apr ports devrandom option
The devel/apr* ports have an option to use /dev/random, which is on by default. I was wondering under what circumstances anyone would turn that off. As far as I can see switching it off doesn't replace /dev/random with anything else. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: apr ports devrandom option
On Jun 16, 2010, at 4:01 PM, RW wrote: The devel/apr* ports have an option to use /dev/random, which is on by default. I was wondering under what circumstances anyone would turn that off. As far as I can see switching it off doesn't replace /dev/random with anything else. On some platforms, /dev/random and /dev/urandom used to provide different quality of random numbers-- FreeBSD simply uses Yarrow or a hardware RNG source if available. Even if you disable it, it's likely to just fall back to OpenSSL's source of random numbers, which probably is /dev/random anyway Regards, -- -Chuck ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: apr ports devrandom option
On Wed, 16 Jun 2010 16:07:34 -0700
Chuck Swiger cswi...@mac.com wrote:
On Jun 16, 2010, at 4:01 PM, RW wrote:
The devel/apr* ports have an option to use /dev/random, which is on
by default.
I was wondering under what circumstances anyone would turn that
off. As far as I can see switching it off doesn't
replace /dev/random with anything else.
On some platforms, /dev/random and /dev/urandom used to provide
different quality of random numbers-- FreeBSD simply uses Yarrow or a
hardware RNG source if available. Even if you disable it, it's
likely to just fall back to OpenSSL's source of random numbers, which
probably is /dev/random anyway
Right, but I'm asking about the make config port option, not the
configure options to apr itself.
OPTIONS= ...
DEVRANDOM Use /dev/random or compatible in apr on \
...
.if defined(WITHOUT_DEVRANDOM)
CONFIGURE_ARGS+=--without-devrandom
.else
CONFIGURE_ARGS+=--with-devrandom
.if defined(PKGNAMESUFFIX)
PKGNAMESUFFIX:= ${PKGNAMESUFFIX}-devrandom
.else
PKGNAMESUFFIX= -devrandom
.endif
.endif
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: apr ports devrandom option
On Jun 16, 2010, at 5:00 PM, RW wrote:
Right, but I'm asking about the make config port option, not the configure
options to apr itself.
When you enable the option via make config, apr's ./configure gets fed the
appropriate flag:
OPTIONS= ...
DEVRANDOM Use /dev/random or compatible in apr on \
...
.if defined(WITHOUT_DEVRANDOM)
CONFIGURE_ARGS+=--without-devrandom
.else
CONFIGURE_ARGS+=--with-devrandom
.if defined(PKGNAMESUFFIX)
PKGNAMESUFFIX:= ${PKGNAMESUFFIX}-devrandom
.else
PKGNAMESUFFIX= -devrandom
.endif
.endif
Regards,
--
-Chuck
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: apr ports devrandom option
On Wed, 16 Jun 2010 17:45:53 -0700 Chuck Swiger cswi...@mac.com wrote: On Jun 16, 2010, at 5:00 PM, RW wrote: Right, but I'm asking about the make config port option, not the configure options to apr itself. When you enable the option via make config, apr's ./configure gets fed the appropriate flag: Right, but my question was about why anyone would set the option to off. On the face of it, it's a pointless option since turning it off either does nothing or it makes Apache less secure. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: apr ports devrandom option
On 6/16/2010 9:14 PM, RW wrote: Right, but my question was about why anyone would set the option to off. On the face of it, it's a pointless option since turning it off either does nothing or it makes Apache less secure. I will ask d...@apr if there is any reason they can think of to turn it off on FBSD. When I added it I was just parsing the configure output for mod_auth_digest in apache and its requirements. -- 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollu...@p6m7g8.com) c: 703.336.9354 VP Apache Infrastructure; Member, Apache Software Foundation Committer,FreeBSD Foundation Consultant, P6M7G8 Inc. Sr. System Admin, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. signature.asc Description: OpenPGP digital signature
