Re: NO_DESCRYPT patch
This is something which has been requested a fair bit..it will disable the building of the DES CRYPT libraries even if you have the crypto sources installed, so you can e.g. get OpenSSL/OpenSSH without having to deal with the pitfalls of libdescrypt. It seems to work fine for me..if I hear any other positive feedback I'll commit it. Why not let them (libdes) be installed, but leave the symlinks to point to libscrypt. That way things that for some reason need the des stuff can still get to it. Something like this: John -- John Hay -- [EMAIL PROTECTED] Index: secure/lib/libcrypt/Makefile === RCS file: /home/ncvs/src/secure/lib/libcrypt/Makefile,v retrieving revision 1.20 diff -u -r1.20 Makefile --- secure/lib/libcrypt/Makefile2000/01/09 21:12:39 1.20 +++ secure/lib/libcrypt/Makefile2000/02/27 09:49:28 @@ -49,7 +49,11 @@ .include bsd.lib.mk +.if defined(NO_DESCRYPT) +noafterinstall: +.else afterinstall: +.endif .if !defined(NOPIC) @cd ${DESTDIR}${SHLIBDIR}; \ rm -f ${LCRYPTSO}; \ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: NO_DESCRYPT patch
Why not let them (libdes) be installed, but leave the symlinks to point to libscrypt. That way things that for some reason need the des stuff can still get to it. Something like this: This is a much more interesting option. I'll test and get back to report as soon as cvs-secure-current "stables". Regards, Mario Ferreira To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: NO_DESCRYPT patch
On Sun, 27 Feb 2000, John Hay wrote: This is something which has been requested a fair bit..it will disable the building of the DES CRYPT libraries even if you have the crypto sources installed, so you can e.g. get OpenSSL/OpenSSH without having to deal with the pitfalls of libdescrypt. It seems to work fine for me..if I hear any other positive feedback I'll commit it. Why not let them (libdes) be installed, but leave the symlinks to point to libscrypt. That way things that for some reason need the des stuff can still get to it. Something like this: Thats better, although the conditional should be renamed to something like NO_DESCRYPTLINKS. Any objections to a commit? Index: ../secure/lib/libcrypt/Makefile === RCS file: /home/ncvs/src/secure/lib/libcrypt/Makefile,v retrieving revision 1.25 diff -u -r1.25 Makefile --- ../secure/lib/libcrypt/Makefile 2000/01/09 21:22:48 1.25 +++ ../secure/lib/libcrypt/Makefile 2000/02/28 06:18:23 @@ -50,6 +50,7 @@ .include bsd.lib.mk afterinstall: +.if !defined(NO_DESCRYPTLINKS) .if !defined(NOPIC) @cd ${DESTDIR}${SHLIBDIR}; \ rm -f ${LCRYPTSO}; \ @@ -67,4 +68,5 @@ @cd ${DESTDIR}${LIBDIR}; \ rm -f ${LCRYPTBASE}_p.a; \ ln -sf ${LSCRYPTBASE}_p.a libcrypt_p.a +.endif .endif Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: NO_DESCRYPT patch
I'm happy with it, although from what I just read in Bruce's emails, maybe it should be NODESCRYPTLINKS. This is something which has been requested a fair bit..it will disable the building of the DES CRYPT libraries even if you have the crypto sources installed, so you can e.g. get OpenSSL/OpenSSH without having to deal with the pitfalls of libdescrypt. It seems to work fine for me..if I hear any other positive feedback I'll commit it. Why not let them (libdes) be installed, but leave the symlinks to point to libscrypt. That way things that for some reason need the des stuff can still get to it. Something like this: Thats better, although the conditional should be renamed to something like NO_DESCRYPTLINKS. Any objections to a commit? Index: ../secure/lib/libcrypt/Makefile === RCS file: /home/ncvs/src/secure/lib/libcrypt/Makefile,v retrieving revision 1.25 diff -u -r1.25 Makefile --- ../secure/lib/libcrypt/Makefile 2000/01/09 21:22:48 1.25 +++ ../secure/lib/libcrypt/Makefile 2000/02/28 06:18:23 @@ -50,6 +50,7 @@ .include bsd.lib.mk afterinstall: +.if !defined(NO_DESCRYPTLINKS) .if !defined(NOPIC) @cd ${DESTDIR}${SHLIBDIR}; \ rm -f ${LCRYPTSO}; \ @@ -67,4 +68,5 @@ @cd ${DESTDIR}${LIBDIR}; \ rm -f ${LCRYPTBASE}_p.a; \ ln -sf ${LSCRYPTBASE}_p.a libcrypt_p.a +.endif .endif John -- John Hay -- [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
NO_DESCRYPT patch
This is something which has been requested a fair bit..it will disable the building of the DES CRYPT libraries even if you have the crypto sources installed, so you can e.g. get OpenSSL/OpenSSH without having to deal with the pitfalls of libdescrypt. It seems to work fine for me..if I hear any other positive feedback I'll commit it. Kris Index: lib/Makefile === RCS file: /home/ncvs/src/lib/Makefile,v retrieving revision 1.106 diff -u -r1.106 Makefile --- lib/Makefile2000/01/21 02:00:53 1.106 +++ lib/Makefile2000/02/26 05:30:38 @@ -43,7 +43,7 @@ .endif _libcrypt= libcrypt -.if exists(${.CURDIR}/../secure) !defined(NOSECURE) !defined(NOCRYPT) +.if exists(${.CURDIR}/../secure) !defined(NOSECURE) !defined(NOCRYPT) +!defined(NO_DESCRYPT) # Build both libraries. They have different names, so no harm, # and this avoids having stale libscrypt.* _libcrypt+=../secure/lib/libcrypt "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: NO_DESCRYPT patch
On Sat, 26 Feb 2000, Doug Barton wrote: Meanwhile, it seems that to get all the new bits we have to have cvs-crypto in the cvsup file, yes? And if we do that currently (before your patch) we will end up installing DES, right? Yes. The downside is that with the DES crypt library any new user passwords you create will be in the weaker DES format. Existing MD5 passwords will stay MD5 when they're updated, but new users get DES. You can hack around this easily enough (e.g. by changing the logic in libcrypt) but it's not yet available by default. If you need to have a DES-capable libcrypt this patch won't help, but most people don't need that. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: NO_DESCRYPT patch
On Sat, 26 Feb 2000, Kris Kennaway wrote: This is something which has been requested a fair bit..it will disable the building of the DES CRYPT libraries even if you have the crypto sources installed, so you can e.g. get OpenSSL/OpenSSH without having to deal with the pitfalls of libdescrypt. It seems to work fine for me..if I hear any other positive feedback I'll commit it. Works for me... /etc/make.conf: CFLAGS= -O -pipe COPTFLAGS= -O -pipe NO_DESCRYPT=YES RSAREF= YES USA_RESIDENT= YES The resulting libs after installworld: jedgar@earth:~$ ll /usr/lib/*crypt* lrwxr-xr-x 1 root wheel 11 Feb 26 22:12 /usr/lib/libcrypt.a - libscrypt.a lrwxr-xr-x 1 root wheel 12 Feb 26 22:12 /usr/lib/libcrypt.so - libscrypt.so lrwxr-xr-x 1 root wheel 14 Feb 26 22:12 /usr/lib/libcrypt.so.2 - libscrypt.so.2 lrwxr-xr-x 1 root wheel 13 Feb 26 22:12 /usr/lib/libcrypt_p.a - libscrypt_p.a -r--r--r-- 1 root wheel 1088060 Feb 26 22:16 /usr/lib/libcrypto.a lrwxr-xr-x 1 root wheel 14 Feb 26 22:16 /usr/lib/libcrypto.so - libcrypto.so.1 -r--r--r-- 1 root wheel 651156 Feb 26 22:16 /usr/lib/libcrypto.so.1 -r--r--r-- 1 root wheel 1161880 Feb 26 22:16 /usr/lib/libcrypto_p.a -r--r--r-- 1 root wheel8632 Feb 26 22:12 /usr/lib/libscrypt.a lrwxr-xr-x 1 root wheel 14 Feb 26 22:12 /usr/lib/libscrypt.so - libscrypt.so.2 -r--r--r-- 1 root wheel5084 Feb 26 22:12 /usr/lib/libscrypt.so.2 -r--r--r-- 1 root wheel9278 Feb 26 22:12 /usr/lib/libscrypt_p.a jedgar@earth:~$ - Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: NO_DESCRYPT patch
On Sat, Feb 26, 2000 at 04:21:24PM -0800, Kris Kennaway wrote: This is something which has been requested a fair bit..it will disable the building of the DES CRYPT libraries even if you have the crypto sources installed, so you can e.g. get OpenSSL/OpenSSH without having to deal with the pitfalls of libdescrypt. It seems to work fine for me..if I hear any other positive feedback I'll commit it. As for me, not only I don't mind having libdescrypt but I also want it compiled. I just object to it replacing my libcrypt links to libscrypt. I know ppl can be picky, yet I would rather have the best of both worlds: libscrypt for authentication and des around for compiling some progs. Regards, Mario Ferreira To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message