by different implementations depending if we are a server or a client. While
the clients we compile in, provide that symbol, it is getting hidden by
crunchhide, so we provide it again. It would have been a lot simpler to
use a function pointer instead in the library...
were dealing with DBG (-d) LDSTATIC/NOPIE (-p), and the rest with
disabling/enabling sanitizers.
2. Use emalloc/estrdup for all the allocators instead of only some cases.
3. Add -V varspec which passes variables on the command line (as DBG
and LDSTATIC used to be passed before) instead of appending them
to the on-the-fly Makefile using -v varspec.
4. Change the distrib and rescue Makefiles to use -V instead of the removed
flags.
The motivation of this is to make variable handling consistent, less magical,
and remove the need for changing crunchgen each time we want to add disabling
an option by default.
(as proposed in tech-toolchain)
- ldconfig in netbsd refers to a.out binaries only. We've been ELF-only
since NetBSD 2.0 or so, and having it in /rescue served little purpose
even before that, as /rescue is standalone.
- Using MI obsolete to avoid the need for MD set lists where ldconfig
is the sole entry
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
ramdisks and prefer disklabel elsewhere.
Based on discussion on affected port lists (port-sparc port-sparc64
port-sun3 port-sun2 port-atari port-mvme68k).
All listed ports plus amd64 test built after change
* Implement liboverride.o to provide overrides of various libc functions.
For now, compile a special version of rcmd(3) (et al) which uses
/rescue/rcmd and /rescue/sh instead of the /bin variants.
Other overrides may appear in the future.
Should fix [bin/21670] from Geoff Wing.
on those, no fix has been forthcoming, and users are getting antsy.
This allows "make build" to complete; "make release" will still fail in the
sets generation. Maybe *that* will inspire a MIPS/toolchain guru to fix
crunchgen(1)...
