From owner-freebsd-arch@FreeBSD.ORG  Fri May 16 00:23:28 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5456637B401
	for <arch@freebsd.org>; Fri, 16 May 2003 00:23:28 -0700 (PDT)
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 60F7043F3F
	for <arch@freebsd.org>; Fri, 16 May 2003 00:23:27 -0700 (PDT)
	(envelope-from mark@grondar.org)
Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1])
	by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h4G7NPgw069805;
	Fri, 16 May 2003 08:23:26 +0100 (BST)
	(envelope-from mark@grondar.org)
Received: (from Ugrondar@localhost)h4G7NP4C069804;
	Fri, 16 May 2003 08:23:25 +0100 (BST)
X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to
	mark@grondar.org using -f
Received: from grondar.org (localhost [127.0.0.1])h4G7K7gN028186;
	Fri, 16 May 2003 08:20:07 +0100 (BST)
	(envelope-from mark@grondar.org)
From: Mark Murray <mark@grondar.org>
Message-Id: <200305160720.h4G7K7gN028186@grimreaper.grondar.org>
To: Dag-Erling Smorgrav <des@ofug.org>
In-Reply-To: Your message of "Fri, 16 May 2003 02:22:19 +0200."
             <xzp8yt7hhac.fsf@flood.ping.uio.no> 
Date: Fri, 16 May 2003 08:20:07 +0100
Sender: mark@grondar.org
cc: arch@freebsd.org
Subject: Re: NOCRYPT / NOSECURE 
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 May 2003 07:23:28 -0000

Dag-Erling Smorgrav writes:
> Mark Murray <mark@grondar.org> writes:
> > Dag-Erling Smorgrav writes:
> >> 'ln -s /usr/bin/openssl /usr/bin/md5' is almost right for md5(1),
> >> except for some parentheses in the output IIRC.  ISTR the same goes
> >> for sha1(1).
> > A one-liner shell script does it :-).
> 
> but as others have pointed out, we need md5 even in the NOCRYPT case
> (and it's not export-controlled anyway), so we can't touch it.

Hmm. You are right.

But...

I can clean up the world build pretty extensively if it can be mostly
guaranteed that src/crypto is present.

We currently have 2 telnets; the non-crypto telnet is constructed
with unifdef(1), and could easily be made by NOT defining some
"naughty" macros (-DENCRYPTION, -DAUTHENTICATION). This would
kill for ever the 'thou must commit to both telnets in the
prescribed manner' rule, at the risk of possibly not having telnet
after make world if src/crypto is not present.

Likewise, we have libmd, which is a duplicate of some of the functionality
of libcrypto. I'd like to see if a "safe" libhash (say) can be made
from src/crypto/openssl/..., which libcrypto (if present) could depend on.

The downside of this is requiring that src/crypto is present or else
losing some functionality.

SO - my query reduces to "How many folks are there out there who can
NOT have crypto SOURCES on their system, even if they are doing a non
crypto build?"

M
--
Mark Murray
iumop ap!sdn w,I idlaH