Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs

Conflicts: nixpkgs/nixos/modules/config/console.nix nixpkgs/nixos/modules/services/mail/mailman.nix nixpkgs/nixos/modules/services/mail/public-inbox.nix nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix nixpkgs/pkgs/applications/networking/irc/weechat/default.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/go/module.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/interpreters/python/default.nix nixpkgs/pkgs/development/node-packages/overrides.nix nixpkgs/pkgs/development/tools/b4/default.nix nixpkgs/pkgs/servers/dict/dictd-db.nix nixpkgs/pkgs/servers/mail/public-inbox/default.nix nixpkgs/pkgs/tools/security/pinentry/default.nix nixpkgs/pkgs/tools/text/unoconv/default.nix nixpkgs/pkgs/top-level/all-packages.nix
author: Alyssa Ross <hi@alyssa.is> 2023-06-16 06:56:35 +0000
committer: Alyssa Ross <hi@alyssa.is> 2023-06-16 06:56:35 +0000
commit: 99fcaeccb89621dd492203ce1f2d551c06f228ed (patch)
tree: 41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/pkgs/development/libraries/libxcrypt
parent: 59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff)
parent: 75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff)
download: nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst
nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip
2 files changed, 118 insertions, 15 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py b/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py
new file mode 100644
index 000000000000..ebe728e9a69b
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py
@@ -0,0 +1,70 @@
+import tarfile
+import sys
+
+
+def process_columns(line: list[str]) -> tuple[str, list[str]]:
+    match line:
+        case [name, h_prefix, nrbytes, flags]:
+            return (h_prefix, flags.lower().split(","))
+        case other:
+            raise Exception("Unsupported hashes.conf line format", other)
+
+
+def find_tar_file(tar: tarfile.TarFile, requested_name: str):
+    """Attempts to find a single file with given name in tarball."""
+    all_names = tar.getnames()
+
+    if requested_name in all_names:
+        return requested_name
+
+    requested_suffix = f"/{requested_name}"
+    candidate_names = [name for name in all_names if name.endswith(requested_suffix)]
+    match candidate_names:
+        case [real_name]:
+            return real_name
+        case other:
+            raise KeyError(
+                f"Could not locate a single {requested_name} in the contents of the tarball."
+            )
+
+
+hashes_path = "lib/hashes.conf"
+
+
+def main() -> None:
+    match sys.argv:
+        case [_name, src, enable_hashes, "--", *enabled_crypt_scheme_ids]:
+            pass
+        case other:
+            raise Exception(
+                "Incorrect number of arguments. Usage: check_passthru_matches.py <src> <enable_hashes> -- <enabled_crypt_scheme_ids...>"
+            )
+
+    with tarfile.open(src, "r") as tar:
+        real_hashes_path = find_tar_file(tar, hashes_path)
+        config = tar.extractfile(real_hashes_path).read().decode("utf-8")
+
+    formats = [
+        process_columns(columns)
+        for line in config.splitlines()
+        if not line.startswith("#") and len(columns := line.split()) > 0
+    ]
+    expected_supported_formats = set(
+        prefix
+        for (prefix, flags) in formats
+        if enable_hashes in flags or enable_hashes == "all"
+    )
+    passthru_supported_schemes = set(
+        f"${scheme}$" for scheme in enabled_crypt_scheme_ids
+    )
+
+    assert (
+        len(expected_supported_formats - passthru_supported_schemes) == 0
+    ), f"libxcrypt package enables the following crypt schemes that are not listed in passthru.enabledCryptSchemeIds: {expected_supported_formats - passthru_supported_schemes}"
+    assert (
+        len(passthru_supported_schemes - expected_supported_formats) == 0
+    ), f"libxcrypt package lists the following crypt schemes in passthru.enabledCryptSchemeIds that are not supported: {passthru_supported_schemes - expected_supported_formats}"
+
+
+if __name__ == "__main__":
+    main()
diff --git a/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix b/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix
index 782655ef5ee0..97ca6870496e 100644
--- a/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix
+++ b/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix
@@ -1,34 +1,67 @@
-{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config, perl }:
+{ lib, stdenv, fetchurl, perl
+# Update the enabled crypt scheme ids in passthru when the enabled hashes change
+, enableHashes ? "strong"
+, nixosTests
+, runCommand
+, python3
+}:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (finalAttrs: {
   pname = "libxcrypt";
-  version = "4.4.28";
+  version = "4.4.33";
 
-  src = fetchFromGitHub {
-    owner = "besser82";
-    repo = "libxcrypt";
-    rev = "v${version}";
-    sha256 = "sha256-Ohf+RCOXnoCxAFnXXV9e2TCqpfZziQl+FGJTGDSQTF0=";
+  src = fetchurl {
+    url = "https://github.com/besser82/libxcrypt/releases/download/v${finalAttrs.version}/libxcrypt-${finalAttrs.version}.tar.xz";
+    hash = "sha256-6HrPnGUsVzpHE9VYIVn5jzBdVu1fdUzmT1fUGU1rOm8=";
   };
 
-  preConfigure = ''
-    patchShebangs autogen.sh
-    ./autogen.sh
-  '';
+  outputs = [
+    "out"
+    "man"
+  ];
 
   configureFlags = [
+    "--enable-hashes=${enableHashes}"
+    "--enable-obsolete-api=glibc"
+    "--disable-failure-tokens"
+  ] ++ lib.optionals (stdenv.hostPlatform.isMusl || stdenv.hostPlatform.libc == "bionic") [
     "--disable-werror"
   ];
 
-  nativeBuildInputs = [ autoconf automake libtool pkg-config perl ];
+  nativeBuildInputs = [
+    perl
+  ];
+
+  enableParallelBuilding = true;
 
   doCheck = true;
 
+  passthru = {
+    tests = {
+      inherit (nixosTests) login shadow;
+
+      passthruMatches = runCommand "libxcrypt-test-passthru-matches" { } ''
+        ${python3.interpreter} "${./check_passthru_matches.py}" ${lib.escapeShellArgs ([ finalAttrs.src enableHashes "--" ] ++ finalAttrs.passthru.enabledCryptSchemeIds)}
+        touch "$out"
+      '';
+    };
+    enabledCryptSchemeIds = [
+      # https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf
+      "y"   # yescrypt
+      "gy"  # gost_yescrypt
+      "7"   # scrypt
+      "2b"  # bcrypt
+      "2y"  # bcrypt_y
+      "2a"  # bcrypt_a
+      "6"   # sha512crypt
+    ];
+  };
+
   meta = with lib; {
     description = "Extended crypt library for descrypt, md5crypt, bcrypt, and others";
     homepage = "https://github.com/besser82/libxcrypt/";
     platforms = platforms.all;
-    maintainers = with maintainers; [ dottedmag ];
+    maintainers = with maintainers; [ dottedmag hexa ];
     license = licenses.lgpl21Plus;
   };
-}
+})
author	Alyssa Ross <hi@alyssa.is>	2023-06-16 06:56:35 +0000
committer	Alyssa Ross <hi@alyssa.is>	2023-06-16 06:56:35 +0000
commit	99fcaeccb89621dd492203ce1f2d551c06f228ed (patch)
tree	41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/pkgs/development/libraries/libxcrypt
parent	59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff)
parent	75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff)
download	nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2 nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip