guix_mirror_bot pushed a commit to branch version-1.5.0 in repository guix.
commit 519210ce80a09338e262906721335aeba3ead474 Author: Hugo Buddelmeijer <[email protected]> AuthorDate: Wed Jan 14 23:19:39 2026 +0100 gnu: Add libxcrypt-without-failure-tokens. * gnu/packages/crypto.scm (libxcrypt-without-failure-tokens): New variable. Change-Id: I89f551d2e69f68d7c2440593c00b4dbc4c605b89 Signed-off-by: Rutherther <[email protected]> --- gnu/packages/crypto.scm | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index c46b9a62e0..0bd035e87f 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -1670,6 +1670,27 @@ SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.") (home-page "https://github.com/besser82/libxcrypt";) (license license:lgpl2.1))) +(define-public libxcrypt-without-failure-tokens + ;; This version of libxcrypt is used for guile-2.2.4, which is used in Guix + ;; v1.0.0 and thus needs to be supported for guix time-machine. + ;; + ;; Guile uses the 'crypt' hashing function that used to be provided by glibc, + ;; but was moved to libxcrypt around glibc 2.39. However, the crypt function + ;; in libxcrypt works differently for invalid salt values: libxcrypt returnns + ;; the failure token "*0" for (crypt "pass" "$X$abc"), where glibc raised + ;; "Invalid argument" (EINVAL). The --disable-failure-tokens flag lets + ;; libxcrypt behave in the same way as glibc. + ;; + ;; Guile 2.2.4 explicitly checks for the glibc behavior of crypt, and thus + ;; needs libxcrypt to be compiled with --disable-failure-tokens. + (hidden-package + (package/inherit libxcrypt + (name "libxcrypt-without-failure-tokens") + (arguments + (substitute-keyword-arguments (package-arguments libxcrypt) + ((#:configure-flags flags #~'()) + #~(cons* "--disable-failure-tokens" #$flags))))))) + (define-public keychain (package (name "keychain")
