FS#67312 - [glibc][pam] Use libxcrypt to provide libcrypt

Attached to Project: Arch Linux
Opened by loqs (loqs) - Saturday, 18 July 2020, 00:12 GMT
Last edited by freswa (frederik) - Sunday, 13 September 2020, 16:58 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Bartłomiej Piotrowski (Barthalion)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
glibc since 2.28 [1] has supported building without libcrypt by using
--disable-crypt configure option. So a seperate project could provide the
library and add new passphrase-hashing algorithms. libxcrypt provides such an
implementation [2].

Hashes already available in glibc implementation sha512crypt, sha256crypt,
md5crypt, descrypt.
New hashes available yescrypt, gost_yescrypt, scrypt, bcrypt, bcrypt_y,
bcrypt_a, bcrypt_x, sha1crypt, sunmd5, nt, bsdicrypt and bigcrypt.

It can be compiled in a backwards binary compatible form or without support
for the bigcrypt, fcrypt, encrypt, setkey APIs. New binaries can not link
against those APIs. Rebuilding all 117 packages linked against libcrypt.so.1
all packages built against the new API. Some packages required patching due
to unrelated issues such as the gcc 10 -fno-common default. The ceph package
built after patching but failed check due to an unrelated issue. All
other packages passed their check and package stages.

pam 1.4 [3] adds support for gost_yescrypt, yescrypt as options to pam_unix
it already had options for blowfish and bigcryt but glibc did not support
them. meaning pam 1.4 with libxcrypt adds support for those four additional
passphrase-hashing algorithms. Hashes supported by libxcrypt but not by
pam_unix can only be verified by pam_unix.
As pam needs updating to the 1.4 version and pambase may need changes if
deprecated module pam_tally2 is dropped and to include systemd homed support
it might be an appropriate juncture to consider changing to libxcrypt.

[1] https://sourceware.org/legacy-ml/libc-alpha/2018-08/msg00003.html
[2] https://github.com/besser82/libxcrypt
[3] https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
New PKGBUILDs used during testing
[*] PKGBUILD.libxcypt
[*] PKGBUILD.lib32-libxcypt
Diff's showing changes to existing PKGBUILDs used during testing
[*] PKGBUILD.diff.glibc
[*] PKGBUILD.diff.manpages
[*] PKGBUILD.diff.pam
[*] PKGBUILD.diff.pambase
This task depends upon

Closed by  freswa (frederik)
Sunday, 13 September 2020, 16:58 GMT
Reason for closing:  Fixed
Additional comments about closing:  glibc 2.32-1 libxcrypt 4.4.16-3

Loading...