Commit Graph

401 Commits

Author SHA1 Message Date
Ruslan Ermilov
640e686c42 Added two utility targets "secure" and "insecure", analogous to
"kerberize" and "dekerberize" in kerberos5/Makefile.  These can
be used to recompile bits with optional crypto support with and
without crypto, respectively.

Reviewed by:	markm
2004-01-18 07:44:53 +00:00
Ruslan Ermilov
90165ba56f Once upon a time we had both "crypto" and "krb5" distributions,
and rebuilt some bits with crypto but without Kerberos support
(most notably SSH) during "make release", to put them into the
"crypto" distribution.

Now that we don't ship the separate "krb5" distribution anymore
(it's now part of the "crypto" distribuion), don't waste time
recompiling SSH bits without crypto and without Kerberos support
in an attempt to put them in the "base" distribution -- it just
doesn't work as SSH always uses crypto code.

We avoid this by not rebuilding KPROGS from kerberos5/Makefile in
release/Makefile and adding "libpam" to SPROGS in secure/Makefile
to ensure it's still rebuilt without crypto support for the "base"
distribution.  (Disabling crypto (NOCRYPT) also disables building
of Kerberos-related PAM modules, and it's OK to depend on this.)

This should be a no-op change saving some "make release" time.
2004-01-17 19:22:36 +00:00
Ruslan Ermilov
d82881651b - Properly build both crypto and non-crypto versions of the
package management tools.

- Drop redundant dependency of pkg_create(1) and pkg_delete(1)
  on crypto libraries now that they do not link with libfetch.
2004-01-17 13:41:16 +00:00
Ruslan Ermilov
0ad21c4f14 Removed well outdated comment. 2004-01-17 03:12:46 +00:00
Ruslan Ermilov
9387ab35e7 Cosmetics: rearrange the dependency list to match that of ssh and sshd.
Reviewed by:	des
2004-01-08 11:41:02 +00:00
Ruslan Ermilov
e1542a4058 Fixed static linkage.
Reviewed by:	des
2004-01-08 11:40:19 +00:00
Dag-Erling Smørgrav
e7ffa415e8 Use += instead of = with DPADD / LDADD. 2004-01-08 09:50:56 +00:00
Dag-Erling Smørgrav
9f80be8e3d Enable GSSAPI support. [1]
Also remove some duplicates from ssh's SRCS.

Submitted by:	[1] Björn Grönvall <bg@sics.se>
2004-01-08 09:05:24 +00:00
Dag-Erling Smørgrav
3b7f13a03b Previous commit erroneously listed some sources with .o suffixes. 2004-01-07 11:59:52 +00:00
Dag-Erling Smørgrav
a04e3d6c30 Update Makefiles for OpenSSH 3.7.1p2. 2004-01-07 11:17:23 +00:00
Gordon Tetlow
c45db69312 Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by:	des
2003-08-19 07:45:03 +00:00
Gordon Tetlow
41d8423f71 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
Mark Murray
4afa371832 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
Ruslan Ermilov
55c90a95a4 Fixed "make checkdpadd".
OK'ed by:	markm
2003-07-02 23:38:42 +00:00
Mark Murray
8027fe397a Fix for the NO_OPENSSL case.
Reported by:	Marius Strobl <marius@alchemy.franken.de>
2003-06-08 08:24:07 +00:00
Mark Murray
75e936f168 Drop this MAINTAINER bit. I'll reclaim an "Advisory Maintainership"
for this area later.
2003-06-04 16:10:20 +00:00
Mark Murray
485721b25e I'm now happy that this is no longer needed. Libcrypto has
all its functionality, and all its consumers have been converted.
2003-06-04 15:26:34 +00:00
Mark Murray
e4a3b084f9 Disconnect libcipher from the build. It only does DES, and we already
have libcrypto to do that. Both consumers of this lib have been
converted to use libcrypto. (bin/ed and secure/usr.bin/bdes).
2003-06-02 20:03:32 +00:00
Mark Murray
c8fa8e25d7 Strip the private blowfish code down to only that which is
required to make crypt(3) blowfish "$2a$..." hashes. Lint and
warnsify.
2003-06-02 19:17:24 +00:00
Mark Murray
af91929794 Modernise. Use libcrypto instead of libcipher for DES. 2003-06-02 19:10:59 +00:00
David E. O'Brien
631a2b1ed8 Ugg, wrong version.
CSTD=gnu89, c89 wont do.
2003-06-01 23:39:16 +00:00
David E. O'Brien
90f6678b64 This isn't C99 clean. 2003-06-01 23:37:46 +00:00
Mark Murray
dbf104e68d Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
2003-05-05 07:58:44 +00:00
Mark Murray
59199aeb7e We no longer have a separate kerberos distribution. Its now just
part of the regular security dist.
2003-04-30 17:46:24 +00:00
Ruslan Ermilov
f7fa0cbd70 The including makefile's directory is tried first for .include "...". 2003-04-30 07:54:39 +00:00
Ruslan Ermilov
6402d39a2b Most things depend on !defined(NO_OPENSSL); make it look so. 2003-04-30 07:51:51 +00:00
Ruslan Ermilov
bce0c9275c NOSECURE is implied by NOCRYPT, meaning if the latter is defined
we won't be here.
2003-04-30 07:34:14 +00:00
Dag-Erling Smørgrav
581ff5e326 Remove Kerberos IV shims. 2003-04-23 17:26:01 +00:00
Dag-Erling Smørgrav
d8b043c8d4 Update for 3.6.1p1; also remove Kerberos IV shims. 2003-04-23 17:25:47 +00:00
Bruce Evans
d76abd2739 Silence `make -s' (echo -> ${ECHO}). 2003-04-13 14:13:28 +00:00
Ruslan Ermilov
6c4e523908 libtelnet depends on OpenSSL.
PR:	50507
2003-04-01 12:50:40 +00:00
Philippe Charnier
45ebb0c103 The .Nm utility 2003-03-24 16:09:07 +00:00
David E. O'Brien
a6c3fa5b5f Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f'
doesn't need to be prefixed with '-'.  Keep the pointy hat for myself
for not reading the code closely.
2003-03-11 17:19:37 +00:00
David E. O'Brien
167cec7565 Don't error out the build if removing a "stale" symlink fails.
Pointy hat for breaking my installworld:	nectar
2003-03-10 19:43:56 +00:00
Mike Makonnen
a5c21394e3 Fix mixed up arguments passed to a locally defined err(int, char *)
function.

Approved by:	markm (mentor)
Submitted by:	till toenges <tt@mail.isis.de>
PR:		bin/48963
2003-03-07 16:00:55 +00:00
Ruslan Ermilov
aa1cd79b7f Handle includes the normal way.
Reviewed by:	markm
Approved by:	nectar
2003-02-27 23:07:26 +00:00
Jacques Vidrine
b7d18f9a8a Regenerate man pages after import of OpenSSL 0.9.7a. 2003-02-19 23:30:52 +00:00
Jacques Vidrine
c819173716 LIBDIR/INCLUDEDIR do not include DESTDIR.
Reported by:	Andrzej Tobola <san@iem.pw.edu.pl>
2003-02-18 17:29:04 +00:00
Jacques Vidrine
ba5637c376 Follow-up to previous commit: we had a des.h symlink, too. Remove
that.
2003-02-18 16:07:33 +00:00
Jacques Vidrine
419b10b514 Previously, libcrypto contained symbols that were identical to EAY
libdes, and functionally close enough so that we created symlinks
(libdes -> libcrypto) to help older applications.  With the import of
OpenSSL 0.9.7, this is no longer true and we no longer install these
symlinks.  However, systems that are upgraded may have these symlinks,
which could cause non-obvious breakage at build-time.  Therefore, blow
any old symlinks away in the `afterinstall' target.
2003-02-18 14:23:11 +00:00
Jacques Vidrine
715430f81d Correct path for finding asm-generating files. 2003-02-14 12:25:00 +00:00
Jacques Vidrine
6042ca2e01 Install the OpenSSL man pages in /usr/share/openssl/man
and remove the WANT_OPENSSL_MANPAGES knob.
2003-02-10 19:57:56 +00:00
Jacques Vidrine
a097def45b Do not define OPENSSL_NO_KRB5 here in CFLAGS. It is handled in
opensslconf.h.

Reminded by:	reports from des, obrien
2003-02-09 14:59:56 +00:00
Jacques Vidrine
5654cc45c0 Re-add WANT_OPENSSL_MANPAGES knob.
Noticed by:	ru
2003-01-31 11:30:38 +00:00
Jacques Vidrine
4b2eaea43f Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
 interfaces that the former implemented but the latter did not.  Because
 some software in the base system still depended upon these interfaces,
 we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces.  There were basically two cases:

  des_new_random_key -- This is just a wrapper for des_random_key, and
     these calls were replaced.

  des_init_random_number_generator et. al. -- A few functions were used
     by the application to seed libdes's PRNG.  These are not necessary
     when using libcrypto, as OpenSSL internally seeds the PRNG from
     /dev/random.  These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch.  I do not expect there to be future imports of KTH Kerberos 4.
2003-01-29 18:14:29 +00:00
Jacques Vidrine
1db5309254 Re-add WANT_OPENSSL_MANPAGES knob. 2003-01-29 13:35:40 +00:00
Peter Wemm
0e46522662 Hopefully fix world for folks not compiling IDEA (the default).
NO_IDEA is now spelled OPENSSL_NO_IDEA.  Update the bmake glue accordingly
or the IDEA references are not stripped from <openssl/evp.h>
2003-01-29 02:19:15 +00:00
Jacques Vidrine
a01bf47081 Force OPENSSL_NO_KRB5. OpenSSL's current implementation of RFC 2712
can only be built with MIT Kerberos.

If we didn't define this here, then SSL-using applications would have
to define OPENSSL_NO_KRB5 themselves in order to build.
2003-01-29 01:06:15 +00:00
Mark Murray
ab643b4d66 Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.
2003-01-28 22:58:14 +00:00
Dag-Erling Smørgrav
2f34cbe564 ia64 and sparc64 both have libc_r now. 2003-01-09 08:36:05 +00:00