lib/libc/rpc/auth_des.c
36	Probably want to expand on what level of backwards compatibility is provided - i.e., that an application will still load but all routines return failure.
41–42	can we trim the include lists?

improve the comment and trim some includes

This revision now requires review to proceed.May 22 2025, 5:15 PM

Harbormaster completed remote builds in B64360: Diff 155875.May 22 2025, 5:15 PM

ivy marked 2 inline comments as done.May 22 2025, 5:15 PM

emaste accepted this revision.May 22 2025, 5:18 PM

This revision is now accepted and ready to land.May 22 2025, 5:18 PM

I'm not convinced this is the right way to go about it. It will still be possible to compile binaries which use these interfaces, and existing binaries which will continue to run but cease to function, which violates the spirit of library versioning. What you should do instead is leave the functions untouched, but remove their prototypes from the header files and their names from the symbol map, and use __sym_compat() to provide compatibility symbols. See for instance rG7381dcc9eeb7 which deprecated gets(). This will allow FreeBSD 14 binaries which use these interfaces to continue working on a FreeBSD 15 system, but prevent compiling new binaries which rely on them.

This revision now requires changes to proceed.May 23 2025, 5:53 PM

that will require an exp-run before landing then, right?

des mentioned this in D50444: rpc_secure.3: remove documentation for auth_des.May 23 2025, 8:33 PM

In D50442#1152483, @ivy wrote:

that will require an exp-run before landing then, right?

I'm not sure that's necessary. You can ask portmgr to grep for authdes_create and key_setsecret in distfiles, then look at the affected ports if and only if they get any hits.

des mentioned this in D50453: libc/rpc: remove keyserv(8) private symbols.May 23 2025, 8:42 PM

des mentioned this in D50454: UPDATING: document keyserv(8) removal.

des mentioned this in D50452: RELNOTES: document keyserv removal.

In D50442#1152462, @des wrote:

I'm not convinced this is the right way to go about it. It will still be possible to compile binaries which use these interfaces, and existing binaries which will continue to run but cease to function, which violates the spirit of library versioning.

i agree about removing these symbols' visibility for new programs, but i'm not sure keeping the existing implementation makes sense. these functions rely on keyserv(8), which was already removed, so nothing that uses this API will work on FreeBSD 15.0; the only difference is we'll take longer to report an error.

so does it make sense to use the stub versions i've provided, but also fix the visbility issue?

In D50442#1172977, @ivy wrote:

so does it make sense to use the stub versions i've provided, but also fix the visbility issue?

Uh, you're probably right.

Should these functions set errno before returning?

Should these functions set errno before returning?

It looks like they didn't before, so consumers are presumably just checking for NULL and we shouldn't set errno.

ivy retitled this revision from libc: remove Secure RPC DES authentication to Remove Secure RPC DES authentication.Jul 27 2025, 4:05 PM

this turned out to be a bit of a rabbit hole.

firstly, i merged D50444 and D50453 into this diff.

i've removed a few more DES symbols that don't work without keyserv. all the
removed symbols now have __sym_compat aliases.

i've entirely removed usr.sbin/ypupdated because it requires DES authentication.

i'll add UPDATING and RELNOTES entries and bump Dd once this is ready to land.

Herald added a subscriber: ziaee. · View Herald TranscriptJul 27 2025, 4:08 PM

Harbormaster completed remote builds in B65773: Diff 159234.Jul 27 2025, 4:08 PM

emaste accepted this revision.Jul 28 2025, 6:30 PM

emaste added inline comments.

lib/libc/rpc/svc_auth_des.c
65	I guess this is the most appropriate, `Failed (unspecified error)`

des accepted this revision.Aug 8 2025, 5:27 PM

des added inline comments.

lib/libc/rpc/rpc_soc.c
383	This can be static now, unless it's called by this name from elsewhere within librpc.
lib/libc/rpc/svc_auth_des.c
63	again, this can be static
77	this can be static