Bug 279784

Summary: /sbin/setkey shouldn't be build if WITHOUT_IPSEC_SUPPORT= is set in src.conf
Product: Base System Reporter: Oviserv <freebsd>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed Works As Intended    
Severity: Affects Some People CC: zarychtam
Priority: ---    
Version: 14.1-STABLE   
Hardware: Any   
OS: Any   

Description Oviserv 2024-06-16 09:47:03 UTC 
When configuring a custom build of FreeBSD using the WITHOUT_IPSEC_SUPPORT= setting in src.conf, /sbin/setkey shouldn't be build as it is used for IPSEC configuration
Comment 1 Marek Zarychta 2024-06-16 14:09:23 UTC 
(In reply to Oviserv from comment #0)
Why do you imply so ?
Comment 2 Oviserv 2024-06-21 12:36:03 UTC 
From 'man setkey': setkey -- manually manipulate the IPsec SA/SP database

As setkey is used to manipulate IPsec key's it seems that there is no use for if IPsec isn't active on a server.
Comment 3 Marek Zarychta 2024-06-21 12:48:21 UTC 
FYI setkey(8) is also required to add TCP-MD5 key entries to SADB. Please compare TCP(4).
Comment 4 Oviserv 2024-06-21 12:57:17 UTC 
Thank you for the clarification. I think that this report can be closed