if libcrypt has been built,
|
|
+# and either NSS crypto is not in use, or static NSS libraries are
|
|
+# available.
|
|
+ifeq ($(build-crypt),no)
|
|
+CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=0
|
|
+else
|
|
+ifeq ($(nss-crypt),no)
|
|
+CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
|
|
+else
|
|
+ifeq ($(static-nss-crypt),no)
|
|
+CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=0
|
|
+else
|
|
CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
|
|
-# However, if we are using NSS crypto and we don't have a static
|
|
-# library, then we exclude the use of crypt functions in the test.
|
|
-# We similarly exclude libcrypt.a from the static link (see below).
|
|
-ifeq (yesno,$(nss-crypt)$(static-nss-crypt))
|
|
-CFLAGS-tst-linkall-static.c += -UUSE_CRYPT -DUSE_CRYPT=0
|
|
+endif
|
|
+endif
|
|
endif
|
|
|
|
include ../Rules
|
|
@@ -1125,7 +1132,6 @@ localplt-built-dso := $(addprefix $(common-objpfx),\
|
|
rt/librt.so \
|
|
dlfcn/libdl.so \
|
|
resolv/libresolv.so \
|
|
- crypt/libcrypt.so \
|
|
)
|
|
ifeq ($(build-mathvec),yes)
|
|
localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so)
|
|
@@ -1133,6 +1139,9 @@ endif
|
|
ifeq ($(have-thread-library),yes)
|
|
localplt-built-dso += $(filter-out %_nonshared.a, $(shared-thread-library))
|
|
endif
|
|
+ifeq ($(build-crypt),yes)
|
|
+localplt-built-dso += $(addprefix $(common-objpfx), crypt/libcrypt.so)
|
|
+endif
|
|
|
|
vpath localplt.data $(+sysdep_dirs)
|
|
|
|
@@ -1407,6 +1416,7 @@ $(objpfx)tst-linkall-static: \
|
|
$(common-objpfx)resolv/libanl.a \
|
|
$(static-thread-library)
|
|
|
|
+ifeq ($(build-crypt),yes)
|
|
# If we are using NSS crypto and we have the ability to link statically
|
|
# then we include libcrypt.a, otherwise we leave out libcrypt.a and
|
|
# link as much as we can into the tst-linkall-static test. This assumes
|
|
@@ -1422,6 +1432,7 @@ ifeq (no,$(nss-crypt))
|
|
$(objpfx)tst-linkall-static: \
|
|
$(common-objpfx)crypt/libcrypt.a
|
|
endif
|
|
+endif
|
|
|
|
# The application depends on the DSO, and the DSO loads the plugin.
|
|
# The plugin also depends on the DSO. This creates the circular
|
|
diff --git a/elf/tst-linkall-static.c b/elf/tst-linkall-static.c
|
|
index e8df38f74e6415e7..d0f2592e67888f70 100644
|
|
--- a/elf/tst-linkall-static.c
|
|
+++ b/elf/tst-linkall-static.c
|
|
@@ -18,7 +18,9 @@
|
|
|
|
#include <math.h>
|
|
#include <pthread.h>
|
|
-#include <crypt.h>
|
|
+#if USE_CRYPT
|
|
+# include <crypt.h>
|
|
+#endif
|
|
#include <resolv.h>
|
|
#include <dlfcn.h>
|
|
#include <utmp.h>
|
|
diff --git a/manual/install.texi b/manual/install.texi
|
|
index 43dd8d6b814760c2..c95e4db9ce24c480 100644
|
|
--- a/manual/install.texi
|
|
+++ b/manual/install.texi
|
|
@@ -219,6 +219,17 @@ libnss_nisplus are not built at all.
|
|
Use this option to enable libnsl with all depending NSS modules and
|
|
header files.
|
|
|
|
+@item --disable-crypt
|
|
+Do not install the passphrase-hashing library @file{libcrypt} or the
|
|
+header file @file{crypt.h}. @file{unistd.h} will still declare the
|
|
+function @code{crypt}. Using this option does not change the set of
|
|
+programs that may need to be linked with @option{-lcrypt}; it only
|
|
+means that @theglibc{} will not provide that library.
|
|
+
|
|
+This option is for hackers and distributions experimenting with
|
|
+independently-maintained implementations of libcrypt. It may become
|
|
+the default in a future release.
|
|
+
|
|
@item --disable-experimental-malloc
|
|
By default, a per-thread cache is enabled in @code{malloc}. While
|
|
this cache can be disabled on a per-application basis using tunables
|