Mirror/pmbootstrap
1
0
Fork 1
mirror of https://gitlab.postmarketos.org/postmarketOS/pmbootstrap.git synced 2025-07-12 19:09:56 +03:00
Code Issues Wiki Activity

kconfig check: move rules to kconfigcheck.toml (MR 2333)

Browse source 
Move all kconfig rules from pmb.config to a separate toml file
pmb/data/kconfigcheck.toml. This is a fallback, pmbootstrap now prefers
loading kconfigcheck.toml from the currently checked out pmaports branch
if it exists.

This finally allows having separate kconfig check rules per pmaports
branch and makes the workflow of adjusting these rules much more
pleasant as the rules and kernel configs can just be adjusted at the
same time in pmaports!

This patch also moves the definition of what rules should be checked for
community and main devices, those that have pmb:kconfigcheck-community
in their linux APKBUILD, to the new kconfigcheck.toml. This should make
it much more intuitive, previously one needed to find the place in the
pmbootstrap source and edit it there.

Furthermore the "enforce_check" logic is removed. Previously pmbootstrap
would print warnings for failed config checks in some cases, but not
exit with error which was very confusing. Now exit 0 means all checks
passed and exit 1 means, that there is at least one error.

Use toml for the file, as discussed in pmbootstrap issue 2165. Python
3.11 has a native toml reader, use tomli for previous Python versions
for compatibility.
This commit is contained in:
Oliver Smith 2024-06-23 17:34:49 +02:00
parent b6058e3569
commit 1dfaafe577
No known key found for this signature in database
GPG key ID: 5AE7F5513E0885CB
7 changed files with 445 additions and 488 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -44,6 +44,7 @@ Issues are being tracked
* Note: kernel versions between 5.8.8 and 6.0 might
[have issues with parted](https://gitlab.com/postmarketOS/pmbootstrap/-/issues/2309).
* Python 3.9+
* For python3 <= 3.10: tomli
* OpenSSL
* git
* ps

1
docs/usage.rst
View file

@ -42,6 +42,7 @@ pmbootstrap requires the following:
* Python 3.9+
* For python3 <= 3.10: tomli
* OpenSSL
* git
* ps

420
pmb/config/__init__.py
View file

@ -210,426 +210,6 @@ chroot_outdated = 3600 * 24 * 2
# for the first time
build_packages = ["abuild", "build-base", "ccache", "git"]
#
# KCONFIG CHECK
#
# Implemented value types:
# - boolean (e.g. '"ANDROID_PARANOID_NETWORK": False'):
# - False: disabled
# - True: enabled, either as module or built-in
# - array (e.g. '"ANDROID_BINDER_DEVICES": ["binder", "hwbinder"]'):
# - each element of the array must be contained in the kernel config string,
# in any order. The example above would accept the following in the config:
# CONFIG_ANDROID_BINDER_DEVICES="hwbinder,vndbinder,binder"
# - string (e.g. '"LSM": "lockdown,yama,loadpin,safesetid,integrity"'):
# - the value in the kernel config must be the same as the given string. Use
# this e.g. if the order of the elements is important.
# Necessary kernel config options
kconfig_options = {
">=0.0.0": { # all versions
"all": { # all arches
"ANDROID_PARANOID_NETWORK": False,
"BLK_DEV_INITRD": True,
"CGROUPS": True,
"CRYPTO_AES": True,
"CRYPTO_XTS": True,
"DEVTMPFS": True,
"DM_CRYPT": True,
"INPUT_EVDEV": True,
"EXT4_FS": True,
"KINETO_GAN": False,
"PFT": False,
"SEC_RESTRICT_ROOTING": False,
"SYSVIPC": True,
"TMPFS_POSIX_ACL": True,
"USE_VFB": False,
"VT": True,
}
},
">=2.6.0": {
"all": {
"BINFMT_ELF": True,
},
},
">=3.10.0": {
"all": {
"BINFMT_SCRIPT": True,
},
},
">=4.0.0": {
"all": {
"UEVENT_HELPER": True,
"USER_NS": True,
},
},
"<4.7.0": {
"all": {
"DEVPTS_MULTIPLE_INSTANCES": True,
}
},
"<4.14.0": {
"all": {
"SAMSUNG_TUI": False,
"TZDEV": False,
}
},
"<5.2.0": {"armhf armv7 x86": {"LBDAF": True}},
}
# Necessary waydroid kernel config options (android app support)
kconfig_options_waydroid = {
">=0.0.0": { # all versions
"all": { # all arches
"ANDROID_BINDERFS": False,
"ANDROID_BINDER_DEVICES": ["binder", "hwbinder", "vndbinder"],
"ANDROID_BINDER_IPC": True,
"ANDROID_BINDER_IPC_SELFTEST": False,
"BLK_DEV_LOOP": True,
"BPF_SYSCALL": True,
"BRIDGE": True,
"BRIDGE_VLAN_FILTERING": True,
"CGROUP_BPF": True,
"FUSE_FS": True,
"IP_NF_MANGLE": True,
"NETFILTER_XTABLES": True,
"NETFILTER_XT_MATCH_COMMENT": True,
"PSI": True,
"PSI_DEFAULT_DISABLED": False,
"SQUASHFS": True,
"SQUASHFS_XATTR": True,
"SQUASHFS_XZ": True,
"TMPFS_XATTR": True,
"TUN": True,
"VETH": True,
"VLAN_8021Q": True, # prerequisite for bridge
}
},
">=3.5": {
"all": {
"CROSS_MEMORY_ATTACH": True,
}
},
">=4.20.0": {
"all": {
"PSI": True, # required by userspace OOM killer
"PSI_DEFAULT_DISABLED": False,
}
},
"<5.18": { # option has been dropped
"all": {
"ASHMEM": True,
}
},
}
# Necessary iwd kernel config options (inet wireless daemon)
# Obtained from 'grep ADD_MISSING src/main.c' in iwd.git
kconfig_options_iwd = {
">=0.0.0": { # all versions
"all": { # all arches
"ASYMMETRIC_KEY_TYPE": True,
"ASYMMETRIC_PUBLIC_KEY_SUBTYPE": True,
"CRYPTO_AES": True,
"CRYPTO_CBC": True,
"CRYPTO_CMAC": True,
"CRYPTO_DES": True,
"CRYPTO_ECB": True,
"CRYPTO_HMAC": True,
"CRYPTO_MD5": True,
"CRYPTO_SHA1": True,
"CRYPTO_SHA256": True,
"CRYPTO_SHA512": True,
"CRYPTO_USER_API_HASH": True,
"CRYPTO_USER_API_SKCIPHER": True,
"KEYS": True,
"KEY_DH_OPERATIONS": True,
"PKCS7_MESSAGE_PARSER": True,
"PKCS8_PRIVATE_KEY_PARSER": True,
"X509_CERTIFICATE_PARSER": True,
"RFKILL": True,
},
},
}
# Necessary nftables kernel config options (firewall)
kconfig_options_nftables = {
">=3.13.0": { # nftables support introduced here
"all": { # all arches
"NETFILTER": True,
"NF_CONNTRACK": True,
"NF_TABLES": True,
"NF_TABLES_INET": True,
"NFT_CT": True,
"NFT_LOG": True,
"NFT_LIMIT": True,
"NFT_MASQ": True,
"NFT_NAT": True,
"NFT_REJECT": True,
"NF_TABLES_IPV4": True,
"NF_REJECT_IPV4": True,
"IP_NF_IPTABLES": True,
"IP_NF_FILTER": True,
"IP_NF_TARGET_REJECT": True,
"IP_NF_NAT": True,
"NF_TABLES_IPV6": True,
"NF_REJECT_IPV6": True,
"IP6_NF_IPTABLES": True,
"IP6_NF_FILTER": True,
"IP6_NF_TARGET_REJECT": True,
"IP6_NF_NAT": True,
}
},
">=3.13.0 <5.17": { # option has been dropped
"all": { # all arches
"NFT_COUNTER": True,
},
},
}
# Necessary kernel config options for containers (lxc, Docker)
kconfig_options_containers = {
">=0.0.0": { # all versions, more specifically - since >=2.5~2.6
"all": { # all arches
"NAMESPACES": True,
"NET_NS": True,
"PID_NS": True,
"IPC_NS": True,
"UTS_NS": True,
"CGROUPS": True,
"CGROUP_CPUACCT": True,
"CGROUP_DEVICE": True,
"CGROUP_FREEZER": True,
"CGROUP_SCHED": True,
"CPUSETS": True,
"KEYS": True,
"VETH": True,
"BRIDGE": True, # (also needed for waydroid)
"BRIDGE_NETFILTER": True,
"IP_NF_FILTER": True,
"IP_NF_TARGET_MASQUERADE": True,
"NETFILTER_XT_MATCH_ADDRTYPE": True,
"NETFILTER_XT_MATCH_CONNTRACK": True,
"NETFILTER_XT_MATCH_IPVS": True,
"NETFILTER_XT_MARK": True,
"NETFILTER_XT_TARGET_CHECKSUM": True, # Needed for lxc
"IP_NF_NAT": True,
"NF_NAT": True,
"POSIX_MQUEUE": True,
"BLK_DEV_DM": True, # Storage Drivers
"DUMMY": True, # Network Drivers
# "USER_NS": True, # This is already in pmOS kconfig check
"BLK_CGROUP": True, # Optional section
"BLK_DEV_THROTTLING": True, # Optional section
"CGROUP_PERF": True, # Optional section
"NET_CLS_CGROUP": True, # Optional section
"FAIR_GROUP_SCHED": True, # Optional section
"IP_NF_TARGET_REDIRECT": True, # Optional section
"IP_VS": True, # Optional section
"IP_VS_NFCT": True, # Optional section
"IP_VS_PROTO_TCP": True, # Optional section
"IP_VS_PROTO_UDP": True, # Optional section
"IP_VS_RR": True, # Optional section
# "EXT4_FS": True, # This is already in pmOS kconfig check
"EXT4_FS_POSIX_ACL": True, # Optional section
"EXT4_FS_SECURITY": True, # Optional section
}
},
">=3.2": {
"all": {
"CFS_BANDWIDTH": True, # Optional section
}
},
">=3.3": {
"all": { # all arches
"CHECKPOINT_RESTORE": True, # Needed for lxc
}
},
">=3.6": {
"all": { # all arches
"MEMCG": True,
"DM_THIN_PROVISIONING": True, # Storage Drivers
"SWAP": True,
},
"x86 x86_64": { # only for x86, x86_64 (and sparc64, ia64)
"HUGETLB_PAGE": True,
"CGROUP_HUGETLB": True, # Optional section
},
},
">=3.6 <6.1_rc1": { # option has been dropped
"all": {
"MEMCG_SWAP": True,
}
},
">=3.7 <5.0": {
"all": {
"NF_NAT_IPV4": True, # Needed for lxc
"NF_NAT_IPV6": True, # Needed for lxc
},
},
">=3.7": {
"all": { # all arches
"VXLAN": True, # Network Drivers
"IP6_NF_TARGET_MASQUERADE": True, # Needed for lxc
}
},
">=3.9": {
"all": { # all arches
"BRIDGE_VLAN_FILTERING": True, # Network Drivers (also for waydroid)
"MACVLAN": True, # Network Drivers
}
},
">=3.13": {
"all": { # needed for iptables-nft (used by docker,tailscale)
"NFT_COMPAT": True,
}
},
">=3.14": {
"all": { # all arches
"CGROUP_NET_PRIO": True, # Optional section
}
},
">=3.18": {
"all": { # all arches
"OVERLAY_FS": True, # Storage Drivers
}
},
">=3.19": {
"all": { # all arches
"IPVLAN": True, # Network Drivers
"SECCOMP": True, # Optional section
}
},
">=4.4": {
"all": { # all arches
"CGROUP_PIDS": True, # Optional section
}
},
}
# Necessary zram kernel config options (RAM disk with on-the-fly compression)
kconfig_options_zram = {
">=3.14.0": { # zram support introduced here
"all": { # all arches
"ZRAM": True,
"ZSMALLOC": True,
"CRYPTO_LZ4": True,
"LZ4_COMPRESS": True,
"SWAP": True,
}
},
}
# Necessary netboot kernel config options
kconfig_options_netboot = {
">=0.0.0": { # all versions
"all": { # all arches
"BLK_DEV_NBD": True,
}
},
}
# Necessary wireguard & wg-quick kernel config options
# From https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/wireguard-tools/wireguard-tools-1.0.20210914.ebuild?id=76aaa1eeb6f001baaa68e6946f917ebb091bbd9d
kconfig_options_wireguard = {
">=5.6_rc1": { # all versions
"all": { # all arches
"WIREGUARD": True,
"IP_ADVANCED_ROUTER": True,
"IP_MULTIPLE_TABLES": True,
"IPV6_MULTIPLE_TABLES": True,
"NF_TABLES": True,
"NF_TABLES_IPV4": True,
"NF_TABLES_IPV6": True,
"NFT_CT": True,
"NFT_FIB": True,
"NFT_FIB_IPV4": True,
"NFT_FIB_IPV6": True,
"NF_CONNTRACK_MARK": True,
},
},
}
# Necessary file system config options
kconfig_options_filesystems = {
">=0.0.0": { # all versions
"all": { # all arches
"BTRFS_FS": True,
"EXFAT_FS": True,
"EXT4_FS": True,
"F2FS_FS": True,
},
},
}
kconfig_options_usb_gadgets = {
">=0.0.0": { # all versions
"all": { # all arches
# disable legacy gadgets
"USB_ETH": False,
"USB_FUNCTIONFS": False,
"USB_MASS_STORAGE": False,
"USB_G_SERIAL": False,
# enable configfs gadgets
"USB_CONFIGFS_NCM": True, # USB networking via NCM
"USB_CONFIGFS_RNDIS": True, # USB networking via RNDIS (legacy)
},
},
}
# Various other kernel config options
kconfig_options_community = {
">=0.0.0": { # all versions
"all": { # all arches
"BINFMT_MISC": True, # register binary formats
"CIFS": True, # mount SMB shares
"INPUT_UINPUT": True, # buffyboard
"LEDS_TRIGGER_PATTERN": True, # feedbackd
"LEDS_TRIGGER_TIMER": True, # hfd-service
"NETFILTER_XT_MATCH_STATISTIC": True, # kube-proxy
"NETFILTER_XT_MATCH_TCPMSS": True, # change MTU, e.g. for Wireguard
"NETFILTER_XT_TARGET_TCPMSS": True, # change MTU, e.g. for Wireguard
# TODO: Depends on SUSPEND which is not enabled for some devices
# "PM_WAKELOCKS": True, # Sxmo
"SND_USB_AUDIO": True, # USB audio devices
"UCLAMP_TASK": True, # Scheduler hints
"UCLAMP_TASK_GROUP": True, # Scheduler hints
"UHID": True, # e.g. Bluetooth input devices
"USB_STORAGE": True, # USB mass storage devices
"RT_GROUP_SCHED": False, # https://gitlab.com/postmarketOS/pmaports/-/issues/2652
},
},
}
# Necessary UEFI boot config options
kconfig_options_uefi = {
">=0.0.0": { # all versions
"all": { # all arches
"EFI_STUB": True,
"EFI": True,
"DMI": True,
"EFI_ESRT": True,
"EFI_VARS_PSTORE": True,
"EFI_RUNTIME_WRAPPERS": True,
"VFAT_FS": True,
"NLS_ASCII": True,
},
"x86_64": {
"EFI_MIXED": True,
},
"aarch64 armv7": {
"EFI_GENERIC_STUB": True,
"EFI_PARAMS_FROM_FDT": True,
},
},
">=6.1.0": {
"aarch64": {
# Required EFI booting compressed kernels on this arch
"EFI_ZBOOT": True,
},
},
}
#
# PARSE
#

322
pmb/data/kconfigcheck.toml Normal file
View file

@ -0,0 +1,322 @@
#
# DO NOT MODIFY
#
# This file is just a fallback in case there is no kconfigcheck.toml in the
# currently checked out branch of pmaports. The options here are the ones that
# were in pmbootstrap before we moved this to pmaports. Branches v24.06 and
# older therefore don't have this file.
[aliases]
# Devices with options="pmb:kconfigcheck-community" in the device APKBUILD will
# check for the following categories. A CI check ensures that all devices in
# device/main and device/community dirs have this option. Devices in testing
# may also have "pmb:kconfigcheck-community", but it may be removed when
# modifying the required options and adjusting the devices in testing is too
# much effort. Device maintainers may fix it up afterwards and add it back.
community = [
"category:default",
"category:community_various",
"category:containers",
"category:filesystems",
"category:iwd",
"category:netboot",
"category:nftables",
"category:usb_gadgets",
"category:waydroid",
"category:wireguard",
"category:zram",
]
# Format for rule sections:
# ["category:<NAME>"."<KERNEL_VERSION>"."<ARCHITECTURES>"]
# Implemented value types:
# - boolean (e.g. 'ANDROID_PARANOID_NETWORK = false'):
# - false: disabled
# - true: enabled, either as module or built-in
# - list (e.g. 'ANDROID_BINDER_DEVICES = ["binder", "hwbinder"]'):
# - each element of the array must be contained in the kernel config string,
# in any order. The example above would accept the following in the config:
# CONFIG_ANDROID_BINDER_DEVICES="hwbinder,vndbinder,binder"
# - string (e.g. 'LSM = "lockdown,yama,loadpin,safesetid,integrity"'):
# - the value in the kernel config must be the same as the given string. Use
# this e.g. if the order of the elements is important.
# default: all devices must satisfy these
["category:default".">=0.0.0"."all"]
ANDROID_PARANOID_NETWORK = false
BLK_DEV_INITRD = true
CGROUPS = true
CRYPTO_AES = true
CRYPTO_XTS = true
DEVTMPFS = true
DM_CRYPT = true
INPUT_EVDEV = true
EXT4_FS = true
KINETO_GAN = false
PFT = false
SEC_RESTRICT_ROOTING = false
SYSVIPC = true
TMPFS_POSIX_ACL = true
USE_VFB = false
VT = true
["category:default".">=2.6.0"."all"]
BINFMT_ELF = true
["category:default".">=3.10.0"."all"]
BINFMT_SCRIPT = true
["category:default".">=4.0.0"."all"]
UEVENT_HELPER = true
USER_NS = true
["category:default"."<4.7.0"."all"]
DEVPTS_MULTIPLE_INSTANCES = true
["category:default"."<4.14.0"."all"]
SAMSUNG_TUI = false
TZDEV = false
["category:default"."<5.2.0"."armhf armv7 x86"]
LBDAF = true
# waydroid: android compatibility layer
["category:waydroid".">=0.0.0"."all"]
ANDROID_BINDERFS = false
ANDROID_BINDER_DEVICES = ["binder", "hwbinder", "vndbinder"]
ANDROID_BINDER_IPC = true
ANDROID_BINDER_IPC_SELFTEST = false
BLK_DEV_LOOP = true
BPF_SYSCALL = true
BRIDGE = true
BRIDGE_VLAN_FILTERING = true
CGROUP_BPF = true
FUSE_FS = true
IP_NF_MANGLE = true
NETFILTER_XTABLES = true
NETFILTER_XT_MATCH_COMMENT = true
PSI = true
PSI_DEFAULT_DISABLED = false
SQUASHFS = true
SQUASHFS_XATTR = true
SQUASHFS_XZ = true
TMPFS_XATTR = true
TUN = true
VETH = true
VLAN_8021Q = true # prerequisite for bridge
["category:waydroid".">=3.5"."all"]
CROSS_MEMORY_ATTACH = true
["category:waydroid".">=4.20.0"."all"]
PSI = true # required by userspace OOM killer
PSI_DEFAULT_DISABLED = false
["category:waydroid"."<5.18"."all"]
ASHMEM = true
# iwd: modern inet wireless daemon
# Obtained from 'grep ADD_MISSING src/main.c' in iwd.git
["category:iwd".">=0.0.0"."all"]
ASYMMETRIC_KEY_TYPE = true
ASYMMETRIC_PUBLIC_KEY_SUBTYPE = true
CRYPTO_AES = true
CRYPTO_CBC = true
CRYPTO_CMAC = true
CRYPTO_DES = true
CRYPTO_ECB = true
CRYPTO_HMAC = true
CRYPTO_MD5 = true
CRYPTO_SHA1 = true
CRYPTO_SHA256 = true
CRYPTO_SHA512 = true
CRYPTO_USER_API_HASH = true
CRYPTO_USER_API_SKCIPHER = true
KEYS = true
KEY_DH_OPERATIONS = true
PKCS7_MESSAGE_PARSER = true
PKCS8_PRIVATE_KEY_PARSER = true
X509_CERTIFICATE_PARSER = true
RFKILL = true
# nftables: firewall, not related to nft scams
["category:nftables".">=3.13.0"."all"]
NETFILTER = true
NF_CONNTRACK = true
NF_TABLES = true
NF_TABLES_INET = true
NFT_CT = true
NFT_LOG = true
NFT_LIMIT = true
NFT_MASQ = true
NFT_NAT = true
NFT_REJECT = true
NF_TABLES_IPV4 = true
NF_REJECT_IPV4 = true
IP_NF_IPTABLES = true
IP_NF_FILTER = true
IP_NF_TARGET_REJECT = true
IP_NF_NAT = true
NF_TABLES_IPV6 = true
NF_REJECT_IPV6 = true
IP6_NF_IPTABLES = true
IP6_NF_FILTER = true
IP6_NF_TARGET_REJECT = true
IP6_NF_NAT = true
["category:nftables".">=3.13.0 <0.17"."all"]
NFT_COUNTER = true
# containers: lxc, docker, etc.
["category:containers".">=0.0.0"."all"]
NAMESPACES = true
NET_NS = true
PID_NS = true
IPC_NS = true
UTS_NS = true
CGROUPS = true
CGROUP_CPUACCT = true
CGROUP_DEVICE = true
CGROUP_FREEZER = true
CGROUP_SCHED = true
CPUSETS = true
KEYS = true
VETH = true
BRIDGE = true # (also needed for waydroid)
BRIDGE_NETFILTER = true
IP_NF_FILTER = true
IP_NF_TARGET_MASQUERADE = true
NETFILTER_XT_MATCH_ADDRTYPE = true
NETFILTER_XT_MATCH_CONNTRACK = true
NETFILTER_XT_MATCH_IPVS = true
NETFILTER_XT_MARK = true
NETFILTER_XT_TARGET_CHECKSUM = true # Needed for lxc
IP_NF_NAT = true
NF_NAT = true
POSIX_MQUEUE = true
BLK_DEV_DM = true # Storage Drivers
DUMMY = true # Network Drivers
# USER_NS = true # This is already in pmOS kconfig check
BLK_CGROUP = true # Optional section
BLK_DEV_THROTTLING = true # Optional section
CGROUP_PERF = true # Optional section
NET_CLS_CGROUP = true # Optional section
FAIR_GROUP_SCHED = true # Optional section
IP_NF_TARGET_REDIRECT = true # Optional section
IP_VS = true # Optional section
IP_VS_NFCT = true # Optional section
IP_VS_PROTO_TCP = true # Optional section
IP_VS_PROTO_UDP = true # Optional section
IP_VS_RR = true # Optional section
# EXT4_FS = true # This is already in pmOS kconfig check
EXT4_FS_POSIX_ACL = true # Optional section
EXT4_FS_SECURITY = true # Optional section
["category:containers".">=3.2"."all"]
CFS_BANDWIDTH = true # Optional section
["category:containers".">=3.3"."all"]
CHECKPOINT_RESTORE = true # Needed for lxc
["category:containers".">=3.6"."all"]
MEMCG = true
DM_THIN_PROVISIONING = true # Storage Drivers
SWAP = true
["category:containers".">=3.6"."x86 x64_64"]
HUGETLB_PAGE = true
CGROUP_HUGETLB = true # Optional section
["category:containers".">=3.6 <6.1_rc1"."all"]
MEMCG_SWAP = true
["category:containers".">=3.7 <5.0"."all"]
NF_NAT_IPV4 = true # Needed for lxc
NF_NAT_IPV6 = true # Needed for lxc
["category:containers".">=3.7"."all"]
VXLAN = true # Network Drivers
IP6_NF_TARGET_MASQUERADE = true # Needed for lxc
["category:containers".">=3.9"."all"]
BRIDGE_VLAN_FILTERING = true # Network Drivers (also for waydroid)
MACVLAN = true # Network Drivers
["category:containers".">=3.13"."all"]
NFT_COMPAT = true
["category:containers".">=3.14"."all"]
CGROUP_NET_PRIO = true # Optional section
["category:containers".">=3.18"."all"]
OVERLAY_FS = true # Storage Drivers
["category:containers".">=3.19"."all"]
IPVLAN = true # Network Drivers
SECCOMP = true # Optional section
["category:containers".">=4.4"."all"]
CGROUP_PIDS = true # Optional section
# zram: RAM disk with on-the-fly compression
["category:zram".">=3.14.0"."all"]
ZRAM = true
ZSMALLOC = true
CRYPTO_LZ4 = true
LZ4_COMPRESS = true
SWAP = true
# netboot: https://postmarketos.org/netboot
["category:netboot".">=0.0.0"."all"]
BLK_DEV_NBD = true
# wireguard: VPN software, also includes options for wg-quick
["category:wireguard".">=5.6_rc1"."all"]
WIREGUARD = true
IP_ADVANCED_ROUTER = true
IP_MULTIPLE_TABLES = true
IPV6_MULTIPLE_TABLES = true
NF_TABLES = true
NF_TABLES_IPV4 = true
NF_TABLES_IPV6 = true
NFT_CT = true
NFT_FIB = true
NFT_FIB_IPV4 = true
NFT_FIB_IPV6 = true
NF_CONNTRACK_MARK = true
# filesystems
["category:filesystems".">=0.0.0"."all"]
BTRFS_FS = true
EXFAT_FS = true
EXT4_FS = true
F2FS_FS = true
# usb_gadgets
["category:usb_gadgets".">=0.0.0"."all"]
# disable legacy gadgets
USB_ETH = false
USB_FUNCTIONFS = false
USB_MASS_STORAGE = false
USB_G_SERIAL = false
# enable configfs gadgets
USB_CONFIGFS_NCM = true # USB networking via NCM
USB_CONFIGFS_RNDIS = true # USB networking via RNDIS (legacy)
# community_various: Various options that were not categorized properly due to
# inflexibility of previous kconfigcheck related code. We should move these to
# proper categories above and/or invent new categories with meaningful names.
# >> Do not add more here!! <<
["category:community_various".">=0.0.0"."all"]
BINFMT_MISC = true # register binary formats
CIFS = true # mount SMB shares
INPUT_UINPUT = true # buffyboard
LEDS_TRIGGER_PATTERN = true # feedbackd
LEDS_TRIGGER_TIMER = true # hfd-service
NETFILTER_XT_MATCH_STATISTIC = true # kube-proxy
NETFILTER_XT_MATCH_TCPMSS = true # change MTU e.g. for Wireguard
NETFILTER_XT_TARGET_TCPMSS = true # change MTU e.g. for Wireguard
# TODO = Depends on SUSPEND which is not enabled for some devices
# PM_WAKELOCKS = true # Sxmo
SND_USB_AUDIO = true # USB audio devices
UCLAMP_TASK = true # Scheduler hints
UCLAMP_TASK_GROUP = true # Scheduler hints
UHID = true # e.g. Bluetooth input devices
USB_STORAGE = true # USB mass storage devices
RT_GROUP_SCHED = false # https://gitlab.com/postmarketOS/pmaports/-/issues/2652
# uefi: proper modern booting
["category:uefi".">=0.0.0"."all"]
EFI_STUB = true
EFI = true
DMI = true
EFI_ESRT = true
EFI_VARS_PSTORE = true
EFI_RUNTIME_WRAPPERS = true
VFAT_FS = true
NLS_ASCII = true
["category:uefi".">=0.0.0"."x86_64"]
EFI_MIXED = true
["category:uefi".">=0.0.0"."aarch64 armv7"]
EFI_GENERIC_STUB = true
EFI_PARAMS_FROM_FDT = true
["category:uefi".">=6.1.0"."aarch64"]
# Required EFI booting compressed kernels on this arch
EFI_ZBOOT = true

21
pmb/helpers/toml.py Normal file
View file

@ -0,0 +1,21 @@
# Copyright 2024 Oliver Smith
# SPDX-License-Identifier: GPL-3.0-or-later
from pmb.meta import Cache
from pmb.helpers.exceptions import NonBugError
try:
# Python >= 3.11
from tomllib import load, TOMLDecodeError
except ImportError:
# Python < 3.11
from tomli import load, TOMLDecodeError # type:ignore[import-not-found,no-redef]
@Cache("path")
def load_toml_file(path) -> dict:
"""Read a toml file into a dict and show the path on error."""
with open(path, mode="rb") as f:
try:
return load(f)
except TOMLDecodeError as e:
raise NonBugError(f"{path}: {e}")

94
pmb/parse/kconfig.py
View file

@ -9,26 +9,10 @@ import pmb.build
import pmb.config
import pmb.parse
import pmb.helpers.pmaports
import pmb.parse.kconfigcheck
from pmb.helpers.exceptions import NonBugError
def get_all_component_names():
"""
Get the component names from kconfig_options variables in
pmb/config/__init__.py. This does not include the base options.
:returns: a list of component names, e.g. ["waydroid", "iwd", "nftables"]
"""
prefix = "kconfig_options_"
ret = []
for key in pmb.config.__dict__.keys():
if key.startswith(prefix):
ret += [key.split(prefix, 1)[1]]
return ret
def is_set(config, option):
"""
Check, whether a boolean or tristate option is enabled
@ -176,65 +160,39 @@ def check_config_options_set(
return ret
def check_config(
config_path, config_arch, pkgver, components_list=[], details=False, enforce_check=True
):
def check_config(config_path, config_arch, pkgver, categories: list, details=False):
"""
Check, whether one kernel config passes the rules of multiple components.
:param config_path: full path to kernel config file
:param config_arch: architecture name (alpine format, e.g. aarch64, x86_64)
:param pkgver: kernel version
:param components_list: what to check for, e.g. ["waydroid", "iwd"]
:param categories: what to check for, e.g. ["waydroid", "iwd"]
:param details: print all warnings if True, otherwise one per component
:param enforce_check: set to False to not fail kconfig check as long as
everything in kconfig_options is set correctly, even
if additional components are checked
:returns: True if the check passed, False otherwise
"""
logging.debug(f"Check kconfig: {config_path}")
with open(config_path) as handle:
config = handle.read()
# Devices in all categories need basic options
# https://wiki.postmarketos.org/wiki/Device_categorization
components_list = ["postmarketOS"] + components_list
if "default" not in categories:
categories += ["default"]
# Devices in "community" or "main" need additional options
if "community" in components_list:
components_list += [
"containers",
"filesystems",
"iwd",
"netboot",
"nftables",
"usb_gadgets",
"waydroid",
"wireguard",
"zram",
# Get all rules
rules: dict = {}
for category in categories:
rules |= pmb.parse.kconfigcheck.read_category(category)
# Check the rules of each category
ret = []
for category in rules.keys():
ret += [
check_config_options_set(
config, config_path, config_arch, rules[category], category, pkgver, details
)
]
components = {}
for name in components_list:
if name == "postmarketOS":
pmb_config_var = "kconfig_options"
else:
pmb_config_var = f"kconfig_options_{name}"
components[name] = getattr(pmb.config, pmb_config_var, None)
assert components[name], f"invalid kconfig component name: {name}"
results = []
for component, options in components.items():
result = check_config_options_set(
config, config_path, config_arch, options, component, pkgver, details
)
# We always enforce "postmarketOS" component and when explicitly
# requested
if enforce_check or component == "postmarketOS":
results += [result]
return all(results)
return all(ret)
def check(pkgname, components_list=[], details=False, must_exist=True):
@ -270,12 +228,13 @@ def check(pkgname, components_list=[], details=False, must_exist=True):
apkbuild = pmb.parse.apkbuild(aport / "APKBUILD")
pkgver = apkbuild["pkgver"]
# We only enforce optional checks for community & main devices
enforce_check = aport.parts[-2] in ["community", "main"]
for name in get_all_component_names():
if f"pmb:kconfigcheck-{name}" in apkbuild["options"] and name not in components_list:
components_list += [name]
# Get categories from the APKBUILD
categories = []
for option in apkbuild["options"]:
if not option.startswith("pmb:kconfigcheck-"):
continue
category = option.split("-", 1)[1]
categories += [category]
for config_path in aport.glob("config-*"):
# The architecture of the config is in the name, so it just needs to be
@ -298,9 +257,8 @@ def check(pkgname, components_list=[], details=False, must_exist=True):
config_path,
config_arch,
pkgver,
components_list,
categories,
details=details,
enforce_check=enforce_check,
)
return ret

74
pmb/parse/kconfigcheck.py Normal file
View file

@ -0,0 +1,74 @@
# Copyright 2024 Oliver Smith
# SPDX-License-Identifier: GPL-3.0-or-later
import os
import logging
import pmb.config
from pmb.core.pkgrepo import pkgrepo_default_path
from pmb.helpers.toml import load_toml_file
from pmb.meta import Cache
from pathlib import Path
@Cache()
def get_path() -> Path:
"""Get the kconfigcheck.toml from current pmaports branch if it exists, or
as fallback the v24.06 version shipped with pmbootstrap.
"""
ret: Path
ret = Path(pkgrepo_default_path(), "kconfigcheck.toml")
if os.path.exists(ret):
return ret
logging.info(
"NOTE: couldn't find kconfigcheck.toml in pmaports dir, using"
" the version from postmarketOS v24.06"
)
return Path(pmb.config.pmb_src, "pmb/data/kconfigcheck.toml")
def sanity_check(toml: dict) -> None:
"""Ensure the kconfigcheck.toml file has the expected structure."""
path = get_path()
if "aliases" not in toml:
raise RuntimeError(f"{path}: missing [aliases] section")
for alias in toml["aliases"].keys():
for category in toml["aliases"][alias]:
if not category.startswith("category:"):
raise RuntimeError(
f"{path}: alias {alias}: all categories must start with 'category:'!"
)
for section in toml.keys():
if section == "aliases":
continue
if not section.startswith("category:"):
raise RuntimeError(f"{path}: unexpected section: {section}")
@Cache("name")
def read_category(name: str) -> dict[str, dict]:
"""Read either one category or one alias (for one or more categories) from
kconfigcheck.toml.
"""
toml = load_toml_file(get_path())
sanity_check(toml)
# Potentially resolve category alias
categories = [name]
if name in toml["aliases"]:
categories = []
for category in toml["aliases"][name]:
categories += [category.split(":", 1)[1]]
logging.debug(f"kconfigcheck: read_component: '{name}' -> {categories}")
ret = {}
for category in categories:
key = f"category:{category}"
if key not in toml:
raise RuntimeError(f"{get_path()}: couldn't find {key}")
ret[key] = toml[key]
return ret