From owner-svn-src-head@freebsd.org  Fri Aug 17 16:01:57 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0B56010738AD;
 Fri, 17 Aug 2018 16:01:57 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from mail.baldwin.cx (bigwig.baldwin.cx [96.47.65.170])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A5A9C85105;
 Fri, 17 Aug 2018 16:01:55 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from dhcp-10-248-112-19.eduroam.wireless.private.cam.ac.uk
 (global-5-143.nat-2.net.cam.ac.uk [131.111.5.143])
 by mail.baldwin.cx (Postfix) with ESMTPSA id 7984B10AFCD;
 Fri, 17 Aug 2018 12:01:48 -0400 (EDT)
Subject: Re: svn commit: r337944 - head/sys/arm/conf
To: Ian Lepore <ian@freebsd.org>, Conrad Meyer <cem@FreeBSD.org>,
 src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
References: <201808170104.w7H142P8048034@repo.freebsd.org>
 <1534517617.27158.11.camel@freebsd.org>
From: John Baldwin <jhb@FreeBSD.org>
Message-ID: <3cc50b11-5670-9cc1-fcf8-840e407995b4@FreeBSD.org>
Date: Fri, 17 Aug 2018 17:01:47 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <1534517617.27158.11.camel@freebsd.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3
 (mail.baldwin.cx); Fri, 17 Aug 2018 12:01:49 -0400 (EDT)
X-Virus-Scanned: clamav-milter 0.99.2 at mail.baldwin.cx
X-Virus-Status: Clean
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2018 16:01:57 -0000

On 8/17/18 3:53 PM, Ian Lepore wrote:
> On Fri, 2018-08-17 at 01:04 +0000, Conrad Meyer wrote:
>> Author: cem
>> Date: Fri Aug 17 01:04:02 2018
>> New Revision: 337944
>> URL: https://svnweb.freebsd.org/changeset/base/337944
>>
>> Log:
>>   arm: Define crypto option on platforms that include IPsec
>>   
>>   Missed in r337940.
>>   
>>   (It's not like there are any crypto files IPsec doesn't pull in, so it is
>>   unclear what not defining the crypto option was supposed to achieve.)
>>   
>>   Reported by:	np@
>>
>> Modified:
>>   head/sys/arm/conf/std.armv6
>>   head/sys/arm/conf/std.armv7
>>
>> Modified: head/sys/arm/conf/std.armv6
>> ==============================================================================
>> --- head/sys/arm/conf/std.armv6	Fri Aug 17 01:03:23 2018	(r337943)
>> +++ head/sys/arm/conf/std.armv6	Fri Aug 17 01:04:02 2018	(r337944)
>> @@ -9,6 +9,7 @@ options 	VIMAGE			# Subsystem virtualization, e.g. VNE
>>  options 	INET			# InterNETworking
>>  options 	INET6			# IPv6 communications protocols
>>  options 	TCP_HHOOK		# hhook(9) framework for TCP
>> +device		crypto			# IPSec && !crypto is nonsensical
>>  options 	IPSEC			# IP (v4/v6) security
>>  options 	SCTP			# Stream Control Transmission Protocol
>>  options 	FFS			# Berkeley Fast Filesystem
>>
>> Modified: head/sys/arm/conf/std.armv7
>> ==============================================================================
>> --- head/sys/arm/conf/std.armv7	Fri Aug 17 01:03:23 2018	(r337943)
>> +++ head/sys/arm/conf/std.armv7	Fri Aug 17 01:04:02 2018	(r337944)
>> @@ -9,6 +9,7 @@ options 	VIMAGE			# Subsystem virtualization, e.g. VNE
>>  options 	INET			# InterNETworking
>>  options 	INET6			# IPv6 communications protocols
>>  options 	TCP_HHOOK		# hhook(9) framework for TCP
>> +device		crypto			# IPSec && !crypto is nonsensical
>>  options 	IPSEC			# IP (v4/v6) security
>>  options 	SCTP			# Stream Control Transmission Protocol
>>  options 	FFS			# Berkeley Fast Filesystem
>>
> 
> What problem were you trying to solve with this change? Aside from
> putting a device statement into a file that, by design, only contains
> options, and besides adding it with a snarky comment rather than the
> canononical comment associated with that device from sys/conf/NOTES, I
> can't see offhand how this changes anything. Virtually everything that
> is dependent on the crypto device is actually specified as crypto |
> ipsec | ipsec_support, which seems like the correct way to implement
> "option IPSEC implies device crypto".

In other kernel config files we include crypto explicitly, but with a
less snarky comment (and in the device section), e.g. amd64's GENERIC:

# The crypto framework is required by IPSEC
device		crypto			# Required by IPSEC

That said, I think it would be better to instead move this up into the
existing list of pseudo devices that includes 'device ether', etc.

I've put a strawman up at https://reviews.freebsd.org/D16775

-- 
John Baldwin