From bd5acfb8e8409d541048ef21f7618b415adea1b7 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 16 Jun 2020 16:18:38 -0700 Subject: [PATCH 1/2] libxcrypt: add libxcrypt is an external version of libc's libcrypt. It allows to use algorithms now available with the libc. musl in OpenWrt for example patches out several algorithms for size reasons. But for shadow-utils, size does not really matter. The hashes are set to solaris as that default gives a good balance between compatibility and size. It includes: bcrypt, bcrypt_a, sha512crypt, sha256crypt, md5crypt, descrypt The STRONG default adds several algorithms not supported by shadow-utils. Signed-off-by: Rosen Penev --- libs/libxcrypt/Makefile | 55 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 libs/libxcrypt/Makefile diff --git a/libs/libxcrypt/Makefile b/libs/libxcrypt/Makefile new file mode 100644 index 000000000..acfde2f08 --- /dev/null +++ b/libs/libxcrypt/Makefile @@ -0,0 +1,55 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=libxcrypt +PKG_VERSION:=4.4.16 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/besser82/libxcrypt/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=a98f65b8baffa2b5ba68ee53c10c0a328166ef4116bce3baece190c8ce01f375 + +PKG_MAINTAINER:= +PKG_LICENSE:=LGPL-2.1-or-later +PKG_LICENSE_FILES:=COPYING.LIB + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/libxcrypt + SECTION:=libs + CATEGORY:=Libraries + URL:=https://github.com/besser82/libxcrypt + TITLE:=Extended crypt library + BUILDONLY:=1 +endef + +define Package/libxcrypt/description + libxcrypt is a modern library for one-way hashing of passwords. It supports + a wide variety of both modern and historical hashing methods: yescrypt, + gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt, md5crypt, SunMD5, + sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt. It provides the traditional + Unix crypt and crypt_r interfaces, as well as a set of extended interfaces + pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, + crypt_gensalt_rn, and crypt_gensalt_ra. +endef + +CONFIGURE_ARGS += \ + --disable-shared \ + --disable-failure-tokens \ + --disable-xcrypt-compat-files \ + --disable-obsolete-api \ + --enable-hashes=solaris + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib/libxcrypt + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libcrypt.{a,la} $(1)/usr/lib/libxcrypt + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*crypt.pc $(1)/usr/lib/pkgconfig/ +endef + +$(eval $(call BuildPackage,libxcrypt)) From adf9c249498fe526e2d6afd19bf7985f116c8531 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 16 Jun 2020 17:46:33 -0700 Subject: [PATCH 2/2] shadow: use libxcrypt Since size is not a problem here, use libxcrypt to avoid algorithm availability. Changed default to bcrypt as that's the strongest supported by shadow-utils. Signed-off-by: Rosen Penev --- utils/shadow/Makefile | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/utils/shadow/Makefile b/utils/shadow/Makefile index 05ae5ee00..ab2ba224b 100644 --- a/utils/shadow/Makefile +++ b/utils/shadow/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=shadow PKG_VERSION:=4.8.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/shadow-maint/shadow/releases/download/$(PKG_VERSION) @@ -22,6 +22,7 @@ PKG_CPE_ID:=cpe:/a:debian:shadow PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 +PKG_BUILD_DEPENDS:=libxcrypt include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk @@ -41,7 +42,7 @@ CONFIGURE_ARGS += \ --without-attr \ --without-tcb \ --without-nscd \ - --with$(if $(CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK),,out)-bcrypt + --with-bcrypt CONFIGURE_VARS += \ ac_cv_func_ruserok=no @@ -124,19 +125,14 @@ define Package/shadow-common/conffiles /etc/login.defs endef +#hack to get libxcrypt working +TARGET_LDFLAGS:=-L$(STAGING_DIR)/usr/lib/libxcrypt $(TARGET_LDFLAGS) + define Package/shadow-common/install $(INSTALL_DIR) $(1)/etc $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/login.defs $(1)/etc/ $(SED) 's,SU_NAME,#SU_NAME,g' $(1)/etc/login.defs -ifeq ($(CONFIG_USE_MUSL),y) -ifeq ($(CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK),y) $(SED) 's,#ENCRYPT_METHOD DES,ENCRYPT_METHOD BCRYPT,g' $(1)/etc/login.defs -else - $(SED) 's,#ENCRYPT_METHOD DES,ENCRYPT_METHOD MD5,g' $(1)/etc/login.defs -endif # CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK -else - $(SED) 's,#ENCRYPT_METHOD DES,ENCRYPT_METHOD SHA512,g' $(1)/etc/login.defs -endif # CONFIG_USE_MUSL endef define Package/shadow-utils/install