NOCRYPT / NOSECURE
Mark Murray
mark at grondar.org
Fri May 16 00:23:28 PDT 2003
Dag-Erling Smorgrav writes:
> Mark Murray <mark at grondar.org> writes:
> > Dag-Erling Smorgrav writes:
> >> 'ln -s /usr/bin/openssl /usr/bin/md5' is almost right for md5(1),
> >> except for some parentheses in the output IIRC. ISTR the same goes
> >> for sha1(1).
> > A one-liner shell script does it :-).
>
> but as others have pointed out, we need md5 even in the NOCRYPT case
> (and it's not export-controlled anyway), so we can't touch it.
Hmm. You are right.
But...
I can clean up the world build pretty extensively if it can be mostly
guaranteed that src/crypto is present.
We currently have 2 telnets; the non-crypto telnet is constructed
with unifdef(1), and could easily be made by NOT defining some
"naughty" macros (-DENCRYPTION, -DAUTHENTICATION). This would
kill for ever the 'thou must commit to both telnets in the
prescribed manner' rule, at the risk of possibly not having telnet
after make world if src/crypto is not present.
Likewise, we have libmd, which is a duplicate of some of the functionality
of libcrypto. I'd like to see if a "safe" libhash (say) can be made
from src/crypto/openssl/..., which libcrypto (if present) could depend on.
The downside of this is requiring that src/crypto is present or else
losing some functionality.
SO - my query reduces to "How many folks are there out there who can
NOT have crypto SOURCES on their system, even if they are doing a non
crypto build?"
M
--
Mark Murray
iumop ap!sdn w,I idlaH
More information about the freebsd-arch
mailing list