Date: Thu, 15 May 2003 16:20:08 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: arch@freebsd.org Subject: NOCRYPT / NOSECURE Message-ID: <xzpr870mgvb.fsf@flood.ping.uio.no>
next in thread | raw e-mail | index | archive | help
I just tried to run a tinderbox with NOCRYPT and NOSECURE (but not NO_OPENSSL) defined. It failed because there are Makefiles (games/factor was the one that broke the build, but glimpse(1) tells me there are others) which check NO_OPENSSL and / or NOCRYPT but not NOSECURE. NOSECURE is a meaningless subset of NOCRYPT. It means "don't descend into src/secure", but that's equivalent to NOCRYPT because a) we don't descend into src/secure if NOCRYPT is set and b) the only significant stuff which NOCRYPT disables but NOSECURE doesn't is Kerberos, which requires OpenSSL, which isn't built in the NOSECURE case, so there's no way we can build world with NOSECURE but not NOCRYPT. I would therefore like to remove NOSECURE, preferably before 5.1. NO_OPENSSL is also a subset of NOCRYPT. There is so little that builds with NO_OPENSSL but not with NOCRYPT that I think it might be worthwhile to deprecate NO_OPENSSL and change the description of NOCRYPT from "will prevent building of crypt versions" to "do not build crypto-related software" We also have something called libcipher which is only used by bdes(1); the OpenSSL distribution contains a similar and AFAIK compatible utility (src/crypto/openssl/crypto/des/des.c) which we don't currently build. We should probably ditch both libcipher and bdes(1), and perhaps add OpenSSL's des(1) to the build if our users really want it, though 'ln -s /usr/bin/openssl /usr/bin/des' goes a long way. DES -- Dag-Erling Smorgrav - des@ofug.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpr870mgvb.fsf>