[zeromq-dev] Defaulting to tweetnacl?

Jim Garlick garlick at llnl.gov
Wed Mar 2 17:41:02 CET 2016


Actually, I was concerned about the autotools build, but I just
verified libzmq master ec6209 lets you know if libsodium is
requested but not available:

  ./configure --with-libsodium
  checking for sodium... no
  configure: error: libsodium is not installed. Install it

Good!  Even better would be if configure with no security options
failed and told you to select either --with-libsodium or
--with-builtin-tweetnacl.

Jim

On Wed, Mar 02, 2016 at 04:57:42PM +0100, frank wrote:
> Hi,
> 
> :)
> 
> I could try/start at least, could you point me to a good place in the wiki?
> This place http://secure-web.cisco.com/1CanCltB3nWe3WDCbV65LLeGo2mcdyMUNGXWI8zRZuUeEo0lZF-bdTr6V-m-qcgaOiPNyUo7lLHGuw1nzaWRHGUZnmGgDX-lXlebgAcNw5FW5fnqESXt2fMT-8SmFY0JN6QPFDCTOh-9jjA5bIHIVY20QFfOpzAk25YzHal8DQsp4X4UviA1d10e-PtXBZzINC7NTL9INI7jekAbgVAcMxF4_e3WA1ZemdczSdaeon1uUfKYlryCeqcLQ9jOMAWRY32X6KbQYa1wRVe4vXhs0CqXRUAjZMZ5SHypKofdxB115DIVew4B3VAKVllPqZFpysGcGusM8vjiCkN0JIcGNSBjHIYDiW9R63xC-9TVl2b5Yok3HhCYYaj86uoaKjTqZ/http%3A%2F%2Fzeromq.org%2Fbuild%3A_start looks promising?
> 
> Problematic for me is the section from the windows build description:
> 
> |cd libzmq\builds\msvc :: first time through, run configure.bat to copy
> property pages at correct locations :: it also configures according to
> presence of libsodium or not (use default tweetnacl) |  
> Which totally sounds like the thing Jim Garlick mentions below ("silently use this or that")
> So it is quite hard to document the behaviour if the approaches in the various build systems is not uniform.
> 
> I was referring to the "explictly enable feature" approach implemented in the cmake build 
> system at the time I last looked.... :(
> 
> kind regards
>   Frank
> 
> 
> 
> 
> On 03/02/2016 09:37 AM, Pieter Hintjens wrote:
> > Sounds good. Would you like to add a section on secure builds on the
> > wiki? We can point people to this from the download page.
> >
> > On Wed, Mar 2, 2016 at 9:03 AM, frank <soundart at gmx.net> wrote:
> >>
> >> On 03/01/2016 09:34 PM, Jim Garlick wrote:
> >>
> >> ...
> >>> It at least seems wrong to have libzmq silently use builtin tweetnacl
> >>> if libsodium is not found, as that might lead to people not getting
> >>> the robust build they intended. Jim
> >> Hi,
> >>
> >> For me this is the most important part. In the doc should be
> >>
> >> - an overview of the crypto options available
> >> - a mentioning of the tweetnacl default being used
> >>   - btw I think no auto detection and no auto-usage of libsodium was
> >> discussed. libsodium has to be activated by an explict switch like
> >> "--with-libsodium="
> >> - and a recommendation for binary distributions to use libsodium,
> >> because of the easier security updates for them
> >>
> >> In order to avoid surprises and get a "robust build"
> >>
> >> kind regards
> >>   Frank
> >>
> >>
> >>
> >> _______________________________________________
> >> zeromq-dev mailing list
> >> zeromq-dev at lists.zeromq.org
> >> http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev
> 
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://secure-web.cisco.com/1u3_gh1eq0oZ3weBb5CnfhOSgyAL-wyELcBi8_ARfRRBfu34iZCrbVXenVexauurt1qdiMKqBPZKMEDawHPwr09HMQ_oNcq0CIb4nstjFhsVZQal0wITdWkpb-EH8s1SECksFFkEbSqutYeRqVB5uevTrMHq2A3HGLTZIjpMesWPvXu64b7trN3fimB9xXSiqwYItNXsVXXkUhUPLwgi1uaJJgCKZXrIygyEiLRLM7419JkG9id4AqdbFTDtUuZQAQHHO_XVF3Tqe_av6k67RMjB523p4dnCiyxs_fJMF-pzmJYe8OvUEXXjhtiZUcVUZTzYBv1A2fx9lZuuTeRM8Ed5rtiIJ94_odLm76oDBdU0/http%3A%2F%2Flists.zeromq.org%2Fmailman%2Flistinfo%2Fzeromq-dev



More information about the zeromq-dev mailing list