Date: Mon, 5 Dec 2011 10:56:31 -0800 From: Freddie Cash <fjwcash@gmail.com> To: Jeremy Chadwick <freebsd@jdc.parodius.com> Cc: stable@freebsd.org Subject: Re: r228152: anyone got the None cipher working with base OpenSSH? Message-ID: <CAOjFWZ63TKqhYXtnRikWmyejVts0gV9HbMEPdzOtmB1VLo9vtw@mail.gmail.com> In-Reply-To: <20111202233220.GA43495@icarus.home.lan> References: <CAOjFWZ4W1=TbLuMhi17shuYaNbGq18N1DWYLXiyiJ72gOM_6qA@mail.gmail.com> <20111202233220.GA43495@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 2, 2011 at 3:32 PM, Jeremy Chadwick <freebsd@jdc.parodius.com>wrote:
> On Fri, Dec 02, 2011 at 02:57:48PM -0800, Freddie Cash wrote:
> > Looking through the commit messages for stable/8 and stable/9 I noticed
> > that the HPN patches were applied to OpenSSH in the base install. And
> > reading through the commit messages I see that one has to manually enable
> > the None cipher. However, I cannot, for the life of me, figure out how
> to
> > do that.
> >
> > The commit message for r228152 says to put "NONE_CIPHER_ENABLED=yes" into
> > /etc/make.conf. But doing so still gives the following error when world
> is
> > rebuilt/reinstalled:
> > command-line: line 0: Bad configuration option: NoneEnabled
> >
> > Putting NONE_CIPHER_ENABLED=yes into /etc/src.conf and rebuilding world
> > gives the same error.
> >
> > And, running "make -DNONE_CIPHER_ENABLED all install" under
> > /usr/src/secure/usr.bin/ssh/ also gives the same error.
> >
> > What am I missing? What's the magic incantation to add the None cipher
> to
> > base ssh?
>
> I have been discussing this with bz@ and brooks@ privately. I would
> rather not go into the details of what was discussed for reasons that I
> ALSO would rather not go into. Just know that the ambiguity is
> intentional.
>
> Here is what will work for you when added to /etc/make.conf:
>
> .if ${.CURDIR:M/usr/src/secure/*}
> CFLAGS+=-DNONE_CIPHER_ENABLED
> .endif
>
For the archives, the above snippet in /etc/make.conf and a buildworld
cycle enabled the NONE cipher in /usr/bin/ssh.
I'll be sure to read commit messages more carefully in the future. :)
Here's hoping that eventually/someday this gets converted into a src.conf
knob like WITH_IDEA or similar.
Thanks for all the help everyone.
--
Freddie Cash
fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ63TKqhYXtnRikWmyejVts0gV9HbMEPdzOtmB1VLo9vtw>