The NetBSD Project

CVS log for src/etc/ssh/Makefile

[BACK] Up to [cvs.NetBSD.org] / src / etc / ssh

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.3.2.1: download - view: text, markup, annotated - select for diffs
Wed Feb 22 19:32:22 2023 UTC (21 months, 2 weeks ago) by martin
Branches: netbsd-8
CVS tags: netbsd-8-3-RELEASE
Diff to: previous 1.3: preferred, colored; next MAIN 1.4: preferred, colored
Changes since revision 1.3: +2 -1 lines
Pull up following revision(s) (requested by riastradh in ticket #1800):

	etc/ssh/Makefile: revision 1.4
	usr.bin/mail/Makefile: revision 1.41
	external/ibm-public/postfix/etc/Makefile: revision 1.2
	etc/bluetooth/Makefile: revision 1.6
	crypto/external/bsd/openssh/bin/Makefile: revision 1.5
	etc/root/Makefile: revision 1.5
	etc/iscsi/Makefile: revision 1.4

/root: Install .cshrc and .profile links with the same mode.

Previously we would:

1. Install /root/.cshrc and /root/.profile with mode FILESMODE=644 as
   requested in src/etc/root/Makefile and as echoed in
   /etc/mtree/special.
2. Create hard links at /.cshrc and /.profile through CONFIGLINKS.
3. Because LINKSMODE was unset and defaults to NOBINMODE=444, change
   the mode to 444.

This scenario is confusing, and mtree objects to it, which is bad for
warning fatigue in a security-relevant mechanism.  (There are also
several other files mtree objects to out of the box -- we should fix
those too.)

With this change we install the links with the same mode as the
original files, in agreement with the mtree.  The files, .cshrc and
.profile, are intended to be editable configuration files, so 644
makes sense while 444 makes no sense and gets in the way of editors
like vi.

Discussed on tech-userlevel:
https://mail-index.netbsd.org/tech-userlevel/2022/08/29/msg013498.html

etc: Fix permissions of various editable configuration files.

This way they match the mtree and make sense and don't cause editors
to ask to override read-only files when editing them.

Exception: Not sure /etc/bluetooth/protocols makes as much sense to
edit, but the mtree says 644, so if you want to change it, make sure
to change it in both places -- Makefile and mtree.

/etc/ssh: Install ssh_known_hosts with mode 644.
Makes it agree with the mtree and more convenient for admin to edit.

Revision 1.3.12.1: download - view: text, markup, annotated - select for diffs
Wed Feb 22 19:30:50 2023 UTC (21 months, 2 weeks ago) by martin
Branches: netbsd-9
CVS tags: netbsd-9-4-RELEASE
Diff to: previous 1.3: preferred, colored; next MAIN 1.4: preferred, colored
Changes since revision 1.3: +2 -1 lines
Pull up following revision(s) (requested by riastradh in ticket #1604):

	etc/ssh/Makefile: revision 1.4
	usr.bin/mail/Makefile: revision 1.41
	external/ibm-public/postfix/etc/Makefile: revision 1.2
	etc/bluetooth/Makefile: revision 1.6
	crypto/external/bsd/openssh/bin/Makefile: revision 1.5
	etc/root/Makefile: revision 1.5
	etc/iscsi/Makefile: revision 1.4

/root: Install .cshrc and .profile links with the same mode.

Previously we would:

1. Install /root/.cshrc and /root/.profile with mode FILESMODE=644 as
   requested in src/etc/root/Makefile and as echoed in
   /etc/mtree/special.
2. Create hard links at /.cshrc and /.profile through CONFIGLINKS.
3. Because LINKSMODE was unset and defaults to NOBINMODE=444, change
   the mode to 444.

This scenario is confusing, and mtree objects to it, which is bad for
warning fatigue in a security-relevant mechanism.  (There are also
several other files mtree objects to out of the box -- we should fix
those too.)

With this change we install the links with the same mode as the
original files, in agreement with the mtree.  The files, .cshrc and
.profile, are intended to be editable configuration files, so 644
makes sense while 444 makes no sense and gets in the way of editors
like vi.

Discussed on tech-userlevel:
https://mail-index.netbsd.org/tech-userlevel/2022/08/29/msg013498.html

etc: Fix permissions of various editable configuration files.

This way they match the mtree and make sense and don't cause editors
to ask to override read-only files when editing them.

Exception: Not sure /etc/bluetooth/protocols makes as much sense to
edit, but the mtree says 644, so if you want to change it, make sure
to change it in both places -- Makefile and mtree.

/etc/ssh: Install ssh_known_hosts with mode 644.
Makes it agree with the mtree and more convenient for admin to edit.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Tue Aug 30 22:36:48 2022 UTC (2 years, 3 months ago) by riastradh
Branches: MAIN
CVS tags: perseant-exfatfs-base-20240630, perseant-exfatfs-base, perseant-exfatfs, netbsd-10-base, netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, HEAD
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -1 lines
/etc/ssh: Install ssh_known_hosts with mode 644.

Makes it agree with the mtree and more convenient for admin to edit.

XXX pullup-8
XXX pullup-9

Revision 1.3: download - view: text, markup, annotated - select for diffs
Sun May 21 15:28:38 2017 UTC (7 years, 6 months ago) by riastradh
Branches: MAIN
CVS tags: phil-wifi-base, phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, phil-wifi-20190609, phil-wifi, pgoyette-compat-merge-20190127, pgoyette-compat-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, pgoyette-compat, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-9-base, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-8-base, netbsd-8-2-RELEASE, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1, matt-nb8-mediatek-base, matt-nb8-mediatek, is-mlppp-base, is-mlppp, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Branch point for: netbsd-9, netbsd-8
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +1 -5 lines
Remove MKCRYPTO option.

Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Mon Jun 26 19:50:57 2006 UTC (18 years, 5 months ago) by mrg
Branches: MAIN
CVS tags: yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, yamt-pagecache-tag8, yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, yamt-pagecache, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-revivesa, wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, tls-maxphys-base, tls-maxphys, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, mjf-devfs2-base2, mjf-devfs2-base, mjf-devfs2, mjf-devfs-base, mjf-devfs, matt-premerge-20091211, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-premerge-20101231, matt-mips64-base2, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, matt-armv6-nbase, matt-armv6-base, matt-armv6, localcount-20160914, khorben-n900, keiichi-mipv6-base, keiichi-mipv6, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, cube-autoconf-base, cube-autoconf, cherry-xenmp-base, cherry-xenmp, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, agc-symver-base, agc-symver, abandoned-netbsd-4-base, abandoned-netbsd-4
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +7 -1 lines
don't install crypto files with MKCRYPTO=no.  with these changes, a
MKCRYPTO=no build completes.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sun May 16 09:53:10 2004 UTC (20 years, 7 months ago) by lukem
Branches: MAIN
CVS tags: netbsd-3-base, netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-1, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE, netbsd-3-0, netbsd-3
Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.

XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>