From 3dd44459bd1ea1ebc268e0bcecc780680e053561 Mon Sep 17 00:00:00 2001 From: Charles-Antoine Couret Date: Thu, 5 Apr 2018 14:53:13 +0200 Subject: [PATCH 1/2] Split glibc and libcrypt To: poky@yoctoproject.org According to Fedora 28 change (https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt), the nativesdk provided libcrypt from libxcrypt instead of reusing libcrypt from glibc. The purpose is to provide one uninative file to all Linux system. libxcrypt is backwards compatible with libcrypt but not the converse. Signed-off-by: Charles-Antoine Couret --- meta/recipes-core/glibc/glibc-package.inc | 1 + .../0031-nativesdk-deprecate-libcrypt.patch | 374 ++++++++++++++++++ meta/recipes-core/glibc/glibc_2.27.bb | 1 + .../recipes-core/libxcrypt/libxcrypt_4.0.0.bb | 24 ++ meta/recipes-core/meta/uninative-tarball.bb | 1 + 5 files changed, 401 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0031-nativesdk-deprecate-libcrypt.patch create mode 100644 meta/recipes-core/libxcrypt/libxcrypt_4.0.0.bb diff --git a/meta/recipes-core/glibc/glibc-package.inc b/meta/recipes-core/glibc/glibc-package.inc index ff45dfe35a..1b54dd8880 100644 --- a/meta/recipes-core/glibc/glibc-package.inc +++ b/meta/recipes-core/glibc/glibc-package.inc @@ -16,6 +16,7 @@ RPROVIDES_${PN}-pcprofile = "eglibc-pcprofile" RPROVIDES_${PN}-dbg = "eglibc-dbg" libc_baselibs = "${base_libdir}/libcrypt*.so.* ${base_libdir}/libcrypt-*.so ${base_libdir}/libc.so.* ${base_libdir}/libc-*.so ${base_libdir}/libm*.so.* ${base_libdir}/libm-*.so ${base_libdir}/libmvec-*.so ${base_libdir}/ld*.so.* ${base_libdir}/ld-*.so ${base_libdir}/libpthread*.so.* ${base_libdir}/libpthread-*.so ${base_libdir}/libresolv*.so.* ${base_libdir}/libresolv-*.so ${base_libdir}/librt*.so.* ${base_libdir}/librt-*.so ${base_libdir}/libutil*.so.* ${base_libdir}/libutil-*.so ${base_libdir}/libnsl*.so.* ${base_libdir}/libnsl-*.so ${base_libdir}/libnss_files*.so.* ${base_libdir}/libnss_files-*.so ${base_libdir}/libnss_compat*.so.* ${base_libdir}/libnss_compat-*.so ${base_libdir}/libnss_dns*.so.* ${base_libdir}/libnss_dns-*.so ${base_libdir}/libdl*.so.* ${base_libdir}/libdl-*.so ${base_libdir}/libanl*.so.* ${base_libdir}/libanl-*.so ${base_libdir}/libBrokenLocale*.so.* ${base_libdir}/libBrokenLocale-*.so" libc_baselibs_append_aarch64 = " /lib/ld-linux-aarch64*.so.1" +libc_baselibs_remove_class_sdk = "${base_libdir}/libcrypt*.so.* ${base_libdir}/libcrypt-*.so" INSANE_SKIP_${PN}_append_aarch64 = " libdir" FILES_${PN} = "${libc_baselibs} ${libexecdir}/* ${base_sbindir}/ldconfig ${sysconfdir}/ld.so.conf" diff --git a/meta/recipes-core/glibc/glibc/0031-nativesdk-deprecate-libcrypt.patch b/meta/recipes-core/glibc/glibc/0031-nativesdk-deprecate-libcrypt.patch new file mode 100644 index 0000000000..62603cb980 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0031-nativesdk-deprecate-libcrypt.patch @@ -0,0 +1,374 @@ +diff --git a/NEWS b/NEWS +index 8fe0879bc44..9a35ca4a050 100644 +--- a/NEWS ++++ b/NEWS +@@ -14,6 +14,24 @@ Major new features: + + Deprecated and removed features, and other changes affecting compatibility: + ++* The password-hashing library is deprecated, and will not be built or ++ installed by default. This only affects programs that link with -lcrypt, ++ include the header , use the functions 'crypt', 'encrypt', or ++ 'setkey' (which were formerly declared in and/or ), ++ or inspect the feature-test macro _XOPEN_CRYPT. ++ ++ A drop-in replacement for libcrypt and crypt.h is available from ++ https://github.com/besser82/libxcrypt. It also supports newer and more ++ secure password hashes. ++ ++ The configure option --enable-obsolete-crypt will cause libcrypt and ++ crypt.h to be built and installed, but will not restore the declarations ++ of 'crypt', 'encrypt', and 'setkey' in other headers, nor will it cause ++ the feature-test macro _XOPEN_CRYPT to be defined. ++ ++ Note that the configure option --enable-nss-crypt only affects libcrypt, ++ and therefore will only have an effect when --enable-obsolete-crypt is used. ++ + * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer + defined by . + +diff --git a/config.make.in b/config.make.in +index ea7a42cc191..ad8de5e3ed0 100644 +--- a/config.make.in ++++ b/config.make.in +@@ -81,6 +81,7 @@ mach-interface-list = @mach_interface_list@ + + experimental-malloc = @experimental_malloc@ + ++build-obsolete-crypt = @build_obsolete_crypt@ + nss-crypt = @libc_cv_nss_crypt@ + static-nss-crypt = @libc_cv_static_nss_crypt@ + +diff --git a/configure b/configure +index 5cb52101077..5e2af72678b 100755 +--- a/configure ++++ b/configure +@@ -672,6 +672,7 @@ add_ons + have_tunables + build_pt_chown + build_nscd ++build_obsolete_crypt + build_obsolete_nsl + link_obsolete_rpc + libc_cv_static_nss_crypt +@@ -786,6 +787,7 @@ enable_experimental_malloc + enable_nss_crypt + enable_obsolete_rpc + enable_obsolete_nsl ++enable_obsolete_crypt + enable_systemtap + enable_build_nscd + enable_nscd +@@ -1461,6 +1463,7 @@ Optional Features: + link-time usage + --enable-obsolete-nsl build and install the obsolete libnsl library and + depending NSS modules ++ --enable-obsolete-crypt build and install the obsolete libcrypt library + --enable-systemtap enable systemtap static probe points [default=no] + --disable-build-nscd disable building and installing the nscd daemon + --disable-nscd library functions will not contact the nscd daemon +@@ -3660,6 +3663,16 @@ if test "$build_obsolete_nsl" = yes; then + + fi + ++# Check whether --enable-obsolete-crypt was given. ++if test "${enable_obsolete_crypt+set}" = set; then : ++ enableval=$enable_obsolete_crypt; build_obsolete_crypt=$enableval ++else ++ build_obsolete_crypt=no ++fi ++ ++ ++ ++ + # Check whether --enable-systemtap was given. + if test "${enable_systemtap+set}" = set; then : + enableval=$enable_systemtap; systemtap=$enableval +diff --git a/configure.ac b/configure.ac +index 2c6308883c5..6ac1a826e26 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -392,6 +392,14 @@ if test "$build_obsolete_nsl" = yes; then + AC_DEFINE(LINK_OBSOLETE_NSL) + fi + ++AC_ARG_ENABLE([obsolete-crypt], ++ AC_HELP_STRING([--enable-obsolete-crypt], ++ [build and install the obsolete libcrypt library]), ++ [build_obsolete_crypt=$enableval], ++ [build_obsolete_crypt=no]) ++AC_SUBST(build_obsolete_crypt) ++ ++ + AC_ARG_ENABLE([systemtap], + [AS_HELP_STRING([--enable-systemtap], + [enable systemtap static probe points @<:@default=no@:>@])], +diff --git a/conform/Makefile b/conform/Makefile +index 9ec41c7244a..8f2a329a188 100644 +--- a/conform/Makefile ++++ b/conform/Makefile +@@ -208,22 +208,28 @@ linknamespace-libs-thr = $(linknamespace-libs-isoc) \ + $(common-objpfx)rt/librt.a $(static-thread-library) + linknamespace-libs-posix = $(linknamespace-libs-thr) \ + $(common-objpfx)dlfcn/libdl.a +-linknamespace-libs-xsi = $(linknamespace-libs-posix) \ +- $(common-objpfx)crypt/libcrypt.a ++linknamespace-libs-xsi = $(linknamespace-libs-posix) + linknamespace-libs-ISO = $(linknamespace-libs-isoc) + linknamespace-libs-ISO99 = $(linknamespace-libs-isoc) + linknamespace-libs-ISO11 = $(linknamespace-libs-isoc) +-linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) \ +- $(common-objpfx)crypt/libcrypt.a ++linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) + linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4) + linknamespace-libs-POSIX = $(linknamespace-libs-thr) + linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi) + linknamespace-libs-XOPEN2K = $(linknamespace-libs-xsi) + linknamespace-libs-POSIX2008 = $(linknamespace-libs-posix) + linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi) ++ ++ifeq ($(build-obsolete-crypt),yes) ++linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a ++linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a ++endif ++ + linknamespace-libs = $(foreach std,$(conformtest-standards),\ + $(linknamespace-libs-$(std))) + ++ ++ + $(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \ + $(linknamespace-libs) + LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \ +diff --git a/conform/data/stdlib.h-data b/conform/data/stdlib.h-data +index d8fcccc2fba..6913828196f 100644 +--- a/conform/data/stdlib.h-data ++++ b/conform/data/stdlib.h-data +@@ -149,9 +149,6 @@ function {unsigned short int*} seed48 (unsigned short int[3]) + #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98 + function int setenv (const char*, const char*, int) + #endif +-#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008 +-function void setkey (const char*) +-#endif + #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008 + function {char*} setstate (char*) + #endif +diff --git a/conform/data/unistd.h-data b/conform/data/unistd.h-data +index ddf4f251326..aa070528e83 100644 +--- a/conform/data/unistd.h-data ++++ b/conform/data/unistd.h-data +@@ -437,9 +437,6 @@ function int chroot (const char*) + function int chown (const char*, uid_t, gid_t) + function int close (int) + function size_t confstr (int, char*, size_t) +-#if !defined POSIX && !defined POSIX2008 +-function {char*} crypt (const char*, const char*) +-#endif + #if defined XPG4 || defined XPG42 || defined UNIX98 + function {char*} ctermid (char*) + function {char*} cuserid (char*) +@@ -449,9 +446,6 @@ allow cuserid + #endif + function int dup (int) + function int dup2 (int, int) +-#if !defined POSIX && !defined POSIX2008 +-function void encrypt (char[64], int) +-#endif + function int execl (const char*, const char*, ...) + function int execle (const char*, const char*, ...) + function int execlp (const char*, const char*, ...) +diff --git a/crypt/Makefile b/crypt/Makefile +index 0280fba8a71..a7485de290b 100644 +--- a/crypt/Makefile ++++ b/crypt/Makefile +@@ -22,6 +22,8 @@ subdir := crypt + + include ../Makeconfig + ++ifeq ($(build-obsolete-crypt),yes) ++ + headers := crypt.h + + extra-libs := libcrypt +@@ -50,9 +52,11 @@ tests += md5test sha256test sha512test + # machine over a minute. + xtests = md5test-giant + endif ++endif + + include ../Rules + ++ifeq ($(build-obsolete-crypt),yes) + ifneq ($(nss-crypt),yes) + md5-routines := md5 $(filter md5%,$(libcrypt-sysdep_routines)) + sha256-routines := sha256 $(filter sha256%,$(libcrypt-sysdep_routines)) +@@ -69,3 +73,4 @@ $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so + else + $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a + endif ++endif +diff --git a/elf/Makefile b/elf/Makefile +index 7cf959aabdf..82ee6e8d39c 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -378,8 +378,9 @@ $(objpfx)tst-_dl_addr_inside_object: $(objpfx)dl-addr-obj.os + CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag) + endif + +-# By default tst-linkall-static should try to use crypt routines to test +-# static libcrypt use. ++ifeq ($(build-obsolete-crypt),yes) ++# If the libcrypt library is being built, tst-linkall-static should ++# try to use crypt routines to test static libcrypt use. + CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1 + # However, if we are using NSS crypto and we don't have a static + # library, then we exclude the use of crypt functions in the test. +@@ -387,6 +388,9 @@ CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=1 + ifeq (yesno,$(nss-crypt)$(static-nss-crypt)) + CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=0 + endif ++else ++CFLAGS-tst-linkall-static.c = -DUSE_CRYPT=0 ++endif + + include ../Rules + +@@ -1106,8 +1110,10 @@ localplt-built-dso := $(addprefix $(common-objpfx),\ + rt/librt.so \ + dlfcn/libdl.so \ + resolv/libresolv.so \ +- crypt/libcrypt.so \ + ) ++ifeq ($(build-obsolete-crypt),yes) ++localplt-built-dso += $(addprefix $(common-objpfx), crypt/libcrypt.so) ++endif + ifeq ($(build-mathvec),yes) + localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so) + endif +@@ -1388,6 +1394,7 @@ $(objpfx)tst-linkall-static: \ + $(common-objpfx)resolv/libanl.a \ + $(static-thread-library) + ++ifeq ($(build-obsolete-crypt),yes) + # If we are using NSS crypto and we have the ability to link statically + # then we include libcrypt.a, otherwise we leave out libcrypt.a and + # link as much as we can into the tst-linkall-static test. This assumes +@@ -1403,6 +1410,7 @@ ifeq (no,$(nss-crypt)) + $(objpfx)tst-linkall-static: \ + $(common-objpfx)crypt/libcrypt.a + endif ++endif + + # The application depends on the DSO, and the DSO loads the plugin. + # The plugin also depends on the DSO. This creates the circular +diff --git a/elf/tst-linkall-static.c b/elf/tst-linkall-static.c +index 8f40657244a..cf58f21e0c3 100644 +--- a/elf/tst-linkall-static.c ++++ b/elf/tst-linkall-static.c +@@ -18,7 +18,9 @@ + + #include + #include ++#if USE_CRYPT + #include ++#endif + #include + #include + #include +diff --git a/posix/unistd.h b/posix/unistd.h +index 32b0f4898fd..299b9a34857 100644 +--- a/posix/unistd.h ++++ b/posix/unistd.h +@@ -107,9 +107,6 @@ __BEGIN_DECLS + /* The X/Open Unix extensions are available. */ + #define _XOPEN_UNIX 1 + +-/* Encryption is present. */ +-#define _XOPEN_CRYPT 1 +- + /* The enhanced internationalization capabilities according to XPG4.2 + are present. */ + #define _XOPEN_ENH_I18N 1 +@@ -1113,20 +1110,7 @@ extern int lockf64 (int __fd, int __cmd, __off64_t __len) __wur; + extern int fdatasync (int __fildes); + #endif /* Use POSIX199309 */ + +- +-/* XPG4.2 specifies that prototypes for the encryption functions must +- be defined here. */ + #ifdef __USE_XOPEN +-/* Encrypt at most 8 characters from KEY using salt to perturb DES. */ +-extern char *crypt (const char *__key, const char *__salt) +- __THROW __nonnull ((1, 2)); +- +-/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt +- block in place. */ +-extern void encrypt (char *__glibc_block, int __edflag) +- __THROW __nonnull ((1)); +- +- + /* Swab pairs bytes in the first N bytes of the area pointed to by + FROM and copy the result to TO. The value of TO must not be in the + range [FROM - N + 1, FROM - 1]. If N is odd the first byte in FROM +diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h +index 7a720cfd11e..87e1138c272 100644 +--- a/stdlib/stdlib.h ++++ b/stdlib/stdlib.h +@@ -843,12 +843,6 @@ extern int getsubopt (char **__restrict __optionp, + #endif + + +-#ifdef __USE_XOPEN +-/* Setup DES tables according KEY. */ +-extern void setkey (const char *__key) __THROW __nonnull ((1)); +-#endif +- +- + /* X/Open pseudo terminal handling. */ + + #ifdef __USE_XOPEN2KXSI +diff --git a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile +index 4ad7aff9147..5e9b3e5f03f 100644 +--- a/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile ++++ b/sysdeps/sparc/sparc32/sparcv9/multiarch/Makefile +@@ -1,6 +1,8 @@ + ifeq ($(subdir),crypt) ++ifeq ($(build-obsolete-crypt),yes) + libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop + endif ++endif + + ifeq ($(subdir),locale) + localedef-aux += md5-crop +diff --git a/sysdeps/sparc/sparc64/multiarch/Makefile b/sysdeps/sparc/sparc64/multiarch/Makefile +index 55b757f9add..60d528b88c9 100644 +--- a/sysdeps/sparc/sparc64/multiarch/Makefile ++++ b/sysdeps/sparc/sparc64/multiarch/Makefile +@@ -1,6 +1,8 @@ + ifeq ($(subdir),crypt) ++ifeq ($(build-obsolete-crypt),yes) + libcrypt-sysdep_routines += md5-crop sha256-crop sha512-crop + endif ++endif + + ifeq ($(subdir),locale) + localedef-aux += md5-crop +diff --git a/sysdeps/unix/sysv/linux/arm/Makefile b/sysdeps/unix/sysv/linux/arm/Makefile +index 4adc35de04a..6cab4f3a31a 100644 +--- a/sysdeps/unix/sysv/linux/arm/Makefile ++++ b/sysdeps/unix/sysv/linux/arm/Makefile +@@ -19,8 +19,10 @@ endif + # Add a syscall function to each library that needs one. + + ifeq ($(subdir),crypt) ++ifeq ($(build-obsolete-crypt),yes) + libcrypt-sysdep_routines += libc-do-syscall + endif ++endif + + ifeq ($(subdir),rt) + librt-sysdep_routines += libc-do-syscall +-- +2.14.1 + diff --git a/meta/recipes-core/glibc/glibc_2.27.bb b/meta/recipes-core/glibc/glibc_2.27.bb index 772351ad46..c814798bbd 100644 --- a/meta/recipes-core/glibc/glibc_2.27.bb +++ b/meta/recipes-core/glibc/glibc_2.27.bb @@ -54,6 +54,7 @@ NATIVESDKFIXES_class-nativesdk = "\ file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \ file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \ file://relocate-locales.patch \ + file://0031-nativesdk-deprecate-libcrypt.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-core/libxcrypt/libxcrypt_4.0.0.bb b/meta/recipes-core/libxcrypt/libxcrypt_4.0.0.bb new file mode 100644 index 0000000000..3b31d83e3a --- /dev/null +++ b/meta/recipes-core/libxcrypt/libxcrypt_4.0.0.bb @@ -0,0 +1,24 @@ +SUMMARY = "Extended cryptographic library (from glibc)" +DESCRIPTION = "Forked code from glibc libary to extract only crypto part." +HOMEPAGE = "https://github.com/besser82/libxcrypt" +SECTION = "libs" +LICENSE = "GPLv3 & LGPLv2.1 & BSD & CDDLv1.0" +LIC_FILES_CHKSUM ?= "file://LICENSING;md5=d1cc18f512ded3bd6000f3729f31be08 \ + file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c \ +" + +inherit autotools + +SRCREV ?= "215b32aa4e0b255c3356a96bd6d257661bad73ca" +SRCBRANCH ?= "master" + +SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH}" + +FILES_${PN} = "${libdir}/libcrypt*.so.* ${libdir}/libcrypt-*.so ${libdir}/libowcrypt*.so.* ${libdir}/libowcrypt-*.so" + +S = "${WORKDIR}/git" + +BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}" +TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir}" + +BBCLASSEXTEND = "nativesdk" diff --git a/meta/recipes-core/meta/uninative-tarball.bb b/meta/recipes-core/meta/uninative-tarball.bb index 5fabf7fa39..38c3a314e1 100644 --- a/meta/recipes-core/meta/uninative-tarball.bb +++ b/meta/recipes-core/meta/uninative-tarball.bb @@ -13,6 +13,7 @@ TOOLCHAIN_HOST_TASK = "\ nativesdk-glibc-gconv-utf-16 \ nativesdk-glibc-gconv-cp1252 \ nativesdk-patchelf \ + nativesdk-libxcrypt \ " INHIBIT_DEFAULT_DEPS = "1" -- 2.17.0