From 0c8a60e78a36d8e477b81ed142c55d9a3d6cb5c4 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 23 May 2024 11:18:48 +0200 Subject: [PATCH 1/6] sys-libs/libxcrypt: Add from Gentoo It's from Gentoo commit 5719c8e719b916e754090c74aaed74634a28ad9b. --- .../sys-libs/libxcrypt/Manifest | 1 + .../files/libxcrypt-4.4.19-multibuild.patch | 14 + .../libxcrypt/libxcrypt-4.4.36-r2.ebuild | 335 +++++++++++++++++ .../libxcrypt/libxcrypt-4.4.36-r3.ebuild | 254 +++++++++++++ .../libxcrypt/libxcrypt-4.4.36.ebuild | 340 ++++++++++++++++++ .../sys-libs/libxcrypt/metadata.xml | 21 ++ 6 files changed, 965 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/Manifest create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r2.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r3.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/metadata.xml diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/Manifest new file mode 100644 index 0000000000..416fefe5b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/Manifest @@ -0,0 +1 @@ +DIST libxcrypt-4.4.36-autotools.tar.xz 624660 BLAKE2B 8dc3d0f354baf8c64dc011e95e7df10d48b0dfe428503936ffd55edf2745de04003c7efe231ed5d9a14cea7f682ba377b7e00f0463b4060c50c9c29f555b790f SHA512 fb8391ecb89622eb0d74d13c5fc1369718e83c47671449044ca0c2f78a236d7b06177a60bf8cda47694caa840c68eaaf0b23690e8975fa5d64b734c8eb246d10 diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch new file mode 100644 index 0000000000..5b3958e091 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/files/libxcrypt-4.4.19-multibuild.patch @@ -0,0 +1,14 @@ +diff --git a/Makefile.am b/Makefile.am +index d0cca1d..4a5d4a1 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -86,9 +86,7 @@ noinst_HEADERS = \ + test/des-cases.h \ + test/ka-table.inc + +-if ENABLE_XCRYPT_COMPAT_FILES + nodist_include_HEADERS += xcrypt.h +-endif + + noinst_PROGRAMS = \ + lib/gen-des-tables diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r2.ebuild new file mode 100644 index 0000000000..700cbf7866 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r2.ebuild @@ -0,0 +1,335 @@ +# Copyright 2004-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +# NEED_BOOTSTRAP is for developers to quickly generate a tarball +# for publishing to the tree. +NEED_BOOTSTRAP="no" +inherit multibuild multilib python-any-r1 flag-o-matic toolchain-funcs multilib-minimal + +DESCRIPTION="Extended crypt library for descrypt, md5crypt, bcrypt, and others" +HOMEPAGE="https://github.com/besser82/libxcrypt" +if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + inherit autotools + SRC_URI="https://github.com/besser82/libxcrypt/releases/download/v${PV}/${P}.tar.xz" +else + SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-autotools.tar.xz" +fi + +LICENSE="LGPL-2.1+ public-domain BSD BSD-2" +SLOT="0/1" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+compat split-usr static-libs +system test headers-only" +REQUIRED_USE="split-usr? ( system )" +RESTRICT="!test? ( test )" + +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then + export CTARGET=${CATEGORY/cross-} + fi +fi + +is_cross() { + local enabled_abis=( $(multilib_get_enabled_abis) ) + [[ "${#enabled_abis[@]}" -le 1 ]] && [[ ${CHOST} != ${CTARGET} ]] +} + +DEPEND=" + system? ( + elibc_glibc? ( + ${CATEGORY}/glibc[-crypt(-)] + !${CATEGORY}/glibc[crypt(-)] + ) + elibc_musl? ( + ${CATEGORY}/musl[-crypt(+)] + !${CATEGORY}/musl[crypt(+)] + ) + ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-lang/perl + test? ( $(python_gen_any_dep 'dev-python/passlib[${PYTHON_USEDEP}]') ) +" + +python_check_deps() { + python_has_version "dev-python/passlib[${PYTHON_USEDEP}]" +} + +pkg_pretend() { + if has "distcc" ${FEATURES} ; then + ewarn "Please verify all distcc nodes are using the same versions of GCC (>= 10) and Binutils!" + ewarn "Older/mismatched versions of GCC may lead to a misbehaving library: bug #823179." + + if [[ ${BUILD_TYPE} != "binary" ]] && tc-is-gcc && [[ $(gcc-major-version) -lt 10 ]] ; then + die "libxcrypt is known to fail to build or be broken at runtime with < GCC 10 (bug #823179)!" + fi + fi +} + +pkg_setup() { + MULTIBUILD_VARIANTS=( + $(usev compat 'xcrypt_compat') + xcrypt_nocompat + ) + + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # WARNING: Please read on bumping or applying patches! + # + # There are two circular dependencies to be aware of: + # 1) + # if we're bootstrapping configure and makefiles: + # libxcrypt -> automake -> perl -> libxcrypt + # + # mitigation: + # toolchain@ manually runs `make dist` after running autoconf + `./configure` + # and the ebuild uses that. + # (Don't include the pre-generated Perl artefacts.) + # + # solution for future: + # Upstream are working on producing `make dist` tarballs. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # 2) + # configure *unconditionally* needs Perl at build time to generate + # a list of enabled algorithms based on the set passed to `configure`: + # libxcrypt -> perl -> libxcrypt + # + # mitigation: + # None at the moment. + # + # solution for future: + # Not possible right now. Upstream intend on depending on Perl for further + # configuration options. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # Therefore, on changes (inc. bumps): + # * You must check whether upstream have started providing tarballs with bootstrapped + # auto{conf,make}; + # + # * diff the build system changes! + # + if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + # Facilitate our split variant build for compat + non-compat + eapply "${FILESDIR}"/${PN}-4.4.19-multibuild.patch + eautoreconf + fi +} + +src_configure() { + # Avoid possible "illegal instruction" errors with gold + # bug #821496 + tc-ld-disable-gold + + # Doesn't work with LTO: bug #852917. + # https://github.com/besser82/libxcrypt/issues/24 + filter-lto + + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + multibuild_foreach_variant multilib-minimal_src_configure +} + +get_xcprefix() { + if is_cross; then + echo "${EPREFIX}/usr/${CTARGET}" + else + echo "${EPREFIX}" + fi +} + +get_xclibdir() { + printf -- "%s/%s/%s/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !split-usr '/usr')" \ + "$(get_libdir)" \ + "$(usev !system 'xcrypt')" +} + +get_xcincludedir() { + printf -- "%s/usr/include/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !system 'xcrypt')" +} + +get_xcmandir() { + printf -- "%s/usr/share/man\n" \ + "$(get_xcprefix)" +} + +get_xcpkgconfigdir() { + printf -- "%s/usr/%s/pkgconfig\n" \ + "$(get_xcprefix)" \ + "$(get_libdir)" +} + +multilib_src_configure() { + local -a myconf=( + --host=${CTARGET} + --disable-werror + --libdir=$(get_xclibdir) + --with-pkgconfigdir=$(get_xcpkgconfigdir) + --includedir=$(get_xcincludedir) + --mandir="$(get_xcmandir)" + ) + + tc-export PKG_CONFIG + + if is_cross; then + if tc-is-clang; then + export CC="${CTARGET}-clang" + else + export CC="${CTARGET}-gcc" + fi + fi + + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + myconf+=( + --disable-static + --disable-xcrypt-compat-files + --enable-obsolete-api=yes + ) + ;; + xcrypt_nocompat-*) + myconf+=( + --enable-obsolete-api=no + $(use_enable static-libs static) + ) + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac + + if use headers-only; then + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC is sane. + headers_only_flags="CC=$(tc-getBUILD_CC)" + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" "${headers_only_flags}" +} + +src_compile() { + use headers-only && return + + multibuild_foreach_variant multilib-minimal_src_compile +} + +multilib_src_test() { + emake check +} + +src_test() { + multibuild_foreach_variant multilib-minimal_src_test +} + +src_install() { + multibuild_foreach_variant multilib-minimal_src_install + + use headers-only || \ + ( + shopt -s failglob || die "failglob failed" + + # Make sure our man pages do not collide with glibc or man-pages. + for manpage in "${D}$(get_xcmandir)"/man3/crypt{,_r}.?*; do + mv -n "${manpage}" "$(dirname "${manpage}")/xcrypt_$(basename "${manpage}")" \ + || die "mv failed" + done + ) || die "failglob error" + + # Remove useless stuff from installation + find "${ED}"/usr/share/doc/${PF} -type l -delete || die + find "${ED}" -name '*.la' -delete || die + + # workaround broken upstream cross-* --docdir by installing files in proper locations + if is_cross; then + insinto "$(get_xcprefix)"/usr/share + doins -r "${ED}"/usr/share/doc + rm -r "${ED}"/usr/share/doc || die + fi +} + +multilib_src_install() { + if use headers-only; then + emake DESTDIR="${D}" install-nodist_includeHEADERS + return + fi + + emake DESTDIR="${D}" install + + # Don't install the libcrypt.so symlink for the "compat" version + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + rm "${D}"$(get_xclibdir)/libcrypt$(get_libname) \ + || die "failed to remove extra compat libraries" + ;; + xcrypt_nocompat-*) + if use split-usr; then + ( + if use static-libs; then + # .a files are installed to /$(get_libdir) by default + # Move static libraries to /usr prefix or portage will abort + shopt -s nullglob || die "failglob failed" + static_libs=( "${D}"/$(get_xclibdir)/*.a ) + + if [[ -n ${static_libs[*]} ]]; then + dodir "/usr/$(get_xclibdir)" + mv "${static_libs[@]}" "${ED}/usr/$(get_xclibdir)" \ + || die "Moving static libs failed" + fi + fi + + if use system; then + # Move versionless .so symlinks from /$(get_libdir) to /usr/$(get_libdir) + # to allow linker to correctly find shared libraries. + shopt -s failglob || die "failglob failed" + + for lib_file in "${D}"$(get_xclibdir)/*$(get_libname); do + lib_file_basename="$(basename "${lib_file}")" + lib_file_target="$(basename "$(readlink -f "${lib_file}")")" + + # We already know we're in split-usr (checked above) + # See bug #843209 (also worth keeping in mind bug #802222 too) + local libdir_no_prefix=$(get_xclibdir) + libdir_no_prefix=${libdir_no_prefix#${EPREFIX}} + libdir_no_prefix=${libdir_no_prefix%/usr} + dosym -r "/$(get_libdir)/${lib_file_target}" "/usr/${libdir_no_prefix}/${lib_file_basename}" + done + + rm "${D}"$(get_xclibdir)/*$(get_libname) || die "Removing symlinks in incorrect location failed" + fi + ) + fi + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac +} + +pkg_preinst() { + # Verify we're not in a bad case like bug #843209 with broken symlinks. + # This can be dropped when, if ever, the split-usr && system && compat case + # is cleaned up in *_src_install. + local broken_symlinks=() + mapfile -d '' broken_symlinks < <( + find "${ED}" -xtype l -print0 + ) + + if [[ ${#broken_symlinks[@]} -gt 0 ]]; then + eerror "Broken symlinks found before merging!" + local symlink target resolved + for symlink in "${broken_symlinks[@]}" ; do + target="$(readlink "${symlink}")" + resolved="$(readlink -f "${symlink}")" + eerror " '${symlink}' -> '${target}' (${resolved})" + done + die "Broken symlinks found! Aborting to avoid damaging system. Please report a bug." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r3.ebuild new file mode 100644 index 0000000000..172ca419fc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36-r3.ebuild @@ -0,0 +1,254 @@ +# Copyright 2004-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +# NEED_BOOTSTRAP is for developers to quickly generate a tarball +# for publishing to the tree. +NEED_BOOTSTRAP="no" +inherit crossdev multibuild multilib python-any-r1 flag-o-matic toolchain-funcs multilib-minimal + +DESCRIPTION="Extended crypt library for descrypt, md5crypt, bcrypt, and others" +HOMEPAGE="https://github.com/besser82/libxcrypt" +if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + inherit autotools + SRC_URI="https://github.com/besser82/libxcrypt/releases/download/v${PV}/${P}.tar.xz" +else + SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-autotools.tar.xz" +fi + +LICENSE="LGPL-2.1+ public-domain BSD BSD-2" +SLOT="0/1" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+compat static-libs +system test headers-only" +RESTRICT="!test? ( test )" + +DEPEND=" + system? ( + elibc_glibc? ( + ${CATEGORY}/glibc[-crypt(-)] + !${CATEGORY}/glibc[crypt(-)] + ) + elibc_musl? ( + ${CATEGORY}/musl[-crypt(+)] + !${CATEGORY}/musl[crypt(+)] + ) + ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-lang/perl + test? ( $(python_gen_any_dep 'dev-python/passlib[${PYTHON_USEDEP}]') ) +" + +python_check_deps() { + python_has_version "dev-python/passlib[${PYTHON_USEDEP}]" +} + +pkg_pretend() { + if has "distcc" ${FEATURES} ; then + ewarn "Please verify all distcc nodes are using the same versions of GCC (>= 10) and Binutils!" + ewarn "Older/mismatched versions of GCC may lead to a misbehaving library: bug #823179." + + if [[ ${BUILD_TYPE} != "binary" ]] && tc-is-gcc && [[ $(gcc-major-version) -lt 10 ]] ; then + die "libxcrypt is known to fail to build or be broken at runtime with < GCC 10 (bug #823179)!" + fi + fi +} + +pkg_setup() { + : +} + +src_prepare() { + default + + # WARNING: Please read on bumping or applying patches! + # + # There are two circular dependencies to be aware of: + # 1) + # if we're bootstrapping configure and makefiles: + # libxcrypt -> automake -> perl -> libxcrypt + # + # mitigation: + # toolchain@ manually runs `make dist` after running autoconf + `./configure` + # and the ebuild uses that. + # (Don't include the pre-generated Perl artefacts.) + # + # solution for future: + # Upstream are working on producing `make dist` tarballs. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # 2) + # configure *unconditionally* needs Perl at build time to generate + # a list of enabled algorithms based on the set passed to `configure`: + # libxcrypt -> perl -> libxcrypt + # + # mitigation: + # None at the moment. + # + # solution for future: + # Not possible right now. Upstream intend on depending on Perl for further + # configuration options. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # Therefore, on changes (inc. bumps): + # * You must check whether upstream have started providing tarballs with bootstrapped + # auto{conf,make}; + # + # * diff the build system changes! + # + if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + # Facilitate our split variant build for compat + non-compat + eapply "${FILESDIR}"/${PN}-4.4.19-multibuild.patch + eautoreconf + fi +} + +src_configure() { + MULTIBUILD_VARIANTS=( + $(usev compat 'xcrypt_compat') + xcrypt_nocompat + ) + + MYPREFIX=${EPREFIX} + MYSYSROOT=${ESYSROOT} + + if target_is_not_host; then + local CHOST=${CTARGET} + + MYPREFIX= + MYSYSROOT=${ESYSROOT}/usr/${CTARGET} + + # Ensure we get compatible libdir + unset DEFAULT_ABI MULTILIB_ABIS + multilib_env + ABI=${DEFAULT_ABI} + + tc-getCC >/dev/null + if [[ ${CC} != ${CHOST}-* ]]; then + unset CC + tc-getCC >/dev/null + fi + + strip-unsupported-flags + fi + + if use headers-only; then + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC is sane. + local -x CC="$(tc-getBUILD_CC)" + fi + + # Avoid possible "illegal instruction" errors with gold + # bug #821496 + tc-ld-disable-gold + + # Doesn't work with LTO: bug #852917. + # https://github.com/besser82/libxcrypt/issues/24 + filter-lto + + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + if use test; then + python_setup + fi + + multibuild_foreach_variant multilib-minimal_src_configure +} + +multilib_src_configure() { + local myconf=( + --disable-werror + --prefix="${MYPREFIX}/usr" + --libdir="${MYPREFIX}/usr/$(get_libdir)$(usev !system /xcrypt)" + --includedir="${MYPREFIX}/usr/include$(usev !system /xcrypt)" + --with-pkgconfigdir="${MYPREFIX}/usr/$(get_libdir)/pkgconfig" + --with-sysroot="${MYSYSROOT}" + ) + + tc-export PKG_CONFIG + + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + myconf+=( + --disable-static + --disable-xcrypt-compat-files + --enable-obsolete-api=yes + ) + ;; + xcrypt_nocompat-*) + myconf+=( + --enable-obsolete-api=no + $(use_enable static-libs static) + ) + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac + + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +src_compile() { + use headers-only && return + + multibuild_foreach_variant multilib-minimal_src_compile +} + +multilib_src_test() { + emake check +} + +src_test() { + multibuild_foreach_variant multilib-minimal_src_test +} + +src_install() { + local DESTDIR=${D} + if target_is_not_host; then + DESTDIR=${ED}/usr/${CTARGET} + fi + + multibuild_foreach_variant multilib-minimal_src_install + + find "${ED}" -name '*.la' -delete || die + + if target_is_not_host; then + insinto /usr/${CTARGET}/usr/share + doins -r "${ED}/usr/share/doc" + rm -r "${ED}/usr/share/doc" || die + rmdir "${ED}/usr/share" || die + fi +} + +multilib_src_install() { + if use headers-only; then + emake DESTDIR="${DESTDIR}" install-nodist_includeHEADERS + else + emake DESTDIR="${DESTDIR}" install + # Conflicts with sys-apps/man-pages + rm "${DESTDIR}${MYPREFIX}"/usr/share/man/man3/crypt{,_r}.3 || die + fi +} + +pkg_preinst() { + # Verify we're not in a bad case like bug #843209 with broken symlinks. + # This can be dropped when, if ever, the split-usr && system && compat case + # is cleaned up in *_src_install. + local broken_symlinks=() + mapfile -d '' broken_symlinks < <( + find "${ED}" -xtype l -print0 + ) + + if [[ ${#broken_symlinks[@]} -gt 0 ]]; then + eerror "Broken symlinks found before merging!" + local symlink target resolved + for symlink in "${broken_symlinks[@]}" ; do + target="$(readlink "${symlink}")" + resolved="$(readlink -f "${symlink}")" + eerror " '${symlink}' -> '${target}' (${resolved})" + done + die "Broken symlinks found! Aborting to avoid damaging system. Please report a bug." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild new file mode 100644 index 0000000000..51562c02d4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/libxcrypt-4.4.36.ebuild @@ -0,0 +1,340 @@ +# Copyright 2004-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +# NEED_BOOTSTRAP is for developers to quickly generate a tarball +# for publishing to the tree. +NEED_BOOTSTRAP="no" +inherit multibuild multilib python-any-r1 flag-o-matic toolchain-funcs multilib-minimal + +DESCRIPTION="Extended crypt library for descrypt, md5crypt, bcrypt, and others" +HOMEPAGE="https://github.com/besser82/libxcrypt" +if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + inherit autotools + SRC_URI="https://github.com/besser82/libxcrypt/releases/download/v${PV}/${P}.tar.xz" +else + SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-autotools.tar.xz" +fi + +LICENSE="LGPL-2.1+ public-domain BSD BSD-2" +SLOT="0/1" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="+compat split-usr static-libs +system test headers-only" +REQUIRED_USE="split-usr? ( system )" +RESTRICT="!test? ( test )" + +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then + export CTARGET=${CATEGORY/cross-} + fi +fi + +is_cross() { + local enabled_abis=( $(multilib_get_enabled_abis) ) + [[ "${#enabled_abis[@]}" -le 1 ]] && [[ ${CHOST} != ${CTARGET} ]] +} + +DEPEND=" + system? ( + elibc_glibc? ( + ${CATEGORY}/glibc[-crypt(+)] + !${CATEGORY}/glibc[crypt(+)] + ) + elibc_musl? ( + ${CATEGORY}/musl[-crypt(+)] + !${CATEGORY}/musl[crypt(+)] + ) + ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + dev-lang/perl + test? ( $(python_gen_any_dep 'dev-python/passlib[${PYTHON_USEDEP}]') ) +" + +python_check_deps() { + python_has_version "dev-python/passlib[${PYTHON_USEDEP}]" +} + +pkg_pretend() { + if has "distcc" ${FEATURES} ; then + ewarn "Please verify all distcc nodes are using the same versions of GCC (>= 10) and Binutils!" + ewarn "Older/mismatched versions of GCC may lead to a misbehaving library: bug #823179." + + if [[ ${BUILD_TYPE} != "binary" ]] && tc-is-gcc && [[ $(gcc-major-version) -lt 10 ]] ; then + die "libxcrypt is known to fail to build or be broken at runtime with < GCC 10 (bug #823179)!" + fi + fi +} + +pkg_setup() { + MULTIBUILD_VARIANTS=( + $(usev compat 'xcrypt_compat') + xcrypt_nocompat + ) + + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # WARNING: Please read on bumping or applying patches! + # + # There are two circular dependencies to be aware of: + # 1) + # if we're bootstrapping configure and makefiles: + # libxcrypt -> automake -> perl -> libxcrypt + # + # mitigation: + # toolchain@ manually runs `make dist` after running autoconf + `./configure` + # and the ebuild uses that. + # (Don't include the pre-generated Perl artefacts.) + # + # solution for future: + # Upstream are working on producing `make dist` tarballs. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # 2) + # configure *unconditionally* needs Perl at build time to generate + # a list of enabled algorithms based on the set passed to `configure`: + # libxcrypt -> perl -> libxcrypt + # + # mitigation: + # None at the moment. + # + # solution for future: + # Not possible right now. Upstream intend on depending on Perl for further + # configuration options. + # https://github.com/besser82/libxcrypt/issues/134#issuecomment-871833573 + # + # Therefore, on changes (inc. bumps): + # * You must check whether upstream have started providing tarballs with bootstrapped + # auto{conf,make}; + # + # * diff the build system changes! + # + if [[ ${NEED_BOOTSTRAP} == "yes" ]] ; then + # Facilitate our split variant build for compat + non-compat + eapply "${FILESDIR}"/${PN}-4.4.19-multibuild.patch + eautoreconf + fi +} + +src_configure() { + # Avoid possible "illegal instruction" errors with gold + # bug #821496 + tc-ld-disable-gold + + # Doesn't work with LTO: bug #852917. + # https://github.com/besser82/libxcrypt/issues/24 + filter-lto + + # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs + # https://github.com/gentoo/gentoo/pull/28355 + # mold needs this too but right now tc-ld-is-mold is also not available + if tc-ld-is-lld; then + append-ldflags -Wl,--undefined-version + fi + + multibuild_foreach_variant multilib-minimal_src_configure +} + +get_xcprefix() { + if is_cross; then + echo "${EPREFIX}/usr/${CTARGET}" + else + echo "${EPREFIX}" + fi +} + +get_xclibdir() { + printf -- "%s/%s/%s/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !split-usr '/usr')" \ + "$(get_libdir)" \ + "$(usev !system 'xcrypt')" +} + +get_xcincludedir() { + printf -- "%s/usr/include/%s\n" \ + "$(get_xcprefix)" \ + "$(usev !system 'xcrypt')" +} + +get_xcmandir() { + printf -- "%s/usr/share/man\n" \ + "$(get_xcprefix)" +} + +get_xcpkgconfigdir() { + printf -- "%s/usr/%s/pkgconfig\n" \ + "$(get_xcprefix)" \ + "$(get_libdir)" +} + +multilib_src_configure() { + local -a myconf=( + --host=${CTARGET} + --disable-werror + --libdir=$(get_xclibdir) + --with-pkgconfigdir=$(get_xcpkgconfigdir) + --includedir=$(get_xcincludedir) + --mandir="$(get_xcmandir)" + ) + + tc-export PKG_CONFIG + + if is_cross; then + if tc-is-clang; then + export CC="${CTARGET}-clang" + else + export CC="${CTARGET}-gcc" + fi + fi + + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + myconf+=( + --disable-static + --disable-xcrypt-compat-files + --enable-obsolete-api=yes + ) + ;; + xcrypt_nocompat-*) + myconf+=( + --enable-obsolete-api=no + $(use_enable static-libs static) + ) + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac + + if use headers-only; then + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC is sane. + headers_only_flags="CC=$(tc-getBUILD_CC)" + fi + + ECONF_SOURCE="${S}" econf "${myconf[@]}" "${headers_only_flags}" +} + +src_compile() { + use headers-only && return + + multibuild_foreach_variant multilib-minimal_src_compile +} + +multilib_src_test() { + emake check +} + +src_test() { + multibuild_foreach_variant multilib-minimal_src_test +} + +src_install() { + multibuild_foreach_variant multilib-minimal_src_install + + use headers-only || \ + ( + shopt -s failglob || die "failglob failed" + + # Make sure our man pages do not collide with glibc or man-pages. + for manpage in "${D}$(get_xcmandir)"/man3/crypt{,_r}.?*; do + mv -n "${manpage}" "$(dirname "${manpage}")/xcrypt_$(basename "${manpage}")" \ + || die "mv failed" + done + ) || die "failglob error" + + # Remove useless stuff from installation + find "${ED}"/usr/share/doc/${PF} -type l -delete || die + find "${ED}" -name '*.la' -delete || die + + # workaround broken upstream cross-* --docdir by installing files in proper locations + if is_cross; then + insinto "$(get_xcprefix)"/usr/share + doins -r "${ED}"/usr/share/doc + rm -r "${ED}"/usr/share/doc || die + fi +} + +multilib_src_install() { + if use headers-only; then + emake DESTDIR="${D}" install-nodist_includeHEADERS + return + fi + + emake DESTDIR="${D}" install + + # Don't install the libcrypt.so symlink for the "compat" version + case "${MULTIBUILD_ID}" in + xcrypt_compat-*) + rm "${D}"$(get_xclibdir)/libcrypt$(get_libname) \ + || die "failed to remove extra compat libraries" + ;; + xcrypt_nocompat-*) + if use split-usr; then + ( + if use static-libs; then + # .a files are installed to /$(get_libdir) by default + # Move static libraries to /usr prefix or portage will abort + shopt -s nullglob || die "failglob failed" + static_libs=( "${D}"/$(get_xclibdir)/*.a ) + + if [[ -n ${static_libs[*]} ]]; then + dodir "/usr/$(get_xclibdir)" + mv "${static_libs[@]}" "${ED}/usr/$(get_xclibdir)" \ + || die "Moving static libs failed" + fi + fi + + if use system; then + # Move versionless .so symlinks from /$(get_libdir) to /usr/$(get_libdir) + # to allow linker to correctly find shared libraries. + shopt -s failglob || die "failglob failed" + + for lib_file in "${D}"$(get_xclibdir)/*$(get_libname); do + lib_file_basename="$(basename "${lib_file}")" + lib_file_target="$(basename "$(readlink -f "${lib_file}")")" + + # We already know we're in split-usr (checked above) + # See bug #843209 (also worth keeping in mind bug #802222 too) + local libdir_no_prefix=$(get_xclibdir) + libdir_no_prefix=${libdir_no_prefix#${EPREFIX}} + libdir_no_prefix=${libdir_no_prefix%/usr} + dosym -r "/$(get_libdir)/${lib_file_target}" "/usr/${libdir_no_prefix}/${lib_file_basename}" + done + + rm "${D}"$(get_xclibdir)/*$(get_libname) || die "Removing symlinks in incorrect location failed" + fi + ) + fi + ;; + *) die "Unexpected MULTIBUILD_ID: ${MULTIBUILD_ID}";; + esac +} + +pkg_preinst() { + # Verify we're not in a bad case like bug #843209 with broken symlinks. + # This can be dropped when, if ever, the split-usr && system && compat case + # is cleaned up in *_src_install. + local broken_symlinks=() + mapfile -d '' broken_symlinks < <( + find "${ED}" -xtype l -print0 + ) + + if [[ ${#broken_symlinks[@]} -gt 0 ]]; then + eerror "Broken symlinks found before merging!" + local symlink target resolved + for symlink in "${broken_symlinks[@]}" ; do + target="$(readlink "${symlink}")" + resolved="$(readlink -f "${symlink}")" + eerror " '${symlink}' -> '${target}' (${resolved})" + done + die "Broken symlinks found! Aborting to avoid damaging system. Please report a bug." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/metadata.xml new file mode 100644 index 0000000000..cef5e501f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libxcrypt/metadata.xml @@ -0,0 +1,21 @@ + + + + + toolchain@gentoo.org + Gentoo Toolchain Project + + + Crypt library for DES, MD5, and blowfish. Libxcrypt is a replacement for + libcrypt, which comes with the GNU C Library. It supports DES crypt, + MD5, and passwords with blowfish encryption. + + + Build with compatibility interfaces for other crypt implementations + Install as system libcrypt.so rather than to an alternate directory (will collide with sys-libs/glibc's version) + Build and install only the headers. + + + besser82/libxcrypt + + From 5b64defa9839375e13b31b35d142a149f08dc6f6 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 6 Mar 2024 15:26:22 +0100 Subject: [PATCH 2/6] overlay profiles: Migrate from glibc crypt to libxcrypt It's long overdue and glibc 2.39 will drop crypt stuff altogether. Or so I heard. Whatever happens, the crypt library in glibc is deprecated for a long time already. --- .../coreos-overlay/profiles/coreos/base/package.mask | 6 ------ .../coreos-overlay/profiles/coreos/base/package.unmask | 6 ------ .../coreos-overlay/profiles/coreos/base/package.use.force | 4 ---- .../coreos-overlay/profiles/coreos/base/package.use.mask | 7 ------- 4 files changed, 23 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask index 97238158c1..b4bb4d583f 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask @@ -11,12 +11,6 @@ # certificate store provided in NSS rather than the Gentoo/Debian package. >=app-misc/ca-certificates-20000000 -# Overwrite portage-stable mask. We are delaying the transition to -# libxcrypt, because we need to figure out how to solve the dep loop -# that results from the migration (python -> virtual/libcrypt -> -# libxcrypt -> glibc -> python). ->=virtual/libcrypt-2 - # Python 3.12 is in portage-stable (currently testing), so avoid picking it # up. Update this to mask later versions when we switch to 3.11. >=dev-lang/python-3.12 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index 75ed309ec1..a1a22a0cc4 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -1,9 +1,3 @@ -# Overwrite portage-stable mask. We are delaying the transition to -# libxcrypt, because we need to figure out how to solve the dep loop -# that results from the migration (python -> virtual/libcrypt -> -# libxcrypt -> glibc -> python). - virtual/libcrypt -> -# libxcrypt -> glibc -> python), and also we need to update gcc to -# version 10 or later. -sys-libs/glibc -crypt - # We don't use pip. dev-lang/python ensurepip From 0b0991e007c3941c8d952ae54350e09783fa5fe6 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 6 Mar 2024 15:27:58 +0100 Subject: [PATCH 3/6] .github: Add sys-libs/libxcrypt to automation --- .github/workflows/portage-stable-packages-list | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index 845cc86fd3..4da6cce18b 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -572,6 +572,7 @@ sys-libs/libselinux sys-libs/libsepol sys-libs/libunwind sys-libs/liburing +sys-libs/libxcrypt sys-libs/ncurses sys-libs/readline sys-libs/talloc From 4a86bf9c835c969ec35d15d3ae0c87b5d87cc0ea Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 8 Mar 2024 09:42:56 +0100 Subject: [PATCH 4/6] bootstrap_sdk: Allow stage1 hooks to decide about updating seed SDK Stage1 hooks will receive a path to a file as a third parameter. They can use it to tell the bootstrap script to set up catalyst to perform updates on seed SDK. Contents of the file are ignored - what counts is that the file exists AND is not empty. --- bootstrap_sdk | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/bootstrap_sdk b/bootstrap_sdk index 278430d08c..fccd6e039c 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -144,9 +144,10 @@ cp "${BUILD_LIBRARY_DIR}/toolchain_util.sh" "${ROOT_OVERLAY}/tmp" # outdated "seed tarball" libraries which have been updated to newer versions in stage 1. stage_repo() { - local repo="$1" - local path="$2" - local dest="$3" + local repo=${1} + local path=${2} + local dest=${3} + local update_seed_file=${4} local gitname="$repo" if [ "$gitname" = "gentoo" ] ; then @@ -173,7 +174,7 @@ stage_repo() { name=${hook##*/} name=${name%"-${gitname}.sh"} info "Invoking stage1 ${gitname} hook ${name} on ${dest}/${repo}" - "${hook}" "${dest}/${repo}" "${!repo_var}" + "${hook}" "${dest}/${repo}" "${!repo_var}" "${update_seed_file}" done ) } @@ -189,10 +190,14 @@ build_stage1() { rm -rf "$stage1_repos" mkdir "$stage1_repos" + # If the file exists and is not empty, seed will be updated. + # Stage1 hooks may decide that the seed SDK needs updating. + local update_seed_file="${TEMPDIR}/update_seed" + # prepare ebuild repos for stage 1, either from the local SDK (default) # or from custom paths specified via command line flags - stage_repo "gentoo" "${FLAGS_stage1_portage_path}" "$stage1_repos" - stage_repo "coreos-overlay" "${FLAGS_stage1_overlay_path}" "$stage1_repos" + stage_repo "gentoo" "${FLAGS_stage1_portage_path}" "$stage1_repos" "${update_seed_file}" + stage_repo "coreos-overlay" "${FLAGS_stage1_overlay_path}" "$stage1_repos" "${update_seed_file}" # Create a snapshot of "known-good" portage-stable repo copy for use in stage 1 # This requires us to create a custom catalyst config to point it to the @@ -210,11 +215,12 @@ build_stage1() { "$TEMPDIR/stage1.spec" # If we are to use a custom path for either ebuild repo we want to update the stage1 seed SDK - if [ -n "${FLAGS_stage1_portage_path}" -o -n "${FLAGS_stage1_overlay_path}" ] ; then + if [[ -n ${FLAGS_stage1_portage_path} ]] || [[ -n ${FLAGS_stage1_overlay_path} ]] || [[ -s ${update_seed_file} ]]; then sed -i 's/^update_seed: no/update_seed: yes/' "$TEMPDIR/stage1.spec" echo "update_seed_command: --update --deep --newuse --complete-graph --rebuild-if-new-ver --rebuild-exclude cross-*-cros-linux-gnu/* sys-devel/gcc " \ >>"$TEMPDIR/stage1.spec" fi + rm -f "${update_seed_file}" # Finally, build stage 1 build_stage stage1 "$SEED" "$TEMPDIR/catalyst-stage1.conf" From de399a34769427c6030cd7f9ae1df32d13be6f68 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 6 Mar 2024 16:42:25 +0100 Subject: [PATCH 5/6] overlay stage1-hooks: Add hooks for libxcrypt migration They are copying sys-libs/libxcrypt from new portage-stable and updating package masks and USE flags in order to migrate from glibc-provided libcrypt to libxcrypt-provided libcrypt. The migration seems to be a bit complicated to do, because bootstrapping a system using glibc with libxcrypt-provided libcrypt using a build environment using glibc with glibc-provided libcrypt results in some slot conflicts. Without the stage1 hooks the failure happened in stage2. With the hooks, but without the seed SDK update, the failure happened already in stage1. Updating the seed SDK to use libxcrypt seems to do the trick. The update of the seed SDK will happen only when transition happens - if the seed SDK is already using libxcrypt, these hooks are noops. --- .../0000-glibc-crypt-portage-stable.sh | 19 +++++++ .../0002-glibc-crypt-coreos-overlay.sh | 53 +++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100755 sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-glibc-crypt-portage-stable.sh create mode 100755 sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0002-glibc-crypt-coreos-overlay.sh diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-glibc-crypt-portage-stable.sh b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-glibc-crypt-portage-stable.sh new file mode 100755 index 0000000000..b5838185a1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-glibc-crypt-portage-stable.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -x +set -euo pipefail + +stage1_repo=${1} +new_repo=${2} +update_seed_file=${3} + +cat=sys-libs +pkg=libxcrypt + +if [[ -d "${stage1_repo}/${cat}/${pkg}" ]]; then + # libxcrypt is already a part of portage-stable, nothing to do + exit 0 +fi + +mkdir -p "${stage1_repo}/${cat}" +cp -a "${new_repo}/${cat}/${pkg}" "${stage1_repo}/${cat}/${pkg}" +echo x >"${update_seed_file}" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0002-glibc-crypt-coreos-overlay.sh b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0002-glibc-crypt-coreos-overlay.sh new file mode 100755 index 0000000000..e8891c76a3 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0002-glibc-crypt-coreos-overlay.sh @@ -0,0 +1,53 @@ +#!/bin/bash +set -x +set -euo pipefail + +stage1_repo=${1} +new_repo=${2} +update_seed_file=${3} + +base_profile_dir='profiles/coreos/base' + +declare -A fixups_old=( + ['package.mask']='>=virtual/libcrypt-2' + ['package.unmask']='=virtual/libcrypt-1-r1' + ['package.use.force']='sys-libs/glibc crypt' + ['package.use.mask']='sys-libs/glibc -crypt' +) + +declare -A fixups_new=( + ['package.mask']='>=virtual/libcrypt-2' + ['package.unmask']='"${ff}" + done + echo x >"${update_seed_file}" + exit 0 +done From f1636fc6de66a90d7a151d61deff0dc1782bb3ee Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 8 Mar 2024 10:13:46 +0100 Subject: [PATCH 6/6] changelog: Add an entry --- changelog/changes/2024-03-08-libcrypt-migration.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/changes/2024-03-08-libcrypt-migration.md diff --git a/changelog/changes/2024-03-08-libcrypt-migration.md b/changelog/changes/2024-03-08-libcrypt-migration.md new file mode 100644 index 0000000000..768e006f10 --- /dev/null +++ b/changelog/changes/2024-03-08-libcrypt-migration.md @@ -0,0 +1 @@ +- libcrypt is now provided by the libxcrypt library instead of glibc. Glibc libcrypt was deprecated long time ago.