New configure option --disable-crypt.
Some Linux distributions are experimenting with a new, separately maintained and hopefully more agile implementation of the crypt API. To facilitate this, add a configure option which disables glibc's embedded libcrypt. When this option is given, libcrypt.* and crypt.h will not be built nor installed.
This commit is contained in:
parent
841785bad1
commit
e69d994a63
23
ChangeLog
23
ChangeLog
|
@ -1,3 +1,26 @@
|
||||||
|
2018-06-29 Zack Weinberg <zackw@panix.com>
|
||||||
|
|
||||||
|
* configure.ac: New command-line option --disable-crypt.
|
||||||
|
Force --disable-nss-crypt when --disable-crypt is given, with a
|
||||||
|
warning if it was explicitly enabled.
|
||||||
|
* configure: Regenerate.
|
||||||
|
* config.make.in: New boolean substitution variable $(build-crypt).
|
||||||
|
* Makeconfig: Only include 'crypt' in all-subdirs and rpath-dirs
|
||||||
|
when $(build-crypt).
|
||||||
|
* manual/install.texi: Document --disable-crypt.
|
||||||
|
* INSTALL: Regenerate.
|
||||||
|
|
||||||
|
* crypt/Makefile: Remove code conditional on $(crypt-in-libc),
|
||||||
|
which is never set.
|
||||||
|
* conform/Makefile: Only include libcrypt.a in
|
||||||
|
linknamespace-libs-xsi and linknamespace-libs-XPG4
|
||||||
|
when $(build-crypt).
|
||||||
|
* elf/Makefile (CFLAGS-tst-linkall-static.c): Only define
|
||||||
|
USE_CRYPT to 1 when $(build-crypt).
|
||||||
|
(tst-linkall-static): Only link libcrypt.a when $(build-crypt).
|
||||||
|
(localplt-built-dso): Only add libcrypt.so when $(build-crypt).
|
||||||
|
* elf/tst-linkall-static.c: Only include crypt.h when USE_CRYPT.
|
||||||
|
|
||||||
2018-06-29 Zack Weinberg <zackw@panix.com>
|
2018-06-29 Zack Weinberg <zackw@panix.com>
|
||||||
|
|
||||||
* crypt/crypt.h, posix/unistd.h: Update comments and
|
* crypt/crypt.h, posix/unistd.h: Update comments and
|
||||||
|
|
11
INSTALL
11
INSTALL
|
@ -197,6 +197,17 @@ if 'CFLAGS' is specified it must enable optimization. For example:
|
||||||
libnss_nisplus are not built at all. Use this option to enable
|
libnss_nisplus are not built at all. Use this option to enable
|
||||||
libnsl with all depending NSS modules and header files.
|
libnsl with all depending NSS modules and header files.
|
||||||
|
|
||||||
|
'--disable-crypt'
|
||||||
|
Do not install the passphrase-hashing library 'libcrypt' or the
|
||||||
|
header file 'crypt.h'. 'unistd.h' will still declare the function
|
||||||
|
'crypt'. Using this option does not change the set of programs
|
||||||
|
that may need to be linked with '-lcrypt'; it only means that the
|
||||||
|
GNU C Library will not provide that library.
|
||||||
|
|
||||||
|
This option is for hackers and distributions experimenting with
|
||||||
|
independently-maintained implementations of libcrypt. It may
|
||||||
|
become the default in a future release.
|
||||||
|
|
||||||
'--disable-experimental-malloc'
|
'--disable-experimental-malloc'
|
||||||
By default, a per-thread cache is enabled in 'malloc'. While this
|
By default, a per-thread cache is enabled in 'malloc'. While this
|
||||||
cache can be disabled on a per-application basis using tunables
|
cache can be disabled on a per-application basis using tunables
|
||||||
|
|
|
@ -566,7 +566,7 @@ link-libc-printers-tests = $(link-libc-rpath) \
|
||||||
$(link-libc-tests-after-rpath-link)
|
$(link-libc-tests-after-rpath-link)
|
||||||
|
|
||||||
# This is how to find at build-time things that will be installed there.
|
# This is how to find at build-time things that will be installed there.
|
||||||
rpath-dirs = math elf dlfcn nss nis rt resolv crypt mathvec support
|
rpath-dirs = math elf dlfcn nss nis rt resolv mathvec support
|
||||||
rpath-link = \
|
rpath-link = \
|
||||||
$(common-objdir):$(subst $(empty) ,:,$(patsubst ../$(subdir),.,$(rpath-dirs:%=$(common-objpfx)%)))
|
$(common-objdir):$(subst $(empty) ,:,$(patsubst ../$(subdir),.,$(rpath-dirs:%=$(common-objpfx)%)))
|
||||||
else # build-static
|
else # build-static
|
||||||
|
@ -1205,9 +1205,14 @@ all-subdirs = csu assert ctype locale intl catgets math setjmp signal \
|
||||||
stdlib stdio-common libio malloc string wcsmbs time dirent \
|
stdlib stdio-common libio malloc string wcsmbs time dirent \
|
||||||
grp pwd posix io termios resource misc socket sysvipc gmon \
|
grp pwd posix io termios resource misc socket sysvipc gmon \
|
||||||
gnulib iconv iconvdata wctype manual shadow gshadow po argp \
|
gnulib iconv iconvdata wctype manual shadow gshadow po argp \
|
||||||
crypt localedata timezone rt conform debug mathvec support \
|
localedata timezone rt conform debug mathvec support \
|
||||||
dlfcn elf
|
dlfcn elf
|
||||||
|
|
||||||
|
ifeq ($(build-crypt),yes)
|
||||||
|
all-subdirs += crypt
|
||||||
|
rpath-dirs += crypt
|
||||||
|
endif
|
||||||
|
|
||||||
ifndef avoid-generated
|
ifndef avoid-generated
|
||||||
# sysd-sorted itself will contain rules making the sysd-sorted target
|
# sysd-sorted itself will contain rules making the sysd-sorted target
|
||||||
# depend on Depend files. But if you just added a Depend file to an
|
# depend on Depend files. But if you just added a Depend file to an
|
||||||
|
|
12
NEWS
12
NEWS
|
@ -133,6 +133,18 @@ Deprecated and removed features, and other changes affecting compatibility:
|
||||||
binaries. It was just another name for the standard function crypt,
|
binaries. It was just another name for the standard function crypt,
|
||||||
and it has not appeared in any header file in many years.
|
and it has not appeared in any header file in many years.
|
||||||
|
|
||||||
|
* We have tentative plans to hand off maintenance of the passphrase-hashing
|
||||||
|
library, libcrypt, to a separate development project that will, we hope,
|
||||||
|
keep up better with new passphrase-hashing algorithms. We will continue
|
||||||
|
to declare 'crypt' in <unistd.h>, and programs that use 'crypt' or
|
||||||
|
'crypt_r' should not need to change at all; however, distributions will
|
||||||
|
need to install <crypt.h> and libcrypt from a separate project.
|
||||||
|
|
||||||
|
In this release, if the configure option --disable-crypt is used, glibc
|
||||||
|
will not install <crypt.h> or libcrypt, making room for the separate
|
||||||
|
project's versions of these files. The plan is to make this the default
|
||||||
|
behavior in a future release.
|
||||||
|
|
||||||
Changes to build and runtime requirements:
|
Changes to build and runtime requirements:
|
||||||
|
|
||||||
[Add changes to build and runtime requirements here]
|
[Add changes to build and runtime requirements here]
|
||||||
|
|
|
@ -96,6 +96,7 @@ cross-compiling = @cross_compiling@
|
||||||
force-install = @force_install@
|
force-install = @force_install@
|
||||||
link-obsolete-rpc = @link_obsolete_rpc@
|
link-obsolete-rpc = @link_obsolete_rpc@
|
||||||
build-obsolete-nsl = @build_obsolete_nsl@
|
build-obsolete-nsl = @build_obsolete_nsl@
|
||||||
|
build-crypt = @build_crypt@
|
||||||
build-nscd = @build_nscd@
|
build-nscd = @build_nscd@
|
||||||
use-nscd = @use_nscd@
|
use-nscd = @use_nscd@
|
||||||
build-hardcoded-path-in-tests= @hardcoded_path_in_tests@
|
build-hardcoded-path-in-tests= @hardcoded_path_in_tests@
|
||||||
|
|
18
configure
vendored
18
configure
vendored
|
@ -676,6 +676,7 @@ build_obsolete_nsl
|
||||||
link_obsolete_rpc
|
link_obsolete_rpc
|
||||||
libc_cv_static_nss_crypt
|
libc_cv_static_nss_crypt
|
||||||
libc_cv_nss_crypt
|
libc_cv_nss_crypt
|
||||||
|
build_crypt
|
||||||
experimental_malloc
|
experimental_malloc
|
||||||
enable_werror
|
enable_werror
|
||||||
all_warnings
|
all_warnings
|
||||||
|
@ -779,6 +780,7 @@ enable_all_warnings
|
||||||
enable_werror
|
enable_werror
|
||||||
enable_multi_arch
|
enable_multi_arch
|
||||||
enable_experimental_malloc
|
enable_experimental_malloc
|
||||||
|
enable_crypt
|
||||||
enable_nss_crypt
|
enable_nss_crypt
|
||||||
enable_obsolete_rpc
|
enable_obsolete_rpc
|
||||||
enable_obsolete_nsl
|
enable_obsolete_nsl
|
||||||
|
@ -1448,6 +1450,8 @@ Optional Features:
|
||||||
architectures
|
architectures
|
||||||
--disable-experimental-malloc
|
--disable-experimental-malloc
|
||||||
disable experimental malloc features
|
disable experimental malloc features
|
||||||
|
--disable-crypt do not build nor install the passphrase hashing
|
||||||
|
library, libcrypt
|
||||||
--enable-nss-crypt enable libcrypt to use nss
|
--enable-nss-crypt enable libcrypt to use nss
|
||||||
--enable-obsolete-rpc build and install the obsolete RPC code for
|
--enable-obsolete-rpc build and install the obsolete RPC code for
|
||||||
link-time usage
|
link-time usage
|
||||||
|
@ -3505,6 +3509,15 @@ fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Check whether --enable-crypt was given.
|
||||||
|
if test "${enable_crypt+set}" = set; then :
|
||||||
|
enableval=$enable_crypt; build_crypt=$enableval
|
||||||
|
else
|
||||||
|
build_crypt=yes
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Check whether --enable-nss-crypt was given.
|
# Check whether --enable-nss-crypt was given.
|
||||||
if test "${enable_nss_crypt+set}" = set; then :
|
if test "${enable_nss_crypt+set}" = set; then :
|
||||||
enableval=$enable_nss_crypt; nss_crypt=$enableval
|
enableval=$enable_nss_crypt; nss_crypt=$enableval
|
||||||
|
@ -3512,6 +3525,11 @@ else
|
||||||
nss_crypt=no
|
nss_crypt=no
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test x$build_libcrypt = xno && test x$nss_crypt = xyes; then
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-nss-crypt has no effect when libcrypt is disabled" >&5
|
||||||
|
$as_echo "$as_me: WARNING: --enable-nss-crypt has no effect when libcrypt is disabled" >&2;}
|
||||||
|
nss_crypt=no
|
||||||
|
fi
|
||||||
if test x$nss_crypt = xyes; then
|
if test x$nss_crypt = xyes; then
|
||||||
nss_includes=-I$(nss-config --includedir 2>/dev/null)
|
nss_includes=-I$(nss-config --includedir 2>/dev/null)
|
||||||
if test $? -ne 0; then
|
if test $? -ne 0; then
|
||||||
|
|
11
configure.ac
11
configure.ac
|
@ -302,11 +302,22 @@ AC_ARG_ENABLE([experimental-malloc],
|
||||||
[experimental_malloc=yes])
|
[experimental_malloc=yes])
|
||||||
AC_SUBST(experimental_malloc)
|
AC_SUBST(experimental_malloc)
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([crypt],
|
||||||
|
AC_HELP_STRING([--disable-crypt],
|
||||||
|
[do not build nor install the passphrase hashing library, libcrypt]),
|
||||||
|
[build_crypt=$enableval],
|
||||||
|
[build_crypt=yes])
|
||||||
|
AC_SUBST(build_crypt)
|
||||||
|
|
||||||
AC_ARG_ENABLE([nss-crypt],
|
AC_ARG_ENABLE([nss-crypt],
|
||||||
AC_HELP_STRING([--enable-nss-crypt],
|
AC_HELP_STRING([--enable-nss-crypt],
|
||||||
[enable libcrypt to use nss]),
|
[enable libcrypt to use nss]),
|
||||||
[nss_crypt=$enableval],
|
[nss_crypt=$enableval],
|
||||||
[nss_crypt=no])
|
[nss_crypt=no])
|
||||||
|
if test x$build_libcrypt = xno && test x$nss_crypt = xyes; then
|
||||||
|
AC_MSG_WARN([--enable-nss-crypt has no effect when libcrypt is disabled])
|
||||||
|
nss_crypt=no
|
||||||
|
fi
|
||||||
if test x$nss_crypt = xyes; then
|
if test x$nss_crypt = xyes; then
|
||||||
nss_includes=-I$(nss-config --includedir 2>/dev/null)
|
nss_includes=-I$(nss-config --includedir 2>/dev/null)
|
||||||
if test $? -ne 0; then
|
if test $? -ne 0; then
|
||||||
|
|
|
@ -193,13 +193,11 @@ linknamespace-libs-thr = $(linknamespace-libs-isoc) \
|
||||||
$(common-objpfx)rt/librt.a $(static-thread-library)
|
$(common-objpfx)rt/librt.a $(static-thread-library)
|
||||||
linknamespace-libs-posix = $(linknamespace-libs-thr) \
|
linknamespace-libs-posix = $(linknamespace-libs-thr) \
|
||||||
$(common-objpfx)dlfcn/libdl.a
|
$(common-objpfx)dlfcn/libdl.a
|
||||||
linknamespace-libs-xsi = $(linknamespace-libs-posix) \
|
linknamespace-libs-xsi = $(linknamespace-libs-posix)
|
||||||
$(common-objpfx)crypt/libcrypt.a
|
|
||||||
linknamespace-libs-ISO = $(linknamespace-libs-isoc)
|
linknamespace-libs-ISO = $(linknamespace-libs-isoc)
|
||||||
linknamespace-libs-ISO99 = $(linknamespace-libs-isoc)
|
linknamespace-libs-ISO99 = $(linknamespace-libs-isoc)
|
||||||
linknamespace-libs-ISO11 = $(linknamespace-libs-isoc)
|
linknamespace-libs-ISO11 = $(linknamespace-libs-isoc)
|
||||||
linknamespace-libs-XPG4 = $(linknamespace-libs-isoc) \
|
linknamespace-libs-XPG4 = $(linknamespace-libs-isoc)
|
||||||
$(common-objpfx)crypt/libcrypt.a
|
|
||||||
linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4)
|
linknamespace-libs-XPG42 = $(linknamespace-libs-XPG4)
|
||||||
linknamespace-libs-POSIX = $(linknamespace-libs-thr)
|
linknamespace-libs-POSIX = $(linknamespace-libs-thr)
|
||||||
linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi)
|
linknamespace-libs-UNIX98 = $(linknamespace-libs-xsi)
|
||||||
|
@ -209,6 +207,11 @@ linknamespace-libs-XOPEN2K8 = $(linknamespace-libs-xsi)
|
||||||
linknamespace-libs = $(foreach std,$(conformtest-standards),\
|
linknamespace-libs = $(foreach std,$(conformtest-standards),\
|
||||||
$(linknamespace-libs-$(std)))
|
$(linknamespace-libs-$(std)))
|
||||||
|
|
||||||
|
ifeq ($(build-crypt),yes)
|
||||||
|
linknamespace-libs-xsi += $(common-objpfx)crypt/libcrypt.a
|
||||||
|
linknamespace-libs-XPG4 += $(common-objpfx)crypt/libcrypt.a
|
||||||
|
endif
|
||||||
|
|
||||||
$(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
|
$(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
|
||||||
$(linknamespace-libs)
|
$(linknamespace-libs)
|
||||||
LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \
|
LC_ALL=C $(READELF) -W -s $(linknamespace-libs-$*) > $@; \
|
||||||
|
|
|
@ -32,10 +32,6 @@ libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \
|
||||||
|
|
||||||
tests := cert md5c-test sha256c-test sha512c-test badsalttest
|
tests := cert md5c-test sha256c-test sha512c-test badsalttest
|
||||||
|
|
||||||
ifeq ($(crypt-in-libc),yes)
|
|
||||||
routines += $(libcrypt-routines)
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(nss-crypt),yes)
|
ifeq ($(nss-crypt),yes)
|
||||||
nss-cpp-flags := -DUSE_NSS \
|
nss-cpp-flags := -DUSE_NSS \
|
||||||
-I$(shell nss-config --includedir) -I$(shell nspr-config --includedir)
|
-I$(shell nss-config --includedir) -I$(shell nspr-config --includedir)
|
||||||
|
|
27
elf/Makefile
27
elf/Makefile
|
@ -387,14 +387,21 @@ $(objpfx)tst-_dl_addr_inside_object: $(objpfx)dl-addr-obj.os
|
||||||
CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag)
|
CFLAGS-tst-_dl_addr_inside_object.c += $(PIE-ccflag)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# By default tst-linkall-static should try to use crypt routines to test
|
# We can only test static libcrypt use if libcrypt has been built,
|
||||||
# static libcrypt use.
|
# and either NSS crypto is not in use, or static NSS libraries are
|
||||||
|
# available.
|
||||||
|
ifeq ($(build-crypt),no)
|
||||||
|
CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=0
|
||||||
|
else
|
||||||
|
ifeq ($(nss-crypt),no)
|
||||||
CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
|
CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
|
||||||
# However, if we are using NSS crypto and we don't have a static
|
else
|
||||||
# library, then we exclude the use of crypt functions in the test.
|
ifeq ($(static-nss-crypt),no)
|
||||||
# We similarly exclude libcrypt.a from the static link (see below).
|
CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=0
|
||||||
ifeq (yesno,$(nss-crypt)$(static-nss-crypt))
|
else
|
||||||
CFLAGS-tst-linkall-static.c += -UUSE_CRYPT -DUSE_CRYPT=0
|
CFLAGS-tst-linkall-static.c += -DUSE_CRYPT=1
|
||||||
|
endif
|
||||||
|
endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
include ../Rules
|
include ../Rules
|
||||||
|
@ -1115,7 +1122,6 @@ localplt-built-dso := $(addprefix $(common-objpfx),\
|
||||||
rt/librt.so \
|
rt/librt.so \
|
||||||
dlfcn/libdl.so \
|
dlfcn/libdl.so \
|
||||||
resolv/libresolv.so \
|
resolv/libresolv.so \
|
||||||
crypt/libcrypt.so \
|
|
||||||
)
|
)
|
||||||
ifeq ($(build-mathvec),yes)
|
ifeq ($(build-mathvec),yes)
|
||||||
localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so)
|
localplt-built-dso += $(addprefix $(common-objpfx), mathvec/libmvec.so)
|
||||||
|
@ -1123,6 +1129,9 @@ endif
|
||||||
ifeq ($(have-thread-library),yes)
|
ifeq ($(have-thread-library),yes)
|
||||||
localplt-built-dso += $(filter-out %_nonshared.a, $(shared-thread-library))
|
localplt-built-dso += $(filter-out %_nonshared.a, $(shared-thread-library))
|
||||||
endif
|
endif
|
||||||
|
ifeq ($(build-crypt),yes)
|
||||||
|
localplt-built-dso += $(addprefix $(common-objpfx), crypt/libcrypt.so)
|
||||||
|
endif
|
||||||
|
|
||||||
vpath localplt.data $(+sysdep_dirs)
|
vpath localplt.data $(+sysdep_dirs)
|
||||||
|
|
||||||
|
@ -1410,6 +1419,7 @@ $(objpfx)tst-linkall-static: \
|
||||||
$(common-objpfx)resolv/libanl.a \
|
$(common-objpfx)resolv/libanl.a \
|
||||||
$(static-thread-library)
|
$(static-thread-library)
|
||||||
|
|
||||||
|
ifeq ($(build-crypt),yes)
|
||||||
# If we are using NSS crypto and we have the ability to link statically
|
# If we are using NSS crypto and we have the ability to link statically
|
||||||
# then we include libcrypt.a, otherwise we leave out libcrypt.a and
|
# then we include libcrypt.a, otherwise we leave out libcrypt.a and
|
||||||
# link as much as we can into the tst-linkall-static test. This assumes
|
# link as much as we can into the tst-linkall-static test. This assumes
|
||||||
|
@ -1425,6 +1435,7 @@ ifeq (no,$(nss-crypt))
|
||||||
$(objpfx)tst-linkall-static: \
|
$(objpfx)tst-linkall-static: \
|
||||||
$(common-objpfx)crypt/libcrypt.a
|
$(common-objpfx)crypt/libcrypt.a
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
# The application depends on the DSO, and the DSO loads the plugin.
|
# The application depends on the DSO, and the DSO loads the plugin.
|
||||||
# The plugin also depends on the DSO. This creates the circular
|
# The plugin also depends on the DSO. This creates the circular
|
||||||
|
|
|
@ -18,7 +18,9 @@
|
||||||
|
|
||||||
#include <math.h>
|
#include <math.h>
|
||||||
#include <pthread.h>
|
#include <pthread.h>
|
||||||
#include <crypt.h>
|
#if USE_CRYPT
|
||||||
|
# include <crypt.h>
|
||||||
|
#endif
|
||||||
#include <resolv.h>
|
#include <resolv.h>
|
||||||
#include <dlfcn.h>
|
#include <dlfcn.h>
|
||||||
#include <utmp.h>
|
#include <utmp.h>
|
||||||
|
|
|
@ -230,6 +230,17 @@ libnss_nisplus are not built at all.
|
||||||
Use this option to enable libnsl with all depending NSS modules and
|
Use this option to enable libnsl with all depending NSS modules and
|
||||||
header files.
|
header files.
|
||||||
|
|
||||||
|
@item --disable-crypt
|
||||||
|
Do not install the passphrase-hashing library @file{libcrypt} or the
|
||||||
|
header file @file{crypt.h}. @file{unistd.h} will still declare the
|
||||||
|
function @code{crypt}. Using this option does not change the set of
|
||||||
|
programs that may need to be linked with @option{-lcrypt}; it only
|
||||||
|
means that @theglibc{} will not provide that library.
|
||||||
|
|
||||||
|
This option is for hackers and distributions experimenting with
|
||||||
|
independently-maintained implementations of libcrypt. It may become
|
||||||
|
the default in a future release.
|
||||||
|
|
||||||
@item --disable-experimental-malloc
|
@item --disable-experimental-malloc
|
||||||
By default, a per-thread cache is enabled in @code{malloc}. While
|
By default, a per-thread cache is enabled in @code{malloc}. While
|
||||||
this cache can be disabled on a per-application basis using tunables
|
this cache can be disabled on a per-application basis using tunables
|
||||||
|
|
Loading…
Reference in a new issue