From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B2213158086 for ; Mon, 18 Oct 2021 20:45:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 09ECEE0844; Mon, 18 Oct 2021 20:45:32 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DBD01E0844 for ; Mon, 18 Oct 2021 20:45:31 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E6BBD343423 for ; Mon, 18 Oct 2021 20:45:30 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4C5E989 for ; Mon, 18 Oct 2021 20:45:29 +0000 (UTC) From: "Andreas K. Hüttel" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas K. Hüttel" Message-ID: <1634589909.232dd42f93031207d628903f6ad4d5c9a96267af.dilfridge@gentoo> Subject: [gentoo-commits] data/gentoo-news:master commit in: 2021-10-18-libxcrypt-migration-stable/ X-VCS-Repository: data/gentoo-news X-VCS-Files: 2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt X-VCS-Directories: 2021-10-18-libxcrypt-migration-stable/ X-VCS-Committer: dilfridge X-VCS-Committer-Name: Andreas K. Hüttel X-VCS-Revision: 232dd42f93031207d628903f6ad4d5c9a96267af X-VCS-Branch: master Date: Mon, 18 Oct 2021 20:45:29 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: f84482c6-a34e-4d94-bcc7-1c6a5b625798 X-Archives-Hash: a7e6f5ddbdccc3ec69798659f9b65778 commit: 232dd42f93031207d628903f6ad4d5c9a96267af Author: Andreas K. Hüttel gentoo org> AuthorDate: Mon Oct 18 20:45:09 2021 +0000 Commit: Andreas K. Hüttel gentoo org> CommitDate: Mon Oct 18 20:45:09 2021 +0000 URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=232dd42f Add stable version of libxcrypt-migration news Signed-off-by: Andreas K. Hüttel gentoo.org> .../2021-10-18-libxcrypt-migration-stable.en.txt | 64 ++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt b/2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt new file mode 100644 index 0000000..ccfcddd --- /dev/null +++ b/2021-10-18-libxcrypt-migration-stable/2021-10-18-libxcrypt-migration-stable.en.txt @@ -0,0 +1,64 @@ +Title: migrating from glibc[crypt] to libxcrypt in stable +Author: Andreas K. Hüttel +Author: Sam James +Posted: 2021-10-18 +Revision: 1 +News-Item-Format: 2.0 + +The implementation of libcrypt.so within glibc has been deprecated +for a long time and will be removed in the near future. + +For this reason, we are following other distributions (where +this has been tested for years already) and switching to the +external libxcrypt implementation, now also in stable installations. + +This will be a regular update, and in nearly all cases you +will not have to take any action and not observe any problems. + +We do recommend, however, that your system is *fully* up +to date first. This is a standard recommendation but in this +specific case, it is useful to have a simplified depgraph +to ensure that Portage is able to smoothly calculate +an upgrade path. + +That is, please take the opportunity to fully upgrade your +systems now, before the migration occurs, to simplify matters. + +This change will occur on 2021-11-01 for stable users. +~arch users by default should already have switched. + +If for whatever reason you do *not* wish to switch now - +which is only delaying the inevitable - you +need to take the following steps: +* unmask and enable the crypt USE flag of sys-libs/glibc +* mask the system USE flag of sys-libs/libxcrypt +* mask >=virtual/libcrypt-2 + +If you wish to manually migrate now, there are a series +of steps described on the wiki (see below), but the outline is: +* unforce the crypt USE flag of sys-libs/glibc and disable it +* unmask the system and split-usr (if applicable) USE flag of sys-libs/libxcrypt +and enable it +* unmask ~virtual/libcrypt-2 + +Please note that if you last changed your password before ~2008, +it may be using md5crypt or similar other weak mechanisms in /etc/shadow; +a bug in PAM [0][1] may mean that you were unable to login. We recommend +using "passwd" to change/refresh your password so it is using modern +methods. A new version of PAM has been added to the tree to resolve this issue. + +In some cases, Portage may schedule a rebuild of certain packages in an +incorrect order [2]. If building a package fails, please try upgrading +libcrypt and libxcrypt first: + +# emerge -v1 virtual/libcrypt sys-libs/libxcrypt + +And then continue the world upgrade with Portage's "--keep-going=y". + +For more information or troubleshooting tips, please see: +* https://wiki.gentoo.org/wiki/Project:Toolchain/libcrypt_implementation +* https://bugs.gentoo.org/699422 + +[0] https://bugs.gentoo.org/802267 +[1] https://bugs.gentoo.org/802807 +[2] https://bugs.gentoo.org/802210