> Dennis Clarke wrote:
>> Here is the list of closed binaries for Sparc and i386/x86/AMD :
>>
>> http://www.blastwave.org/dclarke/OpenSolaris/i386-closed.list
>>
>> and
>>
>> http://www.blastwave.org/dclarke/OpenSolaris/sparc-closed.list
>>
>> So which ones are show stoppers ?
>
> I'd like to point out that all of the crypto modules aren't really
> closed the source code is there and you can compile them yourself.
ah .. very nice. Thank you.
> It
> is just that other parts of the system expect them to be signed
> (libpkcs11 - open, krltd - open) and will reject them if kcfd (closed)
> says they are not or they don't correctly verify.
oh .. that is no show stopper at all. Barely a cough in the audience.
> There is nothing stopping a distro builder from turn off that
> functionality, we just can't do it for the binary Solaris distro at this
> time (due to US export requirements).
okay .. these would be the same ones that confound the inclusion of 256bit
key length aes-256cbc ciphers and such. okay .. I understand.
> All the smartcard related stuff is closed because it is going to be
> replaced and we know that some of it is encumbered. It is being
> replaced with the MUSCLE stack that is used on many Linux distros and on
> MacOS X.
In my opinion ( just me ) I think the smartcard is very useful in the
SunRay world but I don't know where else. Possibly for embedded security
systems that monitor door entry and that sort of thing. I would think that
if I wanted to design a security system I would go with a UNIX and not a
Linux back end. For some obscure reason a lot of banks in Canada use
Windows NT as the back end to their bank machines.
.. but I digress.
> IKE is encumbered unfortunately but in theory someone could port Racoon
> to Solaris (it doesn't work OOTB so some effort is needed).
Not a show stopper.
Now then .. what is a show stopper? I know that I tried to get a commercial
grade software application running on SchilliX 0.5.2 and I ran into missing
libraries. Some may say this is a foolish endeavor at this stage but I felt
it would be a nice blog post for the one year birthday of the project to
show a commercial grade software application ( like Oracle ) running on a
distro.
The total library list required to make things run is this :
[ Taken from a build snv_35 machine ]
/lib/libadm.so.1
/lib/libaio.so.1
/lib/libc.so.1
/lib/libdl.so.1
/lib/libelf.so.1
/lib/libgen.so.1
/lib/libintl.so.1
/lib/libkstat.so.1
/lib/libm.so.1
/lib/libm.so.2
/lib/libmd5.so.1
/lib/libmp.so.2
/lib/libnsl.so.1
/lib/libpthread.so.1
/lib/librt.so.1
/lib/libscf.so.1
/lib/libsocket.so.1
/lib/libthread.so.1
/lib/libuutil.so.1
/lib/libw.so.1
/usr/lib/libC.so.5
/usr/lib/libCrun.so.1
/usr/lib/libdemangle.so.1
/usr/lib/libkvm.so.1
/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-480R/lib/libmd5_psr.so.1
I will need to fire up my SchilliX machine here and see what was stopping
me there. It has been a few weeks. At least one kernel module but also a
few key libraries. I think that /usr/lib/libC.so.5 was a real show
stopper.
--
Dennis Clarke
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
