diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-06-16 06:56:35 +0000 |
commit | 99fcaeccb89621dd492203ce1f2d551c06f228ed (patch) | |
tree | 41cb730ae07383004789779b0f6e11cb3f4642a3 /nixpkgs/pkgs/development/libraries/libxcrypt | |
parent | 59c5f5ac8682acc13bb22bc29c7cf02f7d75f01f (diff) | |
parent | 75a5ebf473cd60148ba9aec0d219f72e5cf52519 (diff) | |
download | nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.gz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.bz2 nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.lz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.xz nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.tar.zst nixlib-99fcaeccb89621dd492203ce1f2d551c06f228ed.zip |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/nixos/modules/config/console.nix nixpkgs/nixos/modules/services/mail/mailman.nix nixpkgs/nixos/modules/services/mail/public-inbox.nix nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix nixpkgs/pkgs/applications/networking/irc/weechat/default.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/go/module.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/interpreters/python/default.nix nixpkgs/pkgs/development/node-packages/overrides.nix nixpkgs/pkgs/development/tools/b4/default.nix nixpkgs/pkgs/servers/dict/dictd-db.nix nixpkgs/pkgs/servers/mail/public-inbox/default.nix nixpkgs/pkgs/tools/security/pinentry/default.nix nixpkgs/pkgs/tools/text/unoconv/default.nix nixpkgs/pkgs/top-level/all-packages.nix
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libxcrypt')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py | 70 | ||||
-rw-r--r-- | nixpkgs/pkgs/development/libraries/libxcrypt/default.nix | 63 |
2 files changed, 118 insertions, 15 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py b/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py new file mode 100644 index 000000000000..ebe728e9a69b --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py @@ -0,0 +1,70 @@ +import tarfile +import sys + + +def process_columns(line: list[str]) -> tuple[str, list[str]]: + match line: + case [name, h_prefix, nrbytes, flags]: + return (h_prefix, flags.lower().split(",")) + case other: + raise Exception("Unsupported hashes.conf line format", other) + + +def find_tar_file(tar: tarfile.TarFile, requested_name: str): + """Attempts to find a single file with given name in tarball.""" + all_names = tar.getnames() + + if requested_name in all_names: + return requested_name + + requested_suffix = f"/{requested_name}" + candidate_names = [name for name in all_names if name.endswith(requested_suffix)] + match candidate_names: + case [real_name]: + return real_name + case other: + raise KeyError( + f"Could not locate a single {requested_name} in the contents of the tarball." + ) + + +hashes_path = "lib/hashes.conf" + + +def main() -> None: + match sys.argv: + case [_name, src, enable_hashes, "--", *enabled_crypt_scheme_ids]: + pass + case other: + raise Exception( + "Incorrect number of arguments. Usage: check_passthru_matches.py <src> <enable_hashes> -- <enabled_crypt_scheme_ids...>" + ) + + with tarfile.open(src, "r") as tar: + real_hashes_path = find_tar_file(tar, hashes_path) + config = tar.extractfile(real_hashes_path).read().decode("utf-8") + + formats = [ + process_columns(columns) + for line in config.splitlines() + if not line.startswith("#") and len(columns := line.split()) > 0 + ] + expected_supported_formats = set( + prefix + for (prefix, flags) in formats + if enable_hashes in flags or enable_hashes == "all" + ) + passthru_supported_schemes = set( + f"${scheme}$" for scheme in enabled_crypt_scheme_ids + ) + + assert ( + len(expected_supported_formats - passthru_supported_schemes) == 0 + ), f"libxcrypt package enables the following crypt schemes that are not listed in passthru.enabledCryptSchemeIds: {expected_supported_formats - passthru_supported_schemes}" + assert ( + len(passthru_supported_schemes - expected_supported_formats) == 0 + ), f"libxcrypt package lists the following crypt schemes in passthru.enabledCryptSchemeIds that are not supported: {passthru_supported_schemes - expected_supported_formats}" + + +if __name__ == "__main__": + main() diff --git a/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix b/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix index 782655ef5ee0..97ca6870496e 100644 --- a/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix +++ b/nixpkgs/pkgs/development/libraries/libxcrypt/default.nix @@ -1,34 +1,67 @@ -{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config, perl }: +{ lib, stdenv, fetchurl, perl +# Update the enabled crypt scheme ids in passthru when the enabled hashes change +, enableHashes ? "strong" +, nixosTests +, runCommand +, python3 +}: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "libxcrypt"; - version = "4.4.28"; + version = "4.4.33"; - src = fetchFromGitHub { - owner = "besser82"; - repo = "libxcrypt"; - rev = "v${version}"; - sha256 = "sha256-Ohf+RCOXnoCxAFnXXV9e2TCqpfZziQl+FGJTGDSQTF0="; + src = fetchurl { + url = "https://github.com/besser82/libxcrypt/releases/download/v${finalAttrs.version}/libxcrypt-${finalAttrs.version}.tar.xz"; + hash = "sha256-6HrPnGUsVzpHE9VYIVn5jzBdVu1fdUzmT1fUGU1rOm8="; }; - preConfigure = '' - patchShebangs autogen.sh - ./autogen.sh - ''; + outputs = [ + "out" + "man" + ]; configureFlags = [ + "--enable-hashes=${enableHashes}" + "--enable-obsolete-api=glibc" + "--disable-failure-tokens" + ] ++ lib.optionals (stdenv.hostPlatform.isMusl || stdenv.hostPlatform.libc == "bionic") [ "--disable-werror" ]; - nativeBuildInputs = [ autoconf automake libtool pkg-config perl ]; + nativeBuildInputs = [ + perl + ]; + + enableParallelBuilding = true; doCheck = true; + passthru = { + tests = { + inherit (nixosTests) login shadow; + + passthruMatches = runCommand "libxcrypt-test-passthru-matches" { } '' + ${python3.interpreter} "${./check_passthru_matches.py}" ${lib.escapeShellArgs ([ finalAttrs.src enableHashes "--" ] ++ finalAttrs.passthru.enabledCryptSchemeIds)} + touch "$out" + ''; + }; + enabledCryptSchemeIds = [ + # https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf + "y" # yescrypt + "gy" # gost_yescrypt + "7" # scrypt + "2b" # bcrypt + "2y" # bcrypt_y + "2a" # bcrypt_a + "6" # sha512crypt + ]; + }; + meta = with lib; { description = "Extended crypt library for descrypt, md5crypt, bcrypt, and others"; homepage = "https://github.com/besser82/libxcrypt/"; platforms = platforms.all; - maintainers = with maintainers; [ dottedmag ]; + maintainers = with maintainers; [ dottedmag hexa ]; license = licenses.lgpl21Plus; }; -} +}) |