NOCRYPT / NOSECURE

• Previous message: Duncan Barclay: "Re: Centrino"
• Next in thread: Ruslan Ermilov: "Re: NOCRYPT / NOSECURE"
• Reply: Ruslan Ermilov: "Re: NOCRYPT / NOSECURE"
• Reply: Mark Murray: "Re: NOCRYPT / NOSECURE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: arch@freebsd.org
Date: Thu, 15 May 2003 16:20:08 +0200

I just tried to run a tinderbox with NOCRYPT and NOSECURE (but not
NO_OPENSSL) defined. It failed because there are Makefiles
(games/factor was the one that broke the build, but glimpse(1) tells
me there are others) which check NO_OPENSSL and / or NOCRYPT but not
NOSECURE.

NOSECURE is a meaningless subset of NOCRYPT. It means "don't descend
into src/secure", but that's equivalent to NOCRYPT because a) we don't
descend into src/secure if NOCRYPT is set and b) the only significant
stuff which NOCRYPT disables but NOSECURE doesn't is Kerberos, which
requires OpenSSL, which isn't built in the NOSECURE case, so there's
no way we can build world with NOSECURE but not NOCRYPT.

I would therefore like to remove NOSECURE, preferably before 5.1.

NO_OPENSSL is also a subset of NOCRYPT. There is so little that
builds with NO_OPENSSL but not with NOCRYPT that I think it might be
worthwhile to deprecate NO_OPENSSL and change the description of
NOCRYPT from "will prevent building of crypt versions" to "do not
build crypto-related software"

We also have something called libcipher which is only used by bdes(1);
the OpenSSL distribution contains a similar and AFAIK compatible
utility (src/crypto/openssl/crypto/des/des.c) which we don't currently
build. We should probably ditch both libcipher and bdes(1), and
perhaps add OpenSSL's des(1) to the build if our users really want it,
though 'ln -s /usr/bin/openssl /usr/bin/des' goes a long way.

DES

-- 
Dag-Erling Smorgrav - des@ofug.org
_______________________________________________
freebsd-arch@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"

• Previous message: Duncan Barclay: "Re: Centrino"
• Next in thread: Ruslan Ermilov: "Re: NOCRYPT / NOSECURE"
• Reply: Ruslan Ermilov: "Re: NOCRYPT / NOSECURE"
• Reply: Mark Murray: "Re: NOCRYPT / NOSECURE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: NOCRYPT / NOSECURE ... > I just tried to run a tinderbox with NOCRYPT and NOSECURE (but not ... > NOSECURE is a meaningless subset of NOCRYPT. ... 'make -DOPENSSL_OVERWRITE_BASE install' in the security/openssl port. ... > We also have something called libcipher which is only used by bdes; ... (freebsd-arch) Re: NOCRYPT / NOSECURE ... > I just tried to run a tinderbox with NOCRYPT and NOSECURE (but not ... It failed because there are Makefiles ... > NOSECURE is a meaningless subset of NOCRYPT. ... It means "don't descend ... (freebsd-arch)