FS#67312 - [glibc][pam] Use libxcrypt to provide libcrypt
Attached to Project:
Arch Linux
Opened by loqs (loqs) - Saturday, 18 July 2020, 00:12 GMT
Last edited by freswa (frederik) - Sunday, 13 September 2020, 16:58 GMT
Opened by loqs (loqs) - Saturday, 18 July 2020, 00:12 GMT
Last edited by freswa (frederik) - Sunday, 13 September 2020, 16:58 GMT
|
Details
Description:
glibc since 2.28 [1] has supported building without libcrypt by using --disable-crypt configure option. So a seperate project could provide the library and add new passphrase-hashing algorithms. libxcrypt provides such an implementation [2]. Hashes already available in glibc implementation sha512crypt, sha256crypt, md5crypt, descrypt. New hashes available yescrypt, gost_yescrypt, scrypt, bcrypt, bcrypt_y, bcrypt_a, bcrypt_x, sha1crypt, sunmd5, nt, bsdicrypt and bigcrypt. It can be compiled in a backwards binary compatible form or without support for the bigcrypt, fcrypt, encrypt, setkey APIs. New binaries can not link against those APIs. Rebuilding all 117 packages linked against libcrypt.so.1 all packages built against the new API. Some packages required patching due to unrelated issues such as the gcc 10 -fno-common default. The ceph package built after patching but failed check due to an unrelated issue. All other packages passed their check and package stages. pam 1.4 [3] adds support for gost_yescrypt, yescrypt as options to pam_unix it already had options for blowfish and bigcryt but glibc did not support them. meaning pam 1.4 with libxcrypt adds support for those four additional passphrase-hashing algorithms. Hashes supported by libxcrypt but not by pam_unix can only be verified by pam_unix. As pam needs updating to the 1.4 version and pambase may need changes if deprecated module pam_tally2 is dropped and to include systemd homed support it might be an appropriate juncture to consider changing to libxcrypt. [1] https://sourceware.org/legacy-ml/libc-alpha/2018-08/msg00003.html [2] https://github.com/besser82/libxcrypt [3] https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0 New PKGBUILDs used during testing [*] PKGBUILD.libxcypt [*] PKGBUILD.lib32-libxcypt Diff's showing changes to existing PKGBUILDs used during testing [*] PKGBUILD.diff.glibc [*] PKGBUILD.diff.manpages [*] PKGBUILD.diff.pam [*] PKGBUILD.diff.pambase |
This task depends upon
Closed by freswa (frederik)
Sunday, 13 September 2020, 16:58 GMT
Reason for closing: Fixed
Additional comments about closing: glibc 2.32-1 libxcrypt 4.4.16-3
Sunday, 13 September 2020, 16:58 GMT
Reason for closing: Fixed
Additional comments about closing: glibc 2.32-1 libxcrypt 4.4.16-3