NOCRYPT / NOSECURE

[Erik Trulsson]

On Thu, May 15, 2003 at 04:20:08PM +0200, Dag-Erling Smorgrav wrote:
> I just tried to run a tinderbox with NOCRYPT and NOSECURE (but not
> NO_OPENSSL) defined.  It failed because there are Makefiles
> (games/factor was the one that broke the build, but glimpse(1) tells
> me there are others) which check NO_OPENSSL and / or NOCRYPT but not
> NOSECURE.
> 
> NOSECURE is a meaningless subset of NOCRYPT.  It means "don't descend
> into src/secure", but that's equivalent to NOCRYPT because a) we don't
> descend into src/secure if NOCRYPT is set and b) the only significant
> stuff which NOCRYPT disables but NOSECURE doesn't is Kerberos, which
> requires OpenSSL, which isn't built in the NOSECURE case, so there's
> no way we can build world with NOSECURE but not NOCRYPT.
> 
> I would therefore like to remove NOSECURE, preferably before 5.1.
> 
> NO_OPENSSL is also a subset of NOCRYPT.  There is so little that
> builds with NO_OPENSSL but not with NOCRYPT that I think it might be
> worthwhile to deprecate NO_OPENSSL and change the description of
> NOCRYPT from "will prevent building of crypt versions" to "do not
> build crypto-related software"

NO_OPENSSL would seem to be useful after doing 
'make -DOPENSSL_OVERWRITE_BASE install' in the security/openssl port.
I.e. NO_OPENSSL (as well as several of the other NO_xxx flags) make
sure that you can replace some utilities with newer versions from ports 
without the next make world undoing all that.


> 
> We also have something called libcipher which is only used by bdes(1);
> the OpenSSL distribution contains a similar and AFAIK compatible
> utility (src/crypto/openssl/crypto/des/des.c) which we don't currently
> build.  We should probably ditch both libcipher and bdes(1), and
> perhaps add OpenSSL's des(1) to the build if our users really want it,
> though 'ln -s /usr/bin/openssl /usr/bin/des' goes a long way.



-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1013 at student.uu.se