guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 044108d022c7646610fb520948d481814ed1d922
Author: Hugo Buddelmeijer <[email protected]>
AuthorDate: Wed Jan 14 23:19:39 2026 +0100
gnu: Add libxcrypt-without-failure-tokens.
* gnu/packages/crypto.scm (libxcrypt-without-failure-tokens): New variable.
Change-Id: I89f551d2e69f68d7c2440593c00b4dbc4c605b89
Signed-off-by: Rutherther <[email protected]>
---
gnu/packages/crypto.scm | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 695f5780b2..a9e06ea51e 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -1714,6 +1714,27 @@ SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and
descrypt.")
(home-page "https://github.com/besser82/libxcrypt";)
(license license:lgpl2.1)))
+(define-public libxcrypt-without-failure-tokens
+ ;; This version of libxcrypt is used for guile-2.2.4, which is used in Guix
+ ;; v1.0.0 and thus needs to be supported for guix time-machine.
+ ;;
+ ;; Guile uses the 'crypt' hashing function that used to be provided by glibc,
+ ;; but was moved to libxcrypt around glibc 2.39. However, the crypt function
+ ;; in libxcrypt works differently for invalid salt values: libxcrypt returnns
+ ;; the failure token "*0" for (crypt "pass" "$X$abc"), where glibc raised
+ ;; "Invalid argument" (EINVAL). The --disable-failure-tokens flag lets
+ ;; libxcrypt behave in the same way as glibc.
+ ;;
+ ;; Guile 2.2.4 explicitly checks for the glibc behavior of crypt, and thus
+ ;; needs libxcrypt to be compiled with --disable-failure-tokens.
+ (hidden-package
+ (package/inherit libxcrypt
+ (name "libxcrypt-without-failure-tokens")
+ (arguments
+ (substitute-keyword-arguments (package-arguments libxcrypt)
+ ((#:configure-flags flags #~'())
+ #~(cons* "--disable-failure-tokens" #$flags)))))))
+
(define-public keychain
(package
(name "keychain")
