Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Remove MKCRYPTO option.
details: https://anonhg.NetBSD.org/src/rev/2a789a33ac46
branches: trunk
changeset: 353760:2a789a33ac46
user: riastradh <riastradh%NetBSD.org@localhost>
date: Sun May 21 15:28:36 2017 +0000
description:
Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
diffstat:
bin/ed/Makefile | 5 +-
crypto/external/Makefile | 4 +-
crypto/external/bsd/openssl/lib/Makefile | 6 +-
distrib/amd64/Makefile | 4 +-
distrib/amd64/ramdisks/Makefile | 5 +-
distrib/i386/Makefile | 4 +-
distrib/i386/ramdisks/Makefile | 5 +-
distrib/sets/lists/base/mi | 82 +-
distrib/sets/lists/base/rescue.mi | 8 +-
distrib/sets/lists/base/shl.mi | 70 +-
distrib/sets/lists/comp/mi | 2322 +++++-----
distrib/sets/lists/comp/shl.mi | 22 +-
distrib/sets/lists/debug/mi | 200 +-
distrib/sets/lists/debug/shl.mi | 24 +-
distrib/sets/lists/etc/mi | 10 +-
distrib/sets/lists/man/mi | 554 +-
distrib/sets/lists/misc/mi | 58 +-
distrib/sets/lists/tests/mi | 146 +-
doc/BUILDING.mdoc | 11 +-
etc/Makefile | 5 +-
etc/ssh/Makefile | 6 +-
external/bsd/Makefile | 6 +-
external/bsd/am-utils/bin/amd/Makefile | 4 +-
external/bsd/bind/Makefile.inc | 6 +-
external/bsd/bind/lib/libisc/Makefile | 4 +-
external/bsd/dhcp/Makefile.inc | 4 +-
external/bsd/fetch/lib/Makefile | 4 +-
external/bsd/libarchive/lib/libarchive/Makefile | 4 +-
external/bsd/libevent/lib/Makefile | 4 +-
external/bsd/ntp/Makefile.inc | 6 +-
external/bsd/ntp/bin/Makefile | 4 +-
external/bsd/openldap/bin/Makefile.inc | 4 +-
external/bsd/openldap/lib/libldap/Makefile.libldap | 6 +-
external/bsd/openldap/openldap.mk | 4 +-
external/bsd/tcpdump/bin/Makefile | 4 +-
external/bsd/wpa/bin/Makefile.inc | 6 +-
external/ibm-public/postfix/Makefile.inc | 12 +-
external/ibm-public/postfix/lib/Makefile | 8 +-
external/ibm-public/postfix/libexec/Makefile | 4 +-
external/ibm-public/postfix/libexec/postscreen/Makefile | 4 +-
external/ibm-public/postfix/libexec/smtp/Makefile | 4 +-
external/ibm-public/postfix/libexec/smtpd/Makefile | 7 +-
external/ibm-public/postfix/man/man8/Makefile | 4 +-
external/ibm-public/postfix/sbin/posttls-finger/Makefile | 4 +-
external/mit/xorg/server/xorg-server.old/hw/xfree86/Xorg/Makefile | 4 +-
external/mit/xorg/server/xorg-server.old/hw/xnest/Makefile | 4 +-
external/mit/xorg/server/xorg-server/hw/vfb/Makefile | 4 +-
external/mit/xorg/server/xorg-server/hw/xfree86/Xorg/Makefile | 4 +-
external/mit/xorg/server/xorg-server/hw/xnest/Makefile | 4 +-
games/factor/Makefile | 7 +-
lib/Makefile | 35 +-
lib/libpam/libpam/Makefile | 4 +-
lib/libpam/modules/Makefile | 4 +-
lib/libradius/Makefile | 4 +-
lib/libtelnet/Makefile | 6 +-
libexec/httpd/Makefile | 12 +-
libexec/httpd/libbozohttpd/Makefile | 10 -
libexec/telnetd/Makefile | 4 +-
rescue/Makefile | 4 +-
share/examples/racoon/Makefile | 4 +-
share/examples/racoon/roadwarrior/Makefile | 4 +-
share/examples/racoon/roadwarrior/client/Makefile | 4 +-
share/examples/racoon/roadwarrior/server/Makefile | 4 +-
share/man/man5/mk.conf.5 | 16 +-
share/mk/bsd.README | 6 +-
share/mk/bsd.own.mk | 9 +-
share/mk/bsd.prog.mk | 4 +-
tests/Makefile | 4 +-
tests/crypto/libcrypto/Makefile | 12 +-
tests/dev/cgd/Makefile | 4 +-
tests/lib/Makefile | 4 +-
tests/lib/libc/hash/Makefile | 4 +-
tests/lib/libevent/Makefile | 4 +-
tools/gcc/README.mknative | 3 +-
usr.bin/Makefile | 4 +-
usr.bin/dc/Makefile | 12 +-
usr.bin/ftp/Makefile | 4 +-
usr.bin/moduli/Makefile | 4 +-
usr.bin/nc/Makefile | 2 -
usr.bin/telnet/Makefile | 4 +-
usr.bin/unzip/Makefile | 4 +-
usr.sbin/Makefile | 4 +-
usr.sbin/makemandb/Makefile | 4 +-
usr.sbin/puffs/Makefile | 5 +-
usr.sbin/syslogd/Makefile | 6 +-
85 files changed, 1849 insertions(+), 2068 deletions(-)
diffs (truncated from 6870 to 300 lines):
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 bin/ed/Makefile
--- a/bin/ed/Makefile Sun May 21 14:24:05 2017 +0000
+++ b/bin/ed/Makefile Sun May 21 15:28:36 2017 +0000
@@ -1,13 +1,10 @@
-# $NetBSD: Makefile,v 1.36 2009/07/26 01:58:20 dholland Exp $
+# $NetBSD: Makefile,v 1.37 2017/05/21 15:28:36 riastradh Exp $
.include <bsd.own.mk>
PROG= ed
CPPFLAGS+=-DBACKWARDS
-
-.if (${MKCRYPTO} != "no")
CPPFLAGS+=-DDES
-.endif
SRCS= buf.c cbc.c glbl.c io.c main.c re.c sub.c undo.c
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 crypto/external/Makefile
--- a/crypto/external/Makefile Sun May 21 14:24:05 2017 +0000
+++ b/crypto/external/Makefile Sun May 21 15:28:36 2017 +0000
@@ -1,9 +1,7 @@
-# $NetBSD: Makefile,v 1.3 2013/02/12 20:55:37 christos Exp $
+# $NetBSD: Makefile,v 1.4 2017/05/21 15:28:37 riastradh Exp $
.include <bsd.own.mk>
-.if (${MKCRYPTO} != "no")
SUBDIR+= bsd cpl
-.endif
.include <bsd.subdir.mk>
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 crypto/external/bsd/openssl/lib/Makefile
--- a/crypto/external/bsd/openssl/lib/Makefile Sun May 21 14:24:05 2017 +0000
+++ b/crypto/external/bsd/openssl/lib/Makefile Sun May 21 15:28:36 2017 +0000
@@ -1,14 +1,10 @@
-# $NetBSD: Makefile,v 1.3 2017/05/21 14:20:44 riastradh Exp $
+# $NetBSD: Makefile,v 1.4 2017/05/21 15:28:37 riastradh Exp $
.include "bsd.own.mk"
-.if (${MKCRYPTO} != "no")
-
# OpenSSL libraries.
SUBDIR= libcrypto libdes
SUBDIR+= .WAIT libssl # depends on libcrypto
-.endif # MKCRYPTO != no
-
.include <bsd.subdir.mk>
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 distrib/amd64/Makefile
--- a/distrib/amd64/Makefile Sun May 21 14:24:05 2017 +0000
+++ b/distrib/amd64/Makefile Sun May 21 15:28:36 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2017/01/24 11:16:50 nonaka Exp $
+# $NetBSD: Makefile,v 1.13 2017/05/21 15:28:37 riastradh Exp $
.include <bsd.own.mk>
@@ -8,10 +8,8 @@
SUBDIR+= instkernel
.if ${MKKMOD} != "no"
SUBDIR+= kmod
-.if ${MKCRYPTO} != "no"
SUBDIR+= kmod-cgdroot
.endif
-.endif
SUBDIR+= .WAIT
SUBDIR+= cdroms
SUBDIR+= liveimage
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 distrib/amd64/ramdisks/Makefile
--- a/distrib/amd64/ramdisks/Makefile Sun May 21 14:24:05 2017 +0000
+++ b/distrib/amd64/ramdisks/Makefile Sun May 21 15:28:36 2017 +0000
@@ -1,11 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2016/06/30 12:56:27 pgoyette Exp $
+# $NetBSD: Makefile,v 1.4 2017/05/21 15:28:37 riastradh Exp $
SUBDIR=
SUBDIR+= ramdisk
-
-.if ${MKCRYPTO:Uyes} != "no"
SUBDIR+= ramdisk-cgdroot
-.endif
TARGETS+= release
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 distrib/i386/Makefile
--- a/distrib/i386/Makefile Sun May 21 14:24:05 2017 +0000
+++ b/distrib/i386/Makefile Sun May 21 15:28:36 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.12 2016/06/30 12:56:27 pgoyette Exp $
+# $NetBSD: Makefile,v 1.13 2017/05/21 15:28:37 riastradh Exp $
.include <bsd.own.mk>
@@ -8,10 +8,8 @@
SUBDIR+= instkernel
.if ${MKKMOD} != "no"
SUBDIR+= kmod
-.if ${MKCRYPTO} != "no"
SUBDIR+= kmod-cgdroot
.endif
-.endif
SUBDIR+= .WAIT
SUBDIR+= cdroms
SUBDIR+= floppies
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 distrib/i386/ramdisks/Makefile
--- a/distrib/i386/ramdisks/Makefile Sun May 21 14:24:05 2017 +0000
+++ b/distrib/i386/ramdisks/Makefile Sun May 21 15:28:36 2017 +0000
@@ -1,11 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2016/06/30 12:56:27 pgoyette Exp $
+# $NetBSD: Makefile,v 1.6 2017/05/21 15:28:37 riastradh Exp $
SUBDIR=
SUBDIR+= ramdisk-big
-
-.if ${MKCRYPTO:Uyes} != "no"
SUBDIR+= ramdisk-cgdroot
-.endif
TARGETS+= release
diff -r 5a1a2d5a5ca0 -r 2a789a33ac46 distrib/sets/lists/base/mi
--- a/distrib/sets/lists/base/mi Sun May 21 14:24:05 2017 +0000
+++ b/distrib/sets/lists/base/mi Sun May 21 15:28:36 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1156 2017/03/14 23:59:24 nonaka Exp $
+# $NetBSD: mi,v 1.1157 2017/05/21 15:28:37 riastradh Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -573,7 +573,7 @@
./sbin/routed base-router-root
./sbin/rrestore base-netutil-root
./sbin/rtsol base-obsolete obsolete
-./sbin/rump.cgdconfig base-sysutil-root crypto,rump
+./sbin/rump.cgdconfig base-sysutil-root rump
./sbin/rump.ifconfig base-netutil-root rump
./sbin/rump.modload base-sysutil-root rump
./sbin/rump.modstat base-sysutil-root rump
@@ -637,7 +637,7 @@
./usr/bin/basename base-util-bin
./usr/bin/batch base-cron-bin
./usr/bin/bc base-util-bin
-./usr/bin/bdes base-crypto-bin crypto
+./usr/bin/bdes base-crypto-bin
./usr/bin/biff base-mail-bin
./usr/bin/bthset base-util-bin
./usr/bin/btkey base-util-bin
@@ -820,12 +820,12 @@
./usr/bin/more base-util-bin
./usr/bin/mset base-obsolete obsolete
./usr/bin/msgs base-util-bin
-./usr/bin/nbsvtool base-crypto-bin crypto
+./usr/bin/nbsvtool base-crypto-bin
./usr/bin/nc base-netutil-bin
./usr/bin/netgroup base-nis-bin
-./usr/bin/netpgp base-crypto-bin crypto
-./usr/bin/netpgpkeys base-crypto-bin crypto
-./usr/bin/netpgpverify base-crypto-bin crypto
+./usr/bin/netpgp base-crypto-bin
+./usr/bin/netpgpkeys base-crypto-bin
+./usr/bin/netpgpverify base-crypto-bin
./usr/bin/netstat base-netutil-bin
./usr/bin/newaliases base-mailwrapper-bin
./usr/bin/newgrp base-util-bin
@@ -841,7 +841,7 @@
./usr/bin/nview base-obsolete obsolete
./usr/bin/od base-util-bin
./usr/bin/openpgp base-obsolete obsolete
-./usr/bin/openssl base-crypto-bin crypto
+./usr/bin/openssl base-crypto-bin
./usr/bin/page base-util-bin
./usr/bin/pagesize base-util-bin
./usr/bin/passwd base-util-bin
@@ -863,8 +863,8 @@
./usr/bin/purgestat base-mailwrapper-bin
./usr/bin/pwait base-util-bin
./usr/bin/pwhash base-util-bin
-./usr/bin/qsafe base-util-bin crypto
-./usr/bin/qsieve base-util-bin crypto
+./usr/bin/qsafe base-util-bin
+./usr/bin/qsieve base-util-bin
./usr/bin/qsubst base-util-bin
./usr/bin/quota base-util-bin
./usr/bin/radioctl base-audio-bin
@@ -900,7 +900,7 @@
./usr/bin/rusers base-netutil-bin
./usr/bin/rwall base-netutil-bin
./usr/bin/rwho base-netutil-bin
-./usr/bin/scp base-secsh-bin crypto
+./usr/bin/scp base-secsh-bin
./usr/bin/script base-util-bin
./usr/bin/sdiff base-util-bin
./usr/bin/sdpquery base-util-bin
@@ -908,7 +908,7 @@
./usr/bin/send-pr base-gnats-bin
./usr/bin/seq base-util-bin
./usr/bin/setextattr base-util-bin
-./usr/bin/sftp base-secsh-bin crypto
+./usr/bin/sftp base-secsh-bin
./usr/bin/sha1 base-util-bin
./usr/bin/shar base-util-bin
./usr/bin/shlock base-util-bin
@@ -919,18 +919,18 @@
./usr/bin/skeyaudit base-util-bin skey
./usr/bin/skeyinfo base-util-bin skey
./usr/bin/skeyinit base-util-bin skey
-./usr/bin/slogin base-secsh-bin crypto
+./usr/bin/slogin base-secsh-bin
./usr/bin/smbutil base-util-bin
./usr/bin/sockstat base-util-bin
./usr/bin/sort base-util-bin
./usr/bin/spell base-util-bin
./usr/bin/split base-util-bin
./usr/bin/sqlite3 base-util-bin
-./usr/bin/ssh base-secsh-bin crypto
-./usr/bin/ssh-add base-secsh-bin crypto
-./usr/bin/ssh-agent base-secsh-bin crypto
-./usr/bin/ssh-keygen base-secsh-bin crypto
-./usr/bin/ssh-keyscan base-secsh-bin crypto
+./usr/bin/ssh base-secsh-bin
+./usr/bin/ssh-add base-secsh-bin
+./usr/bin/ssh-agent base-secsh-bin
+./usr/bin/ssh-keygen base-secsh-bin
+./usr/bin/ssh-keyscan base-secsh-bin
./usr/bin/stat base-util-bin
./usr/bin/string2key base-krb5-bin kerberos
./usr/bin/su base-util-bin
@@ -965,7 +965,7 @@
./usr/bin/tty base-util-bin
./usr/bin/ul base-util-bin
./usr/bin/uname base-util-bin
-./usr/bin/unbound-host base-netutil-bin crypto,unbound
+./usr/bin/unbound-host base-netutil-bin unbound
./usr/bin/uncompress base-util-bin
./usr/bin/unexpand base-util-bin
./usr/bin/uniq base-util-bin
@@ -1508,7 +1508,7 @@
./usr/libexec/postfix/postfix-script base-postfix-bin postfix
./usr/libexec/postfix/postfix-wrapper base-postfix-bin postfix
./usr/libexec/postfix/postmulti-script base-postfix-bin postfix
-./usr/libexec/postfix/postscreen base-postfix-bin postfix,crypto
+./usr/libexec/postfix/postscreen base-postfix-bin postfix
./usr/libexec/postfix/proxymap base-postfix-bin postfix
./usr/libexec/postfix/qmgr base-postfix-bin postfix
./usr/libexec/postfix/qmqpd base-obsolete obsolete
@@ -1518,8 +1518,8 @@
./usr/libexec/postfix/smtp base-postfix-bin postfix
./usr/libexec/postfix/smtpd base-postfix-bin postfix
./usr/libexec/postfix/spawn base-postfix-bin postfix
-./usr/libexec/postfix/tlsmgr base-postfix-bin postfix,crypto
-./usr/libexec/postfix/tlsproxy base-postfix-bin postfix,crypto
+./usr/libexec/postfix/tlsmgr base-postfix-bin postfix
+./usr/libexec/postfix/tlsproxy base-postfix-bin postfix
./usr/libexec/postfix/trivial-rewrite base-postfix-bin postfix
./usr/libexec/postfix/verify base-postfix-bin postfix
./usr/libexec/postfix/virtual base-postfix-bin postfix
@@ -1534,15 +1534,15 @@
./usr/libexec/rshd base-netutil-bin
./usr/libexec/sendmail base-obsolete obsolete
./usr/libexec/sendmail/sendmail base-obsolete obsolete
-./usr/libexec/sftp-server base-secsh-bin crypto
+./usr/libexec/sftp-server base-secsh-bin
./usr/libexec/sm.bin base-obsolete obsolete
./usr/libexec/smrsh base-obsolete obsolete
./usr/libexec/spamd base-obsolete obsolete
./usr/libexec/spamd-setup base-obsolete obsolete
./usr/libexec/spamlogd base-obsolete obsolete
./usr/libexec/spellprog base-util-bin
-./usr/libexec/ssh-keysign base-secsh-bin crypto
-./usr/libexec/ssh-pkcs11-helper base-secsh-bin crypto
+./usr/libexec/ssh-keysign base-secsh-bin
+./usr/libexec/ssh-pkcs11-helper base-secsh-bin
./usr/libexec/telnetd base-netutil-bin
./usr/libexec/tftp-proxy base-pf-bin pf
./usr/libexec/tftpd base-netutil-bin
@@ -1597,7 +1597,7 @@
./usr/sbin/amd base-amd-bin
./usr/sbin/amq base-amd-bin
./usr/sbin/arp base-netutil-bin
-./usr/sbin/audit-packages base-pkgutil-bin crypto
+./usr/sbin/audit-packages base-pkgutil-bin
./usr/sbin/authpf base-pf-bin pf
./usr/sbin/bootpd base-bootserver-bin
./usr/sbin/bootpef base-bootserver-bin
@@ -1640,7 +1640,7 @@
./usr/sbin/dnssec-signkey base-obsolete obsolete
./usr/sbin/dnssec-signzone base-bind-bin
./usr/sbin/dnssec-verify base-bind-bin
-./usr/sbin/download-vulnerability-list base-pkgutil-bin crypto
+./usr/sbin/download-vulnerability-list base-pkgutil-bin
./usr/sbin/dtmfdecode base-isdn-bin
./usr/sbin/dtrace base-debug-bin dtrace
./usr/sbin/dumpfs base-sysutil-bin
@@ -1808,11 +1808,11 @@
./usr/sbin/pim6dd base-obsolete obsolete
./usr/sbin/pim6sd base-obsolete obsolete
./usr/sbin/pim6stat base-obsolete obsolete
Home |
Main Index |
Thread Index |
Old Index