# This is the ratified crypt USE flag, enables IPSEC & USAGI if [ -z "`use crypt`" ]; then einfo "No Cryptographic support, dropping patches..." for file in 6* 7* 8* ;do einfo "Dropping ${file}..." rm -f ${file} done else einfo "Cryptographic support enabled..." fi With that and the current patch-set... The following would be deleted if crypt isn't set in USE: 600_usagi-stable_20030214 7*_iptables-* 800_loop-jari-2.4.20 801_super-freeswan-1.99-kb3 NOT the expected behavior. Reproducible: Always Steps to Reproduce: 1. 2. 3.
With the mix of USAGI, IPsec & update pom, the dropping of this is neccessary to avoid patch issues. Therefore, I have uploaded a new ebuild (should be available shortly) that will ensure none of the "crypt" patches will be dropped. If you do not need them, just do not enable in your .config Jay
NO. They MUST only be patched if USE="crypt", because of legal issues involved in the cryptography patches. Users MAY or MAY NOT be breaking import export laws governing cryptography by enabling USE="crypt" or something. That is why it must NOT be a default patch.
Unless I'm horribly mistaken about something.
I think what pfiefer was reffering to was if you drop usagi, the iptables patches won't apply cleanly. It will be more work to maintain 2 patch-sets for iptables (etc), one for use with USE='crypt' and one for use with USE='-crypt' Is that too much work to ask? I can understand if ye say yes, but it would, IMHO, be better than dropping iptables entirely.
the dropping of crypt patches has been re-added until i can get further clarification. so, the missing iptables patches will have to be until i get everything put together. and yes Paul, you are correct. Jay
just a note on breaking crypto laws: dropping the patches or keeping the patches is irrelevant at the point where the ebuild drops the patches. since the end-user has already downloaded the code and has it on his or her pc. the source file they downloaded still contains the crypto code regardless of whether we drop it. more on this later.
if [ -z "`use crypt`" ]; then SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 mirror://gentoo/patches-nocrypt-${KV}.tar.bz2" else SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 mirror://gentoo/patches-crypt-${KV}.tar.bz2" fi
NO. can't use bash ifs in any of the ebuild variable definitions. we could do it with portage ifs, but that would require maintaining two separate patchsets... I leave whether he wants to do that up to pfeifer.