diff --git a/README.md b/README.md index fe9e26af..8c46036f 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ Issues are being tracked * Note: kernel versions between 5.8.8 and 6.0 might [have issues with parted](https://gitlab.com/postmarketOS/pmbootstrap/-/issues/2309). * Python 3.9+ +* For python3 <= 3.10: tomli * OpenSSL * git * ps diff --git a/docs/usage.rst b/docs/usage.rst index 8620ea01..b217905a 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -42,6 +42,7 @@ pmbootstrap requires the following: * Python 3.9+ + * For python3 <= 3.10: tomli * OpenSSL * git * ps diff --git a/pmb/config/__init__.py b/pmb/config/__init__.py index 9b432c59..a999f781 100644 --- a/pmb/config/__init__.py +++ b/pmb/config/__init__.py @@ -210,426 +210,6 @@ chroot_outdated = 3600 * 24 * 2 # for the first time build_packages = ["abuild", "build-base", "ccache", "git"] -# -# KCONFIG CHECK -# -# Implemented value types: -# - boolean (e.g. '"ANDROID_PARANOID_NETWORK": False'): -# - False: disabled -# - True: enabled, either as module or built-in -# - array (e.g. '"ANDROID_BINDER_DEVICES": ["binder", "hwbinder"]'): -# - each element of the array must be contained in the kernel config string, -# in any order. The example above would accept the following in the config: -# CONFIG_ANDROID_BINDER_DEVICES="hwbinder,vndbinder,binder" -# - string (e.g. '"LSM": "lockdown,yama,loadpin,safesetid,integrity"'): -# - the value in the kernel config must be the same as the given string. Use -# this e.g. if the order of the elements is important. - -# Necessary kernel config options -kconfig_options = { - ">=0.0.0": { # all versions - "all": { # all arches - "ANDROID_PARANOID_NETWORK": False, - "BLK_DEV_INITRD": True, - "CGROUPS": True, - "CRYPTO_AES": True, - "CRYPTO_XTS": True, - "DEVTMPFS": True, - "DM_CRYPT": True, - "INPUT_EVDEV": True, - "EXT4_FS": True, - "KINETO_GAN": False, - "PFT": False, - "SEC_RESTRICT_ROOTING": False, - "SYSVIPC": True, - "TMPFS_POSIX_ACL": True, - "USE_VFB": False, - "VT": True, - } - }, - ">=2.6.0": { - "all": { - "BINFMT_ELF": True, - }, - }, - ">=3.10.0": { - "all": { - "BINFMT_SCRIPT": True, - }, - }, - ">=4.0.0": { - "all": { - "UEVENT_HELPER": True, - "USER_NS": True, - }, - }, - "<4.7.0": { - "all": { - "DEVPTS_MULTIPLE_INSTANCES": True, - } - }, - "<4.14.0": { - "all": { - "SAMSUNG_TUI": False, - "TZDEV": False, - } - }, - "<5.2.0": {"armhf armv7 x86": {"LBDAF": True}}, -} - -# Necessary waydroid kernel config options (android app support) -kconfig_options_waydroid = { - ">=0.0.0": { # all versions - "all": { # all arches - "ANDROID_BINDERFS": False, - "ANDROID_BINDER_DEVICES": ["binder", "hwbinder", "vndbinder"], - "ANDROID_BINDER_IPC": True, - "ANDROID_BINDER_IPC_SELFTEST": False, - "BLK_DEV_LOOP": True, - "BPF_SYSCALL": True, - "BRIDGE": True, - "BRIDGE_VLAN_FILTERING": True, - "CGROUP_BPF": True, - "FUSE_FS": True, - "IP_NF_MANGLE": True, - "NETFILTER_XTABLES": True, - "NETFILTER_XT_MATCH_COMMENT": True, - "PSI": True, - "PSI_DEFAULT_DISABLED": False, - "SQUASHFS": True, - "SQUASHFS_XATTR": True, - "SQUASHFS_XZ": True, - "TMPFS_XATTR": True, - "TUN": True, - "VETH": True, - "VLAN_8021Q": True, # prerequisite for bridge - } - }, - ">=3.5": { - "all": { - "CROSS_MEMORY_ATTACH": True, - } - }, - ">=4.20.0": { - "all": { - "PSI": True, # required by userspace OOM killer - "PSI_DEFAULT_DISABLED": False, - } - }, - "<5.18": { # option has been dropped - "all": { - "ASHMEM": True, - } - }, -} - -# Necessary iwd kernel config options (inet wireless daemon) -# Obtained from 'grep ADD_MISSING src/main.c' in iwd.git -kconfig_options_iwd = { - ">=0.0.0": { # all versions - "all": { # all arches - "ASYMMETRIC_KEY_TYPE": True, - "ASYMMETRIC_PUBLIC_KEY_SUBTYPE": True, - "CRYPTO_AES": True, - "CRYPTO_CBC": True, - "CRYPTO_CMAC": True, - "CRYPTO_DES": True, - "CRYPTO_ECB": True, - "CRYPTO_HMAC": True, - "CRYPTO_MD5": True, - "CRYPTO_SHA1": True, - "CRYPTO_SHA256": True, - "CRYPTO_SHA512": True, - "CRYPTO_USER_API_HASH": True, - "CRYPTO_USER_API_SKCIPHER": True, - "KEYS": True, - "KEY_DH_OPERATIONS": True, - "PKCS7_MESSAGE_PARSER": True, - "PKCS8_PRIVATE_KEY_PARSER": True, - "X509_CERTIFICATE_PARSER": True, - "RFKILL": True, - }, - }, -} - -# Necessary nftables kernel config options (firewall) -kconfig_options_nftables = { - ">=3.13.0": { # nftables support introduced here - "all": { # all arches - "NETFILTER": True, - "NF_CONNTRACK": True, - "NF_TABLES": True, - "NF_TABLES_INET": True, - "NFT_CT": True, - "NFT_LOG": True, - "NFT_LIMIT": True, - "NFT_MASQ": True, - "NFT_NAT": True, - "NFT_REJECT": True, - "NF_TABLES_IPV4": True, - "NF_REJECT_IPV4": True, - "IP_NF_IPTABLES": True, - "IP_NF_FILTER": True, - "IP_NF_TARGET_REJECT": True, - "IP_NF_NAT": True, - "NF_TABLES_IPV6": True, - "NF_REJECT_IPV6": True, - "IP6_NF_IPTABLES": True, - "IP6_NF_FILTER": True, - "IP6_NF_TARGET_REJECT": True, - "IP6_NF_NAT": True, - } - }, - ">=3.13.0 <5.17": { # option has been dropped - "all": { # all arches - "NFT_COUNTER": True, - }, - }, -} - -# Necessary kernel config options for containers (lxc, Docker) -kconfig_options_containers = { - ">=0.0.0": { # all versions, more specifically - since >=2.5~2.6 - "all": { # all arches - "NAMESPACES": True, - "NET_NS": True, - "PID_NS": True, - "IPC_NS": True, - "UTS_NS": True, - "CGROUPS": True, - "CGROUP_CPUACCT": True, - "CGROUP_DEVICE": True, - "CGROUP_FREEZER": True, - "CGROUP_SCHED": True, - "CPUSETS": True, - "KEYS": True, - "VETH": True, - "BRIDGE": True, # (also needed for waydroid) - "BRIDGE_NETFILTER": True, - "IP_NF_FILTER": True, - "IP_NF_TARGET_MASQUERADE": True, - "NETFILTER_XT_MATCH_ADDRTYPE": True, - "NETFILTER_XT_MATCH_CONNTRACK": True, - "NETFILTER_XT_MATCH_IPVS": True, - "NETFILTER_XT_MARK": True, - "NETFILTER_XT_TARGET_CHECKSUM": True, # Needed for lxc - "IP_NF_NAT": True, - "NF_NAT": True, - "POSIX_MQUEUE": True, - "BLK_DEV_DM": True, # Storage Drivers - "DUMMY": True, # Network Drivers - # "USER_NS": True, # This is already in pmOS kconfig check - "BLK_CGROUP": True, # Optional section - "BLK_DEV_THROTTLING": True, # Optional section - "CGROUP_PERF": True, # Optional section - "NET_CLS_CGROUP": True, # Optional section - "FAIR_GROUP_SCHED": True, # Optional section - "IP_NF_TARGET_REDIRECT": True, # Optional section - "IP_VS": True, # Optional section - "IP_VS_NFCT": True, # Optional section - "IP_VS_PROTO_TCP": True, # Optional section - "IP_VS_PROTO_UDP": True, # Optional section - "IP_VS_RR": True, # Optional section - # "EXT4_FS": True, # This is already in pmOS kconfig check - "EXT4_FS_POSIX_ACL": True, # Optional section - "EXT4_FS_SECURITY": True, # Optional section - } - }, - ">=3.2": { - "all": { - "CFS_BANDWIDTH": True, # Optional section - } - }, - ">=3.3": { - "all": { # all arches - "CHECKPOINT_RESTORE": True, # Needed for lxc - } - }, - ">=3.6": { - "all": { # all arches - "MEMCG": True, - "DM_THIN_PROVISIONING": True, # Storage Drivers - "SWAP": True, - }, - "x86 x86_64": { # only for x86, x86_64 (and sparc64, ia64) - "HUGETLB_PAGE": True, - "CGROUP_HUGETLB": True, # Optional section - }, - }, - ">=3.6 <6.1_rc1": { # option has been dropped - "all": { - "MEMCG_SWAP": True, - } - }, - ">=3.7 <5.0": { - "all": { - "NF_NAT_IPV4": True, # Needed for lxc - "NF_NAT_IPV6": True, # Needed for lxc - }, - }, - ">=3.7": { - "all": { # all arches - "VXLAN": True, # Network Drivers - "IP6_NF_TARGET_MASQUERADE": True, # Needed for lxc - } - }, - ">=3.9": { - "all": { # all arches - "BRIDGE_VLAN_FILTERING": True, # Network Drivers (also for waydroid) - "MACVLAN": True, # Network Drivers - } - }, - ">=3.13": { - "all": { # needed for iptables-nft (used by docker,tailscale) - "NFT_COMPAT": True, - } - }, - ">=3.14": { - "all": { # all arches - "CGROUP_NET_PRIO": True, # Optional section - } - }, - ">=3.18": { - "all": { # all arches - "OVERLAY_FS": True, # Storage Drivers - } - }, - ">=3.19": { - "all": { # all arches - "IPVLAN": True, # Network Drivers - "SECCOMP": True, # Optional section - } - }, - ">=4.4": { - "all": { # all arches - "CGROUP_PIDS": True, # Optional section - } - }, -} - -# Necessary zram kernel config options (RAM disk with on-the-fly compression) -kconfig_options_zram = { - ">=3.14.0": { # zram support introduced here - "all": { # all arches - "ZRAM": True, - "ZSMALLOC": True, - "CRYPTO_LZ4": True, - "LZ4_COMPRESS": True, - "SWAP": True, - } - }, -} - -# Necessary netboot kernel config options -kconfig_options_netboot = { - ">=0.0.0": { # all versions - "all": { # all arches - "BLK_DEV_NBD": True, - } - }, -} - -# Necessary wireguard & wg-quick kernel config options -# From https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/wireguard-tools/wireguard-tools-1.0.20210914.ebuild?id=76aaa1eeb6f001baaa68e6946f917ebb091bbd9d -kconfig_options_wireguard = { - ">=5.6_rc1": { # all versions - "all": { # all arches - "WIREGUARD": True, - "IP_ADVANCED_ROUTER": True, - "IP_MULTIPLE_TABLES": True, - "IPV6_MULTIPLE_TABLES": True, - "NF_TABLES": True, - "NF_TABLES_IPV4": True, - "NF_TABLES_IPV6": True, - "NFT_CT": True, - "NFT_FIB": True, - "NFT_FIB_IPV4": True, - "NFT_FIB_IPV6": True, - "NF_CONNTRACK_MARK": True, - }, - }, -} - -# Necessary file system config options -kconfig_options_filesystems = { - ">=0.0.0": { # all versions - "all": { # all arches - "BTRFS_FS": True, - "EXFAT_FS": True, - "EXT4_FS": True, - "F2FS_FS": True, - }, - }, -} - -kconfig_options_usb_gadgets = { - ">=0.0.0": { # all versions - "all": { # all arches - # disable legacy gadgets - "USB_ETH": False, - "USB_FUNCTIONFS": False, - "USB_MASS_STORAGE": False, - "USB_G_SERIAL": False, - # enable configfs gadgets - "USB_CONFIGFS_NCM": True, # USB networking via NCM - "USB_CONFIGFS_RNDIS": True, # USB networking via RNDIS (legacy) - }, - }, -} - -# Various other kernel config options -kconfig_options_community = { - ">=0.0.0": { # all versions - "all": { # all arches - "BINFMT_MISC": True, # register binary formats - "CIFS": True, # mount SMB shares - "INPUT_UINPUT": True, # buffyboard - "LEDS_TRIGGER_PATTERN": True, # feedbackd - "LEDS_TRIGGER_TIMER": True, # hfd-service - "NETFILTER_XT_MATCH_STATISTIC": True, # kube-proxy - "NETFILTER_XT_MATCH_TCPMSS": True, # change MTU, e.g. for Wireguard - "NETFILTER_XT_TARGET_TCPMSS": True, # change MTU, e.g. for Wireguard - # TODO: Depends on SUSPEND which is not enabled for some devices - # "PM_WAKELOCKS": True, # Sxmo - "SND_USB_AUDIO": True, # USB audio devices - "UCLAMP_TASK": True, # Scheduler hints - "UCLAMP_TASK_GROUP": True, # Scheduler hints - "UHID": True, # e.g. Bluetooth input devices - "USB_STORAGE": True, # USB mass storage devices - "RT_GROUP_SCHED": False, # https://gitlab.com/postmarketOS/pmaports/-/issues/2652 - }, - }, -} - -# Necessary UEFI boot config options -kconfig_options_uefi = { - ">=0.0.0": { # all versions - "all": { # all arches - "EFI_STUB": True, - "EFI": True, - "DMI": True, - "EFI_ESRT": True, - "EFI_VARS_PSTORE": True, - "EFI_RUNTIME_WRAPPERS": True, - "VFAT_FS": True, - "NLS_ASCII": True, - }, - "x86_64": { - "EFI_MIXED": True, - }, - "aarch64 armv7": { - "EFI_GENERIC_STUB": True, - "EFI_PARAMS_FROM_FDT": True, - }, - }, - ">=6.1.0": { - "aarch64": { - # Required EFI booting compressed kernels on this arch - "EFI_ZBOOT": True, - }, - }, -} - # # PARSE # diff --git a/pmb/data/kconfigcheck.toml b/pmb/data/kconfigcheck.toml new file mode 100644 index 00000000..9e2cd779 --- /dev/null +++ b/pmb/data/kconfigcheck.toml @@ -0,0 +1,322 @@ +# +# DO NOT MODIFY +# +# This file is just a fallback in case there is no kconfigcheck.toml in the +# currently checked out branch of pmaports. The options here are the ones that +# were in pmbootstrap before we moved this to pmaports. Branches v24.06 and +# older therefore don't have this file. + +[aliases] +# Devices with options="pmb:kconfigcheck-community" in the device APKBUILD will +# check for the following categories. A CI check ensures that all devices in +# device/main and device/community dirs have this option. Devices in testing +# may also have "pmb:kconfigcheck-community", but it may be removed when +# modifying the required options and adjusting the devices in testing is too +# much effort. Device maintainers may fix it up afterwards and add it back. +community = [ + "category:default", + "category:community_various", + "category:containers", + "category:filesystems", + "category:iwd", + "category:netboot", + "category:nftables", + "category:usb_gadgets", + "category:waydroid", + "category:wireguard", + "category:zram", +] + +# Format for rule sections: +# ["category:"."".""] +# Implemented value types: +# - boolean (e.g. 'ANDROID_PARANOID_NETWORK = false'): +# - false: disabled +# - true: enabled, either as module or built-in +# - list (e.g. 'ANDROID_BINDER_DEVICES = ["binder", "hwbinder"]'): +# - each element of the array must be contained in the kernel config string, +# in any order. The example above would accept the following in the config: +# CONFIG_ANDROID_BINDER_DEVICES="hwbinder,vndbinder,binder" +# - string (e.g. 'LSM = "lockdown,yama,loadpin,safesetid,integrity"'): +# - the value in the kernel config must be the same as the given string. Use +# this e.g. if the order of the elements is important. + +# default: all devices must satisfy these +["category:default".">=0.0.0"."all"] +ANDROID_PARANOID_NETWORK = false +BLK_DEV_INITRD = true +CGROUPS = true +CRYPTO_AES = true +CRYPTO_XTS = true +DEVTMPFS = true +DM_CRYPT = true +INPUT_EVDEV = true +EXT4_FS = true +KINETO_GAN = false +PFT = false +SEC_RESTRICT_ROOTING = false +SYSVIPC = true +TMPFS_POSIX_ACL = true +USE_VFB = false +VT = true +["category:default".">=2.6.0"."all"] +BINFMT_ELF = true +["category:default".">=3.10.0"."all"] +BINFMT_SCRIPT = true +["category:default".">=4.0.0"."all"] +UEVENT_HELPER = true +USER_NS = true +["category:default"."<4.7.0"."all"] +DEVPTS_MULTIPLE_INSTANCES = true +["category:default"."<4.14.0"."all"] +SAMSUNG_TUI = false +TZDEV = false +["category:default"."<5.2.0"."armhf armv7 x86"] +LBDAF = true + +# waydroid: android compatibility layer +["category:waydroid".">=0.0.0"."all"] +ANDROID_BINDERFS = false +ANDROID_BINDER_DEVICES = ["binder", "hwbinder", "vndbinder"] +ANDROID_BINDER_IPC = true +ANDROID_BINDER_IPC_SELFTEST = false +BLK_DEV_LOOP = true +BPF_SYSCALL = true +BRIDGE = true +BRIDGE_VLAN_FILTERING = true +CGROUP_BPF = true +FUSE_FS = true +IP_NF_MANGLE = true +NETFILTER_XTABLES = true +NETFILTER_XT_MATCH_COMMENT = true +PSI = true +PSI_DEFAULT_DISABLED = false +SQUASHFS = true +SQUASHFS_XATTR = true +SQUASHFS_XZ = true +TMPFS_XATTR = true +TUN = true +VETH = true +VLAN_8021Q = true # prerequisite for bridge +["category:waydroid".">=3.5"."all"] +CROSS_MEMORY_ATTACH = true +["category:waydroid".">=4.20.0"."all"] +PSI = true # required by userspace OOM killer +PSI_DEFAULT_DISABLED = false +["category:waydroid"."<5.18"."all"] +ASHMEM = true + +# iwd: modern inet wireless daemon +# Obtained from 'grep ADD_MISSING src/main.c' in iwd.git +["category:iwd".">=0.0.0"."all"] +ASYMMETRIC_KEY_TYPE = true +ASYMMETRIC_PUBLIC_KEY_SUBTYPE = true +CRYPTO_AES = true +CRYPTO_CBC = true +CRYPTO_CMAC = true +CRYPTO_DES = true +CRYPTO_ECB = true +CRYPTO_HMAC = true +CRYPTO_MD5 = true +CRYPTO_SHA1 = true +CRYPTO_SHA256 = true +CRYPTO_SHA512 = true +CRYPTO_USER_API_HASH = true +CRYPTO_USER_API_SKCIPHER = true +KEYS = true +KEY_DH_OPERATIONS = true +PKCS7_MESSAGE_PARSER = true +PKCS8_PRIVATE_KEY_PARSER = true +X509_CERTIFICATE_PARSER = true +RFKILL = true + +# nftables: firewall, not related to nft scams +["category:nftables".">=3.13.0"."all"] +NETFILTER = true +NF_CONNTRACK = true +NF_TABLES = true +NF_TABLES_INET = true +NFT_CT = true +NFT_LOG = true +NFT_LIMIT = true +NFT_MASQ = true +NFT_NAT = true +NFT_REJECT = true +NF_TABLES_IPV4 = true +NF_REJECT_IPV4 = true +IP_NF_IPTABLES = true +IP_NF_FILTER = true +IP_NF_TARGET_REJECT = true +IP_NF_NAT = true +NF_TABLES_IPV6 = true +NF_REJECT_IPV6 = true +IP6_NF_IPTABLES = true +IP6_NF_FILTER = true +IP6_NF_TARGET_REJECT = true +IP6_NF_NAT = true +["category:nftables".">=3.13.0 <0.17"."all"] +NFT_COUNTER = true + +# containers: lxc, docker, etc. +["category:containers".">=0.0.0"."all"] +NAMESPACES = true +NET_NS = true +PID_NS = true +IPC_NS = true +UTS_NS = true +CGROUPS = true +CGROUP_CPUACCT = true +CGROUP_DEVICE = true +CGROUP_FREEZER = true +CGROUP_SCHED = true +CPUSETS = true +KEYS = true +VETH = true +BRIDGE = true # (also needed for waydroid) +BRIDGE_NETFILTER = true +IP_NF_FILTER = true +IP_NF_TARGET_MASQUERADE = true +NETFILTER_XT_MATCH_ADDRTYPE = true +NETFILTER_XT_MATCH_CONNTRACK = true +NETFILTER_XT_MATCH_IPVS = true +NETFILTER_XT_MARK = true +NETFILTER_XT_TARGET_CHECKSUM = true # Needed for lxc +IP_NF_NAT = true +NF_NAT = true +POSIX_MQUEUE = true +BLK_DEV_DM = true # Storage Drivers +DUMMY = true # Network Drivers +# USER_NS = true # This is already in pmOS kconfig check +BLK_CGROUP = true # Optional section +BLK_DEV_THROTTLING = true # Optional section +CGROUP_PERF = true # Optional section +NET_CLS_CGROUP = true # Optional section +FAIR_GROUP_SCHED = true # Optional section +IP_NF_TARGET_REDIRECT = true # Optional section +IP_VS = true # Optional section +IP_VS_NFCT = true # Optional section +IP_VS_PROTO_TCP = true # Optional section +IP_VS_PROTO_UDP = true # Optional section +IP_VS_RR = true # Optional section +# EXT4_FS = true # This is already in pmOS kconfig check +EXT4_FS_POSIX_ACL = true # Optional section +EXT4_FS_SECURITY = true # Optional section +["category:containers".">=3.2"."all"] +CFS_BANDWIDTH = true # Optional section +["category:containers".">=3.3"."all"] +CHECKPOINT_RESTORE = true # Needed for lxc +["category:containers".">=3.6"."all"] +MEMCG = true +DM_THIN_PROVISIONING = true # Storage Drivers +SWAP = true +["category:containers".">=3.6"."x86 x64_64"] +HUGETLB_PAGE = true +CGROUP_HUGETLB = true # Optional section +["category:containers".">=3.6 <6.1_rc1"."all"] +MEMCG_SWAP = true +["category:containers".">=3.7 <5.0"."all"] +NF_NAT_IPV4 = true # Needed for lxc +NF_NAT_IPV6 = true # Needed for lxc +["category:containers".">=3.7"."all"] +VXLAN = true # Network Drivers +IP6_NF_TARGET_MASQUERADE = true # Needed for lxc +["category:containers".">=3.9"."all"] +BRIDGE_VLAN_FILTERING = true # Network Drivers (also for waydroid) +MACVLAN = true # Network Drivers +["category:containers".">=3.13"."all"] +NFT_COMPAT = true +["category:containers".">=3.14"."all"] +CGROUP_NET_PRIO = true # Optional section +["category:containers".">=3.18"."all"] +OVERLAY_FS = true # Storage Drivers +["category:containers".">=3.19"."all"] +IPVLAN = true # Network Drivers +SECCOMP = true # Optional section +["category:containers".">=4.4"."all"] +CGROUP_PIDS = true # Optional section + +# zram: RAM disk with on-the-fly compression +["category:zram".">=3.14.0"."all"] +ZRAM = true +ZSMALLOC = true +CRYPTO_LZ4 = true +LZ4_COMPRESS = true +SWAP = true + +# netboot: https://postmarketos.org/netboot +["category:netboot".">=0.0.0"."all"] +BLK_DEV_NBD = true + +# wireguard: VPN software, also includes options for wg-quick +["category:wireguard".">=5.6_rc1"."all"] +WIREGUARD = true +IP_ADVANCED_ROUTER = true +IP_MULTIPLE_TABLES = true +IPV6_MULTIPLE_TABLES = true +NF_TABLES = true +NF_TABLES_IPV4 = true +NF_TABLES_IPV6 = true +NFT_CT = true +NFT_FIB = true +NFT_FIB_IPV4 = true +NFT_FIB_IPV6 = true +NF_CONNTRACK_MARK = true + +# filesystems +["category:filesystems".">=0.0.0"."all"] +BTRFS_FS = true +EXFAT_FS = true +EXT4_FS = true +F2FS_FS = true + +# usb_gadgets +["category:usb_gadgets".">=0.0.0"."all"] +# disable legacy gadgets +USB_ETH = false +USB_FUNCTIONFS = false +USB_MASS_STORAGE = false +USB_G_SERIAL = false +# enable configfs gadgets +USB_CONFIGFS_NCM = true # USB networking via NCM +USB_CONFIGFS_RNDIS = true # USB networking via RNDIS (legacy) + +# community_various: Various options that were not categorized properly due to +# inflexibility of previous kconfigcheck related code. We should move these to +# proper categories above and/or invent new categories with meaningful names. +# >> Do not add more here!! << +["category:community_various".">=0.0.0"."all"] +BINFMT_MISC = true # register binary formats +CIFS = true # mount SMB shares +INPUT_UINPUT = true # buffyboard +LEDS_TRIGGER_PATTERN = true # feedbackd +LEDS_TRIGGER_TIMER = true # hfd-service +NETFILTER_XT_MATCH_STATISTIC = true # kube-proxy +NETFILTER_XT_MATCH_TCPMSS = true # change MTU e.g. for Wireguard +NETFILTER_XT_TARGET_TCPMSS = true # change MTU e.g. for Wireguard +# TODO = Depends on SUSPEND which is not enabled for some devices +# PM_WAKELOCKS = true # Sxmo +SND_USB_AUDIO = true # USB audio devices +UCLAMP_TASK = true # Scheduler hints +UCLAMP_TASK_GROUP = true # Scheduler hints +UHID = true # e.g. Bluetooth input devices +USB_STORAGE = true # USB mass storage devices +RT_GROUP_SCHED = false # https://gitlab.com/postmarketOS/pmaports/-/issues/2652 + +# uefi: proper modern booting +["category:uefi".">=0.0.0"."all"] +EFI_STUB = true +EFI = true +DMI = true +EFI_ESRT = true +EFI_VARS_PSTORE = true +EFI_RUNTIME_WRAPPERS = true +VFAT_FS = true +NLS_ASCII = true +["category:uefi".">=0.0.0"."x86_64"] +EFI_MIXED = true +["category:uefi".">=0.0.0"."aarch64 armv7"] +EFI_GENERIC_STUB = true +EFI_PARAMS_FROM_FDT = true +["category:uefi".">=6.1.0"."aarch64"] +# Required EFI booting compressed kernels on this arch +EFI_ZBOOT = true diff --git a/pmb/helpers/toml.py b/pmb/helpers/toml.py new file mode 100644 index 00000000..f90e8313 --- /dev/null +++ b/pmb/helpers/toml.py @@ -0,0 +1,21 @@ +# Copyright 2024 Oliver Smith +# SPDX-License-Identifier: GPL-3.0-or-later +from pmb.meta import Cache +from pmb.helpers.exceptions import NonBugError + +try: + # Python >= 3.11 + from tomllib import load, TOMLDecodeError +except ImportError: + # Python < 3.11 + from tomli import load, TOMLDecodeError # type:ignore[import-not-found,no-redef] + + +@Cache("path") +def load_toml_file(path) -> dict: + """Read a toml file into a dict and show the path on error.""" + with open(path, mode="rb") as f: + try: + return load(f) + except TOMLDecodeError as e: + raise NonBugError(f"{path}: {e}") diff --git a/pmb/parse/kconfig.py b/pmb/parse/kconfig.py index 177eb6d6..46e2dc43 100644 --- a/pmb/parse/kconfig.py +++ b/pmb/parse/kconfig.py @@ -9,26 +9,10 @@ import pmb.build import pmb.config import pmb.parse import pmb.helpers.pmaports +import pmb.parse.kconfigcheck from pmb.helpers.exceptions import NonBugError -def get_all_component_names(): - """ - Get the component names from kconfig_options variables in - pmb/config/__init__.py. This does not include the base options. - - :returns: a list of component names, e.g. ["waydroid", "iwd", "nftables"] - """ - prefix = "kconfig_options_" - ret = [] - - for key in pmb.config.__dict__.keys(): - if key.startswith(prefix): - ret += [key.split(prefix, 1)[1]] - - return ret - - def is_set(config, option): """ Check, whether a boolean or tristate option is enabled @@ -176,65 +160,39 @@ def check_config_options_set( return ret -def check_config( - config_path, config_arch, pkgver, components_list=[], details=False, enforce_check=True -): +def check_config(config_path, config_arch, pkgver, categories: list, details=False): """ Check, whether one kernel config passes the rules of multiple components. :param config_path: full path to kernel config file :param config_arch: architecture name (alpine format, e.g. aarch64, x86_64) :param pkgver: kernel version - :param components_list: what to check for, e.g. ["waydroid", "iwd"] + :param categories: what to check for, e.g. ["waydroid", "iwd"] :param details: print all warnings if True, otherwise one per component - :param enforce_check: set to False to not fail kconfig check as long as - everything in kconfig_options is set correctly, even - if additional components are checked :returns: True if the check passed, False otherwise """ logging.debug(f"Check kconfig: {config_path}") with open(config_path) as handle: config = handle.read() - # Devices in all categories need basic options - # https://wiki.postmarketos.org/wiki/Device_categorization - components_list = ["postmarketOS"] + components_list + if "default" not in categories: + categories += ["default"] - # Devices in "community" or "main" need additional options - if "community" in components_list: - components_list += [ - "containers", - "filesystems", - "iwd", - "netboot", - "nftables", - "usb_gadgets", - "waydroid", - "wireguard", - "zram", + # Get all rules + rules: dict = {} + for category in categories: + rules |= pmb.parse.kconfigcheck.read_category(category) + + # Check the rules of each category + ret = [] + for category in rules.keys(): + ret += [ + check_config_options_set( + config, config_path, config_arch, rules[category], category, pkgver, details + ) ] - components = {} - for name in components_list: - if name == "postmarketOS": - pmb_config_var = "kconfig_options" - else: - pmb_config_var = f"kconfig_options_{name}" - - components[name] = getattr(pmb.config, pmb_config_var, None) - assert components[name], f"invalid kconfig component name: {name}" - - results = [] - for component, options in components.items(): - result = check_config_options_set( - config, config_path, config_arch, options, component, pkgver, details - ) - # We always enforce "postmarketOS" component and when explicitly - # requested - if enforce_check or component == "postmarketOS": - results += [result] - - return all(results) + return all(ret) def check(pkgname, components_list=[], details=False, must_exist=True): @@ -270,12 +228,13 @@ def check(pkgname, components_list=[], details=False, must_exist=True): apkbuild = pmb.parse.apkbuild(aport / "APKBUILD") pkgver = apkbuild["pkgver"] - # We only enforce optional checks for community & main devices - enforce_check = aport.parts[-2] in ["community", "main"] - - for name in get_all_component_names(): - if f"pmb:kconfigcheck-{name}" in apkbuild["options"] and name not in components_list: - components_list += [name] + # Get categories from the APKBUILD + categories = [] + for option in apkbuild["options"]: + if not option.startswith("pmb:kconfigcheck-"): + continue + category = option.split("-", 1)[1] + categories += [category] for config_path in aport.glob("config-*"): # The architecture of the config is in the name, so it just needs to be @@ -298,9 +257,8 @@ def check(pkgname, components_list=[], details=False, must_exist=True): config_path, config_arch, pkgver, - components_list, + categories, details=details, - enforce_check=enforce_check, ) return ret diff --git a/pmb/parse/kconfigcheck.py b/pmb/parse/kconfigcheck.py new file mode 100644 index 00000000..447e25aa --- /dev/null +++ b/pmb/parse/kconfigcheck.py @@ -0,0 +1,74 @@ +# Copyright 2024 Oliver Smith +# SPDX-License-Identifier: GPL-3.0-or-later +import os +import logging + +import pmb.config +from pmb.core.pkgrepo import pkgrepo_default_path +from pmb.helpers.toml import load_toml_file +from pmb.meta import Cache +from pathlib import Path + + +@Cache() +def get_path() -> Path: + """Get the kconfigcheck.toml from current pmaports branch if it exists, or + as fallback the v24.06 version shipped with pmbootstrap. + """ + ret: Path + ret = Path(pkgrepo_default_path(), "kconfigcheck.toml") + if os.path.exists(ret): + return ret + + logging.info( + "NOTE: couldn't find kconfigcheck.toml in pmaports dir, using" + " the version from postmarketOS v24.06" + ) + return Path(pmb.config.pmb_src, "pmb/data/kconfigcheck.toml") + + +def sanity_check(toml: dict) -> None: + """Ensure the kconfigcheck.toml file has the expected structure.""" + path = get_path() + + if "aliases" not in toml: + raise RuntimeError(f"{path}: missing [aliases] section") + + for alias in toml["aliases"].keys(): + for category in toml["aliases"][alias]: + if not category.startswith("category:"): + raise RuntimeError( + f"{path}: alias {alias}: all categories must start with 'category:'!" + ) + + for section in toml.keys(): + if section == "aliases": + continue + if not section.startswith("category:"): + raise RuntimeError(f"{path}: unexpected section: {section}") + + +@Cache("name") +def read_category(name: str) -> dict[str, dict]: + """Read either one category or one alias (for one or more categories) from + kconfigcheck.toml. + """ + toml = load_toml_file(get_path()) + sanity_check(toml) + + # Potentially resolve category alias + categories = [name] + if name in toml["aliases"]: + categories = [] + for category in toml["aliases"][name]: + categories += [category.split(":", 1)[1]] + logging.debug(f"kconfigcheck: read_component: '{name}' -> {categories}") + + ret = {} + for category in categories: + key = f"category:{category}" + if key not in toml: + raise RuntimeError(f"{get_path()}: couldn't find {key}") + ret[key] = toml[key] + + return ret