diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index dae2fde0b4e76..b538a0119c06d 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -697,7 +697,7 @@ in { value = "[a-zA-Z0-9/+.-]+"; options = "${id}(=${value})?(,${id}=${value})*"; scheme = "${id}(${sep}${options})?"; - content = "${base64}${sep}${base64}"; + content = "${base64}${sep}${base64}(${sep}${base64})?"; mcf = "^${sep}${scheme}${sep}${content}$"; in if (allowsLogin user.hashedPassword diff --git a/nixos/tests/shadow.nix b/nixos/tests/shadow.nix index 50a9f71246469..baa2e5945c05d 100644 --- a/nixos/tests/shadow.nix +++ b/nixos/tests/shadow.nix @@ -3,6 +3,8 @@ let password2 = "helloworld"; password3 = "bazqux"; password4 = "asdf123"; + hashed_bcrypt = "$2b$05$8xIEflrk2RxQtcVXbGIxs.Vl0x7dF1/JSv3cyX6JJt0npzkTCWvxK"; # fnord + hashed_yeshash = "$y$j9T$d8Z4EAf8P1SvM/aDFbxMS0$VnTXMp/Hnc7QdCBEaLTq5ZFOAFo2/PM0/xEAFuOE88."; # fnord in import ./make-test-python.nix ({ pkgs, ... }: { name = "shadow"; meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus ]; }; @@ -27,6 +29,16 @@ in import ./make-test-python.nix ({ pkgs, ... }: { password = password4; shell = pkgs.bash; }; + users.berta = { + isNormalUser = true; + hashedPassword = hashed_bcrypt; + shell = pkgs.bash; + }; + users.yesim = { + isNormalUser = true; + hashedPassword = hashed_yeshash; + shell = pkgs.bash; + }; }; }; @@ -115,5 +127,23 @@ in import ./make-test-python.nix ({ pkgs, ... }: { shadow.wait_until_succeeds("pgrep login") shadow.send_chars("${password2}\n") shadow.wait_until_tty_matches("5", "login:") + + with subtest("check alternate password hashes"): + shadow.send_key("alt-f6") + shadow.wait_until_succeeds("[ $(fgconsole) = 6 ]") + for u in ["berta", "yesim"]: + shadow.wait_for_unit("getty@tty6.service") + shadow.wait_until_succeeds("pgrep -f 'agetty.*tty6'") + shadow.wait_until_tty_matches("6", "login: ") + shadow.send_chars(f"{u}\n") + shadow.wait_until_tty_matches("6", f"login: {u}") + shadow.wait_until_succeeds("pgrep login") + shadow.sleep(2) + shadow.send_chars("fnord\n") + shadow.send_chars(f"whoami > /tmp/{u}\n") + shadow.wait_for_file(f"/tmp/{u}") + print(shadow.succeed(f"cat /tmp/{u}")) + assert u in shadow.succeed(f"cat /tmp/{u}") + shadow.send_chars("logout\n") ''; }) diff --git a/pkgs/applications/networking/browsers/ladybird/default.nix b/pkgs/applications/networking/browsers/ladybird/default.nix index e5d7b8524a135..0bd3cc79df257 100644 --- a/pkgs/applications/networking/browsers/ladybird/default.nix +++ b/pkgs/applications/networking/browsers/ladybird/default.nix @@ -5,6 +5,7 @@ , ninja , unzip , wrapQtAppsHook +, libxcrypt , qtbase , qttools , nixosTests @@ -37,6 +38,7 @@ in gcc11Stdenv.mkDerivation { ]; buildInputs = [ + libxcrypt qtbase ]; diff --git a/pkgs/applications/networking/irc/epic5/default.nix b/pkgs/applications/networking/irc/epic5/default.nix index 9b096eb72e9b0..969a9da46b15c 100644 --- a/pkgs/applications/networking/irc/epic5/default.nix +++ b/pkgs/applications/networking/irc/epic5/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, openssl, ncurses, libiconv, tcl, coreutils, fetchpatch }: +{ lib, stdenv, fetchurl, openssl, ncurses, libiconv, tcl, coreutils, fetchpatch, libxcrypt }: stdenv.mkDerivation rec { pname = "epic5"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { }; # Darwin needs libiconv, tcl; while Linux build don't - buildInputs = [ openssl ncurses ] + buildInputs = [ openssl ncurses libxcrypt ] ++ lib.optionals stdenv.isDarwin [ libiconv tcl ]; patches = [ diff --git a/pkgs/applications/networking/mailreaders/alpine/default.nix b/pkgs/applications/networking/mailreaders/alpine/default.nix index 04f1732f7a5b8..7c168340b1ce7 100644 --- a/pkgs/applications/networking/mailreaders/alpine/default.nix +++ b/pkgs/applications/networking/mailreaders/alpine/default.nix @@ -1,5 +1,5 @@ {lib, stdenv, fetchurl, ncurses, tcl, openssl, pam, libkrb5 -, openldap +, openldap, libxcrypt }: stdenv.mkDerivation rec { @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; buildInputs = [ - ncurses tcl openssl pam libkrb5 openldap + ncurses tcl openssl pam libkrb5 openldap libxcrypt ]; hardeningDisable = [ "format" ]; diff --git a/pkgs/applications/networking/nntp-proxy/default.nix b/pkgs/applications/networking/nntp-proxy/default.nix index 626913cd60a43..a3a136a32695c 100644 --- a/pkgs/applications/networking/nntp-proxy/default.nix +++ b/pkgs/applications/networking/nntp-proxy/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, libconfig, pkg-config, libevent, openssl }: +{ lib, stdenv, fetchFromGitHub, libconfig, pkg-config, libevent, openssl, libxcrypt }: stdenv.mkDerivation { pname = "nntp-proxy"; @@ -12,7 +12,7 @@ stdenv.mkDerivation { }; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libconfig libevent openssl ]; + buildInputs = [ libconfig libevent openssl libxcrypt ]; installFlags = [ "INSTALL_DIR=$(out)/bin/" ]; diff --git a/pkgs/applications/networking/shellhub-agent/default.nix b/pkgs/applications/networking/shellhub-agent/default.nix index a04e9a82e8c49..86242b5641e99 100644 --- a/pkgs/applications/networking/shellhub-agent/default.nix +++ b/pkgs/applications/networking/shellhub-agent/default.nix @@ -4,6 +4,7 @@ , gitUpdater , makeWrapper , openssh +, libxcrypt }: buildGoModule rec { @@ -31,6 +32,7 @@ buildGoModule rec { }; nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ libxcrypt ]; postInstall = '' wrapProgram $out/bin/agent --prefix PATH : ${lib.makeBinPath [ openssh ]} diff --git a/pkgs/applications/science/misc/root/5.nix b/pkgs/applications/science/misc/root/5.nix index 84443645865e8..1b4d6bcd04867 100644 --- a/pkgs/applications/science/misc/root/5.nix +++ b/pkgs/applications/science/misc/root/5.nix @@ -14,6 +14,7 @@ , libGL , zlib , libxml2 +, libxcrypt , lz4 , xz , gsl_1 @@ -33,7 +34,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ pcre python2 zlib libxml2 lz4 xz gsl_1 xxHash ] + buildInputs = [ pcre python2 zlib libxml2 lz4 xz gsl_1 xxHash libxcrypt ] ++ lib.optionals (!stdenv.isDarwin) [ libX11 libXpm libXft libXext libGLU libGL ] ++ lib.optionals (stdenv.isDarwin) [ Cocoa OpenGL ] ; diff --git a/pkgs/applications/science/misc/root/default.nix b/pkgs/applications/science/misc/root/default.nix index 457b571be922a..5ae80c745bdce 100644 --- a/pkgs/applications/science/misc/root/default.nix +++ b/pkgs/applications/science/misc/root/default.nix @@ -16,6 +16,7 @@ , libXext , libGLU , libGL +, libxcrypt , libxml2 , llvm_9 , lz4 @@ -72,6 +73,7 @@ stdenv.mkDerivation rec { zlib zstd lapack + libxcrypt libxml2 _llvm_9 lz4 diff --git a/pkgs/applications/science/networking/sumo/default.nix b/pkgs/applications/science/networking/sumo/default.nix index 9cdf576b9c682..7c5794eb8e831 100644 --- a/pkgs/applications/science/networking/sumo/default.nix +++ b/pkgs/applications/science/networking/sumo/default.nix @@ -1,7 +1,7 @@ { lib, bzip2, cmake, eigen, fetchFromGitHub, ffmpeg, fox_1_6, gdal, git, gl2ps, gpp , gtest, jdk, libGL, libGLU, libX11, libjpeg, - libpng, libtiff, openscenegraph , proj, python3, python37Packages, - stdenv, swig, xercesc, xorg, zlib }: + libpng, libtiff, libxcrypt, openscenegraph , proj, python3, + python37Packages, stdenv, swig, xercesc, xorg, zlib }: stdenv.mkDerivation rec { pname = "sumo"; @@ -36,6 +36,7 @@ stdenv.mkDerivation rec { libjpeg libpng libtiff + libxcrypt openscenegraph proj python37Packages.setuptools diff --git a/pkgs/applications/video/kodi/unwrapped.nix b/pkgs/applications/video/kodi/unwrapped.nix index a37e5c92e241f..a272f90bd3334 100644 --- a/pkgs/applications/video/kodi/unwrapped.nix +++ b/pkgs/applications/video/kodi/unwrapped.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, makeWrapper , pkg-config, cmake, yasm, python3Packages -, libgcrypt, libgpg-error, libunistring +, libxcrypt, libgcrypt, libgpg-error, libunistring , boost, avahi, lame , gettext, pcre-cpp, yajl, fribidi, which , openssl, gperf, tinyxml2, taglib, libssh, swig, jre_headless @@ -131,7 +131,7 @@ in stdenv.mkDerivation { sqlite libmysqlclient avahi lame curl bzip2 zip unzip glxinfo libcec libcec_platform dcadec libuuid - libgcrypt libgpg-error libunistring + libxcrypt libgcrypt libgpg-error libunistring libcrossguid libplist bluez giflib glib harfbuzz lcms2 libpthreadstubs ffmpeg flatbuffers fstrcmp rapidjson diff --git a/pkgs/applications/virtualization/open-vm-tools/default.nix b/pkgs/applications/virtualization/open-vm-tools/default.nix index d62964d109599..7755795306a67 100644 --- a/pkgs/applications/virtualization/open-vm-tools/default.nix +++ b/pkgs/applications/virtualization/open-vm-tools/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook , bash, fuse3, libmspack, openssl, pam, xercesc, icu, libdnet, procps, libtirpc, rpcsvc-proto -, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst +, libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst, libxcrypt , pkg-config, glib, gdk-pixbuf-xlib, gtk3, gtkmm3, iproute2, dbus, systemd, which , libdrm, udev, util-linux , withX ? true @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config ]; - buildInputs = [ fuse3 glib icu libdnet libdrm libmspack libtirpc openssl pam procps rpcsvc-proto udev xercesc ] + buildInputs = [ fuse3 glib icu libdnet libdrm libmspack libtirpc libxcrypt openssl pam procps rpcsvc-proto udev xercesc ] ++ lib.optionals withX [ gdk-pixbuf-xlib gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ]; postPatch = '' diff --git a/pkgs/applications/window-managers/sawfish/default.nix b/pkgs/applications/window-managers/sawfish/default.nix index f75d7ec5d1bd7..ef001787a596f 100644 --- a/pkgs/applications/window-managers/sawfish/default.nix +++ b/pkgs/applications/window-managers/sawfish/default.nix @@ -8,6 +8,7 @@ , imlib , libICE , libSM +, libxcrypt , libXinerama , libXrandr , libXtst @@ -44,6 +45,7 @@ stdenv.mkDerivation rec { imlib libICE libSM + libxcrypt libXinerama libXrandr libXtst diff --git a/pkgs/desktops/cdesktopenv/default.nix b/pkgs/desktops/cdesktopenv/default.nix index acb423f44bd35..2eb54d018bc69 100644 --- a/pkgs/desktops/cdesktopenv/default.nix +++ b/pkgs/desktops/cdesktopenv/default.nix @@ -3,7 +3,7 @@ , xorgproto, libX11, bison, ksh, perl, gnum4 , libXinerama, libXt, libXext, libtirpc, motif, libXft, xbitmaps , libjpeg, libXmu, libXdmcp, libXScrnSaver, symlinkJoin, bdftopcf -, ncompress, mkfontdir, tcl, libXaw, gcc, glibcLocales +, ncompress, mkfontdir, tcl, libXaw, libxcrypt, gcc, glibcLocales , autoPatchelfHook, libredirect, makeWrapper, xset, xrdb, fakeroot , rpcsvc-proto }: @@ -40,7 +40,7 @@ in stdenv.mkDerivation rec { buildInputs = [ libX11 libXinerama libXt libXext libtirpc motif libXft xbitmaps - libjpeg libXmu libXdmcp libXScrnSaver tcl libXaw ksh + libjpeg libXmu libXdmcp libXScrnSaver tcl libXaw ksh libxcrypt ]; nativeBuildInputs = [ bison ncompress autoPatchelfHook makeWrapper fakeroot diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix index 78728c3c592b0..207860b90c0ec 100644 --- a/pkgs/development/compilers/gcc/10/default.nix +++ b/pkgs/development/compilers/gcc/10/default.nix @@ -26,6 +26,7 @@ , gnused ? null , cloog # unused; just for compat with gcc4, as we override the parameter on some places , buildPackages +, libxcrypt }: # Make sure we get GNU sed. @@ -172,7 +173,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc + gmp mpfr libmpc libxcrypt targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -182,10 +183,12 @@ stdenv.mkDerivation ({ NIX_LDFLAGS = lib.optionalString hostPlatform.isSunOS "-lm -ldl"; - preConfigure = import ../common/pre-configure.nix { + preConfigure = (import ../common/pre-configure.nix { inherit lib; inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; - }; + }) + '' + ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h + ''; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix index 3a61c5820b111..3b03e185dd86f 100644 --- a/pkgs/development/compilers/gcc/11/default.nix +++ b/pkgs/development/compilers/gcc/11/default.nix @@ -26,6 +26,7 @@ , gnused ? null , cloog # unused; just for compat with gcc4, as we override the parameter on some places , buildPackages +, libxcrypt }: # Make sure we get GNU sed. @@ -180,7 +181,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc + gmp mpfr libmpc libxcrypt targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -190,10 +191,12 @@ stdenv.mkDerivation ({ NIX_LDFLAGS = lib.optionalString hostPlatform.isSunOS "-lm -ldl"; - preConfigure = import ../common/pre-configure.nix { + preConfigure = (import ../common/pre-configure.nix { inherit lib; inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; - }; + }) + '' + ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h + ''; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix index 10ce704382a79..c7fcd5475ade6 100644 --- a/pkgs/development/compilers/gcc/12/default.nix +++ b/pkgs/development/compilers/gcc/12/default.nix @@ -26,6 +26,7 @@ , gnused ? null , cloog # unused; just for compat with gcc4, as we override the parameter on some places , buildPackages +, libxcrypt }: # Make sure we get GNU sed. @@ -173,7 +174,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc + gmp mpfr libmpc libxcrypt targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -183,10 +184,13 @@ stdenv.mkDerivation ({ NIX_LDFLAGS = lib.optionalString hostPlatform.isSunOS "-lm -ldl"; - preConfigure = import ../common/pre-configure.nix { + + preConfigure = (import ../common/pre-configure.nix { inherit lib; inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; - }; + }) + '' + ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h + ''; dontDisableStatic = true; diff --git a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix index d74aa519b769e..4ae59a4317705 100644 --- a/pkgs/development/compilers/llvm/10/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/10/compiler-rt/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi }: +{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, libllvm, libcxxabi, libxcrypt }: let @@ -25,6 +25,8 @@ stdenv.mkDerivation { "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON" "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}" "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}" + ] ++ lib.optionals (haveLibc && !isMusl) [ + "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include" ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [ "-DCOMPILER_RT_BUILD_SANITIZERS=OFF" "-DCOMPILER_RT_BUILD_XRAY=OFF" diff --git a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix index 74c566763f6ac..6790910ee8304 100644 --- a/pkgs/development/compilers/llvm/11/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/11/compiler-rt/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi }: +{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }: let @@ -26,6 +26,8 @@ stdenv.mkDerivation { "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON" "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}" "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}" + ] ++ lib.optionals (haveLibc && !isMusl) [ + "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include" ] ++ lib.optionals (useLLVM || bareMetal || isMusl || isNewDarwinBootstrap) [ "-DCOMPILER_RT_BUILD_SANITIZERS=OFF" "-DCOMPILER_RT_BUILD_XRAY=OFF" diff --git a/pkgs/development/compilers/llvm/12/compiler-rt/default.nix b/pkgs/development/compilers/llvm/12/compiler-rt/default.nix index 1ac4b2afec184..ed34d06ed9861 100644 --- a/pkgs/development/compilers/llvm/12/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/12/compiler-rt/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi }: +{ lib, stdenv, llvm_meta, version, fetch, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }: let @@ -26,6 +26,8 @@ stdenv.mkDerivation { "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON" "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}" "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}" + ] ++ lib.optionals (haveLibc && !isMusl) [ + "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include" ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [ "-DCOMPILER_RT_BUILD_SANITIZERS=OFF" "-DCOMPILER_RT_BUILD_XRAY=OFF" diff --git a/pkgs/development/compilers/llvm/13/compiler-rt/default.nix b/pkgs/development/compilers/llvm/13/compiler-rt/default.nix index 82b7ac048c755..9124686705ae7 100644 --- a/pkgs/development/compilers/llvm/13/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/13/compiler-rt/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, llvm_meta, version, src, cmake, python3, xcbuild, libllvm, libcxxabi }: +{ lib, stdenv, llvm_meta, version, src, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }: let @@ -28,6 +28,8 @@ stdenv.mkDerivation { "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON" "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}" "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}" + ] ++ lib.optionals (haveLibc && !isMusl) [ + "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include" ] ++ lib.optionals (useLLVM || bareMetal || isMusl || isAarch64) [ "-DCOMPILER_RT_BUILD_LIBFUZZER=OFF" ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [ diff --git a/pkgs/development/compilers/llvm/14/compiler-rt/default.nix b/pkgs/development/compilers/llvm/14/compiler-rt/default.nix index 097410cd7981f..ef2495714e451 100644 --- a/pkgs/development/compilers/llvm/14/compiler-rt/default.nix +++ b/pkgs/development/compilers/llvm/14/compiler-rt/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, llvm_meta, version , monorepoSrc, runCommand -, cmake, python3, xcbuild, libllvm, libcxxabi +, cmake, python3, xcbuild, libllvm, libcxxabi, libxcrypt }: let @@ -38,6 +38,8 @@ stdenv.mkDerivation { "-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON" "-DCMAKE_C_COMPILER_TARGET=${stdenv.hostPlatform.config}" "-DCMAKE_ASM_COMPILER_TARGET=${stdenv.hostPlatform.config}" + ] ++ lib.optionals (haveLibc && !isMusl) [ + "-DSANITIZER_COMMON_CFLAGS=-I${libxcrypt}/include" ] ++ lib.optionals (useLLVM || bareMetal || isMusl) [ "-DCOMPILER_RT_BUILD_SANITIZERS=OFF" "-DCOMPILER_RT_BUILD_XRAY=OFF" diff --git a/pkgs/development/compilers/llvm/rocm/llvm.nix b/pkgs/development/compilers/llvm/rocm/llvm.nix index 557d194668606..c5ad96a6a1892 100644 --- a/pkgs/development/compilers/llvm/rocm/llvm.nix +++ b/pkgs/development/compilers/llvm/rocm/llvm.nix @@ -9,6 +9,7 @@ , libxml2 , libffi , libbfd +, libxcrypt , ncurses , zlib , debugVersion ? false @@ -32,7 +33,7 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ cmake ninja python3 ]; - buildInputs = [ libxml2 ]; + buildInputs = [ libxml2 libxcrypt ]; propagatedBuildInputs = [ ncurses zlib ]; diff --git a/pkgs/development/compilers/swi-prolog/default.nix b/pkgs/development/compilers/swi-prolog/default.nix index d53d1426a94b2..a1eb060d6bab6 100644 --- a/pkgs/development/compilers/swi-prolog/default.nix +++ b/pkgs/development/compilers/swi-prolog/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchFromGitHub, jdk, gmp, readline, openssl, unixODBC, zlib -, libarchive, db, pcre, libedit, libossp_uuid, libXpm +, libarchive, db, pcre, libedit, libossp_uuid, libxcrypt,libXpm , libSM, libXt, freetype, pkg-config, fontconfig , cmake, libyaml, Security , libjpeg, libX11, libXext, libXft, libXinerama @@ -59,7 +59,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ cmake pkg-config ]; buildInputs = [ gmp readline openssl - libarchive libyaml db pcre libedit libossp_uuid + libarchive libyaml db pcre libedit libossp_uuid libxcrypt zlib ] ++ lib.optionals (withGui && !stdenv.isDarwin) [ libXpm libX11 libXext libXft libXinerama libjpeg ] ++ extraLibraries diff --git a/pkgs/development/compilers/swift/default.nix b/pkgs/development/compilers/swift/default.nix index 4109d6ee6dac6..0ea6e7b075969 100644 --- a/pkgs/development/compilers/swift/default.nix +++ b/pkgs/development/compilers/swift/default.nix @@ -14,6 +14,7 @@ , python3 , ncurses , libuuid +, libxcrypt , icu , libgcc , libblocksruntime @@ -195,6 +196,7 @@ let libedit libgcc libuuid + libxcrypt libxml2 ncurses sqlite diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 1f056ac25ef3c..ccf0bdaeda855 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -2531,6 +2531,34 @@ self: super: { # Restrictive upper bound on base. # Remove once version 1.* is released monad-bayes = doJailbreak super.monad-bayes; + + crypt-sha512 = overrideCabal (drv: { + librarySystemDepends = [ + pkgs.libxcrypt + ]; + # Test failure after libxcrypt migration, reported upstrem at + # https://github.com/phadej/crypt-sha512/issues/13 + doCheck = false; + }) super.crypt-sha512; + + nano-cryptr = overrideCabal (drv: { + librarySystemDepends = [ + pkgs.libxcrypt + ]; + }) super.nano-cryptr; + + Unixutils = overrideCabal (drv: { + librarySystemDepends = [ + pkgs.libxcrypt + ]; + }) super.Unixutils; + + xmonad-utils = overrideCabal (drv: { + librarySystemDepends = [ + pkgs.libxcrypt + ]; + }) super.xmonad-utils; + } // import ./configuration-tensorflow.nix {inherit pkgs haskellLib;} self super // (let # We need to build purescript with these dependencies and thus also its reverse # dependencies to avoid version mismatches in their dependency closure. diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index 79e2bf84a0cdd..4d95ebf2052bf 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -1,9 +1,12 @@ { config, lib, stdenv, fetchurl, fetchFromGitHub, pkgs, buildPackages , callPackage , enableThreading ? true, coreutils, makeWrapper +, enableCrypt ? true, libxcrypt ? null , zlib }: +assert (enableCrypt -> (libxcrypt != null)); + # Note: this package is used for bootstrapping fetchurl, and thus # cannot use fetchpatch! All mutable patches (generated by GitHub or # cgit) that are needed here should be included directly in Nixpkgs as @@ -33,6 +36,8 @@ let optional crossCompiling "mini"; setOutputFlags = false; + propagatedBuildInputs = lib.optional enableCrypt libxcrypt; + disallowedReferences = [ stdenv.cc ]; patches = @@ -82,6 +87,7 @@ let ++ optionals ((builtins.match ''5\.[0-9]*[13579]\..+'' version) != null) [ "-Dusedevel" "-Uversiononly" ] ++ optional stdenv.isSunOS "-Dcc=gcc" ++ optional enableThreading "-Dusethreads" + ++ optional (!enableCrypt) "-A clear:d_crypt_r" ++ optional stdenv.hostPlatform.isStatic "--all-static" ++ optionals (!crossCompiling) [ "-Dprefix=${placeholder "out"}" diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index ddf0a55484754..424258167150b 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -14,6 +14,7 @@ , bluez ? null, bluezSupport ? false , zlib , tzdata ? null +, libxcrypt , self , configd , autoreconfHook @@ -353,6 +354,9 @@ in with passthru; stdenv.mkDerivation { # Never even try to use lchmod on linux, # don't rely on detecting glibc-isms. "ac_cv_func_lchmod=no" + ] ++ optionals (libxcrypt != null) [ + "CFLAGS=-I${libxcrypt}/include" + "LIBS=-L${libxcrypt}/lib" ] ++ optionals tzdataSupport [ "--with-tzpath=${tzdata}/share/zoneinfo" ] ++ optional static "LDFLAGS=-static"; @@ -388,7 +392,7 @@ in with passthru; stdenv.mkDerivation { postInstall = let # References *not* to nuke from (sys)config files keep-references = concatMapStringsSep " " (val: "-e ${val}") ([ - (placeholder "out") + (placeholder "out") libxcrypt ] ++ optionals tzdataSupport [ tzdata ]); diff --git a/pkgs/development/interpreters/qnial/default.nix b/pkgs/development/interpreters/qnial/default.nix index 74360daa87666..ae68c1ad6af3c 100644 --- a/pkgs/development/interpreters/qnial/default.nix +++ b/pkgs/development/interpreters/qnial/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, unzip, pkg-config, makeWrapper, ncurses }: +{ lib, stdenv, fetchFromGitHub, unzip, pkg-config, makeWrapper, ncurses, libxcrypt }: stdenv.mkDerivation { pname = "qnial"; @@ -26,6 +26,7 @@ stdenv.mkDerivation { buildInputs = [ ncurses + libxcrypt ]; meta = { diff --git a/pkgs/development/interpreters/unicon-lang/default.nix b/pkgs/development/interpreters/unicon-lang/default.nix index 848c9541114e5..593a955c798bb 100644 --- a/pkgs/development/interpreters/unicon-lang/default.nix +++ b/pkgs/development/interpreters/unicon-lang/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, unzip, libX11, libXt, libnsl }: +{ lib, stdenv, fetchurl, unzip, libX11, libXt, libnsl, libxcrypt }: stdenv.mkDerivation { pname = "unicon-lang"; @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "1g9l2dfp99dqih2ir2limqfjgagh3v9aqly6x0l3qavx3qkkwf61"; }; nativeBuildInputs = [ unzip ]; - buildInputs = [ libnsl libX11 libXt ]; + buildInputs = [ libnsl libX11 libXt libxcrypt ]; hardeningDisable = [ "fortify" ]; diff --git a/pkgs/development/libraries/accountsservice/default.nix b/pkgs/development/libraries/accountsservice/default.nix index 4bd7a67871f9d..694aab16d1abd 100644 --- a/pkgs/development/libraries/accountsservice/default.nix +++ b/pkgs/development/libraries/accountsservice/default.nix @@ -16,6 +16,7 @@ , python3 , vala , gettext +, libxcrypt }: stdenv.mkDerivation rec { @@ -66,6 +67,7 @@ stdenv.mkDerivation rec { glib polkit systemd + libxcrypt ]; mesonFlags = [ diff --git a/pkgs/development/libraries/apr-util/default.nix b/pkgs/development/libraries/apr-util/default.nix index 6f38bfa0d076d..909965bb06886 100644 --- a/pkgs/development/libraries/apr-util/default.nix +++ b/pkgs/development/libraries/apr-util/default.nix @@ -2,7 +2,7 @@ , sslSupport ? true, openssl , bdbSupport ? true, db , ldapSupport ? !stdenv.isCygwin, openldap -, libiconv +, libiconv, libxcrypt , cyrus_sasl, autoreconfHook }: @@ -21,7 +21,10 @@ stdenv.mkDerivation rec { sha256 = "0nq3s1yn13vplgl6qfm09f7n0wm08malff9s59bqf9nid9xjzqfk"; }; - patches = optional stdenv.isFreeBSD ./include-static-dependencies.patch; + patches = [ ./fix-libxcrypt-build.patch ] + ++ optional stdenv.isFreeBSD ./include-static-dependencies.patch; + + NIX_CFLAGS_LINK = [ "-lcrypt" ]; outputs = [ "out" "dev" ]; outputBin = "dev"; @@ -38,15 +41,18 @@ stdenv.mkDerivation rec { "--without-freetds" "--without-berkeley-db" "--without-crypto" ] ; - # For some reason, db version 6.9 is selected when cross-compiling. - # It's unclear as to why, it requires someone with more autotools / configure knowledge to go deeper into that. - # Always replacing the link flag with a generic link flag seems to help though, so let's do that for now. - postConfigure = lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) '' - substituteInPlace Makefile \ - --replace "-ldb-6.9" "-ldb" + postConfigure = '' + echo '#define APR_HAVE_CRYPT_H 1' >> confdefs.h + '' + + # For some reason, db version 6.9 is selected when cross-compiling. + # It's unclear as to why, it requires someone with more autotools / configure knowledge to go deeper into that. + # Always replacing the link flag with a generic link flag seems to help though, so let's do that for now. + lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) '' + substituteInPlace Makefile \ + --replace "-ldb-6.9" "-ldb" ''; - propagatedBuildInputs = [ apr expat libiconv ] + propagatedBuildInputs = [ apr expat libiconv libxcrypt ] ++ optional sslSupport openssl ++ optional bdbSupport db ++ optional ldapSupport openldap diff --git a/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch b/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch new file mode 100644 index 0000000000000..2994e5de0f78b --- /dev/null +++ b/pkgs/development/libraries/apr-util/fix-libxcrypt-build.patch @@ -0,0 +1,14 @@ +diff --git a/crypto/apr_passwd.c b/crypto/apr_passwd.c +index c961de2..a397f27 100644 +--- a/crypto/apr_passwd.c ++++ b/crypto/apr_passwd.c +@@ -24,9 +24,7 @@ + #if APR_HAVE_STRING_H + #include + #endif +-#if APR_HAVE_CRYPT_H + #include +-#endif + #if APR_HAVE_UNISTD_H + #include + #endif diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix index 9c2072179b26d..38631d3242d32 100644 --- a/pkgs/development/libraries/boost/generic.nix +++ b/pkgs/development/libraries/boost/generic.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, icu, expat, zlib, bzip2, python ? null, fixDarwinDylibNames, libiconv +{ lib, stdenv, icu, expat, zlib, bzip2, python ? null, fixDarwinDylibNames, libiconv, libxcrypt , boost-build , fetchpatch , which @@ -214,7 +214,7 @@ stdenv.mkDerivation { ++ optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; buildInputs = [ expat zlib bzip2 libiconv ] ++ optional (stdenv.hostPlatform == stdenv.buildPlatform) icu - ++ optional enablePython python + ++ optionals enablePython [ libxcrypt python ] ++ optional enableNumpy python.pkgs.numpy; configureScript = "./bootstrap.sh"; diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix index be20a9b1678df..170b9a0fba4a2 100644 --- a/pkgs/development/libraries/cyrus-sasl/default.nix +++ b/pkgs/development/libraries/cyrus-sasl/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, openssl, openldap, libkrb5, db, gettext -, pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false +, pam, libxcrypt, fixDarwinDylibNames, autoreconfHook, enableLdap ? false , buildPackages, pruneLibtoolFiles, nixosTests }: with lib; @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook pruneLibtoolFiles ] ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; buildInputs = - [ openssl db gettext libkrb5 ] + [ openssl db gettext libkrb5 libxcrypt ] ++ lib.optional enableLdap openldap ++ lib.optional stdenv.isLinux pam; diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 6ed0a4d4da0fe..83cde07749496 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -36,6 +36,7 @@ , withLinuxHeaders ? false , profilingLibraries ? false , withGd ? false +, withLibcrypt ? false , meta , extraBuildInputs ? [] , extraNativeBuildInputs ? [] @@ -183,7 +184,9 @@ stdenv.mkDerivation ({ # To avoid linking with -lgcc_s (dynamic link) # so the glibc does not depend on its compiler store path "libc_cv_as_needed=no" - ] ++ lib.optional withGd "--with-gd"; + ] + ++ lib.optional withGd "--with-gd" + ++ lib.optional (!withLibcrypt) "--disable-crypt"; makeFlags = [ "OBJCOPY=${stdenv.cc.targetPrefix}objcopy" diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 728b97d2f5f4e..8602498f01b94 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -2,6 +2,7 @@ , withLinuxHeaders ? true , profilingLibraries ? false , withGd ? false +, withLibcrypt? false , buildPackages }: @@ -16,7 +17,7 @@ in callPackage ./common.nix { inherit stdenv; } { pname = "glibc" + lib.optionalString withGd "-gd"; - inherit withLinuxHeaders profilingLibraries withGd; + inherit withLinuxHeaders profilingLibraries withGd withLibcrypt; # Note: # Things you write here override, and do not add to, diff --git a/pkgs/development/libraries/gvm-libs/default.nix b/pkgs/development/libraries/gvm-libs/default.nix index a141d36e33006..ba08fc61f5682 100644 --- a/pkgs/development/libraries/gvm-libs/default.nix +++ b/pkgs/development/libraries/gvm-libs/default.nix @@ -12,6 +12,7 @@ , libpcap , libssh , libuuid +, libxcrypt , libxml2 , pkg-config , zlib @@ -46,6 +47,7 @@ stdenv.mkDerivation rec { libpcap libssh libuuid + libxcrypt libxml2 zlib ]; diff --git a/pkgs/development/libraries/libcli/default.nix b/pkgs/development/libraries/libcli/default.nix index 8aa06bfb19bc2..da076a590e19a 100644 --- a/pkgs/development/libraries/libcli/default.nix +++ b/pkgs/development/libraries/libcli/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, fetchurl }: +{ lib, stdenv, fetchFromGitHub, fetchurl, libxcrypt }: stdenv.mkDerivation rec { pname = "libcli"; @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { }) ]; + buildInputs = [ libxcrypt ]; + enableParallelBuilding = true; makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" "AR=${stdenv.cc.targetPrefix}ar" "PREFIX=$(out)" ]; diff --git a/pkgs/development/libraries/libfilezilla/default.nix b/pkgs/development/libraries/libfilezilla/default.nix index 16c09b65ff1e8..bc70e1fde3aca 100644 --- a/pkgs/development/libraries/libfilezilla/default.nix +++ b/pkgs/development/libraries/libfilezilla/default.nix @@ -6,6 +6,7 @@ , nettle , pkg-config , libiconv +, libxcrypt , ApplicationServices }: @@ -20,7 +21,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ gettext gnutls nettle ] + buildInputs = [ gettext gnutls nettle libxcrypt ] ++ lib.optionals stdenv.isDarwin [ libiconv ApplicationServices ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/libguestfs/default.nix b/pkgs/development/libraries/libguestfs/default.nix index e2da1a30ff146..745b1a180008c 100644 --- a/pkgs/development/libraries/libguestfs/default.nix +++ b/pkgs/development/libraries/libguestfs/default.nix @@ -4,6 +4,7 @@ , pkg-config , autoreconfHook , makeWrapper +, libxcrypt , ncurses , cpio , gperf @@ -65,6 +66,7 @@ stdenv.mkDerivation rec { ] ++ (with perlPackages; [ perl libintl-perl GetoptLong ModuleBuild ]) ++ (with ocamlPackages; [ ocaml findlib ]); buildInputs = [ + libxcrypt ncurses jansson pcre2 diff --git a/pkgs/development/libraries/libxcrypt/default.nix b/pkgs/development/libraries/libxcrypt/default.nix index eadf6f91e1e07..dc2c5d3fb6ccb 100644 --- a/pkgs/development/libraries/libxcrypt/default.nix +++ b/pkgs/development/libraries/libxcrypt/default.nix @@ -1,38 +1,29 @@ -{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config, perl, fetchpatch }: +{ lib, stdenv, fetchurl, perl }: stdenv.mkDerivation rec { pname = "libxcrypt"; version = "4.4.28"; - src = fetchFromGitHub { - owner = "besser82"; - repo = "libxcrypt"; - rev = "v${version}"; - sha256 = "sha256-Ohf+RCOXnoCxAFnXXV9e2TCqpfZziQl+FGJTGDSQTF0="; + src = fetchurl { + url = "https://github.com/besser82/libxcrypt/releases/download/v${version}/libxcrypt-${version}.tar.xz"; + sha256 = "sha256-npNoEfn60R28ozyhm9l8VcUus8oVkB8nreBGzHnmnoc="; }; - patches = [ - # Fix for tests on musl is being upstreamed: - # https://github.com/besser82/libxcrypt/pull/157 - # Applied in all environments to prevent patchrot - (fetchpatch { - url = "https://github.com/besser82/libxcrypt/commit/a4228faa0b96986abc076125cf97d352a063d92f.patch"; - sha256 = "sha256-iGNz8eer6OkA0yR74WisE6GbFTYyXKw7koXl/R7DhVE="; - }) - ]; - - preConfigure = '' - patchShebangs autogen.sh - ./autogen.sh - ''; - configureFlags = [ + "--enable-hashes=all" + "--enable-obsolete-api=glibc" + "--disable-failure-tokens" + ] ++ lib.optionals stdenv.hostPlatform.isMusl [ "--disable-werror" ]; - nativeBuildInputs = [ autoconf automake libtool pkg-config perl ]; + nativeBuildInputs = [ + perl + ]; + + enableParallelBuilding = true; - doCheck = true; + doCheck = !stdenv.hostPlatform.isMusl; meta = with lib; { description = "Extended crypt library for descrypt, md5crypt, bcrypt, and others"; diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix index fda00f6766648..a3bb7128c0f10 100644 --- a/pkgs/development/libraries/libxslt/default.nix +++ b/pkgs/development/libraries/libxslt/default.nix @@ -8,6 +8,7 @@ , gettext , python , ncurses +, libxcrypt , libgcrypt , cryptoSupport ? false , pythonSupport ? true @@ -34,7 +35,7 @@ stdenv.mkDerivation rec { ]; buildInputs = [ - libxml2.dev + libxml2.dev libxcrypt ] ++ lib.optional stdenv.isDarwin [ gettext ] ++ lib.optionals pythonSupport [ diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index f357b8d4b7208..64b6c8c234450 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -11,6 +11,7 @@ , libtool , openssl , systemdMinimal +, libxcrypt }: stdenv.mkDerivation rec { @@ -42,6 +43,7 @@ stdenv.mkDerivation rec { libsodium libtool openssl + libxcrypt ] ++ lib.optionals (stdenv.isLinux) [ systemdMinimal ]; diff --git a/pkgs/development/libraries/physics/cernlib/default.nix b/pkgs/development/libraries/physics/cernlib/default.nix index 77ad6e201a32b..8eae6fcaad55c 100644 --- a/pkgs/development/libraries/physics/cernlib/default.nix +++ b/pkgs/development/libraries/physics/cernlib/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, gfortran, imake, makedepend, motif, xorg }: +{ lib, stdenv, fetchurl, gfortran, imake, makedepend, motif, xorg, libxcrypt }: stdenv.mkDerivation rec { version = "2006"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "0awla1rl96z82br7slcmg8ks1d2a7slk6dj79ywb871j2ksi3fky"; }; - buildInputs = with xorg; [ gfortran motif libX11 libXft libXt ]; + buildInputs = with xorg; [ gfortran motif libX11 libXft libXt libxcrypt ]; nativeBuildInputs = [ imake makedepend ]; sourceRoot = "."; diff --git a/pkgs/development/libraries/talloc/default.nix b/pkgs/development/libraries/talloc/default.nix index cb7af61a63ed2..fb52f75f8c101 100644 --- a/pkgs/development/libraries/talloc/default.nix +++ b/pkgs/development/libraries/talloc/default.nix @@ -4,6 +4,7 @@ , pkg-config , readline , libxslt +, libxcrypt , docbook-xsl-nons , docbook_xml_dtd_42 , fixDarwinDylibNames @@ -33,6 +34,7 @@ stdenv.mkDerivation rec { python3 readline libxslt + libxcrypt ]; wafPath = "buildtools/bin/waf"; diff --git a/pkgs/development/libraries/tdb/default.nix b/pkgs/development/libraries/tdb/default.nix index f040022cc91b8..9a534c4c14652 100644 --- a/pkgs/development/libraries/tdb/default.nix +++ b/pkgs/development/libraries/tdb/default.nix @@ -5,6 +5,7 @@ , python3 , readline , libxslt +, libxcrypt , docbook-xsl-nons , docbook_xml_dtd_45 }: @@ -30,6 +31,7 @@ stdenv.mkDerivation rec { buildInputs = [ python3 readline # required to build python + libxcrypt ]; wafPath = "buildtools/bin/waf"; diff --git a/pkgs/development/libraries/zeroc-ice/default.nix b/pkgs/development/libraries/zeroc-ice/default.nix index 4eef03c4a6193..3050525c2a29e 100644 --- a/pkgs/development/libraries/zeroc-ice/default.nix +++ b/pkgs/development/libraries/zeroc-ice/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, fetchFromGitHub -, bzip2, expat, libedit, lmdb, openssl +, bzip2, expat, libedit, lmdb, openssl, libxcrypt , python3 # for tests only , cpp11 ? false }: @@ -31,7 +31,7 @@ in stdenv.mkDerivation rec { sha256 = "sha256-h455isEmnRyoasXhh1UaA5PICcEEM8/C3IJf5yHRl5g="; }; - buildInputs = [ zeroc_mcpp bzip2 expat libedit lmdb openssl ]; + buildInputs = [ zeroc_mcpp bzip2 expat libedit lmdb openssl libxcrypt ]; preBuild = '' makeFlagsArray+=( diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix index 74ffea9643952..7f06652e66b3c 100644 --- a/pkgs/development/lua-modules/overrides.nix +++ b/pkgs/development/lua-modules/overrides.nix @@ -22,6 +22,7 @@ , libmysqlclient , libuuid , libuv +, libxcrypt , libyaml , mariadb , mpfr @@ -336,6 +337,12 @@ with prev; ]; }); + luaposix = prev.luaLib.overrideLuarocks prev.luaposix (drv: { + externalDeps = [ + { name = "CRYPT"; dep = libxcrypt; } + ]; + }); + luasec = prev.luaLib.overrideLuarocks prev.luasec (drv: { externalDeps = [ { name = "OPENSSL"; dep = openssl_1_1; } diff --git a/pkgs/development/python-modules/pillow-simd/default.nix b/pkgs/development/python-modules/pillow-simd/default.nix index e856c2f578528..b39a86a7fbfcc 100644 --- a/pkgs/development/python-modules/pillow-simd/default.nix +++ b/pkgs/development/python-modules/pillow-simd/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, buildPythonPackage, fetchFromGitHub, isPyPy, isPy3k -, olefile, freetype, libjpeg, zlib, libtiff, libwebp, tcl, lcms2 +, olefile, freetype, libjpeg, zlib, libtiff, libwebp, libxcrypt, tcl, lcms2 , libxcb, tk, libX11, openjpeg, libimagequant, pyroma, numpy, defusedxml , pytestCheckHook }@args: diff --git a/pkgs/development/python-modules/pillow/default.nix b/pkgs/development/python-modules/pillow/default.nix index 017069a7dd2d4..6e50be53f99d0 100644 --- a/pkgs/development/python-modules/pillow/default.nix +++ b/pkgs/development/python-modules/pillow/default.nix @@ -4,7 +4,7 @@ , pythonOlder , fetchPypi , isPyPy -, defusedxml, olefile, freetype, libjpeg, zlib, libtiff, libwebp, tcl, lcms2, tk, libX11 +, defusedxml, olefile, freetype, libjpeg, zlib, libtiff, libwebp, libxcrypt, tcl, lcms2, tk, libX11 , libxcb, openjpeg, libimagequant, pyroma, numpy, pytestCheckHook # for passthru.tests , imageio, matplotlib, pilkit, pydicom, reportlab diff --git a/pkgs/development/python-modules/pillow/generic.nix b/pkgs/development/python-modules/pillow/generic.nix index ec4f052638206..54f730751076e 100644 --- a/pkgs/development/python-modules/pillow/generic.nix +++ b/pkgs/development/python-modules/pillow/generic.nix @@ -38,7 +38,7 @@ buildPythonPackage rec { checkInputs = [ pytestCheckHook pyroma numpy ]; - buildInputs = [ freetype libjpeg openjpeg libimagequant zlib libtiff libwebp tcl lcms2 ] + buildInputs = [ freetype libjpeg openjpeg libimagequant zlib libtiff libwebp libxcrypt tcl lcms2 ] ++ lib.optionals (lib.versionAtLeast version "7.1.0") [ libxcb ] ++ lib.optionals (isPyPy) [ tk libX11 ]; diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index fa6c4726222c9..fae5ef8cf1039 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -97,6 +97,9 @@ buildPythonPackage rec { echo 'MulticastTests.test_multicast.skip = "Reactor was unclean"'>> src/twisted/test/test_udp.py echo 'MulticastTests.test_multiListen.skip = "No such device"'>> src/twisted/test/test_udp.py + # fails since migrating to libxcrypt + echo 'HelperTests.test_refuteCryptedPassword.skip = "OSError: Invalid argument"' >> src/twisted/conch/test/test_checkers.py + # not packaged substituteInPlace src/twisted/test/test_failure.py \ --replace "from cython_test_exception_raiser import raiser # type: ignore[import]" "raiser = None" diff --git a/pkgs/development/tools/libsigrokdecode/default.nix b/pkgs/development/tools/libsigrokdecode/default.nix index 06b5f5c35bbad..672dddfc5ca22 100644 --- a/pkgs/development/tools/libsigrokdecode/default.nix +++ b/pkgs/development/tools/libsigrokdecode/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pkg-config, glib, python3, check }: +{ lib, stdenv, fetchurl, pkg-config, glib, python3, check, libxcrypt }: stdenv.mkDerivation rec { pname = "libsigrokdecode"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ glib python3 ]; + buildInputs = [ glib python3 libxcrypt ]; checkInputs = [ check ]; doCheck = true; diff --git a/pkgs/games/snis/default.nix b/pkgs/games/snis/default.nix index ed09ed46eff54..b74fef4518208 100644 --- a/pkgs/games/snis/default.nix +++ b/pkgs/games/snis/default.nix @@ -18,6 +18,7 @@ , sox , libopus , openscad +, libxcrypt }: stdenv.mkDerivation { @@ -46,7 +47,7 @@ stdenv.mkDerivation { ''; nativeBuildInputs = [ pkg-config openscad makeWrapper ]; - buildInputs = [ coreutils portaudio libbsd libpng libvorbis SDL2 lua5_2 glew openssl picotts sox alsa-utils libopus ]; + buildInputs = [ coreutils portaudio libbsd libpng libvorbis SDL2 lua5_2 glew openssl picotts sox alsa-utils libopus libxcrypt ]; postBuild = '' make models -j$NIX_BUILD_CORES diff --git a/pkgs/misc/screensavers/slock/default.nix b/pkgs/misc/screensavers/slock/default.nix index 9f364ba520cd2..c23b5fdc249b8 100644 --- a/pkgs/misc/screensavers/slock/default.nix +++ b/pkgs/misc/screensavers/slock/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, writeText -, xorgproto, libX11, libXext, libXrandr +, xorgproto, libX11, libXext, libXrandr, libxcrypt # default header can be obtained from # https://git.suckless.org/slock/tree/config.def.h , conf ? null }: @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { sha256 = "0sif752303dg33f14k6pgwq2jp1hjyhqv6x4sy3sj281qvdljf5m"; }; - buildInputs = [ xorgproto libX11 libXext libXrandr ]; + buildInputs = [ xorgproto libX11 libXext libXrandr libxcrypt ]; installFlags = [ "PREFIX=$(out)" ]; diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 3fd787bce6bd4..933b4e176f762 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -18,6 +18,7 @@ , writeShellScript , closureInfo , runCommand +, libxcrypt }: let @@ -93,7 +94,8 @@ let perl ] ++ lib.optional withPython python; - buildInputs = lib.optional withPerl perl + buildInputs = [ libxcrypt ] + ++ lib.optional withPerl perl ++ lib.optional withPython python; # required to build apparmor-parser diff --git a/pkgs/os-specific/linux/otpw/default.nix b/pkgs/os-specific/linux/otpw/default.nix index 14381ac68c164..6c53bf16efc19 100644 --- a/pkgs/os-specific/linux/otpw/default.nix +++ b/pkgs/os-specific/linux/otpw/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pam }: +{ lib, stdenv, fetchurl, pam, libxcrypt }: stdenv.mkDerivation rec { pname = "otpw"; @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { cp *.8 $out/share/man/man8 ''; - buildInputs = [ pam ]; + buildInputs = [ pam libxcrypt ]; hardeningDisable = [ "stackprotector" ]; diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 72f91e89c7454..22e7057e343f7 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext, audit , nixosTests -, withLibxcrypt ? false, libxcrypt +, withLibxcrypt ? true, libxcrypt }: stdenv.mkDerivation rec { diff --git a/pkgs/os-specific/linux/pam_mysql/default.nix b/pkgs/os-specific/linux/pam_mysql/default.nix index 807899cf2b28c..036d4b20cb4c5 100644 --- a/pkgs/os-specific/linux/pam_mysql/default.nix +++ b/pkgs/os-specific/linux/pam_mysql/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, meson, ninja, pam, pkg-config, libmysqlclient, mariadb }: +{ lib, stdenv, fetchFromGitHub, meson, ninja, pam, pkg-config, libmysqlclient, mariadb, libxcrypt }: stdenv.mkDerivation rec { pname = "pam_mysql"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ meson pkg-config ninja ]; - buildInputs = [ pam libmysqlclient mariadb ]; + buildInputs = [ pam libmysqlclient mariadb libxcrypt ]; meta = with lib; { description = "PAM authentication module against a MySQL database"; diff --git a/pkgs/os-specific/linux/pam_pgsql/default.nix b/pkgs/os-specific/linux/pam_pgsql/default.nix index 3cfa6733efa84..2eabcefe584c6 100644 --- a/pkgs/os-specific/linux/pam_pgsql/default.nix +++ b/pkgs/os-specific/linux/pam_pgsql/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, postgresql, libgcrypt, pam }: +{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, postgresql, libgcrypt, pam, libxcrypt }: stdenv.mkDerivation rec { pname = "pam_pgsql"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ libgcrypt pam postgresql ]; + buildInputs = [ libgcrypt pam postgresql libxcrypt ]; meta = with lib; { description = "Support to authenticate against PostgreSQL for PAM-enabled appliations"; diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index c066dd4c4c5c5..33875049747dd 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, gettext, libsepol, libselinux, libsemanage }: +{ lib, stdenv, fetchurl, gettext, libsepol, libselinux, libsemanage, libxcrypt }: stdenv.mkDerivation rec { pname = "policycoreutils"; @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { ''; nativeBuildInputs = [ gettext ]; - buildInputs = [ libsepol libselinux libsemanage ]; + buildInputs = [ libsepol libselinux libsemanage libxcrypt ]; makeFlags = [ "PREFIX=$(out)" diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 5537f9f6aacb0..c6fd417d0d6fa 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt , libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison, runtimeShell -, pam ? null, glibcCross ? null +, libxcrypt, pam ? null, glibcCross ? null }: let @@ -28,7 +28,8 @@ stdenv.mkDerivation rec { sha256 = "sha256-PxLX5V0t18JftT5wT41krNv18Ew7Kz3MfZkOi/80ODA="; }; - buildInputs = lib.optional (pam != null && stdenv.isLinux) pam; + buildInputs = [ libxcrypt ] + ++ lib.optional (pam != null && stdenv.isLinux) pam; nativeBuildInputs = [autoreconfHook libxslt libxml2 docbook_xml_dtd_45 docbook_xsl flex bison itstool ]; @@ -62,6 +63,8 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-man" "--with-group-name-max-length=32" + "--with-bcrypt" + "--with-yescrypt" ] ++ lib.optional (stdenv.hostPlatform.libc != "glibc") "--disable-nscd"; preBuild = lib.optionalString (stdenv.hostPlatform.libc == "glibc") diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 1cde12f202291..28d385ad5eab5 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -27,6 +27,7 @@ , util-linux , kbd , kmod +, libxcrypt # Optional dependencies , pam @@ -360,6 +361,7 @@ stdenv.mkDerivation { acl audit kmod + libxcrypt libcap libidn2 libuuid diff --git a/pkgs/os-specific/linux/sysvinit/default.nix b/pkgs/os-specific/linux/sysvinit/default.nix index 87b5b81066c20..c8ba3164ab09d 100644 --- a/pkgs/os-specific/linux/sysvinit/default.nix +++ b/pkgs/os-specific/linux/sysvinit/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, withoutInitTools ? false }: +{ lib, stdenv, fetchurl, libxcrypt, withoutInitTools ? false }: stdenv.mkDerivation rec { pname = if withoutInitTools then "sysvtools" else "sysvinit"; @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { sed -i -e "s,/sbin/,$out/sbin/," src/halt.c src/init.c src/paths.h ''; + buildInputs = [ libxcrypt ]; + makeFlags = [ "SULOGINLIBS=-lcrypt" "ROOT=$(out)" "MANDIR=/share/man" ]; preInstall = diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index d57fdba7310be..8df231c961e22 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -1,6 +1,7 @@ { lib, stdenv, fetchurl, pkg-config, zlib, shadow , capabilitiesSupport ? true , libcap_ng +, libxcrypt , ncursesSupport ? true , ncurses , pamSupport ? true @@ -68,7 +69,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config ] ++ lib.optionals translateManpages [ po4a ]; - buildInputs = [ zlib ] + buildInputs = [ zlib libxcrypt ] ++ lib.optionals pamSupport [ pam ] ++ lib.optionals capabilitiesSupport [ libcap_ng ] ++ lib.optionals ncursesSupport [ ncurses ] diff --git a/pkgs/os-specific/linux/wiringpi/default.nix b/pkgs/os-specific/linux/wiringpi/default.nix index a06e25b9eb8eb..eed71188eb075 100644 --- a/pkgs/os-specific/linux/wiringpi/default.nix +++ b/pkgs/os-specific/linux/wiringpi/default.nix @@ -2,6 +2,7 @@ , stdenv , symlinkJoin , fetchFromGitHub +, libxcrypt }: let @@ -35,6 +36,9 @@ let inherit mkSubProject; wiringPi = mkSubProject { subprj = "wiringPi"; + buildInputs = [ + libxcrypt + ]; }; devLib = mkSubProject { subprj = "devLib"; @@ -45,6 +49,7 @@ let wiringPiD = mkSubProject { subprj = "wiringPiD"; buildInputs = [ + libxcrypt passthru.wiringPi passthru.devLib ]; @@ -52,6 +57,7 @@ let gpio = mkSubProject { subprj = "gpio"; buildInputs = [ + libxcrypt passthru.wiringPi passthru.devLib ]; diff --git a/pkgs/servers/dante/default.nix b/pkgs/servers/dante/default.nix index dd5967a2407b8..742ee2a0e684c 100644 --- a/pkgs/servers/dante/default.nix +++ b/pkgs/servers/dante/default.nix @@ -1,4 +1,5 @@ -{ lib, stdenv, fetchurl, fetchpatch, pam, libkrb5, cyrus_sasl, miniupnpc, autoreconfHook }: +{ lib, stdenv, fetchurl, fetchpatch, autoreconfHook +, pam, libkrb5, cyrus_sasl, miniupnpc, libxcrypt }: stdenv.mkDerivation rec { pname = "dante"; @@ -10,7 +11,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = lib.optional stdenv.hostPlatform.isMips64 autoreconfHook; - buildInputs = [ pam libkrb5 cyrus_sasl miniupnpc ]; + buildInputs = [ pam libkrb5 cyrus_sasl miniupnpc libxcrypt ]; configureFlags = if !stdenv.isDarwin then [ "--with-libc=libc.so.6" ] diff --git a/pkgs/servers/dico/default.nix b/pkgs/servers/dico/default.nix index 0275046aa2526..e372ffe9bad8f 100644 --- a/pkgs/servers/dico/default.nix +++ b/pkgs/servers/dico/default.nix @@ -1,5 +1,5 @@ { fetchurl, lib, stdenv, libtool, gettext, zlib, readline, gsasl -, guile, python3, pcre, libffi, groff }: +, guile, python3, pcre, libffi, groff, libxcrypt }: stdenv.mkDerivation rec { pname = "dico"; @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ groff ]; buildInputs = - [ libtool gettext zlib readline gsasl guile python3 pcre libffi ]; + [ libtool gettext zlib readline gsasl guile python3 pcre libffi libxcrypt ]; strictDeps = true; diff --git a/pkgs/servers/ftp/bftpd/default.nix b/pkgs/servers/ftp/bftpd/default.nix index 6bedb469f4d47..73edd94a34935 100644 --- a/pkgs/servers/ftp/bftpd/default.nix +++ b/pkgs/servers/ftp/bftpd/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, libxcrypt }: stdenv.mkDerivation rec { pname = "bftpd"; @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "sha256-lyHQYU4aXQ/muAyaigStqO/ULL393SOelagFmuKDqm8="; }; + buildInputs = [ libxcrypt ]; + preConfigure = '' sed -re 's/-[og] 0//g' -i Makefile* ''; diff --git a/pkgs/servers/ftp/pure-ftpd/default.nix b/pkgs/servers/ftp/pure-ftpd/default.nix index 15f1520b80708..fe82f1c4679d6 100644 --- a/pkgs/servers/ftp/pure-ftpd/default.nix +++ b/pkgs/servers/ftp/pure-ftpd/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, openssl, pam, fetchpatch }: +{ lib, stdenv, fetchurl, openssl, pam, libxcrypt }: stdenv.mkDerivation rec { pname = "pure-ftpd"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "sha256-QWD2a3ZhXuojl+rE6j8KFGt5KCB7ebxMwvma17e9lRM="; }; - buildInputs = [ openssl pam ]; + buildInputs = [ openssl pam libxcrypt ]; configureFlags = [ "--with-tls" ]; diff --git a/pkgs/servers/ftp/vsftpd/default.nix b/pkgs/servers/ftp/vsftpd/default.nix index 3a3517f4f2307..601d14d342a17 100644 --- a/pkgs/servers/ftp/vsftpd/default.nix +++ b/pkgs/servers/ftp/vsftpd/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, nixosTests }: +{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, libxcrypt, nixosTests }: stdenv.mkDerivation rec { pname = "vsftpd"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "sha256-JrYCrkVLC6bZnvRKCba54N+n9nIoEGc23x8njHC8kdM="; }; - buildInputs = [ libcap openssl libseccomp pam ]; + buildInputs = [ libcap openssl libseccomp pam libxcrypt ]; patches = [ ./CVE-2015-1419.patch ]; diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix index 72ad91d017e10..ec8b3e5c6fa24 100644 --- a/pkgs/servers/http/apache-httpd/2.4.nix +++ b/pkgs/servers/http/apache-httpd/2.4.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which +{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which, libxcrypt , nixosTests , proxySupport ? true , sslSupport ? true, openssl @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ which ]; - buildInputs = [ perl ] ++ + buildInputs = [ perl libxcrypt ] ++ lib.optional brotliSupport brotli ++ lib.optional sslSupport openssl ++ lib.optional ldapSupport openldap ++ # there is no --with-ldap flag diff --git a/pkgs/servers/http/bozohttpd/default.nix b/pkgs/servers/http/bozohttpd/default.nix index 1574a953b174c..b236e1f2621f9 100644 --- a/pkgs/servers/http/bozohttpd/default.nix +++ b/pkgs/servers/http/bozohttpd/default.nix @@ -6,6 +6,7 @@ , inetutils , wget , openssl +, libxcrypt , minimal ? false , userSupport ? !minimal , cgiSupport ? !minimal @@ -42,7 +43,7 @@ stdenv.mkDerivation rec { ]; patchFlags = [ "-p3" ]; - buildInputs = [ openssl ] ++ optional (luaSupport) lua; + buildInputs = [ openssl libxcrypt ] ++ optional (luaSupport) lua; nativeBuildInputs = [ bmake groff ]; COPTS = [ diff --git a/pkgs/servers/http/hiawatha/default.nix b/pkgs/servers/http/hiawatha/default.nix index 950faf89bedb8..2ab0b12c483fb 100644 --- a/pkgs/servers/http/hiawatha/default.nix +++ b/pkgs/servers/http/hiawatha/default.nix @@ -4,6 +4,7 @@ , cmake , ninja , mbedtls +, libxcrypt , enableCache ? true # Internal cache support. , enableIpV6 ? true @@ -27,7 +28,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ cmake ninja ]; - buildInputs = [ mbedtls ] ++ lib.optionals enableXslt [ libxslt libxml2 ]; + buildInputs = [ mbedtls libxcrypt ] ++ lib.optionals enableXslt [ libxslt libxml2 ]; prePatch = '' substituteInPlace CMakeLists.txt --replace SETUID "" diff --git a/pkgs/servers/http/tengine/default.nix b/pkgs/servers/http/tengine/default.nix index d7c8ea226febf..d464f7aa3e5f2 100644 --- a/pkgs/servers/http/tengine/default.nix +++ b/pkgs/servers/http/tengine/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt +{ lib, stdenv, fetchFromGitHub, openssl, zlib, pcre, libxcrypt, libxml2, libxslt , substituteAll, gd, geoip, gperftools, jemalloc, nixosTests , withDebug ? false , withMail ? false @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { }; buildInputs = - [ openssl zlib pcre libxml2 libxslt gd geoip gperftools jemalloc ] + [ openssl zlib pcre libxcrypt libxml2 libxslt gd geoip gperftools jemalloc ] ++ concatMap (mod: mod.inputs or []) modules; patches = singleton (substituteAll { diff --git a/pkgs/servers/http/thttpd/default.nix b/pkgs/servers/http/thttpd/default.nix index 64e7309bc9bf2..c7a92bbf5f1ca 100644 --- a/pkgs/servers/http/thttpd/default.nix +++ b/pkgs/servers/http/thttpd/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, libxcrypt }: stdenv.mkDerivation rec { pname = "thttpd"; @@ -14,6 +14,10 @@ stdenv.mkDerivation rec { sed -i -e 's/chmod 2755/chmod 755/' extras/Makefile.in ''; + buildInputs = [ + libxcrypt + ]; + preInstall = '' mkdir -p "$out/man/man1" sed -i -e 's/-o bin -g bin *//' Makefile diff --git a/pkgs/servers/hylafaxplus/default.nix b/pkgs/servers/hylafaxplus/default.nix index d02f1b5a7e376..c1a8cdc26d8e3 100644 --- a/pkgs/servers/hylafaxplus/default.nix +++ b/pkgs/servers/hylafaxplus/default.nix @@ -13,6 +13,7 @@ , gnugrep , gnused , libtiff +, libxcrypt , openssl , psmisc , sharutils @@ -79,6 +80,7 @@ stdenv.mkDerivation { file # for `file` command ghostscript libtiff + libxcrypt openssl psmisc # for `fuser` command sharutils # for `uuencode` command diff --git a/pkgs/servers/irc/atheme/default.nix b/pkgs/servers/irc/atheme/default.nix index 9db7ef3aaca89..3df18bbe0c978 100644 --- a/pkgs/servers/irc/atheme/default.nix +++ b/pkgs/servers/irc/atheme/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchgit, libmowgli, pkg-config, git, gettext, pcre, libidn, cracklib, openssl }: +{ lib, stdenv, fetchgit, libmowgli, pkg-config, git, gettext, pcre, libidn, libxcrypt, cracklib, openssl }: stdenv.mkDerivation rec { pname = "atheme"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkg-config git gettext ]; - buildInputs = [ libmowgli pcre libidn cracklib openssl ]; + buildInputs = [ libmowgli pcre libidn libxcrypt cracklib openssl ]; configureFlags = [ "--with-pcre" diff --git a/pkgs/servers/irc/ircd-hybrid/default.nix b/pkgs/servers/irc/ircd-hybrid/default.nix index 346555cf5d7a1..cda989b8bef9c 100644 --- a/pkgs/servers/irc/ircd-hybrid/default.nix +++ b/pkgs/servers/irc/ircd-hybrid/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, openssl, zlib }: +{ lib, stdenv, fetchurl, openssl, zlib, libxcrypt }: stdenv.mkDerivation rec { pname = "ircd-hybrid"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "sha256-vQNzx4DjCMGm9piQFf8o4cIpme92S3toY2tihXPCUe8="; }; - buildInputs = [ openssl zlib ]; + buildInputs = [ openssl zlib libxcrypt ]; configureFlags = [ "--with-nicklen=100" diff --git a/pkgs/servers/mail/opensmtpd/default.nix b/pkgs/servers/mail/opensmtpd/default.nix index 5f36b139781b9..3bac9e0c6ef60 100644 --- a/pkgs/servers/mail/opensmtpd/default.nix +++ b/pkgs/servers/mail/opensmtpd/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, autoconf, automake, libtool, bison -, libasr, libevent, zlib, libressl, db, pam, nixosTests +, libasr, libevent, zlib, libressl, db, pam, libxcrypt, nixosTests }: stdenv.mkDerivation rec { @@ -7,7 +7,7 @@ stdenv.mkDerivation rec { version = "6.8.0p2"; nativeBuildInputs = [ autoconf automake libtool bison ]; - buildInputs = [ libasr libevent zlib libressl db pam ]; + buildInputs = [ libasr libevent zlib libressl db pam libxcrypt ]; src = fetchurl { url = "https://www.opensmtpd.org/archives/${pname}-${version}.tar.gz"; diff --git a/pkgs/servers/mail/popa3d/default.nix b/pkgs/servers/mail/popa3d/default.nix index 9678bfe3fa28a..d36d26b5d520a 100644 --- a/pkgs/servers/mail/popa3d/default.nix +++ b/pkgs/servers/mail/popa3d/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, openssl }: +{ lib, stdenv, fetchurl, openssl, libxcrypt }: stdenv.mkDerivation rec { pname = "popa3d"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1g48cd74sqhl496wmljhq44iyfpghaz363a1ip8nyhpjz7d57f03"; }; - buildInputs = [ openssl ]; + buildInputs = [ openssl libxcrypt ]; patches = [ ./fix-mail-spool-path.patch diff --git a/pkgs/servers/monitoring/plugins/wmic-bin.nix b/pkgs/servers/monitoring/plugins/wmic-bin.nix index 00e76624d102b..7ce7802eaf4a7 100644 --- a/pkgs/servers/monitoring/plugins/wmic-bin.nix +++ b/pkgs/servers/monitoring/plugins/wmic-bin.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, autoPatchelfHook, popt }: +{ stdenv, lib, fetchFromGitHub, autoPatchelfHook, popt, libxcrypt }: stdenv.mkDerivation rec { pname = "wmic-bin"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "1w1mdbiwz37wzry1q38h8dyjaa6iggmsb9wcyhhlawwm1vj50w48"; }; - buildInputs = [ popt ]; + buildInputs = [ popt libxcrypt ]; nativeBuildInputs = [ autoPatchelfHook ]; diff --git a/pkgs/servers/news/leafnode/default.nix b/pkgs/servers/news/leafnode/default.nix index 03aea95177a4d..32c59aea2bd37 100644 --- a/pkgs/servers/news/leafnode/default.nix +++ b/pkgs/servers/news/leafnode/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pcre }: +{ lib, stdenv, fetchurl, pcre, libxcrypt }: stdenv.mkDerivation { pname = "leafnode"; @@ -27,7 +27,7 @@ stdenv.mkDerivation { sed -i validatefqdn.c -e 's/int is_validfqdn(const char \*f) {/int is_validfqdn(const char *f) { return 1;/;' ''; - buildInputs = [ pcre]; + buildInputs = [ pcre libxcrypt ]; meta = { homepage = "http://leafnode.sourceforge.net/"; diff --git a/pkgs/servers/pies/default.nix b/pkgs/servers/pies/default.nix index d96835c94978f..9f5dfafcbea1d 100644 --- a/pkgs/servers/pies/default.nix +++ b/pkgs/servers/pies/default.nix @@ -1,4 +1,4 @@ -{ fetchurl, lib, stdenv }: +{ fetchurl, lib, stdenv, libxcrypt }: stdenv.mkDerivation rec { pname = "pies"; @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "12r7rjjyibjdj08dvwbp0iflfpzl4s0zhn6cr6zj3hwf9gbzgl1g"; }; + buildInputs = [ libxcrypt ]; + configureFlags = ["--sysconfdir=/etc"]; hardeningDisable = [ "format" ]; diff --git a/pkgs/servers/pleroma/default.nix b/pkgs/servers/pleroma/default.nix index e4204f28f1d5c..cb2d57112f332 100644 --- a/pkgs/servers/pleroma/default.nix +++ b/pkgs/servers/pleroma/default.nix @@ -1,6 +1,7 @@ { lib, beamPackages , fetchFromGitHub, fetchFromGitLab , file, cmake +, libxcrypt , nixosTests, writeText , ... }: @@ -129,6 +130,8 @@ beamPackages.mixRelease rec { postInstall = "mv $out/lib/erlang/lib/crypt-${version}/priv/{source,crypt}.so"; beamDeps = with final; [ elixir_make ]; + + buildInputs = [ libxcrypt ]; }; web_push_encryption = beamPackages.buildMix rec { name = "web_push_encryption"; diff --git a/pkgs/servers/pounce/default.nix b/pkgs/servers/pounce/default.nix index 0d01f9cb7c493..e03d6e6827a15 100644 --- a/pkgs/servers/pounce/default.nix +++ b/pkgs/servers/pounce/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, libressl, fetchzip, pkg-config }: +{ lib, stdenv, libressl, fetchzip, pkg-config, libxcrypt }: stdenv.mkDerivation rec { pname = "pounce"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "17vmbfr7ika6kmq9jqa3rpd4cr71arapav7hlmggnj7a9yw5b9mg"; }; - buildInputs = [ libressl ]; + buildInputs = [ libressl libxcrypt ]; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/servers/search/groonga/default.nix b/pkgs/servers/search/groonga/default.nix index ffe9f901df582..7b7717828e17e 100644 --- a/pkgs/servers/search/groonga/default.nix +++ b/pkgs/servers/search/groonga/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, autoreconfHook, mecab, kytea, libedit, pkg-config +{ lib, stdenv, fetchurl, autoreconfHook, mecab, kytea, libedit, pkg-config, libxcrypt , suggestSupport ? false, zeromq, libevent, msgpack, openssl , lz4Support ? false, lz4 , zlibSupport ? true, zlib @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { ''; buildInputs = with lib; - [ mecab kytea libedit openssl ] + [ mecab kytea libedit openssl libxcrypt ] ++ optional lz4Support lz4 ++ optional zlibSupport zlib ++ optionals suggestSupport [ zeromq libevent msgpack ]; diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix index 66c294f5d4a89..2eb7e24ab380e 100644 --- a/pkgs/servers/sip/freeswitch/default.nix +++ b/pkgs/servers/sip/freeswitch/default.nix @@ -1,7 +1,7 @@ { fetchFromGitHub, stdenv, lib, pkg-config, autoreconfHook , ncurses, gnutls, readline , openssl, perl, sqlite, libjpeg, speex, pcre, libuuid -, ldns, libedit, yasm, which, libsndfile, libtiff +, ldns, libedit, yasm, which, libsndfile, libtiff, libxcrypt , callPackage @@ -116,7 +116,7 @@ stdenv.mkDerivation rec { openssl ncurses gnutls readline libjpeg sqlite pcre speex ldns libedit libsndfile libtiff - libuuid + libuuid libxcrypt ] ++ lib.unique (lib.concatMap (mod: mod.inputs) enabledModules) ++ lib.optionals stdenv.isDarwin [ SystemConfiguration ]; diff --git a/pkgs/servers/sql/pgpool/default.nix b/pkgs/servers/sql/pgpool/default.nix index 436217f2e63e5..10b8871c57861 100644 --- a/pkgs/servers/sql/pgpool/default.nix +++ b/pkgs/servers/sql/pgpool/default.nix @@ -3,6 +3,7 @@ , fetchurl , postgresql , openssl +, libxcrypt , withPam ? stdenv.isLinux , pam }: @@ -20,6 +21,7 @@ stdenv.mkDerivation rec { buildInputs = [ postgresql openssl + libxcrypt ] ++ lib.optional withPam pam; configureFlags = [ diff --git a/pkgs/servers/uwsgi/default.nix b/pkgs/servers/uwsgi/default.nix index d24c482a8895a..2dc2c3230a82c 100644 --- a/pkgs/servers/uwsgi/default.nix +++ b/pkgs/servers/uwsgi/default.nix @@ -1,4 +1,4 @@ -{ stdenv, nixosTests, lib, fetchurl, pkg-config, jansson, pcre +{ stdenv, nixosTests, lib, fetchurl, pkg-config, jansson, pcre, libxcrypt # plugins: list of strings, eg. [ "python2" "python3" ] , plugins ? [] , pam, withPAM ? stdenv.isLinux @@ -74,7 +74,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ python3 pkg-config ]; - buildInputs = [ jansson pcre ] + buildInputs = [ jansson pcre libxcrypt ] ++ lib.optional withPAM pam ++ lib.optional withSystemd systemd ++ lib.optional withCap libcap diff --git a/pkgs/servers/web-apps/sogo/default.nix b/pkgs/servers/web-apps/sogo/default.nix index 286883722f64d..6517ad1a60011 100644 --- a/pkgs/servers/web-apps/sogo/default.nix +++ b/pkgs/servers/web-apps/sogo/default.nix @@ -1,4 +1,4 @@ -{ gnustep, lib, fetchFromGitHub, fetchpatch, makeWrapper, python3, lndir +{ gnustep, lib, fetchFromGitHub, fetchpatch, makeWrapper, python3, lndir, libxcrypt , openssl, openldap, sope, libmemcached, curl, libsodium, libytnef, libzip, pkg-config, nixosTests , oath-toolkit , enableActiveSync ? false @@ -15,7 +15,7 @@ gnustep.stdenv.mkDerivation rec { }; nativeBuildInputs = [ gnustep.make makeWrapper python3 pkg-config ]; - buildInputs = [ gnustep.base sope openssl libmemcached curl libsodium libytnef libzip openldap oath-toolkit ] + buildInputs = [ gnustep.base sope openssl libmemcached curl libsodium libytnef libzip openldap oath-toolkit libxcrypt ] ++ lib.optional enableActiveSync libwbxml; patches = lib.optional enableActiveSync ./enable-activesync.patch; diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index 77d68e1d9aab7..b1a8c8eccacc9 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -1992,7 +1992,7 @@ lib.makeScope newScope (self: with self; { }) {}; # THIS IS A GENERATED FILE. DO NOT EDIT! - xdm = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXau, libXaw, libXdmcp, libXext, libXft, libXinerama, libXmu, libXpm, xorgproto, libXrender, libXt }: stdenv.mkDerivation { + xdm = callPackage ({ stdenv, pkg-config, fetchurl, libX11, libXau, libXaw, libXdmcp, libXext, libXft, libXinerama, libXmu, libXpm, libxcrypt, xorgproto, libXrender, libXt }: stdenv.mkDerivation { pname = "xdm"; version = "1.1.12"; builder = ./builder.sh; @@ -2003,7 +2003,7 @@ lib.makeScope newScope (self: with self; { hardeningDisable = [ "bindnow" "relro" ]; strictDeps = true; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libX11 libXau libXaw libXdmcp libXext libXft libXinerama libXmu libXpm xorgproto libXrender libXt ]; + buildInputs = [ libX11 libXau libXaw libXdmcp libXext libXft libXinerama libXmu libXpm xorgproto libXrender libXt libxcrypt ]; meta.platforms = lib.platforms.unix; }) {}; diff --git a/pkgs/shells/tcsh/default.nix b/pkgs/shells/tcsh/default.nix index 4fac6eb13d640..8ca3eb5a9ee1b 100644 --- a/pkgs/shells/tcsh/default.nix +++ b/pkgs/shells/tcsh/default.nix @@ -2,6 +2,7 @@ , stdenv , fetchurl , fetchpatch +, libxcrypt , ncurses }: @@ -16,6 +17,7 @@ stdenv.mkDerivation rec { strictDeps = true; buildInputs = [ + libxcrypt ncurses ]; diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 03856d5c07111..dbaff342fb1af 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -221,7 +221,7 @@ in # This is not an issue for the final stdenv, because this perl # won't be included in the final stdenv and won't be exported to # top-level pkgs as an override either. - perl = super.perl.override { enableThreading = false; }; + perl = super.perl.override { enableThreading = false; enableCrypt = false; }; }; }) diff --git a/pkgs/tools/backup/partimage/default.nix b/pkgs/tools/backup/partimage/default.nix index afb8489e1f429..d5a2863d968d8 100644 --- a/pkgs/tools/backup/partimage/default.nix +++ b/pkgs/tools/backup/partimage/default.nix @@ -7,6 +7,7 @@ , openssl , pkg-config , slang +, libxcrypt , autoreconfHook }: stdenv.mkDerivation rec { @@ -23,7 +24,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-ssl-headers=${openssl.dev}/include/openssl" ]; nativeBuildInputs = [ pkg-config autoreconfHook ]; - buildInputs = [ bzip2 zlib newt newt openssl slang ]; + buildInputs = [ bzip2 zlib newt newt openssl slang libxcrypt ]; patches = [ ./gentoos-zlib.patch diff --git a/pkgs/tools/misc/conserver/default.nix b/pkgs/tools/misc/conserver/default.nix index d8bb437404d41..30ac050ee0d33 100644 --- a/pkgs/tools/misc/conserver/default.nix +++ b/pkgs/tools/misc/conserver/default.nix @@ -3,6 +3,7 @@ , fetchFromGitHub , fetchpatch , autoreconfHook +, libxcrypt , gssapiSupport ? false , libkrb5 , freeipmiSupport ? false @@ -36,7 +37,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; - buildInputs = [ ] + buildInputs = [ libxcrypt ] ++ lib.optionals freeipmiSupport [ freeipmi ] ++ lib.optionals gssapiSupport [ libkrb5 ] ++ lib.optionals opensslSupport [ openssl ]; diff --git a/pkgs/tools/misc/kermit/default.nix b/pkgs/tools/misc/kermit/default.nix index 33644e911c635..bccecde01cc75 100644 --- a/pkgs/tools/misc/kermit/default.nix +++ b/pkgs/tools/misc/kermit/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, ncurses, glibc }: +{ lib, stdenv, fetchurl, ncurses, libxcrypt }: stdenv.mkDerivation { pname = "kermit"; @@ -9,7 +9,7 @@ stdenv.mkDerivation { sha256 = "0487mh6s99ijqf1pfmbm302pa5i4pzmm8s439hdl1ffs5g8jqpqd"; }; - buildInputs = [ ncurses glibc ]; + buildInputs = [ ncurses libxcrypt ]; unpackPhase = '' mkdir -p src diff --git a/pkgs/tools/misc/ldapvi/default.nix b/pkgs/tools/misc/ldapvi/default.nix index f8862cfa56774..dd0d34f50fe57 100644 --- a/pkgs/tools/misc/ldapvi/default.nix +++ b/pkgs/tools/misc/ldapvi/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchgit, openldap, openssl, popt, glib, ncurses, readline, pkg-config, cyrus_sasl, autoconf, automake }: +{ lib, stdenv, fetchgit, openldap, openssl, popt, glib, libxcrypt, ncurses, readline, pkg-config, cyrus_sasl, autoconf, automake }: stdenv.mkDerivation { pname = "ldapvi"; @@ -11,7 +11,7 @@ stdenv.mkDerivation { }; nativeBuildInputs = [ pkg-config autoconf automake ]; - buildInputs = [ openldap openssl popt glib ncurses readline cyrus_sasl ]; + buildInputs = [ openldap openssl popt glib libxcrypt ncurses readline cyrus_sasl ]; preConfigure = '' cd ldapvi diff --git a/pkgs/tools/misc/screen/default.nix b/pkgs/tools/misc/screen/default.nix index b5b3f2b189b69..f9d546a30fe35 100644 --- a/pkgs/tools/misc/screen/default.nix +++ b/pkgs/tools/misc/screen/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, autoreconfHook, ncurses, utmp, pam ? null }: +{ lib, stdenv, fetchurl, autoreconfHook, ncurses, libxcrypt, utmp, pam ? null }: stdenv.mkDerivation rec { pname = "screen"; @@ -22,6 +22,7 @@ stdenv.mkDerivation rec { ]; buildInputs = [ ncurses + libxcrypt ] ++ lib.optional stdenv.isLinux pam ++ lib.optional stdenv.isDarwin utmp; diff --git a/pkgs/tools/misc/toybox/default.nix b/pkgs/tools/misc/toybox/default.nix index fc9465f35cdc1..c94537c0bfd24 100644 --- a/pkgs/tools/misc/toybox/default.nix +++ b/pkgs/tools/misc/toybox/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, fetchFromGitHub, which, - buildPackages, + buildPackages, libxcrypt, enableStatic ? stdenv.hostPlatform.isStatic, enableMinimal ? false, extraConfig ? "" @@ -18,8 +18,12 @@ stdenv.mkDerivation rec { }; depsBuildBuild = [ buildPackages.stdenv.cc ]; # needed for cross - buildInputs = lib.optionals (enableStatic && stdenv.cc.libc ? static) - [ stdenv.cc.libc stdenv.cc.libc.static ]; + buildInputs = [ + libxcrypt + ] ++lib.optionals (enableStatic && stdenv.cc.libc ? static) [ + stdenv.cc.libc + stdenv.cc.libc.static + ]; postPatch = "patchShebangs ."; diff --git a/pkgs/tools/networking/dcap/default.nix b/pkgs/tools/networking/dcap/default.nix index f606c3f6cd6a8..3ee1a389ef946 100644 --- a/pkgs/tools/networking/dcap/default.nix +++ b/pkgs/tools/networking/dcap/default.nix @@ -6,6 +6,7 @@ , libtool , zlib , cunit +, libxcrypt }: stdenv.mkDerivation rec { pname = "dcap"; @@ -19,7 +20,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ autoconf automake libtool ]; - buildInputs = [ zlib ]; + buildInputs = [ zlib libxcrypt ]; preConfigure = '' patchShebangs bootstrap.sh diff --git a/pkgs/tools/networking/dropbear/default.nix b/pkgs/tools/networking/dropbear/default.nix index 30efbcc508d0b..e15b0072be769 100644 --- a/pkgs/tools/networking/dropbear/default.nix +++ b/pkgs/tools/networking/dropbear/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, glibc, zlib +{ lib, stdenv, fetchurl, glibc, zlib, libxcrypt , enableStatic ? stdenv.hostPlatform.isStatic , enableSCP ? false , sftpPath ? "/run/current-system/sw/libexec/sftp-server" @@ -49,7 +49,7 @@ stdenv.mkDerivation rec { ./pass-path.patch ]; - buildInputs = [ zlib ] ++ lib.optionals enableStatic [ glibc.static zlib.static ]; + buildInputs = [ zlib libxcrypt ] ++ lib.optionals enableStatic [ glibc.static zlib.static ]; meta = with lib; { homepage = "https://matt.ucc.asn.au/dropbear/dropbear.html"; diff --git a/pkgs/tools/networking/haproxy/default.nix b/pkgs/tools/networking/haproxy/default.nix index 2a51d9ac0755a..b27c229ae04d4 100644 --- a/pkgs/tools/networking/haproxy/default.nix +++ b/pkgs/tools/networking/haproxy/default.nix @@ -2,7 +2,7 @@ , usePcre ? true , withPrometheusExporter ? true , stdenv, lib, fetchurl, nixosTests -, openssl, zlib +, openssl, zlib, libxcrypt , lua5_3 ? null, pcre ? null, systemd ? null }: @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { sha256 = "sha256-zp4Z6/zdQ+Ua+KYJDx341RLZct33QvpkimQ7uxkFZgU="; }; - buildInputs = [ openssl zlib ] + buildInputs = [ openssl zlib libxcrypt ] ++ lib.optional useLua lua5_3 ++ lib.optional usePcre pcre ++ lib.optional stdenv.isLinux systemd; diff --git a/pkgs/tools/networking/libreswan/default.nix b/pkgs/tools/networking/libreswan/default.nix index 25ad29b1cfe71..01ac1af23ef0d 100644 --- a/pkgs/tools/networking/libreswan/default.nix +++ b/pkgs/tools/networking/libreswan/default.nix @@ -11,6 +11,7 @@ , pam , libevent , libcap_ng +, libxcrypt , curl , nspr , bash @@ -66,7 +67,7 @@ stdenv.mkDerivation rec { buildInputs = [ systemd coreutils gnused gawk gmp unbound pam libevent - libcap_ng curl nspr nss ldns + libcap_ng libxcrypt curl nspr nss ldns # needed to patch shebangs python3 bash ] ++ lib.optional stdenv.isLinux libselinux; diff --git a/pkgs/tools/networking/lsh/default.nix b/pkgs/tools/networking/lsh/default.nix index 07f0524d5f4fa..7c5e09b950ae1 100644 --- a/pkgs/tools/networking/lsh/default.nix +++ b/pkgs/tools/networking/lsh/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, gperf, guile, gmp, zlib, liboop, readline, gnum4, pam -, nettools, lsof, procps }: +, nettools, lsof, procps, libxcrypt }: stdenv.mkDerivation rec { pname = "lsh"; @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { # Should be present in upcoming 2.1 release. NIX_CFLAGS_COMPILE = "-std=gnu90 -fcommon"; - buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam ]; + buildInputs = [ gperf guile gmp zlib liboop readline gnum4 pam libxcrypt ]; meta = { description = "GPL'd implementation of the SSH protocol"; diff --git a/pkgs/tools/networking/mailutils/default.nix b/pkgs/tools/networking/mailutils/default.nix index faccef57697a0..225b208822a3a 100644 --- a/pkgs/tools/networking/mailutils/default.nix +++ b/pkgs/tools/networking/mailutils/default.nix @@ -22,6 +22,7 @@ , python3 , sasl , system-sendmail +, libxcrypt }: stdenv.mkDerivation rec { @@ -63,6 +64,7 @@ stdenv.mkDerivation rec { python3 readline sasl + libxcrypt ] ++ lib.optionals stdenv.isLinux [ nettools ]; patches = [ diff --git a/pkgs/tools/networking/ocserv/default.nix b/pkgs/tools/networking/ocserv/default.nix index 067c614f58509..29801eebbd78d 100644 --- a/pkgs/tools/networking/ocserv/default.nix +++ b/pkgs/tools/networking/ocserv/default.nix @@ -1,6 +1,6 @@ { lib, stdenv, fetchFromGitLab, autoreconfHook, pkg-config, nettle, gnutls , libev, protobufc, guile, geoip, libseccomp, gperf, readline -, lz4, libgssglue, ronn, pam +, lz4, libgssglue, ronn, pam, libxcrypt }: stdenv.mkDerivation rec { @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ autoreconfHook gperf pkg-config ronn ]; - buildInputs = [ nettle gnutls libev protobufc guile geoip libseccomp readline lz4 libgssglue pam ]; + buildInputs = [ nettle gnutls libev protobufc guile geoip libseccomp readline lz4 libgssglue pam libxcrypt ]; meta = with lib; { homepage = "https://gitlab.com/openconnect/ocserv"; diff --git a/pkgs/tools/networking/ppp/default.nix b/pkgs/tools/networking/ppp/default.nix index d39607338e74f..be50397bf1d0a 100644 --- a/pkgs/tools/networking/ppp/default.nix +++ b/pkgs/tools/networking/ppp/default.nix @@ -3,8 +3,10 @@ , fetchFromGitHub , substituteAll , libpcap +, libxcrypt , openssl , bash +, nixosTests }: stdenv.mkDerivation rec { @@ -31,6 +33,7 @@ stdenv.mkDerivation rec { buildInputs = [ libpcap + libxcrypt openssl bash ]; @@ -48,6 +51,8 @@ stdenv.mkDerivation rec { "CC=${stdenv.cc.targetPrefix}cc" ]; + NIX_LDFLAGS = "-lcrypt"; + installPhase = '' runHook preInstall mkdir -p $out/bin @@ -60,6 +65,10 @@ stdenv.mkDerivation rec { substituteInPlace "$out/bin/pon" --replace "/usr/sbin" "$out/bin" ''; + passthru.tests = { + inherit (nixosTests) pppd; + }; + meta = with lib; { homepage = "https://ppp.samba.org"; description = "Point-to-point implementation to provide Internet connections over serial lines"; diff --git a/pkgs/tools/networking/srelay/default.nix b/pkgs/tools/networking/srelay/default.nix index da09395fc7a8a..709e4f9594a48 100644 --- a/pkgs/tools/networking/srelay/default.nix +++ b/pkgs/tools/networking/srelay/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, libxcrypt }: stdenv.mkDerivation rec { pname = "srelay"; @@ -11,6 +11,8 @@ stdenv.mkDerivation rec { patches = [ ./arm.patch ]; + buildInputs = [ libxcrypt ]; + installPhase = "install -D srelay $out/bin/srelay"; meta = { diff --git a/pkgs/tools/networking/xrootd/default.nix b/pkgs/tools/networking/xrootd/default.nix index 24354f3ec7c1c..454ee09446209 100644 --- a/pkgs/tools/networking/xrootd/default.nix +++ b/pkgs/tools/networking/xrootd/default.nix @@ -9,6 +9,7 @@ , fuse , libkrb5 , libuuid +, libxcrypt , libxml2 , openssl , readline @@ -48,6 +49,7 @@ stdenv.mkDerivation rec { curl libkrb5 libuuid + libxcrypt libxml2 openssl readline diff --git a/pkgs/tools/package-management/cde/default.nix b/pkgs/tools/package-management/cde/default.nix index 5e86e2affb32f..43a32eccda16d 100644 --- a/pkgs/tools/package-management/cde/default.nix +++ b/pkgs/tools/package-management/cde/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub }: +{ lib, stdenv, fetchFromGitHub, libxcrypt }: stdenv.mkDerivation rec { pname = "cde"; @@ -17,6 +17,8 @@ stdenv.mkDerivation rec { # useful. preferLocalBuild = true; + buildInputs = [ libxcrypt ]; + patchBuild = '' sed -i -e '/install/d' $src/Makefile ''; diff --git a/pkgs/tools/security/mokutil/default.nix b/pkgs/tools/security/mokutil/default.nix index b408e4d2c80eb..5a597b73a7cec 100644 --- a/pkgs/tools/security/mokutil/default.nix +++ b/pkgs/tools/security/mokutil/default.nix @@ -6,6 +6,7 @@ , openssl , efivar , keyutils +, libxcrypt }: stdenv.mkDerivation rec { @@ -28,6 +29,7 @@ stdenv.mkDerivation rec { openssl efivar keyutils + libxcrypt ]; meta = with lib; { diff --git a/pkgs/tools/security/super/default.nix b/pkgs/tools/security/super/default.nix index eba7def957ce3..1c2e9cbd4ab4e 100644 --- a/pkgs/tools/security/super/default.nix +++ b/pkgs/tools/security/super/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, fetchpatch }: +{ lib, stdenv, fetchurl, fetchpatch, libxcrypt }: stdenv.mkDerivation rec { pname = "super"; @@ -37,6 +37,8 @@ stdenv.mkDerivation rec { "--localstatedir=/var" ]; + buildInputs = [ libxcrypt ]; + installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ]; meta = { diff --git a/pkgs/tools/system/monit/default.nix b/pkgs/tools/system/monit/default.nix index b338f6a80d6af..07b0163b5ac99 100644 --- a/pkgs/tools/system/monit/default.nix +++ b/pkgs/tools/system/monit/default.nix @@ -4,6 +4,7 @@ , bison , flex , zlib +, libxcrypt , usePAM ? stdenv.hostPlatform.isLinux , pam , useSSL ? true @@ -20,7 +21,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ bison flex ]; - buildInputs = [ zlib.dev ] ++ + buildInputs = [ zlib.dev libxcrypt ] ++ lib.optionals useSSL [ openssl ] ++ lib.optionals usePAM [ pam ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f949ac5879465..5deee78f02318 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20709,7 +20709,13 @@ with pkgs; libx86 = callPackage ../development/libraries/libx86 {}; - libxcrypt = callPackage ../development/libraries/libxcrypt { }; + libxcrypt = callPackage ../development/libraries/libxcrypt { + fetchurl = stdenv.fetchurlBoot; + perl = buildPackages.perl.override { + enableCrypt = false; + fetchurl = stdenv.fetchurlBoot; + }; + }; libxdg_basedir = callPackage ../development/libraries/libxdg-basedir { };