809410 – (libxcrypt-stable) sys-libs/glibc-2.33-r7 stabilization including libxcrypt transition for stable users

Bug 809410 (libxcrypt-stable) - sys-libs/glibc-2.33-r7 stabilization including libxcrypt transition for stable users

Summary: sys-libs/glibc-2.33-r7 stabilization including libxcrypt transition for stabl...

Status:	RESOLVED FIXED

Alias:	libxcrypt-stable

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Stabilization (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:
Whiteboard:
Keywords:	CC-ARCHES, PullRequest, SECURITY, Tracker

Depends on:	821115 809491 809494 809497 809500 818046 822072
Blocks:	CVE-2021-35942 CVE-2021-38604 817815 820524
	Show dependency tree

Reported:	2021-08-21 15:16 UTC by Andreas K. Hüttel
Modified:	2022-01-05 05:25 UTC (History)
CC List:	4 users (show)

See Also:	libxcrypt-migration https://github.com/gentoo/gentoo/pull/23027
Package list:	sys-libs/glibc-2.33-r7 sys-libs/libxcrypt-4.4.25-r1 virtual/libcrypt-2
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas K. Hüttel archtester

2021-08-21 15:16:53 UTC

Tracker that will become stablerequest. No talking please.

Comment 1 NATTkA bot gentoo-dev

2021-09-09 17:32:25 UTC Comment hidden (obsolete)

Unable to check for sanity:

> dependent bug #809491 has errors

Comment 2 NATTkA bot gentoo-dev

2021-09-09 17:36:29 UTC Comment hidden (obsolete)

All sanity-check issues have been resolved

Comment 3 Francisco Blas Izquierdo Riera (RETIRED) gentoo-dev

2021-10-23 13:32:19 UTC

Please close #817815 once amd64 has stabilized sys-libs/glibc-2.33-r7

Comment 4 Andreas K. Hüttel archtester

2021-10-30 21:42:32 UTC

Arches please test and stabilize at or after 1/Nov/21.

The packages *MUST* go stable together; all or none.

glibc test failures should only be reported if they are regressions compared to current stable.

Comment 5 Sam James archtester

2021-10-30 21:58:35 UTC Comment hidden (obsolete)

I think it's too risky to add CC-ARCHES to avoid fighting with automation like both I and ago use. I just happen to read most of the bugs for anything important.

But I'll start testing manually now to have it ready to go.

Comment 6 Sam James archtester

2021-10-31 18:10:29 UTC

arm done

Comment 7 Sam James archtester

2021-10-31 18:10:31 UTC

arm64 done

Comment 8 Sam James archtester

2021-10-31 18:10:32 UTC

amd64 done

Comment 9 Sam James archtester

2021-10-31 18:12:12 UTC

x86 done

Comment 10 Sam James archtester

2021-10-31 18:12:13 UTC

ppc done

Comment 11 Sam James archtester

2021-10-31 18:12:15 UTC

ppc64 done

Comment 12 Larry the Git Cow gentoo-dev

2021-10-31 21:25:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=c0fc80bac65a65d04ca4ce503c233d238d43d390

commit c0fc80bac65a65d04ca4ce503c233d238d43d390
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-31 21:22:33 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-31 21:25:05 +0000

    2021-10-18-libxcrypt-migration-stable: tweak guidance slightly
    
    Bug: https://bugs.gentoo.org/809410
    Bug: https://bugs.gentoo.org/699422
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt          | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

Comment 13 Carlos Konstanski 2021-11-01 22:42:46 UTC

The upgrade of glibc and introduction of libxcrypt is not proceeding smoothly. The file /lib64/libcrypt.so.1 still exists in glibc and it is colliding with libxcrypt.

 * Detected file collision(s):
 * 
 *      /usr/include/crypt.h
 *      /lib64/libcrypt.so.1
 * 
 * Searching all installed packages for file collisions...
 * 
 * Press Ctrl-C to Stop
 * 
 * sys-libs/glibc-2.33-r7:2.2::gentoo
 *      /lib64/libcrypt.so.1


I'm on an x86_64 build. Here are the details of both packages:

# emerge -1av glibc libxcrypt

These are the packages that would be merged, in order:

Calculating dependencies  .... done!
[ebuild   R    ] sys-libs/glibc-2.33-r7:2.2::gentoo  USE="multiarch (multilib) ssp (static-libs) -audit -caps (-cet) -compile-locales (-crypt) -custom-cflags -doc -gd -headers-only -multilib-bootstrap -nscd -profile (-selinux) -static-pie -suid -systemd -systemtap -test (-vanilla)" 0 KiB
[ebuild  N     ] sys-libs/libxcrypt-4.4.25:0/1::gentoo  USE="(compat) (split-usr) (system) -static-libs -test" ABI_X86="32 (64) (-x32)" 0 KiB

Comment 14 Sam James archtester

2021-11-02 09:10:18 UTC

(In reply to Carlos Konstanski from comment #13)
> The upgrade of glibc and introduction of libxcrypt is not proceeding
> smoothly. The file /lib64/libcrypt.so.1 still exists in glibc and it is
> colliding with libxcrypt.
> 
>  * Detected file collision(s):
>  * 
>  *      /usr/include/crypt.h
>  *      /lib64/libcrypt.so.1
>  * 
>  * Searching all installed packages for file collisions...
>  * 
>  * Press Ctrl-C to Stop
>  * 
>  * sys-libs/glibc-2.33-r7:2.2::gentoo
>  *      /lib64/libcrypt.so.1
> 
> 
> I'm on an x86_64 build. Here are the details of both packages:
> 
> # emerge -1av glibc libxcrypt
> 
> These are the packages that would be merged, in order:
> 
> Calculating dependencies  .... done!
> [ebuild   R    ] sys-libs/glibc-2.33-r7:2.2::gentoo  USE="multiarch
> (multilib) ssp (static-libs) -audit -caps (-cet) -compile-locales (-crypt)
> -custom-cflags -doc -gd -headers-only -multilib-bootstrap -nscd -profile
> (-selinux) -static-pie -suid -systemd -systemtap -test (-vanilla)" 0 KiB
> [ebuild  N     ] sys-libs/libxcrypt-4.4.25:0/1::gentoo  USE="(compat)
> (split-usr) (system) -static-libs -test" ABI_X86="32 (64) (-x32)" 0 KiB

Please file a new bug for this with the full emerge log and emerge —-info. Interestingly, I’ve heard a few reports of this yesterday, but not many.

Comment 15 Another Mortal 2021-11-03 21:29:46 UTC

I'm experiencing the exact same issue.

Some odd logic also seem to want to pull in glibc with USE=crypt enabled...

---
 * This package will overwrite one or more files that may belong to other                                                           
 * packages (see list below).                                                                                                       
 *                                                                                                                                  
 * Detected file collision(s):                                                                                                      
 *                                                                                                                                  
 *      /usr/include/crypt.h                                                                                                        
 *      /lib64/libcrypt.so.1                                                                                                        
 *                                                                                                                                  
 * Searching all installed packages for file collisions...                                                                          
 *                                                                                                                                  
 * Press Ctrl-C to Stop                                                                                                             
 *                                                                                                                                  
 * sys-libs/glibc-2.33-r7:2.2::gentoo
 *      /lib64/libcrypt.so.1
 * 
 * Package 'sys-libs/libxcrypt-4.4.25' NOT merged due to file collisions.
 * If necessary, refer to your elog messages for the whole content of the
 * above message.
eleven ~ # 
eleven ~ # emerge --skipfirst -qv                                  
 * One or more packages are either masked or have missing dependencies:
 * 
 *   sys-libs/glibc[crypt(+)] pulled in by:
 *     (virtual/libcrypt-1-r1:0/1::gentoo, installed)
 * 
 *   sys-libs/glibc[crypt(+)] pulled in by:
 *     (virtual/libcrypt-1-r1:0/1::gentoo, installed)
 * 
---


Shouldn't virtual/libcrypt be v2???

Aha... emerge wants to merge libxcrypt **before** that,
but since that never succeeds (even when run separately),
it never gets there...

---
eleven ~ # emerge -vaq virtual/libcrypt                                                                                             
[ebuild  N    ] sys-libs/libxcrypt-4.4.25  USE="(compat) (split-usr) (system) -static-libs -test" ABI_X86="32 (64) (-x32)"          
[ebuild  r  U ] virtual/libcrypt-2 [1-r1] USE="-static-libs" ABI_X86="32 (64) (-x32)"                                               
---

Interesting...

Comment 16 Sam James archtester

2021-11-03 21:33:23 UTC

(In reply to Another Mortal from comment #15)
> I'm experiencing the exact same issue.
> 

Please file a _new_ bug with the full logs attached. This one is
getting rather crowded and it isn't for blocker issues anyway.

It's hard to investigate & easy to get lost with this sort of thing.

>  * Detected file collision(s):                                                                                                 
>  * sys-libs/glibc-2.33-r7:2.2::gentoo
>  *      /lib64/libcrypt.so.1

Something like 3 people have mentioned this so far although I have no idea
why it would happen.

> Shouldn't virtual/libcrypt be v2???
> eleven ~ # emerge --skipfirst -qv                                  
>  * One or more packages are either masked or have missing dependencies:

I would expect things to fall over if you're trying to resume, to be fair, yeah.

> Aha... emerge wants to merge libxcrypt **before** that,
> but since that never succeeds (even when run separately),
> it never gets there...
> 

Try FEATURES="-collision-protect -unmerge-orphans -protect-owned" emerge -v1 libxcrypt.

Comment 17 Another Mortal 2021-11-04 19:35:56 UTC

> Try FEATURES="-collision-protect -unmerge-orphans -protect-owned" emerge -v1 libxcrypt.

Thanks!  That's pretty close to what I did. ;^)

---
eleven ~ # mkdir libcrypt.backup
eleven ~ # for i in /usr/include/crypt.h /lib64/libcrypt.so.1 ; do cp -v $i libcrypt.backup/${i//\//,} -v; done
'/usr/include/crypt.h' -> 'libcrypt.backup/,usr,include,crypt.h'
'/lib64/libcrypt.so.1' -> 'libcrypt.backup/,lib64,libcrypt.so.1'
eleven ~ # FEATURES='-collision-protect -protect-owned' emerge -vaq1 libxcrypt
---

I'm happy with this resolution and too lazy to file a new bug report. SORRY!

Comment 18 Sam James archtester

2021-11-06 00:52:33 UTC

hppa done

Comment 19 Larry the Git Cow gentoo-dev

2021-11-06 02:35:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f10efb4adc6e0266f0c0b1995c0ff01aa8e9cf28

commit f10efb4adc6e0266f0c0b1995c0ff01aa8e9cf28
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2021-11-05 17:34:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-06 02:35:11 +0000

    sys-libs/glibc: preserve libcrypt.so.1 as an orphan
    
    This should help users who have FEATURES="-preserve-libs protect-owned".
    
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    Bug: https://bugs.gentoo.org/809410
    Closes: https://github.com/gentoo/gentoo/pull/22833
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/glibc/glibc-2.33-r7.ebuild | 5 +++--
 sys-libs/glibc/glibc-2.34.ebuild    | 5 +++--
 sys-libs/glibc/glibc-9999.ebuild    | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)

Comment 20 Larry the Git Cow gentoo-dev

2021-11-11 21:04:22 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d081cb997d18d200c71e1ff394e17db2f01f38d

commit 3d081cb997d18d200c71e1ff394e17db2f01f38d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-11 21:02:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-11 21:02:52 +0000

    sys-libs/glibc: drop Python 3.10 from PYTHON_COMPAT to avoid circular deps
    
    Needed for now to try help upgrades and avoid circular dependencies
    with glibc -> python -> libcrypt -> libxcrypt -> glibc -> ...
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/702806
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/glibc/glibc-2.33-r7.ebuild | 5 ++++-
 sys-libs/glibc/glibc-2.34-r1.ebuild | 5 ++++-
 sys-libs/glibc/glibc-9999.ebuild    | 5 ++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

Comment 21 Larry the Git Cow gentoo-dev

2021-11-12 04:58:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=1c4eb83b3e4a1f453d16e8a2356ddf61651b5310

commit 1c4eb83b3e4a1f453d16e8a2356ddf61651b5310
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-12 04:58:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-12 04:58:26 +0000

    2021-10-18-libxcrypt-migration-stable: mention being in root shell if possible
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt                     | 5 +++++
 1 file changed, 5 insertions(+)

Comment 22 NATTkA bot gentoo-dev

2021-11-19 17:44:35 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: sys-libs/libxcrypt-4.4.25

Comment 23 Larry the Git Cow gentoo-dev

2021-11-22 06:28:26 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b87870785cf14109912ccce809d6e4a9b56c3aa

commit 5b87870785cf14109912ccce809d6e4a9b56c3aa
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-22 06:27:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-22 06:28:18 +0000

    profiles/arch/sparc: unmask older libcrypt virtual for now
    
    virtual/libcrypt:0/2 isn't marked stable yet on sparc.
    
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/arch/sparc/package.mask | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01fd1ed53bffbcb11aa1734eb0ca42d3597318f5

commit 01fd1ed53bffbcb11aa1734eb0ca42d3597318f5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-22 06:08:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-22 06:28:17 +0000

    profiles: mask (older) virtual/libcrypt:0/1 for glibc to ease upgrades
    
    Mask the older virtual/libcrypt subslot (which permits glibc[crypt] instead
    of libxcrypt) to ease upgrades.
    
    Not yet doing this for musl (need to figure that out still) or uclibc (which
    is going away, see news).
    
    Was on the fence about doing this given it makes it slightly more
    awkward to put off the upgrade if desired, but that's really discouraged
    at this point, and I think it's worth it to make upgrades easier
    for more people.
    
    This helps Portage realise it can/should upgrade to virtual/libcrypt:0/2
    rather than giving very confusing blocker errors (which it often, but not
    always, gets past).
    
    Final push to do this was a forum post: https://forums.gentoo.org/viewtopic-t-1145602.html
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.mask            | 9 +++++++++
 profiles/features/musl/package.mask   | 1 +
 profiles/features/uclibc/package.mask | 1 +
 3 files changed, 11 insertions(+)

Comment 24 Larry the Git Cow gentoo-dev

2021-11-22 06:29:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=8f2ad6dd0515374e473b79d6f6cbc32ac8050680

commit 8f2ad6dd0515374e473b79d6f6cbc32ac8050680
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-22 06:14:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-22 06:14:07 +0000

    2021-10-18-libxcrypt-migration-stable: mention unmasking libcrypt:0/1 for delay
    
    If users want to delay the upgrade (please don't do this though), they
    will (shortly) need to unmask virtual/libcrypt:0/1 too.
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt                         | 1 +
 1 file changed, 1 insertion(+)

Comment 25 Larry the Git Cow gentoo-dev

2021-11-25 00:49:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=4cd7ab13760667cc70b151cfb592ef9868dcba70

commit 4cd7ab13760667cc70b151cfb592ef9868dcba70
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-25 00:49:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-25 00:49:07 +0000

    2021-07-23-libxcrypt-migration: delete older version of libxcrypt news item
    
    We've updated the "in stable" one (the newer news item) a few times so having
    this one around is confusing.
    
    Bug: https://bugs.gentoo.org/809410
    Bug: https://bugs.gentoo.org/699422
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-07-23-libxcrypt-migration.en.txt          | 65 ---------------------
 .../2021-07-23-libxcrypt-migration.ru.txt          | 67 ----------------------
 2 files changed, 132 deletions(-)

Comment 26 Larry the Git Cow gentoo-dev

2021-12-16 06:25:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=b76a1d4a5fa5a0e2a81d93c086d3077da82de89b

commit b76a1d4a5fa5a0e2a81d93c086d3077da82de89b
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-16 06:25:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-16 06:25:26 +0000

    2021-10-18-libxcrypt-migration-stable: improve readability a bit
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt   | 31 +++++++++++++++++-----
 1 file changed, 24 insertions(+), 7 deletions(-)

Comment 27 Sam James archtester

2022-01-05 05:24:32 UTC

sparc done

all arches done

Comment 28 Larry the Git Cow gentoo-dev

2022-01-05 05:25:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=663003cc58d8839284bfbced89e8432aadf9ed25

commit 663003cc58d8839284bfbced89e8432aadf9ed25
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-01-05 05:25:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-05 05:25:15 +0000

    profiles/arch/sparc: unmask libcrypt:0/1 (libxcrypt)
    
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/arch/sparc/package.mask | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)