ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
pkgs/development/libraries/libxcrypt/check_passthru_matches.py Normal file
View File

@@ -0,0 +1,70 @@
import tarfile
import sys
def process_columns(line: list[str]) -> tuple[str, list[str]]:
match line:
case [name, h_prefix, nrbytes, flags]:
return (h_prefix, flags.lower().split(","))
case other:
raise Exception("Unsupported hashes.conf line format", other)
def find_tar_file(tar: tarfile.TarFile, requested_name: str):
"""Attempts to find a single file with given name in tarball."""
all_names = tar.getnames()
if requested_name in all_names:
return requested_name
requested_suffix = f"/{requested_name}"
candidate_names = [name for name in all_names if name.endswith(requested_suffix)]
match candidate_names:
case [real_name]:
return real_name
case other:
raise KeyError(
f"Could not locate a single {requested_name} in the contents of the tarball."
)
hashes_path = "lib/hashes.conf"
def main() -> None:
match sys.argv:
case [_name, src, enable_hashes, "--", *enabled_crypt_scheme_ids]:
pass
case other:
raise Exception(
"Incorrect number of arguments. Usage: check_passthru_matches.py <src> <enable_hashes> -- <enabled_crypt_scheme_ids...>"
)
with tarfile.open(src, "r") as tar:
real_hashes_path = find_tar_file(tar, hashes_path)
config = tar.extractfile(real_hashes_path).read().decode("utf-8")
formats = [
process_columns(columns)
for line in config.splitlines()
if not line.startswith("#") and len(columns := line.split()) > 0
]
expected_supported_formats = set(
prefix
for (prefix, flags) in formats
if enable_hashes in flags or enable_hashes == "all"
)
passthru_supported_schemes = set(
f"${scheme}$" for scheme in enabled_crypt_scheme_ids
)
assert (
len(expected_supported_formats - passthru_supported_schemes) == 0
), f"libxcrypt package enables the following crypt schemes that are not listed in passthru.enabledCryptSchemeIds: {expected_supported_formats - passthru_supported_schemes}"
assert (
len(passthru_supported_schemes - expected_supported_formats) == 0
), f"libxcrypt package lists the following crypt schemes in passthru.enabledCryptSchemeIds that are not supported: {passthru_supported_schemes - expected_supported_formats}"
if __name__ == "__main__":
main()

103
pkgs/development/libraries/libxcrypt/default.nix Normal file
View File

@@ -0,0 +1,103 @@
{
lib,
stdenv,
fetchurl,
perl,
# Update the enabled crypt scheme ids in passthru when the enabled hashes change
enableHashes ? "strong",
nixosTests,
runCommand,
python3,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "libxcrypt";
version = "4.4.38";
src = fetchurl {
url = "https://github.com/besser82/libxcrypt/releases/download/v${finalAttrs.version}/libxcrypt-${finalAttrs.version}.tar.xz";
hash = "sha256-gDBLnDBup5kyfwHZp1Sb2ygxd4kYJjHxtU9FEbQgbdY=";
};
# this could be accomplished by updateAutotoolsGnuConfigScriptsHook, but that causes infinite recursion
# necessary for FreeBSD code path in configure
postPatch = ''
substituteInPlace ./build-aux/m4-autogen/config.guess --replace-fail /usr/bin/uname uname
'';
outputs = [
"out"
"man"
];
configureFlags = [
"--enable-hashes=${enableHashes}"
"--enable-obsolete-api=glibc"
"--disable-failure-tokens"
# required for musl, android, march=native
"--disable-werror"
];
makeFlags =
let
lld17Plus = stdenv.cc.bintools.isLLVM && lib.versionAtLeast stdenv.cc.bintools.version "17";
in
[ ]
# fixes: can't build x86_64-w64-mingw32 shared library unless -no-undefined is specified
++ lib.optionals stdenv.hostPlatform.isWindows [ "LDFLAGS+=-no-undefined" ]
# lld 17 sets `--no-undefined-version` by default and `libxcrypt`'s
# version script unconditionally lists legacy compatibility symbols, even
# when not exported: https://github.com/besser82/libxcrypt/issues/181
++ lib.optionals lld17Plus [ "LDFLAGS+=-Wl,--undefined-version" ];
nativeBuildInputs = [
perl
];
enableParallelBuilding = true;
doCheck = true;
passthru = {
tests = {
inherit (nixosTests) login shadow;
passthruMatches = runCommand "libxcrypt-test-passthru-matches" { } ''
${python3.interpreter} "${./check_passthru_matches.py}" ${
lib.escapeShellArgs (
[
finalAttrs.src
enableHashes
"--"
]
++ finalAttrs.passthru.enabledCryptSchemeIds
)
}
touch "$out"
'';
};
enabledCryptSchemeIds = [
# https://github.com/besser82/libxcrypt/blob/v4.4.35/lib/hashes.conf
"y" # yescrypt
"gy" # gost_yescrypt
"7" # scrypt
"2b" # bcrypt
"2y" # bcrypt_y
"2a" # bcrypt_a
"6" # sha512crypt
];
};
meta = with lib; {
changelog = "https://github.com/besser82/libxcrypt/blob/v${finalAttrs.version}/NEWS";
description = "Extended crypt library for descrypt, md5crypt, bcrypt, and others";
homepage = "https://github.com/besser82/libxcrypt/";
platforms = platforms.all;
maintainers = with maintainers; [
dottedmag
hexa
];
license = licenses.lgpl21Plus;
};
})