From owner-freebsd-arch@FreeBSD.ORG Thu May 15 07:20:11 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE03B37B404 for ; Thu, 15 May 2003 07:20:11 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB61E43F3F for ; Thu, 15 May 2003 07:20:10 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 38E4D530E; Thu, 15 May 2003 16:20:09 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: arch@freebsd.org From: Dag-Erling Smorgrav Date: Thu, 15 May 2003 16:20:08 +0200 Message-ID: User-Agent: Gnus/5.1001 (Gnus v5.10.1) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: NOCRYPT / NOSECURE X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2003 14:20:12 -0000 I just tried to run a tinderbox with NOCRYPT and NOSECURE (but not NO_OPENSSL) defined. It failed because there are Makefiles (games/factor was the one that broke the build, but glimpse(1) tells me there are others) which check NO_OPENSSL and / or NOCRYPT but not NOSECURE. NOSECURE is a meaningless subset of NOCRYPT. It means "don't descend into src/secure", but that's equivalent to NOCRYPT because a) we don't descend into src/secure if NOCRYPT is set and b) the only significant stuff which NOCRYPT disables but NOSECURE doesn't is Kerberos, which requires OpenSSL, which isn't built in the NOSECURE case, so there's no way we can build world with NOSECURE but not NOCRYPT. I would therefore like to remove NOSECURE, preferably before 5.1. NO_OPENSSL is also a subset of NOCRYPT. There is so little that builds with NO_OPENSSL but not with NOCRYPT that I think it might be worthwhile to deprecate NO_OPENSSL and change the description of NOCRYPT from "will prevent building of crypt versions" to "do not build crypto-related software" We also have something called libcipher which is only used by bdes(1); the OpenSSL distribution contains a similar and AFAIK compatible utility (src/crypto/openssl/crypto/des/des.c) which we don't currently build. We should probably ditch both libcipher and bdes(1), and perhaps add OpenSSL's des(1) to the build if our users really want it, though 'ln -s /usr/bin/openssl /usr/bin/des' goes a long way. DES -- Dag-Erling Smorgrav - des@ofug.org