Merge pull request #181764 from mweinelt/glibc-without-libcrypt

author: Martin Weinelt <mweinelt@users.noreply.github.com> 2022-10-09 21:07:26 +0200
committer: GitHub <noreply@github.com> 2022-10-09 21:07:26 +0200
commit: 829f89581a6099637c368528b11e3464e7a6f5cf (patch)
tree: 570d7b15603b3015bdcd161f27f90caa8d523690 /pkgs/development
parent: 3b377950672778e80c1ff08fadee931ddd789cd9 (diff)
parent: 195aa5887d64007b544311bb6701e2e54cd01714 (diff)
40 files changed, 174 insertions, 71 deletions
diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix
index 78728c3c592b0..207860b90c0ec 100644
--- a/pkgs/development/compilers/gcc/10/default.nix
+++ b/pkgs/development/compilers/gcc/10/default.nix
@@ -26,6 +26,7 @@
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , buildPackages
+, libxcrypt
 }:
 
 # Make sure we get GNU sed.
@@ -172,7 +173,7 @@ stdenv.mkDerivation ({
     ++ optional targetPlatform.isLinux patchelf;
 
   buildInputs = [
-    gmp mpfr libmpc
+    gmp mpfr libmpc libxcrypt
     targetPackages.stdenv.cc.bintools # For linking code at run-time
   ] ++ (optional (isl != null) isl)
     ++ (optional (zlib != null) zlib)
@@ -182,10 +183,12 @@ stdenv.mkDerivation ({
 
   NIX_LDFLAGS = lib.optionalString  hostPlatform.isSunOS "-lm -ldl";
 
-  preConfigure = import ../common/pre-configure.nix {
+  preConfigure = (import ../common/pre-configure.nix {
     inherit lib;
     inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib;
-  };
+  }) + ''
+    ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h
+  '';
 
   dontDisableStatic = true;
 
diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix
index 3a61c5820b111..3b03e185dd86f 100644
--- a/pkgs/development/compilers/gcc/11/default.nix
+++ b/pkgs/development/compilers/gcc/11/default.nix
@@ -26,6 +26,7 @@
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , buildPackages
+, libxcrypt
 }:
 
 # Make sure we get GNU sed.
@@ -180,7 +181,7 @@ stdenv.mkDerivation ({
     ++ optional targetPlatform.isLinux patchelf;
 
   buildInputs = [
-    gmp mpfr libmpc
+    gmp mpfr libmpc libxcrypt
     targetPackages.stdenv.cc.bintools # For linking code at run-time
   ] ++ (optional (isl != null) isl)
     ++ (optional (zlib != null) zlib)
@@ -190,10 +191,12 @@ stdenv.mkDerivation ({
 
   NIX_LDFLAGS = lib.optionalString  hostPlatform.isSunOS "-lm -ldl";
 
-  preConfigure = import ../common/pre-configure.nix {
+  preConfigure = (import ../common/pre-configure.nix {
     inherit lib;
     inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib;
-  };
+  }) + ''
+    ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h
+  '';
 
   dontDisableStatic = true;
 
diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix
index 10ce704382a79..c7fcd5475ade6 100644
--- a/pkgs/development/compilers/gcc/12/default.nix
+++ b/pkgs/development/compilers/gcc/12/default.nix
@@ -26,6 +26,7 @@
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , buildPackages
+, libxcrypt
 }:
 
 # Make sure we get GNU sed.
@@ -173,7 +174,7 @@ stdenv.mkDerivation ({
     ++ optional targetPlatform.isLinux patchelf;
 
   buildInputs = [
-    gmp mpfr libmpc
+    gmp mpfr libmpc libxcrypt
     targetPackages.stdenv.cc.bintools # For linking code at run-time
   ] ++ (optional (isl != null) isl)
     ++ (optional (zlib != null) zlib)
@@ -183,10 +184,13 @@ stdenv.mkDerivation ({
 
   NIX_LDFLAGS = lib.optionalString  hostPlatform.isSunOS "-lm -ldl";
 
-  preConfigure = import ../common/pre-configure.nix {
+
+  preConfigure = (import ../common/pre-configure.nix {
     inherit lib;
     inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib;
-  };
+  }) + ''
+    ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h
+  '';
 
   dontDisableStatic = true;
 
diff --git a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix
index d74aa519b769e..4ae59a4317705 100644
--- a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi, libxcrypt }:
 
 let
 
@@ -25,6 +25,8 @@ stdenv.mkDerivation {
     "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
     "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
     "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+  ] ++ lib.optionals (haveLibc && !isMusl) [
+    "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
   ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
     "-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
     "-DCOMPILER_RT_BUILD_XRAY=OFF"
diff --git a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix
index 74c566763f6ac..6790910ee8304 100644
--- a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }:
 
 let
 
@@ -26,6 +26,8 @@ stdenv.mkDerivation {
     "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
     "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
     "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+  ] ++ lib.optionals (haveLibc && !isMusl) [
+    "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
   ] ++ lib.optionals (useLLVM || bareMetal || isMusl || isNewDarwinBootstrap) [
     "-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
     "-DCOMPILER_RT_BUILD_XRAY=OFF"
diff --git a/pkgs/development/compilers/llvm/12/compiler-rt/default.nix b/pkgs/development/compilers/llvm/12/compiler-rt/default.nix
index 1ac4b2afec184..ed34d06ed9861 100644
--- a/pkgs/development/compilers/llvm/12/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/12/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }:
 
 let
 
@@ -26,6 +26,8 @@ stdenv.mkDerivation {
     "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
     "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
     "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+  ] ++ lib.optionals (haveLibc && !isMusl) [
+    "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
   ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
     "-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
     "-DCOMPILER_RT_BUILD_XRAY=OFF"
diff --git a/pkgs/development/compilers/llvm/13/compiler-rt/default.nix b/pkgs/development/compilers/llvm/13/compiler-rt/default.nix
index 82b7ac048c755..9124686705ae7 100644
--- a/pkgs/development/compilers/llvm/13/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/13/compiler-rt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, llvm_meta, version, src, cmake, python3, xcbuild, libllvm, libcxxabi }:
+{ lib, stdenv, llvm_meta, version, src, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }:
 
 let
 
@@ -28,6 +28,8 @@ stdenv.mkDerivation {
     "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
     "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
     "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+  ] ++ lib.optionals (haveLibc && !isMusl) [
+    "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
   ] ++ lib.optionals (useLLVM || bareMetal || isMusl || isAarch64) [
     "-DCOMPILER_RT_BUILD_LIBFUZZER=OFF"
   ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
diff --git a/pkgs/development/compilers/llvm/14/compiler-rt/default.nix b/pkgs/development/compilers/llvm/14/compiler-rt/default.nix
index 097410cd7981f..ef2495714e451 100644
--- a/pkgs/development/compilers/llvm/14/compiler-rt/default.nix
+++ b/pkgs/development/compilers/llvm/14/compiler-rt/default.nix
@@ -1,6 +1,6 @@
 { lib, stdenv, llvm_meta, version
 , monorepoSrc, runCommand
-, cmake, python3, xcbuild, libllvm, libcxxabi
+, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt
 }:
 
 let
@@ -38,6 +38,8 @@ stdenv.mkDerivation {
     "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON"
     "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}"
     "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}"
+  ] ++ lib.optionals (haveLibc && !isMusl) [
+    "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include"
   ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [
     "-DCOMPILER_RT_BUILD_SANITIZERS=OFF"
     "-DCOMPILER_RT_BUILD_XRAY=OFF"
diff --git a/pkgs/development/compilers/llvm/rocm/llvm.nix b/pkgs/development/compilers/llvm/rocm/llvm.nix
index 557d194668606..c5ad96a6a1892 100644
--- a/pkgs/development/compilers/llvm/rocm/llvm.nix
+++ b/pkgs/development/compilers/llvm/rocm/llvm.nix
@@ -9,6 +9,7 @@
 , libxml2
 , libffi
 , libbfd
+, libxcrypt
 , ncurses
 , zlib
 , debugVersion ? false
@@ -32,7 +33,7 @@ in stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ cmake ninja python3 ];
 
-  buildInputs = [ libxml2 ];
+  buildInputs = [ libxml2 libxcrypt ];
 
   propagatedBuildInputs = [ ncurses zlib ];
 
diff --git a/pkgs/development/compilers/swi-prolog/default.nix b/pkgs/development/compilers/swi-prolog/default.nix
index d53d1426a94b2..a1eb060d6bab6 100644
--- a/pkgs/development/compilers/swi-prolog/default.nix
+++ b/pkgs/development/compilers/swi-prolog/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, fetchFromGitHub, jdk, gmp, readline, openssl, unixODBC, zlib
-, libarchive, db, pcre, libedit, libossp_uuid, libXpm
+, libarchive, db, pcre, libedit, libossp_uuid, libxcrypt,libXpm
 , libSM, libXt, freetype, pkg-config, fontconfig
 , cmake, libyaml, Security
 , libjpeg, libX11, libXext, libXft, libXinerama
@@ -59,7 +59,7 @@ stdenv.mkDerivation {
   nativeBuildInputs = [ cmake pkg-config ];
 
   buildInputs = [ gmp readline openssl
-    libarchive libyaml db pcre libedit libossp_uuid
+    libarchive libyaml db pcre libedit libossp_uuid libxcrypt
     zlib ]
   ++ lib.optionals (withGui && !stdenv.isDarwin) [ libXpm libX11 libXext libXft libXinerama libjpeg ]
   ++ extraLibraries
diff --git a/pkgs/development/compilers/swift/default.nix b/pkgs/development/compilers/swift/default.nix
index 4109d6ee6dac6..0ea6e7b075969 100644
--- a/pkgs/development/compilers/swift/default.nix
+++ b/pkgs/development/compilers/swift/default.nix
@@ -14,6 +14,7 @@
 , python3
 , ncurses
 , libuuid
+, libxcrypt
 , icu
 , libgcc
 , libblocksruntime
@@ -195,6 +196,7 @@ let
     libedit
     libgcc
     libuuid
+    libxcrypt
     libxml2
     ncurses
     sqlite
diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix
index 1f056ac25ef3c..ccf0bdaeda855 100644
--- a/pkgs/development/haskell-modules/configuration-common.nix
+++ b/pkgs/development/haskell-modules/configuration-common.nix
@@ -2531,6 +2531,34 @@ self: super: {
   # Restrictive upper bound on base.
   # Remove once version 1.* is released
   monad-bayes = doJailbreak super.monad-bayes;
+
+  crypt-sha512 = overrideCabal (drv: {
+    librarySystemDepends = [
+      pkgs.libxcrypt
+    ];
+    # Test failure after libxcrypt migration, reported upstrem at
+    # https://github.com/phadej/crypt-sha512/issues/13
+    doCheck = false;
+  }) super.crypt-sha512;
+
+  nano-cryptr = overrideCabal (drv: {
+    librarySystemDepends = [
+      pkgs.libxcrypt
+    ];
+  }) super.nano-cryptr;
+
+  Unixutils = overrideCabal (drv: {
+    librarySystemDepends = [
+      pkgs.libxcrypt
+    ];
+  }) super.Unixutils;
+
+  xmonad-utils = overrideCabal (drv: {
+    librarySystemDepends = [
+      pkgs.libxcrypt
+    ];
+  }) super.xmonad-utils;
+
 } // import ./configuration-tensorflow.nix {inherit pkgs haskellLib;} self super // (let
   # We need to build purescript with these dependencies and thus also its reverse
   # dependencies to avoid version mismatches in their dependency closure.
diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix
index 79e2bf84a0cdd..4d95ebf2052bf 100644
--- a/pkgs/development/interpreters/perl/default.nix
+++ b/pkgs/development/interpreters/perl/default.nix
@@ -1,9 +1,12 @@
 { config, lib, stdenv, fetchurl, fetchFromGitHub, pkgs, buildPackages
 , callPackage
 , enableThreading ? true, coreutils, makeWrapper
+, enableCrypt ? true, libxcrypt ? null
 , zlib
 }:
 
+assert (enableCrypt -> (libxcrypt != null));
+
 # Note: this package is used for bootstrapping fetchurl, and thus
 # cannot use fetchpatch! All mutable patches (generated by GitHub or
 # cgit) that are needed here should be included directly in Nixpkgs as
@@ -33,6 +36,8 @@ let
       optional crossCompiling "mini";
     setOutputFlags = false;
 
+    propagatedBuildInputs = lib.optional enableCrypt libxcrypt;
+
     disallowedReferences = [ stdenv.cc ];
 
     patches =
@@ -82,6 +87,7 @@ let
       ++ optionals ((builtins.match ''5\.[0-9]*[13579]\..+'' version) != null) [ "-Dusedevel" "-Uversiononly" ]
       ++ optional stdenv.isSunOS "-Dcc=gcc"
       ++ optional enableThreading "-Dusethreads"
+      ++ optional (!enableCrypt) "-A clear:d_crypt_r"
       ++ optional stdenv.hostPlatform.isStatic "--all-static"
       ++ optionals (!crossCompiling) [
         "-Dprefix=${placeholder "out"}"
diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix
index ddf0a55484754..424258167150b 100644
--- a/pkgs/development/interpreters/python/cpython/default.nix
+++ b/pkgs/development/interpreters/python/cpython/default.nix
@@ -14,6 +14,7 @@
 , bluez ? null, bluezSupport ? false
 , zlib
 , tzdata ? null
+, libxcrypt
 , self
 , configd
 , autoreconfHook
@@ -353,6 +354,9 @@ in with passthru; stdenv.mkDerivation {
     # Never even try to use lchmod on linux,
     # don't rely on detecting glibc-isms.
     "ac_cv_func_lchmod=no"
+  ] ++ optionals (libxcrypt != null) [
+    "CFLAGS=-I${libxcrypt}/include"
+    "LIBS=-L${libxcrypt}/lib"
   ] ++ optionals tzdataSupport [
     "--with-tzpath=${tzdata}/share/zoneinfo"
   ] ++ optional static "LDFLAGS=-static";
@@ -388,7 +392,7 @@ in with passthru; stdenv.mkDerivation {
   postInstall = let
     # References *not* to nuke from (sys)config files
     keep-references = concatMapStringsSep " " (val: "-e ${val}") ([
-      (placeholder "out")
+      (placeholder "out") libxcrypt
     ] ++ optionals tzdataSupport [
       tzdata
     ]);
diff --git a/pkgs/development/interpreters/qnial/default.nix b/pkgs/development/interpreters/qnial/default.nix
index 74360daa87666..ae68c1ad6af3c 100644
--- a/pkgs/development/interpreters/qnial/default.nix
+++ b/pkgs/development/interpreters/qnial/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, unzip, pkg-config, makeWrapper, ncurses }:
+{ lib, stdenv, fetchFromGitHub, unzip, pkg-config, makeWrapper, ncurses, libxcrypt }:
 
 stdenv.mkDerivation {
   pname = "qnial";
@@ -26,6 +26,7 @@ stdenv.mkDerivation {
 
   buildInputs = [
      ncurses
+     libxcrypt
   ];
 
   meta = {
diff --git a/pkgs/development/interpreters/unicon-lang/default.nix b/pkgs/development/interpreters/unicon-lang/default.nix
index 848c9541114e5..593a955c798bb 100644
--- a/pkgs/development/interpreters/unicon-lang/default.nix
+++ b/pkgs/development/interpreters/unicon-lang/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, unzip, libX11, libXt, libnsl }:
+{ lib, stdenv, fetchurl, unzip, libX11, libXt, libnsl, libxcrypt }:
 
 stdenv.mkDerivation {
   pname = "unicon-lang";
@@ -8,7 +8,7 @@ stdenv.mkDerivation {
     sha256 = "1g9l2dfp99dqih2ir2limqfjgagh3v9aqly6x0l3qavx3qkkwf61";
   };
   nativeBuildInputs = [ unzip ];
-  buildInputs = [ libnsl libX11 libXt ];
+  buildInputs = [ libnsl libX11 libXt libxcrypt ];
 
   hardeningDisable = [ "fortify" ];
 
diff --git a/pkgs/development/libraries/accountsservice/default.nix b/pkgs/development/libraries/accountsservice/default.nix
index 4bd7a67871f9d..694aab16d1abd 100644
--- a/pkgs/development/libraries/accountsservice/default.nix
+++ b/pkgs/development/libraries/accountsservice/default.nix
@@ -16,6 +16,7 @@
 , python3
 , vala
 , gettext
+, libxcrypt
 }:
 
 stdenv.mkDerivation rec {
@@ -66,6 +67,7 @@ stdenv.mkDerivation rec {
     glib
     polkit
     systemd
+    libxcrypt
   ];
 
   mesonFlags = [
diff --git a/pkgs/development/libraries/apr-util/default.nix b/pkgs/development/libraries/apr-util/default.nix
index 6f38bfa0d076d..909965bb06886 100644
--- a/pkgs/development/libraries/apr-util/default.nix
+++ b/pkgs/development/libraries/apr-util/default.nix
@@ -2,7 +2,7 @@
 , sslSupport ? true, openssl
 , bdbSupport ? true, db
 , ldapSupport ? !stdenv.isCygwin, openldap
-, libiconv
+, libiconv, libxcrypt
 , cyrus_sasl, autoreconfHook
 }:
 
@@ -21,7 +21,10 @@ stdenv.mkDerivation rec {
     sha256 = "0nq3s1yn13vplgl6qfm09f7n0wm08malff9s59bqf9nid9xjzqfk";
   };
 
-  patches = optional stdenv.isFreeBSD ./include-static-dependencies.patch;
+  patches = [ ./fix-libxcrypt-build.patch ]
+    ++ optional stdenv.isFreeBSD ./include-static-dependencies.patch;
+
+  NIX_CFLAGS_LINK = [ "-lcrypt" ];
 
   outputs = [ "out" "dev" ];
   outputBin = "dev";
@@ -38,15 +41,18 @@ stdenv.mkDerivation rec {
         "--without-freetds" "--without-berkeley-db" "--without-crypto" ]
     ;
 
-  # For some reason, db version 6.9 is selected when cross-compiling.
-  # It's unclear as to why, it requires someone with more autotools / configure knowledge to go deeper into that.
-  # Always replacing the link flag with a generic link flag seems to help though, so let's do that for now.
-  postConfigure = lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
-    substituteInPlace Makefile \
-      --replace "-ldb-6.9" "-ldb"
+  postConfigure = ''
+    echo '#define APR_HAVE_CRYPT_H 1' >> confdefs.h
+  '' +
+    # For some reason, db version 6.9 is selected when cross-compiling.
+    # It's unclear as to why, it requires someone with more autotools / configure knowledge to go deeper into that.
+    # Always replacing the link flag with a generic link flag seems to help though, so let's do that for now.
+    lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
+      substituteInPlace Makefile \
+        --replace "-ldb-6.9" "-ldb"
   '';
 
-  propagatedBuildInputs = [ apr expat libiconv ]
+  propagatedBuildInputs = [ apr expat libiconv libxcrypt ]
     ++ optional sslSupport openssl
     ++ optional bdbSupport db
     ++ optional ldapSupport openldap
diff --git a/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch b/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch
new file mode 100644
index 0000000000000..2994e5de0f78b
--- /dev/null
+++ b/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch
@@ -0,0 +1,14 @@
+diff --git a/crypto/apr_passwd.c b/crypto/apr_passwd.c
+index c961de2..a397f27 100644
+--- a/crypto/apr_passwd.c
++++ b/crypto/apr_passwd.c
+@@ -24,9 +24,7 @@
+ #if APR_HAVE_STRING_H
+ #include <string.h>
+ #endif
+-#if APR_HAVE_CRYPT_H
+ #include <crypt.h>
+-#endif
+ #if APR_HAVE_UNISTD_H
+ #include <unistd.h>
+ #endif
diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix
index 9c2072179b26d..38631d3242d32 100644
--- a/pkgs/development/libraries/boost/generic.nix
+++ b/pkgs/development/libraries/boost/generic.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, icu, expat, zlib, bzip2, python ? null, fixDarwinDylibNames, libiconv
+{ lib, stdenv, icu, expat, zlib, bzip2, python ? null, fixDarwinDylibNames, libiconv, libxcrypt
 , boost-build
 , fetchpatch
 , which
@@ -214,7 +214,7 @@ stdenv.mkDerivation {
     ++ optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames;
   buildInputs = [ expat zlib bzip2 libiconv ]
     ++ optional (stdenv.hostPlatform == stdenv.buildPlatform) icu
-    ++ optional enablePython python
+    ++ optionals enablePython [ libxcrypt python ]
     ++ optional enableNumpy python.pkgs.numpy;
 
   configureScript = "./bootstrap.sh";
diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix
index be20a9b1678df..170b9a0fba4a2 100644
--- a/pkgs/development/libraries/cyrus-sasl/default.nix
+++ b/pkgs/development/libraries/cyrus-sasl/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, fetchurl, openssl, openldap, libkrb5, db, gettext
-, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false
+, pam, libxcrypt, fixDarwinDylibNames, autoreconfHook, enableLdap ? false
 , buildPackages, pruneLibtoolFiles, nixosTests }:
 
 with lib;
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ autoreconfHook pruneLibtoolFiles ]
     ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames;
   buildInputs =
-    [ openssl db gettext libkrb5 ]
+    [ openssl db gettext libkrb5 libxcrypt ]
     ++ lib.optional enableLdap openldap
     ++ lib.optional stdenv.isLinux pam;
 
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index 6ed0a4d4da0fe..83cde07749496 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -36,6 +36,7 @@
 , withLinuxHeaders ? false
 , profilingLibraries ? false
 , withGd ? false
+, withLibcrypt ? false
 , meta
 , extraBuildInputs ? []
 , extraNativeBuildInputs ? []
@@ -183,7 +184,9 @@ stdenv.mkDerivation ({
       # To avoid linking with -lgcc_s (dynamic link)
       # so the glibc does not depend on its compiler store path
       "libc_cv_as_needed=no"
-    ] ++ lib.optional withGd "--with-gd";
+    ]
+    ++ lib.optional withGd "--with-gd"
+    ++ lib.optional (!withLibcrypt) "--disable-crypt";
 
   makeFlags = [
     "OBJCOPY=${stdenv.cc.targetPrefix}objcopy"
diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix
index 728b97d2f5f4e..8602498f01b94 100644
--- a/pkgs/development/libraries/glibc/default.nix
+++ b/pkgs/development/libraries/glibc/default.nix
@@ -2,6 +2,7 @@
 , withLinuxHeaders ? true
 , profilingLibraries ? false
 , withGd ? false
+, withLibcrypt? false
 , buildPackages
 }:
 
@@ -16,7 +17,7 @@ in
 callPackage ./common.nix { inherit stdenv; } {
     pname = "glibc" + lib.optionalString withGd "-gd";
 
-    inherit withLinuxHeaders profilingLibraries withGd;
+    inherit withLinuxHeaders profilingLibraries withGd withLibcrypt;
 
     # Note:
     # Things you write here override, and do not add to,
diff --git a/pkgs/development/libraries/gvm-libs/default.nix b/pkgs/development/libraries/gvm-libs/default.nix
index a141d36e33006..ba08fc61f5682 100644
--- a/pkgs/development/libraries/gvm-libs/default.nix
+++ b/pkgs/development/libraries/gvm-libs/default.nix
@@ -12,6 +12,7 @@
 , libpcap
 , libssh
 , libuuid
+, libxcrypt
 , libxml2
 , pkg-config
 , zlib
@@ -46,6 +47,7 @@ stdenv.mkDerivation rec {
     libpcap
     libssh
     libuuid
+    libxcrypt
     libxml2
     zlib
   ];
diff --git a/pkgs/development/libraries/libcli/default.nix b/pkgs/development/libraries/libcli/default.nix
index 8aa06bfb19bc2..da076a590e19a 100644
--- a/pkgs/development/libraries/libcli/default.nix
+++ b/pkgs/development/libraries/libcli/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, fetchurl }:
+{ lib, stdenv, fetchFromGitHub, fetchurl, libxcrypt }:
 
 stdenv.mkDerivation rec {
   pname = "libcli";
@@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
       })
     ];
 
+  buildInputs = [ libxcrypt ];
+
   enableParallelBuilding = true;
 
   makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" "AR=${stdenv.cc.targetPrefix}ar" "PREFIX=$(out)" ];
diff --git a/pkgs/development/libraries/libfilezilla/default.nix b/pkgs/development/libraries/libfilezilla/default.nix
index 16c09b65ff1e8..bc70e1fde3aca 100644
--- a/pkgs/development/libraries/libfilezilla/default.nix
+++ b/pkgs/development/libraries/libfilezilla/default.nix
@@ -6,6 +6,7 @@
 , nettle
 , pkg-config
 , libiconv
+, libxcrypt
 , ApplicationServices
 }:
 
@@ -20,7 +21,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ autoreconfHook pkg-config ];
 
-  buildInputs = [ gettext gnutls nettle ]
+  buildInputs = [ gettext gnutls nettle libxcrypt ]
     ++ lib.optionals stdenv.isDarwin [ libiconv ApplicationServices ];
 
   enableParallelBuilding = true;
diff --git a/pkgs/development/libraries/libguestfs/default.nix b/pkgs/development/libraries/libguestfs/default.nix
index e2da1a30ff146..745b1a180008c 100644
--- a/pkgs/development/libraries/libguestfs/default.nix
+++ b/pkgs/development/libraries/libguestfs/default.nix
@@ -4,6 +4,7 @@
 , pkg-config
 , autoreconfHook
 , makeWrapper
+, libxcrypt
 , ncurses
 , cpio
 , gperf
@@ -65,6 +66,7 @@ stdenv.mkDerivation rec {
   ] ++ (with perlPackages; [ perl libintl-perl GetoptLong ModuleBuild ])
   ++ (with ocamlPackages; [ ocaml findlib ]);
   buildInputs = [
+    libxcrypt
     ncurses
     jansson
     pcre2
diff --git a/pkgs/development/libraries/libxcrypt/default.nix b/pkgs/development/libraries/libxcrypt/default.nix
index eadf6f91e1e07..dc2c5d3fb6ccb 100644
--- a/pkgs/development/libraries/libxcrypt/default.nix
+++ b/pkgs/development/libraries/libxcrypt/default.nix
@@ -1,38 +1,29 @@
-{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config, perl, fetchpatch }:
+{ lib, stdenv, fetchurl, perl }:
 
 stdenv.mkDerivation rec {
   pname = "libxcrypt";
   version = "4.4.28";
 
-  src = fetchFromGitHub {
-    owner = "besser82";
-    repo = "libxcrypt";
-    rev = "v${version}";
-    sha256 = "sha256-Ohf+RCOXnoCxAFnXXV9e2TCqpfZziQl+FGJTGDSQTF0=";
+  src = fetchurl {
+    url = "https://github.com/besser82/libxcrypt/releases/download/v${version}/libxcrypt-${version}.tar.xz";
+    sha256 = "sha256-npNoEfn60R28ozyhm9l8VcUus8oVkB8nreBGzHnmnoc=";
   };
 
-  patches = [
-    # Fix for tests on musl is being upstreamed:
-    # https://github.com/besser82/libxcrypt/pull/157
-    # Applied in all environments to prevent patchrot
-    (fetchpatch {
-      url = "https://github.com/besser82/libxcrypt/commit/a4228faa0b96986abc076125cf97d352a063d92f.patch";
-      sha256 = "sha256-iGNz8eer6OkA0yR74WisE6GbFTYyXKw7koXl/R7DhVE=";
-    })
-  ];
-
-  preConfigure = ''
-    patchShebangs autogen.sh
-    ./autogen.sh
-  '';
-
   configureFlags = [
+    "--enable-hashes=all"
+    "--enable-obsolete-api=glibc"
+    "--disable-failure-tokens"
+  ] ++ lib.optionals stdenv.hostPlatform.isMusl [
     "--disable-werror"
   ];
 
-  nativeBuildInputs = [ autoconf automake libtool pkg-config perl ];
+  nativeBuildInputs = [
+    perl
+  ];
+
+  enableParallelBuilding = true;
 
-  doCheck = true;
+  doCheck = !stdenv.hostPlatform.isMusl;
 
   meta = with lib; {
     description = "Extended crypt library for descrypt, md5crypt, bcrypt, and others";
diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix
index fda00f6766648..a3bb7128c0f10 100644
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@@ -8,6 +8,7 @@
 , gettext
 , python
 , ncurses
+, libxcrypt
 , libgcrypt
 , cryptoSupport ? false
 , pythonSupport ? true
@@ -34,7 +35,7 @@ stdenv.mkDerivation rec {
   ];
 
   buildInputs = [
-    libxml2.dev
+    libxml2.dev libxcrypt
   ] ++ lib.optional stdenv.isDarwin [
     gettext
   ] ++ lib.optionals pythonSupport [
diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix
index f357b8d4b7208..64b6c8c234450 100644
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@@ -11,6 +11,7 @@
 , libtool
 , openssl
 , systemdMinimal
+, libxcrypt
 }:
 
 stdenv.mkDerivation rec {
@@ -42,6 +43,7 @@ stdenv.mkDerivation rec {
     libsodium
     libtool
     openssl
+    libxcrypt
   ] ++ lib.optionals (stdenv.isLinux) [
     systemdMinimal
   ];
diff --git a/pkgs/development/libraries/physics/cernlib/default.nix b/pkgs/development/libraries/physics/cernlib/default.nix
index 77ad6e201a32b..8eae6fcaad55c 100644
--- a/pkgs/development/libraries/physics/cernlib/default.nix
+++ b/pkgs/development/libraries/physics/cernlib/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, gfortran, imake, makedepend, motif, xorg }:
+{ lib, stdenv, fetchurl, gfortran, imake, makedepend, motif, xorg, libxcrypt }:
 
 stdenv.mkDerivation rec {
   version = "2006";
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
     sha256 = "0awla1rl96z82br7slcmg8ks1d2a7slk6dj79ywb871j2ksi3fky";
   };
 
-  buildInputs = with xorg; [ gfortran motif libX11 libXft libXt ];
+  buildInputs = with xorg; [ gfortran motif libX11 libXft libXt libxcrypt ];
   nativeBuildInputs = [ imake makedepend ];
   sourceRoot = ".";
 
diff --git a/pkgs/development/libraries/talloc/default.nix b/pkgs/development/libraries/talloc/default.nix
index cb7af61a63ed2..fb52f75f8c101 100644
--- a/pkgs/development/libraries/talloc/default.nix
+++ b/pkgs/development/libraries/talloc/default.nix
@@ -4,6 +4,7 @@
 , pkg-config
 , readline
 , libxslt
+, libxcrypt
 , docbook-xsl-nons
 , docbook_xml_dtd_42
 , fixDarwinDylibNames
@@ -33,6 +34,7 @@ stdenv.mkDerivation rec {
     python3
     readline
     libxslt
+    libxcrypt
   ];
 
   wafPath = "buildtools/bin/waf";
diff --git a/pkgs/development/libraries/tdb/default.nix b/pkgs/development/libraries/tdb/default.nix
index f040022cc91b8..9a534c4c14652 100644
--- a/pkgs/development/libraries/tdb/default.nix
+++ b/pkgs/development/libraries/tdb/default.nix
@@ -5,6 +5,7 @@
 , python3
 , readline
 , libxslt
+, libxcrypt
 , docbook-xsl-nons
 , docbook_xml_dtd_45
 }:
@@ -30,6 +31,7 @@ stdenv.mkDerivation rec {
   buildInputs = [
     python3
     readline # required to build python
+    libxcrypt
   ];
 
   wafPath = "buildtools/bin/waf";
diff --git a/pkgs/development/libraries/zeroc-ice/default.nix b/pkgs/development/libraries/zeroc-ice/default.nix
index 4eef03c4a6193..3050525c2a29e 100644
--- a/pkgs/development/libraries/zeroc-ice/default.nix
+++ b/pkgs/development/libraries/zeroc-ice/default.nix
@@ -1,5 +1,5 @@
 { stdenv, lib, fetchFromGitHub
-, bzip2, expat, libedit, lmdb, openssl
+, bzip2, expat, libedit, lmdb, openssl, libxcrypt
 , python3 # for tests only
 , cpp11 ? false
 }:
@@ -31,7 +31,7 @@ in stdenv.mkDerivation rec {
     sha256 = "sha256-h455isEmnRyoasXhh1UaA5PICcEEM8/C3IJf5yHRl5g=";
   };
 
-  buildInputs = [ zeroc_mcpp bzip2 expat libedit lmdb openssl ];
+  buildInputs = [ zeroc_mcpp bzip2 expat libedit lmdb openssl libxcrypt ];
 
   preBuild = ''
     makeFlagsArray+=(
diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix
index 74ffea9643952..7f06652e66b3c 100644
--- a/pkgs/development/lua-modules/overrides.nix
+++ b/pkgs/development/lua-modules/overrides.nix
@@ -22,6 +22,7 @@
 , libmysqlclient
 , libuuid
 , libuv
+, libxcrypt
 , libyaml
 , mariadb
 , mpfr
@@ -336,6 +337,12 @@ with prev;
     ];
   });
 
+  luaposix = prev.luaLib.overrideLuarocks prev.luaposix (drv: {
+    externalDeps = [
+      { name = "CRYPT"; dep = libxcrypt; }
+    ];
+  });
+
   luasec = prev.luaLib.overrideLuarocks prev.luasec (drv: {
     externalDeps = [
       { name = "OPENSSL"; dep = openssl_1_1; }
diff --git a/pkgs/development/python-modules/pillow-simd/default.nix b/pkgs/development/python-modules/pillow-simd/default.nix
index e856c2f578528..b39a86a7fbfcc 100644
--- a/pkgs/development/python-modules/pillow-simd/default.nix
+++ b/pkgs/development/python-modules/pillow-simd/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, buildPythonPackage, fetchFromGitHub, isPyPy, isPy3k
-, olefile, freetype, libjpeg, zlib, libtiff, libwebp, tcl, lcms2
+, olefile, freetype, libjpeg, zlib, libtiff, libwebp, libxcrypt, tcl, lcms2
 , libxcb, tk, libX11, openjpeg, libimagequant, pyroma, numpy, defusedxml
 , pytestCheckHook
 }@args:
diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix
index 017069a7dd2d4..6e50be53f99d0 100644
--- a/pkgs/development/python-modules/pillow/default.nix
+++ b/pkgs/development/python-modules/pillow/default.nix
@@ -4,7 +4,7 @@
 , pythonOlder
 , fetchPypi
 , isPyPy
-, defusedxml, olefile, freetype, libjpeg, zlib, libtiff, libwebp, tcl, lcms2, tk, libX11
+, defusedxml, olefile, freetype, libjpeg, zlib, libtiff, libwebp, libxcrypt, tcl, lcms2, tk, libX11
 , libxcb, openjpeg, libimagequant, pyroma, numpy, pytestCheckHook
 # for passthru.tests
 , imageio, matplotlib, pilkit, pydicom, reportlab
diff --git a/pkgs/development/python-modules/pillow/generic.nix b/pkgs/development/python-modules/pillow/generic.nix
index ec4f052638206..54f730751076e 100644
--- a/pkgs/development/python-modules/pillow/generic.nix
+++ b/pkgs/development/python-modules/pillow/generic.nix
@@ -38,7 +38,7 @@ buildPythonPackage rec {
 
   checkInputs = [ pytestCheckHook pyroma numpy ];
 
-  buildInputs = [ freetype libjpeg openjpeg libimagequant zlib libtiff libwebp tcl lcms2 ]
+  buildInputs = [ freetype libjpeg openjpeg libimagequant zlib libtiff libwebp libxcrypt tcl lcms2 ]
     ++ lib.optionals (lib.versionAtLeast version "7.1.0") [ libxcb ]
     ++ lib.optionals (isPyPy) [ tk libX11 ];
 
diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix
index fa6c4726222c9..fae5ef8cf1039 100644
--- a/pkgs/development/python-modules/twisted/default.nix
+++ b/pkgs/development/python-modules/twisted/default.nix
@@ -97,6 +97,9 @@ buildPythonPackage rec {
     echo 'MulticastTests.test_multicast.skip = "Reactor was unclean"'>> src/twisted/test/test_udp.py
     echo 'MulticastTests.test_multiListen.skip = "No such device"'>> src/twisted/test/test_udp.py
 
+    # fails since migrating to libxcrypt
+    echo 'HelperTests.test_refuteCryptedPassword.skip = "OSError: Invalid argument"' >> src/twisted/conch/test/test_checkers.py
+
     # not packaged
     substituteInPlace src/twisted/test/test_failure.py \
       --replace "from cython_test_exception_raiser import raiser  # type: ignore[import]" "raiser = None"
diff --git a/pkgs/development/tools/libsigrokdecode/default.nix b/pkgs/development/tools/libsigrokdecode/default.nix
index 06b5f5c35bbad..672dddfc5ca22 100644
--- a/pkgs/development/tools/libsigrokdecode/default.nix
+++ b/pkgs/development/tools/libsigrokdecode/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, pkg-config, glib, python3, check }:
+{ lib, stdenv, fetchurl, pkg-config, glib, python3, check, libxcrypt }:
 
 stdenv.mkDerivation rec {
   pname = "libsigrokdecode";
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ glib python3 ];
+  buildInputs = [ glib python3 libxcrypt ];
   checkInputs = [ check ];
   doCheck = true;
author	Martin Weinelt <mweinelt@users.noreply.github.com>	2022-10-09 21:07:26 +0200
committer	GitHub <noreply@github.com>	2022-10-09 21:07:26 +0200
commit	829f89581a6099637c368528b11e3464e7a6f5cf (patch)
tree	570d7b15603b3015bdcd161f27f90caa8d523690 /pkgs/development
parent	3b377950672778e80c1ff08fadee931ddd789cd9 (diff)
parent	195aa5887d64007b544311bb6701e2e54cd01714 (diff)