Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 23 Sep 2020 10:26:24 -0600
From: Ariadne Conill <ariadne@...eferenced.org>
To: musl@...ts.openwall.com, Jeffrey Walton <noloader@...il.com>
Subject: Re: Re: OS detection wrong on Alpine Linux 3.10

Hello,

On 2020-09-23 10:16, Jeffrey Walton wrote:
> On Wed, Sep 23, 2020 at 12:08 PM Rich Felker <dalias@...c.org> wrote:
>>
>> On Wed, Sep 23, 2020 at 09:13:16AM -0400, James Y Knight wrote:
>>>>
>>>>> All I need to know is what version of Musl I am dealing with and I can
>>>>> configure myself.
>>>>
>>>>    Are you willing to maintain an #ifdef forest for all the versions of
>>>> all the libcs and all the kernels your programs may be used with, so
>>>> you can list exhaustively the available features in every configuration?
>>>
>>> At the risk of jumping in on a question asked of someone else: yes,
>>> absolutely! (Not _all_ available features of course, just the ones
>>> required.)
>>>
>>> There are generally not that many nonstandard features you'd want to use in
>>> a typical program, and using an ifdef forest to implement an abstraction
>>> layer around those couple items is just fine.
>>
>> I can't know whether you're "willing", but you're definitely not
>> willing and able. "All the..." includes people's personal projects
>> (from scratch or patches to existing ones) that you will never see,
>> future systems that come into existence long past your involvement in
>> the project or even your lifetime, etc.
> 
> Unless something has changed recently, Botan, Crypto++ and OpenSSL are
> still being carried by most Linux distributions. OpenSSL is also
> regularly distributed as part of other OSes, like AIX, Android, BSDs,
> iOS, OS X and Solaris.
> 
> And unlike some other projects,[1] Botan, Crypto++ and OpenSSL
> actually work in practice on all the platforms without a configuration
> program that performs feature tests.

You are dead wrong on this topic.  OpenSSL actually goes the other way 
and performs absolutely wacky tests like "are we running on big-endian 
amd64."  Any cryptography library is going to have to perform feature 
tests (either at build time or run time) to determine whether features 
like hardware acceleration are possible.

> [1] the Rust compiler comes to mind here. It works on Linux x86_64,
> but it's hit or miss whether it works or not on other architectures
> like ARMv7, Aarch64 and PowerPC, even after an approved configuration
> program is run.

Cargo is capable of doing build-time configuration tests.  If a crate 
fails to properly run tests, it is not because the Rust ecosystem works 
as you believe it does.

Ariadne

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.