Page MenuHomeSolus
Create Task
Maniphest T9502

Consider dropping glibc's libcrypt.so in favour of libxcrypt
Closed, ResolvedPublic
Actions

Description

Distros have been dropping glibc's libcrypt in favour of libxcrypt which features backwards compatibility for glibc.

Mostly it seems to be wanting a more agile library not tied to glibc that supports modern hashing techniques (yescrypt).

In glibc 2.28's release notes glibc mention wanting to hand off maintenance of libcrypt

Quoted Text * We have tentative plans to hand off maintenance of the passphrase-hashing library, libcrypt, to a separate development project that will, we hope, keep up better with new passphrase-hashing algorithms. We will continue to declare 'crypt' in <unistd.h>, and programs that use 'crypt' or 'crypt_r' should not need to change at all; however, distributions will need to install <crypt.h> and libcrypt from a separate project.

Quoted Text * In this release, if the configure option --disable-crypt is used, glibc will not install <crypt.h> or libcrypt, making room for the separate project's versions of these files. The plan is to make this the default behavior in a future release.

Fedora's reasoning; https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
Arch Linux's reasoning: https://bugs.archlinux.org/task/67312
Debian mini-blog: https://blog.bofh.it/debian/id_458

This would involve building glibc with --disable-crypt enabled. Packaging libxcrypt and then rebuilding all packages that link against libcrypt.so.

Related Objects

Mentioned In
R3029:18c014e9a7ce: Link against libxcrypt instead of glibc's libcrypt
R5162:8235871f8bd1: Link against libxcrypt instead of glibc's libcrypt
R373:85557f800d6a: Link against libxcrypt instead of glibc's libcrypt
R470:2bd3ff2e7efc: Link against libxcrypt instead of glibc's libcrypt
R526:aac5e5f2a15c: Link against libxcrypt instead of glibc's libcrypt
R584:19fe9f764957: Link against libxcrypt instead of glibc's libcrypt
R1119:21a256863e20: Link against libxcrypt instead of glibc's libcrypt
R1687:57cae84055cd: Link against libxcrypt instead of glibc's libcrypt
R4665:17966330bc9a: Link against libxcrypt instead of glibc's libcrypt
R2010:f2bb533aef86: Link against libxcrypt instead of glibc's libcrypt
R2019:856fb872744e: Link against libxcrypt instead of glibc's libcrypt
R2166:a9f7a1f3b4f2: Link against libxcrypt instead of glibc's libcrypt
R3433:b679dc03ffab: Link against libxcrypt instead of glibc's libcrypt
R2474:7c3db9ae0bab: Link against libxcrypt instead of glibc's libcrypt
R2832:489959be9fda: Link against libxcrypt instead of glibc's libcrypt
R2859:a3297e165b92: Link against libxcrypt instead of glibc's libcrypt
R2887:0a04a44f7183: Link against libxcrypt instead of glibc's libcrypt
R2971:d02c4ed7c4c9: Link against libxcrypt instead of glibc's libcrypt
R2973:2cb8a026d372: Link against libxcrypt instead of glibc's libcrypt
R3594:579bdccf989f: Link against libxcrypt instead of glibc's libcrypt
R3911:bdb018349a32: Link against libxcrypt instead of glibc's libcrypt
R3166:7230abcbb686: Link against libxcrypt instead of glibc's libcrypt
R4402:8608e869add2: Link against libxcrypt instead of glibc's libcrypt
R334:142807a67866: Link against libxcrypt instead of glibc's libcrypt
R1412:22be522a74a2: Link against libxcrypt instead of glibc's libcrypt
R3100:444e5d360ee8: Link against libxcrypt instead of glibc's libcrypt
R2527:32d29e349210: Link against libxcrypt instead of glibc's libcrypt
R2526:27e61b2113a2: Link against libxcrypt instead of glibc's libcrypt
R2256:e5c2f752e10e: Link against libxcrypt instead of glibc's libcrypt
R2999:db23ee39c84c: Link against libxcrypt instead of glibc's libcrypt
R2316:55051b53eaf2: Link against libxcrypt instead of glibc's libcrypt
R2286:6fa5e13eafb5: Link against libxcrypt instead of glibc's libcrypt
R2893:75357e031c9b: Link against libxcrypt instead of glibc's libcrypt
R5644:d82394c087d6: Initial inclusion of libxcrypt
R927:bc3d99d57853: Remove conflicting files with upcoming libxcrypt package
T9500: Glibc 2.33 AVX2/Haswell hardware capabilities requires tooling changes.

Event Timeline

joebonrichie created this task.Jan 3 2021, 2:07 PM
joebonrichie mentioned this in T9500: Glibc 2.33 AVX2/Haswell hardware capabilities requires tooling changes..
serebit awarded a token.Jan 4 2021, 11:28 PM
serebit added a subscriber: serebit.
livingsilver94 added a subscriber: livingsilver94.Jan 4 2021, 11:32 PM
DataDrake triaged this task as Needs More Info priority.Jan 10 2021, 4:30 PM
DataDrake moved this task from Backlog to Improvement on the Software board.
DataDrake added a subscriber: DataDrake.

I'd like someone to spend a little time reading thorough their github issues and give me summary of the kinds of problems being reported, with an eye to things like:

  • ABI changes
  • Compatibility
  • Regressions
  • Upstream usage of additional ciphers
joebonrichie updated the task description. (Show Details)Jan 10 2021, 4:53 PM
joebonrichie added a comment.Jan 10 2021, 4:59 PM

PAM 1.4 features support for yescrypt which is looking like it'll be the new preferred hashing method.

joebonrichie claimed this task.Jan 12 2022, 10:16 PM
joebonrichie raised the priority of this task from Needs More Info to Normal.

Got all of this sorted locally now - will push it sometime after glibc 2.34 is in and stabilized. Been trying to break it for the past week or so but no luck (fortunately).

joebonrichie mentioned this in R927:bc3d99d57853: Remove conflicting files with upcoming libxcrypt package.Nov 22 2022, 7:14 AM
joebonrichie changed the task status from Open to In Progress.Nov 22 2022, 7:15 AM
joebonrichie mentioned this in R5644:d82394c087d6: Initial inclusion of libxcrypt.Nov 22 2022, 8:00 AM
joebonrichie mentioned this in R2893:75357e031c9b: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 8:03 AM
joebonrichie mentioned this in R2286:6fa5e13eafb5: Link against libxcrypt instead of glibc's libcrypt.
joebonrichie mentioned this in R2316:55051b53eaf2: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 8:09 AM
joebonrichie mentioned this in R2999:db23ee39c84c: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 8:26 AM
joebonrichie mentioned this in R2256:e5c2f752e10e: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 8:34 AM
joebonrichie mentioned this in R2526:27e61b2113a2: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 8:36 AM
joebonrichie mentioned this in R2527:32d29e349210: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 8:56 AM
joebonrichie mentioned this in R3100:444e5d360ee8: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:12 AM
joebonrichie mentioned this in R1412:22be522a74a2: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:15 AM
joebonrichie mentioned this in R334:142807a67866: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:18 AM
joebonrichie mentioned this in R4402:8608e869add2: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:20 AM
joebonrichie mentioned this in R3166:7230abcbb686: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:22 AM
joebonrichie mentioned this in R3911:bdb018349a32: Link against libxcrypt instead of glibc's libcrypt.
joebonrichie mentioned this in R3594:579bdccf989f: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:25 AM
joebonrichie mentioned this in R2973:2cb8a026d372: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:32 AM
joebonrichie mentioned this in R2971:d02c4ed7c4c9: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:37 AM
joebonrichie mentioned this in R2887:0a04a44f7183: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:41 AM
joebonrichie mentioned this in R2859:a3297e165b92: Link against libxcrypt instead of glibc's libcrypt.
joebonrichie mentioned this in R2832:489959be9fda: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:44 AM
joebonrichie mentioned this in R2474:7c3db9ae0bab: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 9:50 AM
joebonrichie mentioned this in R3433:b679dc03ffab: Link against libxcrypt instead of glibc's libcrypt.
joebonrichie mentioned this in R2166:a9f7a1f3b4f2: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 10:04 AM
joebonrichie mentioned this in R2019:856fb872744e: Link against libxcrypt instead of glibc's libcrypt.
joebonrichie mentioned this in R2010:f2bb533aef86: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 10:32 AM
joebonrichie mentioned this in R4665:17966330bc9a: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 10:37 AM
joebonrichie mentioned this in R1687:57cae84055cd: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 10:40 AM
joebonrichie mentioned this in R1119:21a256863e20: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 10:42 AM
joebonrichie mentioned this in R584:19fe9f764957: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 11:12 AM
joebonrichie mentioned this in R526:aac5e5f2a15c: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 11:15 AM
joebonrichie mentioned this in R470:2bd3ff2e7efc: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 11:20 AM
joebonrichie mentioned this in R373:85557f800d6a: Link against libxcrypt instead of glibc's libcrypt.
joebonrichie mentioned this in R5162:8235871f8bd1: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 11:24 AM
joebonrichie mentioned this in R3029:18c014e9a7ce: Link against libxcrypt instead of glibc's libcrypt.Nov 22 2022, 11:27 AM
Staudey awarded a token.Nov 22 2022, 12:10 PM
joebonrichie closed this task as Resolved.Nov 22 2022, 1:06 PM
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.