Hal Murray <hmur...@megapathdsl.net>:
> Eric: Please please please send a message to devel when you make a change
> like this.
Sorry, I occasionally forget that you don't watch #ntpsec.
In case you haven't looked at the commit log - and for those of you on
devel who missed this - there's good reason I yanked libsodium out of the
tree. I worried about a scenario where a CVE is issued against it, an update
ships - and NTPsec users don't get the benefit and have no idea they're
still vulnerable.
In general it's a really bad idea to carry *anything* security-related in-tree
if we have the option not to, for that exact reason. Yes, the process could
fail - say, minor distributions could fail to update libsodium as rapidly as
they should. But in the absence of perfect countermeasures, I choose the one
with the least risk of making *NTPsec* look like incompetents...
> waf errors out when it can't find sodium.h even if you haven't configured
> with --enable-crypto
That is correct behavior. The code uses ntp_random() - which calls libsodium -
to fuzz the low-order bits of the clock.
> NetBSD puts sodium.h in /usr/pkg/include/
> FreeBSD puts it in /usr/local/include/
> (In case it isn't obvious, waf doesn't look there.)
I added includes=ctx.env.PLATFORM_INCLUDES as an argument to the header check.
In theory that ought to fix this.
> Fedora needs libsodium-devel to build
Updated, thanks.
> INSTALL says:
> Debian: libsodium
>
> apt-get install on my debian box says:
> E: Unable to locate package libsodium
Running Wheezy, I take it?
> INSTALL says:
> CentOS: libsodium in the epel ("Extra Packages for Enterprise Linux") repo.
> Ubuntu 14.04 LTS: and older: https://gist.github.com/jonathanpmartins/2510f
> 38abee1e65c6d92
>
> I think we need a few more words and/or a URL with details. With that hint,
> I can probably figure it out if google cooperates.
I've already updated INSTALL once since the version you quoted, adding some
details. I think the thing I might try next is turning the instructions on
how to load prerequisites into a script that does the job.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
