Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
This is a copy of t_hello from usr.bin/cc.
Added tests:
- hello
- hello_pic
- hello_pie
- hello32
These tests do not use c++ runtime library functions.
Protect these tests with MKCXX.
- Check if setkey correctly handles algorithms for AH/ESP
- Check IPsec of transport mode with AH/ESP over IPv4/IPv6
- Check IPsec of tunnel mode with AH/ESP over IPv4/IPv6
The tests/kernel/arch directory has been removed. The t_ptrace files have
been merged and moved to tests/lib/libc/sys.
Sponsored by <The NetBSD Foundation>
is complete, so that scripts invoked from powerd don't think that they
are still invoked by the rc system and fail.
Reported by rudolf @ tech-userlevel
Reviewed by enami@. Tested by Naruaki Etomi and me.
A 68k LUNA with this driver will be demonstrated at AsiaBSDCon NetBSD booth
by Etomi-san, with LUNA-88K2 running OpenBSD/luna88k by Kenji Aoyama.
Add a test program for the bug described in this PR.
This is the first pkill/pgrep/prenice test (more would be good!)
This test has been confirmed to work once the bug described in the PR
has been fixed, so the test is not marked "expected to fail" even
though initially that is what should happen.
Note: the test cana also fail if the system running the tests happens
to be running processes with names that match the patterns searched for
by the test, other than the test program itself. This is expected to be
unlikely.
do ship carp(4).
Restore the pfsync entry that was added with 1.20, then wiped out by
the 1.21 import. Please merge any wholesale imports properly.
Remove http://www.sethwklein.net/projects/iana-etc/ which 404s.
Should fix PR bin/51568
Add missing SIGTRAP handler. Assert there that the signal is SIGTRAP as
expected and si_code TRAP_TRACE.
This test will break on some ports that have dummy or incomplete
implementation of exect(2).
This test works on amd64 correctly.
Sponsored by <The NetBSD Foundation>
Rename
- tests/kernel/t_ptrace_amd64_wait.c
to
- tests/kernel/arch/amd64/t_ptrace_wait.c
and adapt appropriate files accordingly.
New directory will be used for more amd64-specific tests, verifying the
MD parts of the kernel.
Remove old entries from distrib/sets/lists as they were added a while ago.
Sponsored by <The NetBSD Foundation>
(reported by rhialto@falu.nl) Don't fail to start if it doesn't.
Make sure the directory for the config file exists inside the chroot before
attempting to copy into it ("confdir" was calculated, but never used...)
While here, fix getopts usage (obviously only ever previously tested when
the -c arg was the first option...) and don't use test(1)'s -o operator
(especially not when one of the other args is an unknown string).
If -c is given (and we will chroot), require filename to be full path.
Misc minor style cleanups.
At the moment this test does nothing except reports failure from td_open()
for overloaded (implemented) dummy1_proc_lookup() (.proc_lookup from
td_proc_callbacks_t) of the following form:
static int
dummy1_proc_lookup(void *arg, const char *sym, caddr_t *addr)
{
return TD_ERR_ERR;
}
This file and directory with tests is placeholder for new ones, without
further need to alter mtree and distribution sets.
The libpthread_dbg interface and library is used by gdb(1) to handle
threads in applications.
Sponsored by <The NetBSD Foundation>
rather than just ignoring the error.
Don't bother attempting to clear the contents of /var/run if /var/run
does not exist.
In that case the mkdir of /var/run/lvm would have failed - correct that
by using mkdir -p (which as a side effect will ensure /var/run exists
and is available for later scripts to use if for some reason it did not exist.)
tech-kern in messages with a Subject starting [Re:] /dev/sdN -> /dev/sdN[cd]
and in PR port-amd64/51216 :
Create bare (no letter suffix) device names (block & raw) that
refer to the raw device ('c' or 'd' partition as appropriate).
This commit was delayed waiting to see if there was to be any more
discussion - there wasn't a lot.
Caution: this is going to consume 2 more inodes per disc device
configured, everywhere that devices are configured using MAKEDEV
unless they change, and we want to rebuild based upon what inputs are
present, not when they were last touched.
this fixes update builds that switch options that change the dirlist
like MKX11 or MKCOMPAT, restoring a portion of rev 1.14.
note that some opertions like turning off MKX11=yes will also require
a fresh DESTDIR, in addition to this fix. there may be more issues
remaining, but i am now able to enable MKX11=yes successfully without
any other change.
riastradh