Specially for Bernhard Fischer introduce USE_BB_CRYPT

which selects between libc/custom crypt routines.

1 files changed, 55 insertions, 34 deletions

diff --git a/loginutils/Config.in b/loginutils/Config.in
index c57d9976e..e39fb6f79 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS
 	  readable by root and thus the encrypted passwords are no longer
 	  publicly readable.
 
+config USE_BB_PWD_GRP
+	bool "Use internal password and group functions rather than system functions"
+	default n
+	help
+	  If you leave this disabled, busybox will use the system's password
+	  and group functions.  And if you are using the GNU C library
+	  (glibc), you will then need to install the /etc/nsswitch.conf
+	  configuration file and the required /lib/libnss_* libraries in
+	  order for the password and group functions to work.  This generally
+	  makes your embedded system quite a bit larger.
+
+	  Enabling this option will cause busybox to directly access the
+	  system's /etc/password, /etc/group files (and your system will be
+	  smaller, and I will get fewer emails asking about how glibc NSS
+	  works).  When this option is enabled, you will not be able to use
+	  PAM to access remote LDAP password servers and whatnot.  And if you
+	  want hostname resolution to work with glibc, you still need the
+	  /lib/libnss_* libraries.
+
+	  If you need to use glibc's nsswitch.conf mechanism
+	  (e.g. if user/group database is NOT stored in /etc/passwd etc),
+	  you must NOT use this option.
+
+	  If you enable this option, it will add about 1.5k to busybox.
+
 config USE_BB_SHADOW
 	bool "Use busybox shadow password functions"
 	default y
 	depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
 	help
-	    If you leave this disabled, busybox will use the system's shadow
-	    password handling functions.  And if you are using the GNU C library
-	    (glibc), you will then need to install the /etc/nsswitch.conf
-	    configuration file and the required /lib/libnss_* libraries in
-	    order for the shadow password functions to work.  This generally
-	    makes your embedded system quite a bit larger.
-
-	    Enabling this option will cause busybox to directly access the
-	    system's /etc/shadow file when handling shadow passwords.  This
-	    makes your system smaller and I will get fewer emails asking about
-	    how glibc NSS works).  When this option is enabled, you will not be
-	    able to use PAM to access shadow passwords from remote LDAP
-	    password servers and whatnot.
-
-config USE_BB_PWD_GRP
-	bool "Use internal password and group functions rather than system functions"
-	default n
+	  If you leave this disabled, busybox will use the system's shadow
+	  password handling functions.  And if you are using the GNU C library
+	  (glibc), you will then need to install the /etc/nsswitch.conf
+	  configuration file and the required /lib/libnss_* libraries in
+	  order for the shadow password functions to work.  This generally
+	  makes your embedded system quite a bit larger.
+
+	  Enabling this option will cause busybox to directly access the
+	  system's /etc/shadow file when handling shadow passwords.  This
+	  makes your system smaller and I will get fewer emails asking about
+	  how glibc NSS works).  When this option is enabled, you will not be
+	  able to use PAM to access shadow passwords from remote LDAP
+	  password servers and whatnot.
+
+config USE_BB_CRYPT
+	bool "Use internal DES and MD5 crypt functions rather than system functions"
+	default y
 	help
-	    If you leave this disabled, busybox will use the system's password
-	    and group functions.  And if you are using the GNU C library
-	    (glibc), you will then need to install the /etc/nsswitch.conf
-	    configuration file and the required /lib/libnss_* libraries in
-	    order for the password and group functions to work.  This generally
-	    makes your embedded system quite a bit larger.
-
-	    Enabling this option will cause busybox to directly access the
-	    system's /etc/password, /etc/group files (and your system will be
-	    smaller, and I will get fewer emails asking about how glibc NSS
-	    works).  When this option is enabled, you will not be able to use
-	    PAM to access remote LDAP password servers and whatnot.  And if you
-	    want hostname resolution to work with glibc, you still need the
-	    /lib/libnss_* libraries.
-
-	    If you enable this option, it will add about 1.5k to busybox.
+	  If you leave this disabled, busybox will use the system's password
+	  and group functions.  Most C libraries use large (~70k)
+	  static buffers in these functions, and also combine them
+	  with more general DES encryption/decryption routines.
+	  For busybox, having large static buffers is undesirable,
+	  especially so on NOMMU machines.
+
+	  These functions produce results which are identical
+	  to corresponding C library functions.
+
+	  If you enable this option, it will add about 4.8k to busybox
+	  if you are building dynamically linked executable.
+	  In static build, it makes executable _smaller_ by about 1.2k.
 
 config ADDGROUP
 	bool "addgroup"
@@ -255,4 +277,3 @@ config VLOCK
 	  work properly.
 
 endmenu
-