# # spec file for package perl-Crypt-Password # # Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define cpan_name Crypt-Password Name: perl-Crypt-Password Version: 0.280.0 Release: 0 # 0.28 -> normalize -> 0.280.0 %define cpan_version 0.28 #Upstream: Code by Steve Eirium, the nostrasteve@gmail.com manpage, idea by Sam Vilain, the sam.vilain@catalyst.net.nz manpage. Development commissioned by NZ Registry Services. Artistic License v2.0, which permits relicensing under other Free Software licenses. License: Artistic-2.0 Summary: Unix-style, Variously Hashed Passwords URL: https://metacpan.org/release/%{cpan_name} Source0: https://cpan.metacpan.org/authors/id/D/DR/DRSTEVE/%{cpan_name}-%{cpan_version}.tgz Source1: cpanspec.yml Source100: README.md BuildArch: noarch BuildRequires: perl BuildRequires: perl-macros Provides: perl(Crypt::Password) = %{version} %undefine __perllib_provides %{perl_requires} # MANUAL BEGIN BuildRequires: man BuildRequires: perl(Module::Install) # MANUAL END %description This is just a wrapper for perl's 'crypt()', which can do everything you would probably want to do to store a password, but this is to make usage easier. The object stringifies to the return string of the crypt() function, which is (on *Linux/glibc* et al) in Modular Crypt Format: # scalar($hashed): # v digest v hash -> # $5$%RK2BU%L$aFZd1/4Gpko/sJZ8Oh.ZHg9UvxCjkH1YYoLZI6tw7K8 # ^ salt ^ That you can store, etc, retrieve then use it in 'check_password()' to validate a login, etc. Not without some danger, so read on, you could also string compare it to the output of another 'password()', as long as the salt is the same. If you pass a crypted string as the salt it will use the same salt. If the given string is already hashed it is assumed to be okay to use it as is. So if you are checking something from the outside world pass it as the second argument to 'check_password($saved, $wild)'. You could also use 'crypt_password($wild)', which will definitely crypt its input. This means simpler code and users can supply pre-hashed passwords initially, but if you do it wrong a stolen hash could be used as a password, so buck up your ideas. If you aren't running *Linux/glibc*, everything after the WARNING in the synopsis is dubious as. If you've got insight into how this module can work better on your platform I would love to hear from you. %prep %autosetup -n %{cpan_name}-%{cpan_version} %build PERL_USE_UNSAFE_INC=1 perl Makefile.PL INSTALLDIRS=vendor %make_build %check make test %install %perl_make_install %perl_process_packlist %perl_gen_filelist %files -f %{name}.files %doc CHANGES README SubmittingPatches %license COPYING.txt %changelog