diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index 845cc86fd3..4da6cce18b 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -572,6 +572,7 @@ sys-libs/libselinux sys-libs/libsepol sys-libs/libunwind sys-libs/liburing +sys-libs/libxcrypt sys-libs/ncurses sys-libs/readline sys-libs/talloc diff --git a/bootstrap_sdk b/bootstrap_sdk index 278430d08c..fccd6e039c 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -144,9 +144,10 @@ cp "${BUILD_LIBRARY_DIR}/toolchain_util.sh" "${ROOT_OVERLAY}/tmp" # outdated "seed tarball" libraries which have been updated to newer versions in stage 1. stage_repo() { - local repo="$1" - local path="$2" - local dest="$3" + local repo=${1} + local path=${2} + local dest=${3} + local update_seed_file=${4} local gitname="$repo" if [ "$gitname" = "gentoo" ] ; then @@ -173,7 +174,7 @@ stage_repo() { name=${hook##*/} name=${name%"-${gitname}.sh"} info "Invoking stage1 ${gitname} hook ${name} on ${dest}/${repo}" - "${hook}" "${dest}/${repo}" "${!repo_var}" + "${hook}" "${dest}/${repo}" "${!repo_var}" "${update_seed_file}" done ) } @@ -189,10 +190,14 @@ build_stage1() { rm -rf "$stage1_repos" mkdir "$stage1_repos" + # If the file exists and is not empty, seed will be updated. + # Stage1 hooks may decide that the seed SDK needs updating. + local update_seed_file="${TEMPDIR}/update_seed" + # prepare ebuild repos for stage 1, either from the local SDK (default) # or from custom paths specified via command line flags - stage_repo "gentoo" "${FLAGS_stage1_portage_path}" "$stage1_repos" - stage_repo "coreos-overlay" "${FLAGS_stage1_overlay_path}" "$stage1_repos" + stage_repo "gentoo" "${FLAGS_stage1_portage_path}" "$stage1_repos" "${update_seed_file}" + stage_repo "coreos-overlay" "${FLAGS_stage1_overlay_path}" "$stage1_repos" "${update_seed_file}" # Create a snapshot of "known-good" portage-stable repo copy for use in stage 1 # This requires us to create a custom catalyst config to point it to the @@ -210,11 +215,12 @@ build_stage1() { "$TEMPDIR/stage1.spec" # If we are to use a custom path for either ebuild repo we want to update the stage1 seed SDK - if [ -n "${FLAGS_stage1_portage_path}" -o -n "${FLAGS_stage1_overlay_path}" ] ; then + if [[ -n ${FLAGS_stage1_portage_path} ]] || [[ -n ${FLAGS_stage1_overlay_path} ]] || [[ -s ${update_seed_file} ]]; then sed -i 's/^update_seed: no/update_seed: yes/' "$TEMPDIR/stage1.spec" echo "update_seed_command: --update --deep --newuse --complete-graph --rebuild-if-new-ver --rebuild-exclude cross-*-cros-linux-gnu/* sys-devel/gcc " \ >>"$TEMPDIR/stage1.spec" fi + rm -f "${update_seed_file}" # Finally, build stage 1 build_stage stage1 "$SEED" "$TEMPDIR/catalyst-stage1.conf" diff --git a/changelog/changes/2024-03-08-libcrypt-migration.md b/changelog/changes/2024-03-08-libcrypt-migration.md new file mode 100644 index 0000000000..768e006f10 --- /dev/null +++ b/changelog/changes/2024-03-08-libcrypt-migration.md @@ -0,0 +1 @@ +- libcrypt is now provided by the libxcrypt library instead of glibc. Glibc libcrypt was deprecated long time ago. diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-glibc-crypt-portage-stable.sh b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-glibc-crypt-portage-stable.sh new file mode 100755 index 0000000000..b5838185a1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-glibc-crypt-portage-stable.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -x +set -euo pipefail + +stage1_repo=${1} +new_repo=${2} +update_seed_file=${3} + +cat=sys-libs +pkg=libxcrypt + +if [[ -d "${stage1_repo}/${cat}/${pkg}" ]]; then + # libxcrypt is already a part of portage-stable, nothing to do + exit 0 +fi + +mkdir -p "${stage1_repo}/${cat}" +cp -a "${new_repo}/${cat}/${pkg}" "${stage1_repo}/${cat}/${pkg}" +echo x >"${update_seed_file}" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0002-glibc-crypt-coreos-overlay.sh b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0002-glibc-crypt-coreos-overlay.sh new file mode 100755 index 0000000000..e8891c76a3 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0002-glibc-crypt-coreos-overlay.sh @@ -0,0 +1,53 @@ +#!/bin/bash +set -x +set -euo pipefail + +stage1_repo=${1} +new_repo=${2} +update_seed_file=${3} + +base_profile_dir='profiles/coreos/base' + +declare -A fixups_old=( + ['package.mask']='>=virtual/libcrypt-2' + ['package.unmask']='=virtual/libcrypt-1-r1' + ['package.use.force']='sys-libs/glibc crypt' + ['package.use.mask']='sys-libs/glibc -crypt' +) + +declare -A fixups_new=( + ['package.mask']='>=virtual/libcrypt-2' + ['package.unmask']='"${ff}" + done + echo x >"${update_seed_file}" + exit 0 +done diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask index 97238158c1..b4bb4d583f 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask @@ -11,12 +11,6 @@ # certificate store provided in NSS rather than the Gentoo/Debian package. >=app-misc/ca-certificates-20000000 -# Overwrite portage-stable mask. We are delaying the transition to -# libxcrypt, because we need to figure out how to solve the dep loop -# that results from the migration (python -> virtual/libcrypt -> -# libxcrypt -> glibc -> python). ->=virtual/libcrypt-2 - # Python 3.12 is in portage-stable (currently testing), so avoid picking it # up. Update this to mask later versions when we switch to 3.11. >=dev-lang/python-3.12 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index 75ed309ec1..a1a22a0cc4 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -1,9 +1,3 @@ -# Overwrite portage-stable mask. We are delaying the transition to -# libxcrypt, because we need to figure out how to solve the dep loop -# that results from the migration (python -> virtual/libcrypt -> -# libxcrypt -> glibc -> python). - virtual/libcrypt -> -# libxcrypt -> glibc -> python), and also we need to update gcc to -# version 10 or later. -sys-libs/glibc -crypt - # We don't use pip. dev-lang/python ensurepip diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/Manifest new file mode 100644 index 0000000000..416fefe5b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/Manifest @@ -0,0 +1 @@ +DIST libxcrypt-4.4.36-autotools.tar.xz 624660 BLAKE2B 8dc3d0f354baf8c64dc011e95e7df10d48b0dfe428503936ffd55edf2745de04003c7efe231ed5d9a14cea7f682ba377b7e00f0463b4060c50c9c29f555b790f SHA512 fb8391ecb89622eb0d74d13c5fc1369718e83c47671449044ca0c2f78a236d7b06177a60bf8cda47694caa840c68eaaf0b23690e8975fa5d64b734c8eb246d10 diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch new file mode 100644 index 0000000000..5b3958e091 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch @@ -0,0 +1,14 @@ +diff --git a/Makefile.am b/Makefile.am +index d0cca1d..4a5d4a1 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -86,9 +86,7 @@ noinst_HEADERS = \ + test/des-cases.h \ + test/ka-table.inc + +-if ENABLE_XCRYPT_COMPAT_FILES + nodist_include_HEADERS += xcrypt.h +-endif + + noinst_PROGRAMS = \ + lib/gen-des-tables diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r2.ebuild new file mode 100644 index 0000000000..700cbf7866 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r2.ebuild @@ -0,0 +1,335 @@ +# Copyright 2004-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +# NEED_BOOTSTRAP is for developers to quickly generate a tarball +# for publishing to the tree. +NEED_BOOTSTRAP="no" +inherit multibuild multilib python-any-r1 flag-o-matic toolchain-funcs multilib-minimal + +DESCRIPTION="Extended crypt library for descrypt, md5crypt, bcrypt, and others" +HOMEPAGE="https://github.com/besser82/libxcrypt" +if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + inherit autotools + SRC_URI="https://github.com/besser82/libxcrypt/releases/download/v${PV}/${P}.tar.xz" +else + SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-autotools.tar.xz" +fi + +LICENSE="LGPL-2.1+ public-domain BSD BSD-2" +SLOT="0/1" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+compat split-usr static-libs +system test headers-only" +REQUIRED_USE="split-usr? ( system )" +RESTRICT="!test? ( test )" + +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then + export CTARGET=${CATEGORY/cross-} + fi +fi + +is_cross() { + local enabled_abis=( $(multilib_get_enabled_abis) ) + [[ "${#enabled_abis[@]}" -le 1 ]] && [[ ${CHOST} != ${CTARGET} ]] +} + +DEPEND=" + system? ( + elibc_glibc? ( + ${CATEGORY}/glibc[-crypt(-)] + !${CATEGORY}/glibc[crypt(-)] + ) + elibc_musl? ( + ${CATEGORY}/musl[-crypt(+)] + !${CATEGORY}/musl[crypt(+)] + ) + ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-lang/perl + test? ( $(python_gen_any_dep 'dev-python/passlib[${PYTHON_USEDEP}]') ) +" + +python_check_deps() { + python_has_version "dev-python/passlib[${PYTHON_USEDEP}]" +} + +pkg_pretend() { + if has "distcc" ${FEATURES} ; then + ewarn "Please verify all distcc nodes are using the same versions of GCC (>= 10) and Binutils!" + ewarn "Older/mismatched versions of GCC may lead to a misbehaving library: bug #823179." + + if [[ ${BUILD_TYPE} != "binary" ]] && tc-is-gcc && [[ $(gcc-major-version) -lt 10 ]] ; then + die "libxcrypt is known to fail to build or be broken at runtime with < GCC 10 (bug #823179)!" + fi + fi +} + +pkg_setup() { + MULTIBUILD_VARIANTS=( + $(usev compat 'xcrypt_compat') + xcrypt_nocompat + ) + + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # WARNING: Please read on bumping or applying patches! + # + # There are two circular dependencies to be aware of: + # 1) + # if we're bootstrapping configure and makefiles: + # libxcrypt -> automake -> perl -> libxcrypt + # + # mitigation: + # toolchain@ manually runs `make dist` after running autoconf + `./configure` + # and the ebuild uses that. + # (Don't include the pre-generated Perl artefacts.) + # + # solution for future: + # Upstream are working on producing `make dist` tarballs. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # 2) + # configure *unconditionally* needs Perl at build time to generate + # a list of enabled algorithms based on the set passed to `configure`: + # libxcrypt -> perl -> libxcrypt + # + # mitigation: + # None at the moment. + # + # solution for future: + # Not possible right now. Upstream intend on depending on Perl for further + # configuration options. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # Therefore, on changes (inc. bumps): + # * You must check whether upstream have started providing tarballs with bootstrapped + # auto{conf,make}; + # + # * diff the build system changes! + # + if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + # Facilitate our split variant build for compat + non-compat + eapply "${FILESDIR}"/${PN}-4.4.19-multibuild.patch + eautoreconf + fi +} + +src_configure() { + # Avoid possible "illegal instruction" errors with gold + # bug #821496 + tc-ld-disable-gold + + # Doesn't work with LTO: bug #852917. + # https://github.com/besser82/libxcrypt/issues/24 + filter-lto + + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + multibuild_foreach_variant multilib-minimal_src_configure +} + +get_xcprefix() { + if is_cross; then + echo "${EPREFIX}/usr/${CTARGET}" + else + echo "${EPREFIX}" + fi +} + +get_xclibdir() { + printf -- "%s/%s/%s/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !split-usr '/usr')" \ + "$(get_libdir)" \ + "$(usev !system 'xcrypt')" +} + +get_xcincludedir() { + printf -- "%s/usr/include/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !system 'xcrypt')" +} + +get_xcmandir() { + printf -- "%s/usr/share/man\n" \ + "$(get_xcprefix)" +} + +get_xcpkgconfigdir() { + printf -- "%s/usr/%s/pkgconfig\n" \ + "$(get_xcprefix)" \ + "$(get_libdir)" +} + +multilib_src_configure() { + local -a myconf=( + --host=${CTARGET} + --disable-werror + --libdir=$(get_xclibdir) + --with-pkgconfigdir=$(get_xcpkgconfigdir) + --includedir=$(get_xcincludedir) + --mandir="$(get_xcmandir)" + ) + + tc-export PKG_CONFIG + + if is_cross; then + if tc-is-clang; then + export CC="${CTARGET}-clang" + else + export CC="${CTARGET}-gcc" + fi + fi + + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + myconf+=( + --disable-static + --disable-xcrypt-compat-files + --enable-obsolete-api=yes + ) + ;; + xcrypt_nocompat-*) + myconf+=( + --enable-obsolete-api=no + $(use_enable static-libs static) + ) + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac + + if use headers-only; then + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC is sane. + headers_only_flags="CC=$(tc-getBUILD_CC)" + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" "${headers_only_flags}" +} + +src_compile() { + use headers-only && return + + multibuild_foreach_variant multilib-minimal_src_compile +} + +multilib_src_test() { + emake check +} + +src_test() { + multibuild_foreach_variant multilib-minimal_src_test +} + +src_install() { + multibuild_foreach_variant multilib-minimal_src_install + + use headers-only || \ + ( + shopt -s failglob || die "failglob failed" + + # Make sure our man pages do not collide with glibc or man-pages. + for manpage in "${D}$(get_xcmandir)"/man3/crypt{,_r}.?*; do + mv -n "${manpage}" "$(dirname "${manpage}")/xcrypt_$(basename "${manpage}")" \ + || die "mv failed" + done + ) || die "failglob error" + + # Remove useless stuff from installation + find "${ED}"/usr/share/doc/${PF} -type l -delete || die + find "${ED}" -name '*.la' -delete || die + + # workaround broken upstream cross-* --docdir by installing files in proper locations + if is_cross; then + insinto "$(get_xcprefix)"/usr/share + doins -r "${ED}"/usr/share/doc + rm -r "${ED}"/usr/share/doc || die + fi +} + +multilib_src_install() { + if use headers-only; then + emake DESTDIR="${D}" install-nodist_includeHEADERS + return + fi + + emake DESTDIR="${D}" install + + # Don't install the libcrypt.so symlink for the "compat" version + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + rm "${D}"$(get_xclibdir)/libcrypt$(get_libname) \ + || die "failed to remove extra compat libraries" + ;; + xcrypt_nocompat-*) + if use split-usr; then + ( + if use static-libs; then + # .a files are installed to /$(get_libdir) by default + # Move static libraries to /usr prefix or portage will abort + shopt -s nullglob || die "failglob failed" + static_libs=( "${D}"/$(get_xclibdir)/*.a ) + + if [[ -n ${static_libs[*]} ]]; then + dodir "/usr/$(get_xclibdir)" + mv "${static_libs[@]}" "${ED}/usr/$(get_xclibdir)" \ + || die "Moving static libs failed" + fi + fi + + if use system; then + # Move versionless .so symlinks from /$(get_libdir) to /usr/$(get_libdir) + # to allow linker to correctly find shared libraries. + shopt -s failglob || die "failglob failed" + + for lib_file in "${D}"$(get_xclibdir)/*$(get_libname); do + lib_file_basename="$(basename "${lib_file}")" + lib_file_target="$(basename "$(readlink -f "${lib_file}")")" + + # We already know we're in split-usr (checked above) + # See bug #843209 (also worth keeping in mind bug #802222 too) + local libdir_no_prefix=$(get_xclibdir) + libdir_no_prefix=${libdir_no_prefix#${EPREFIX}} + libdir_no_prefix=${libdir_no_prefix%/usr} + dosym -r "/$(get_libdir)/${lib_file_target}" "/usr/${libdir_no_prefix}/${lib_file_basename}" + done + + rm "${D}"$(get_xclibdir)/*$(get_libname) || die "Removing symlinks in incorrect location failed" + fi + ) + fi + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac +} + +pkg_preinst() { + # Verify we're not in a bad case like bug #843209 with broken symlinks. + # This can be dropped when, if ever, the split-usr && system && compat case + # is cleaned up in *_src_install. + local broken_symlinks=() + mapfile -d '' broken_symlinks < <( + find "${ED}" -xtype l -print0 + ) + + if [[ ${#broken_symlinks[@]} -gt 0 ]]; then + eerror "Broken symlinks found before merging!" + local symlink target resolved + for symlink in "${broken_symlinks[@]}" ; do + target="$(readlink "${symlink}")" + resolved="$(readlink -f "${symlink}")" + eerror " '${symlink}' -> '${target}' (${resolved})" + done + die "Broken symlinks found! Aborting to avoid damaging system. Please report a bug." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r3.ebuild new file mode 100644 index 0000000000..172ca419fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r3.ebuild @@ -0,0 +1,254 @@ +# Copyright 2004-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +# NEED_BOOTSTRAP is for developers to quickly generate a tarball +# for publishing to the tree. +NEED_BOOTSTRAP="no" +inherit crossdev multibuild multilib python-any-r1 flag-o-matic toolchain-funcs multilib-minimal + +DESCRIPTION="Extended crypt library for descrypt, md5crypt, bcrypt, and others" +HOMEPAGE="https://github.com/besser82/libxcrypt" +if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + inherit autotools + SRC_URI="https://github.com/besser82/libxcrypt/releases/download/v${PV}/${P}.tar.xz" +else + SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-autotools.tar.xz" +fi + +LICENSE="LGPL-2.1+ public-domain BSD BSD-2" +SLOT="0/1" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+compat static-libs +system test headers-only" +RESTRICT="!test? ( test )" + +DEPEND=" + system? ( + elibc_glibc? ( + ${CATEGORY}/glibc[-crypt(-)] + !${CATEGORY}/glibc[crypt(-)] + ) + elibc_musl? ( + ${CATEGORY}/musl[-crypt(+)] + !${CATEGORY}/musl[crypt(+)] + ) + ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-lang/perl + test? ( $(python_gen_any_dep 'dev-python/passlib[${PYTHON_USEDEP}]') ) +" + +python_check_deps() { + python_has_version "dev-python/passlib[${PYTHON_USEDEP}]" +} + +pkg_pretend() { + if has "distcc" ${FEATURES} ; then + ewarn "Please verify all distcc nodes are using the same versions of GCC (>= 10) and Binutils!" + ewarn "Older/mismatched versions of GCC may lead to a misbehaving library: bug #823179." + + if [[ ${BUILD_TYPE} != "binary" ]] && tc-is-gcc && [[ $(gcc-major-version) -lt 10 ]] ; then + die "libxcrypt is known to fail to build or be broken at runtime with < GCC 10 (bug #823179)!" + fi + fi +} + +pkg_setup() { + : +} + +src_prepare() { + default + + # WARNING: Please read on bumping or applying patches! + # + # There are two circular dependencies to be aware of: + # 1) + # if we're bootstrapping configure and makefiles: + # libxcrypt -> automake -> perl -> libxcrypt + # + # mitigation: + # toolchain@ manually runs `make dist` after running autoconf + `./configure` + # and the ebuild uses that. + # (Don't include the pre-generated Perl artefacts.) + # + # solution for future: + # Upstream are working on producing `make dist` tarballs. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # 2) + # configure *unconditionally* needs Perl at build time to generate + # a list of enabled algorithms based on the set passed to `configure`: + # libxcrypt -> perl -> libxcrypt + # + # mitigation: + # None at the moment. + # + # solution for future: + # Not possible right now. Upstream intend on depending on Perl for further + # configuration options. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # Therefore, on changes (inc. bumps): + # * You must check whether upstream have started providing tarballs with bootstrapped + # auto{conf,make}; + # + # * diff the build system changes! + # + if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + # Facilitate our split variant build for compat + non-compat + eapply "${FILESDIR}"/${PN}-4.4.19-multibuild.patch + eautoreconf + fi +} + +src_configure() { + MULTIBUILD_VARIANTS=( + $(usev compat 'xcrypt_compat') + xcrypt_nocompat + ) + + MYPREFIX=${EPREFIX} + MYSYSROOT=${ESYSROOT} + + if target_is_not_host; then + local CHOST=${CTARGET} + + MYPREFIX= + MYSYSROOT=${ESYSROOT}/usr/${CTARGET} + + # Ensure we get compatible libdir + unset DEFAULT_ABI MULTILIB_ABIS + multilib_env + ABI=${DEFAULT_ABI} + + tc-getCC >/dev/null + if [[ ${CC} != ${CHOST}-* ]]; then + unset CC + tc-getCC >/dev/null + fi + + strip-unsupported-flags + fi + + if use headers-only; then + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC is sane. + local -x CC="$(tc-getBUILD_CC)" + fi + + # Avoid possible "illegal instruction" errors with gold + # bug #821496 + tc-ld-disable-gold + + # Doesn't work with LTO: bug #852917. + # https://github.com/besser82/libxcrypt/issues/24 + filter-lto + + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + if use test; then + python_setup + fi + + multibuild_foreach_variant multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --disable-werror + --prefix="${MYPREFIX}/usr" + --libdir="${MYPREFIX}/usr/$(get_libdir)$(usev !system /xcrypt)" + --includedir="${MYPREFIX}/usr/include$(usev !system /xcrypt)" + --with-pkgconfigdir="${MYPREFIX}/usr/$(get_libdir)/pkgconfig" + --with-sysroot="${MYSYSROOT}" + ) + + tc-export PKG_CONFIG + + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + myconf+=( + --disable-static + --disable-xcrypt-compat-files + --enable-obsolete-api=yes + ) + ;; + xcrypt_nocompat-*) + myconf+=( + --enable-obsolete-api=no + $(use_enable static-libs static) + ) + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac + + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +src_compile() { + use headers-only && return + + multibuild_foreach_variant multilib-minimal_src_compile +} + +multilib_src_test() { + emake check +} + +src_test() { + multibuild_foreach_variant multilib-minimal_src_test +} + +src_install() { + local DESTDIR=${D} + if target_is_not_host; then + DESTDIR=${ED}/usr/${CTARGET} + fi + + multibuild_foreach_variant multilib-minimal_src_install + + find "${ED}" -name '*.la' -delete || die + + if target_is_not_host; then + insinto /usr/${CTARGET}/usr/share + doins -r "${ED}/usr/share/doc" + rm -r "${ED}/usr/share/doc" || die + rmdir "${ED}/usr/share" || die + fi +} + +multilib_src_install() { + if use headers-only; then + emake DESTDIR="${DESTDIR}" install-nodist_includeHEADERS + else + emake DESTDIR="${DESTDIR}" install + # Conflicts with sys-apps/man-pages + rm "${DESTDIR}${MYPREFIX}"/usr/share/man/man3/crypt{,_r}.3 || die + fi +} + +pkg_preinst() { + # Verify we're not in a bad case like bug #843209 with broken symlinks. + # This can be dropped when, if ever, the split-usr && system && compat case + # is cleaned up in *_src_install. + local broken_symlinks=() + mapfile -d '' broken_symlinks < <( + find "${ED}" -xtype l -print0 + ) + + if [[ ${#broken_symlinks[@]} -gt 0 ]]; then + eerror "Broken symlinks found before merging!" + local symlink target resolved + for symlink in "${broken_symlinks[@]}" ; do + target="$(readlink "${symlink}")" + resolved="$(readlink -f "${symlink}")" + eerror " '${symlink}' -> '${target}' (${resolved})" + done + die "Broken symlinks found! Aborting to avoid damaging system. Please report a bug." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild new file mode 100644 index 0000000000..51562c02d4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild @@ -0,0 +1,340 @@ +# Copyright 2004-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +# NEED_BOOTSTRAP is for developers to quickly generate a tarball +# for publishing to the tree. +NEED_BOOTSTRAP="no" +inherit multibuild multilib python-any-r1 flag-o-matic toolchain-funcs multilib-minimal + +DESCRIPTION="Extended crypt library for descrypt, md5crypt, bcrypt, and others" +HOMEPAGE="https://github.com/besser82/libxcrypt" +if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + inherit autotools + SRC_URI="https://github.com/besser82/libxcrypt/releases/download/v${PV}/${P}.tar.xz" +else + SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-autotools.tar.xz" +fi + +LICENSE="LGPL-2.1+ public-domain BSD BSD-2" +SLOT="0/1" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+compat split-usr static-libs +system test headers-only" +REQUIRED_USE="split-usr? ( system )" +RESTRICT="!test? ( test )" + +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then + export CTARGET=${CATEGORY/cross-} + fi +fi + +is_cross() { + local enabled_abis=( $(multilib_get_enabled_abis) ) + [[ "${#enabled_abis[@]}" -le 1 ]] && [[ ${CHOST} != ${CTARGET} ]] +} + +DEPEND=" + system? ( + elibc_glibc? ( + ${CATEGORY}/glibc[-crypt(+)] + !${CATEGORY}/glibc[crypt(+)] + ) + elibc_musl? ( + ${CATEGORY}/musl[-crypt(+)] + !${CATEGORY}/musl[crypt(+)] + ) + ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-lang/perl + test? ( $(python_gen_any_dep 'dev-python/passlib[${PYTHON_USEDEP}]') ) +" + +python_check_deps() { + python_has_version "dev-python/passlib[${PYTHON_USEDEP}]" +} + +pkg_pretend() { + if has "distcc" ${FEATURES} ; then + ewarn "Please verify all distcc nodes are using the same versions of GCC (>= 10) and Binutils!" + ewarn "Older/mismatched versions of GCC may lead to a misbehaving library: bug #823179." + + if [[ ${BUILD_TYPE} != "binary" ]] && tc-is-gcc && [[ $(gcc-major-version) -lt 10 ]] ; then + die "libxcrypt is known to fail to build or be broken at runtime with < GCC 10 (bug #823179)!" + fi + fi +} + +pkg_setup() { + MULTIBUILD_VARIANTS=( + $(usev compat 'xcrypt_compat') + xcrypt_nocompat + ) + + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # WARNING: Please read on bumping or applying patches! + # + # There are two circular dependencies to be aware of: + # 1) + # if we're bootstrapping configure and makefiles: + # libxcrypt -> automake -> perl -> libxcrypt + # + # mitigation: + # toolchain@ manually runs `make dist` after running autoconf + `./configure` + # and the ebuild uses that. + # (Don't include the pre-generated Perl artefacts.) + # + # solution for future: + # Upstream are working on producing `make dist` tarballs. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # 2) + # configure *unconditionally* needs Perl at build time to generate + # a list of enabled algorithms based on the set passed to `configure`: + # libxcrypt -> perl -> libxcrypt + # + # mitigation: + # None at the moment. + # + # solution for future: + # Not possible right now. Upstream intend on depending on Perl for further + # configuration options. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # Therefore, on changes (inc. bumps): + # * You must check whether upstream have started providing tarballs with bootstrapped + # auto{conf,make}; + # + # * diff the build system changes! + # + if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + # Facilitate our split variant build for compat + non-compat + eapply "${FILESDIR}"/${PN}-4.4.19-multibuild.patch + eautoreconf + fi +} + +src_configure() { + # Avoid possible "illegal instruction" errors with gold + # bug #821496 + tc-ld-disable-gold + + # Doesn't work with LTO: bug #852917. + # https://github.com/besser82/libxcrypt/issues/24 + filter-lto + + # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs + # https://github.com/gentoo/gentoo/pull/28355 + # mold needs this too but right now tc-ld-is-mold is also not available + if tc-ld-is-lld; then + append-ldflags -Wl,--undefined-version + fi + + multibuild_foreach_variant multilib-minimal_src_configure +} + +get_xcprefix() { + if is_cross; then + echo "${EPREFIX}/usr/${CTARGET}" + else + echo "${EPREFIX}" + fi +} + +get_xclibdir() { + printf -- "%s/%s/%s/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !split-usr '/usr')" \ + "$(get_libdir)" \ + "$(usev !system 'xcrypt')" +} + +get_xcincludedir() { + printf -- "%s/usr/include/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !system 'xcrypt')" +} + +get_xcmandir() { + printf -- "%s/usr/share/man\n" \ + "$(get_xcprefix)" +} + +get_xcpkgconfigdir() { + printf -- "%s/usr/%s/pkgconfig\n" \ + "$(get_xcprefix)" \ + "$(get_libdir)" +} + +multilib_src_configure() { + local -a myconf=( + --host=${CTARGET} + --disable-werror + --libdir=$(get_xclibdir) + --with-pkgconfigdir=$(get_xcpkgconfigdir) + --includedir=$(get_xcincludedir) + --mandir="$(get_xcmandir)" + ) + + tc-export PKG_CONFIG + + if is_cross; then + if tc-is-clang; then + export CC="${CTARGET}-clang" + else + export CC="${CTARGET}-gcc" + fi + fi + + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + myconf+=( + --disable-static + --disable-xcrypt-compat-files + --enable-obsolete-api=yes + ) + ;; + xcrypt_nocompat-*) + myconf+=( + --enable-obsolete-api=no + $(use_enable static-libs static) + ) + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac + + if use headers-only; then + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC is sane. + headers_only_flags="CC=$(tc-getBUILD_CC)" + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" "${headers_only_flags}" +} + +src_compile() { + use headers-only && return + + multibuild_foreach_variant multilib-minimal_src_compile +} + +multilib_src_test() { + emake check +} + +src_test() { + multibuild_foreach_variant multilib-minimal_src_test +} + +src_install() { + multibuild_foreach_variant multilib-minimal_src_install + + use headers-only || \ + ( + shopt -s failglob || die "failglob failed" + + # Make sure our man pages do not collide with glibc or man-pages. + for manpage in "${D}$(get_xcmandir)"/man3/crypt{,_r}.?*; do + mv -n "${manpage}" "$(dirname "${manpage}")/xcrypt_$(basename "${manpage}")" \ + || die "mv failed" + done + ) || die "failglob error" + + # Remove useless stuff from installation + find "${ED}"/usr/share/doc/${PF} -type l -delete || die + find "${ED}" -name '*.la' -delete || die + + # workaround broken upstream cross-* --docdir by installing files in proper locations + if is_cross; then + insinto "$(get_xcprefix)"/usr/share + doins -r "${ED}"/usr/share/doc + rm -r "${ED}"/usr/share/doc || die + fi +} + +multilib_src_install() { + if use headers-only; then + emake DESTDIR="${D}" install-nodist_includeHEADERS + return + fi + + emake DESTDIR="${D}" install + + # Don't install the libcrypt.so symlink for the "compat" version + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + rm "${D}"$(get_xclibdir)/libcrypt$(get_libname) \ + || die "failed to remove extra compat libraries" + ;; + xcrypt_nocompat-*) + if use split-usr; then + ( + if use static-libs; then + # .a files are installed to /$(get_libdir) by default + # Move static libraries to /usr prefix or portage will abort + shopt -s nullglob || die "failglob failed" + static_libs=( "${D}"/$(get_xclibdir)/*.a ) + + if [[ -n ${static_libs[*]} ]]; then + dodir "/usr/$(get_xclibdir)" + mv "${static_libs[@]}" "${ED}/usr/$(get_xclibdir)" \ + || die "Moving static libs failed" + fi + fi + + if use system; then + # Move versionless .so symlinks from /$(get_libdir) to /usr/$(get_libdir) + # to allow linker to correctly find shared libraries. + shopt -s failglob || die "failglob failed" + + for lib_file in "${D}"$(get_xclibdir)/*$(get_libname); do + lib_file_basename="$(basename "${lib_file}")" + lib_file_target="$(basename "$(readlink -f "${lib_file}")")" + + # We already know we're in split-usr (checked above) + # See bug #843209 (also worth keeping in mind bug #802222 too) + local libdir_no_prefix=$(get_xclibdir) + libdir_no_prefix=${libdir_no_prefix#${EPREFIX}} + libdir_no_prefix=${libdir_no_prefix%/usr} + dosym -r "/$(get_libdir)/${lib_file_target}" "/usr/${libdir_no_prefix}/${lib_file_basename}" + done + + rm "${D}"$(get_xclibdir)/*$(get_libname) || die "Removing symlinks in incorrect location failed" + fi + ) + fi + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac +} + +pkg_preinst() { + # Verify we're not in a bad case like bug #843209 with broken symlinks. + # This can be dropped when, if ever, the split-usr && system && compat case + # is cleaned up in *_src_install. + local broken_symlinks=() + mapfile -d '' broken_symlinks < <( + find "${ED}" -xtype l -print0 + ) + + if [[ ${#broken_symlinks[@]} -gt 0 ]]; then + eerror "Broken symlinks found before merging!" + local symlink target resolved + for symlink in "${broken_symlinks[@]}" ; do + target="$(readlink "${symlink}")" + resolved="$(readlink -f "${symlink}")" + eerror " '${symlink}' -> '${target}' (${resolved})" + done + die "Broken symlinks found! Aborting to avoid damaging system. Please report a bug." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/metadata.xml new file mode 100644 index 0000000000..cef5e501f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/metadata.xml @@ -0,0 +1,21 @@ + + + + + toolchain@gentoo.org + Gentoo Toolchain Project + + + Crypt library for DES, MD5, and blowfish. Libxcrypt is a replacement for + libcrypt, which comes with the GNU C Library. It supports DES crypt, + MD5, and passwords with blowfish encryption. + + + Build with compatibility interfaces for other crypt implementations + Install as system libcrypt.so rather than to an alternate directory (will collide with sys-libs/glibc's version) + Build and install only the headers. + + + besser82/libxcrypt + +