Add kconfig check for containers (MR 2060)
Usage: pmbootstrap kconfig check --containers linux-postmarketos-qcom-msm8974
This commit is contained in:
parent
716336e30b
commit
687807fa73
|
@ -152,4 +152,6 @@ def menuconfig(args, pkgname):
|
||||||
|
|
||||||
# Check config
|
# Check config
|
||||||
pmb.parse.kconfig.check(args, apkbuild["_flavor"], force_anbox_check=False,
|
pmb.parse.kconfig.check(args, apkbuild["_flavor"], force_anbox_check=False,
|
||||||
force_nftables_check=False, details=True)
|
force_nftables_check=False,
|
||||||
|
force_containers_check=False,
|
||||||
|
details=True)
|
||||||
|
|
|
@ -323,6 +323,117 @@ necessary_kconfig_options_nftables = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Necessary kernel config options for containers (lxc, Docker)
|
||||||
|
necessary_kconfig_options_containers = {
|
||||||
|
">=0.0.0": { # all versions, more specifically - since >=2.5~2.6
|
||||||
|
"all": { # all arches
|
||||||
|
"NAMESPACES": True,
|
||||||
|
"NET_NS": True,
|
||||||
|
"PID_NS": True,
|
||||||
|
"IPC_NS": True,
|
||||||
|
"UTS_NS": True,
|
||||||
|
"CGROUPS": True,
|
||||||
|
"CGROUP_CPUACCT": True,
|
||||||
|
"CGROUP_DEVICE": True,
|
||||||
|
"CGROUP_FREEZER": True,
|
||||||
|
"CGROUP_SCHED": True,
|
||||||
|
"CPUSETS": True,
|
||||||
|
"KEYS": True,
|
||||||
|
"VETH": True,
|
||||||
|
"BRIDGE": True, # (also needed for anbox)
|
||||||
|
"BRIDGE_NETFILTER": True,
|
||||||
|
"IP_NF_FILTER": True,
|
||||||
|
"IP_NF_TARGET_MASQUERADE": True,
|
||||||
|
"NETFILTER_XT_MATCH_ADDRTYPE": True,
|
||||||
|
"NETFILTER_XT_MATCH_CONNTRACK": True,
|
||||||
|
"NETFILTER_XT_MATCH_IPVS": True,
|
||||||
|
"NETFILTER_XT_MARK": True,
|
||||||
|
"NETFILTER_XT_TARGET_CHECKSUM": True, # Needed for lxc
|
||||||
|
"IP_NF_NAT": True,
|
||||||
|
"NF_NAT": True,
|
||||||
|
"POSIX_MQUEUE": True,
|
||||||
|
"BLK_DEV_DM": True, # Storage Drivers
|
||||||
|
"DUMMY": True, # Network Drivers
|
||||||
|
# "USER_NS": True, # This is already in pmOS kconfig check
|
||||||
|
"BLK_CGROUP": True, # Optional section
|
||||||
|
"BLK_DEV_THROTTLING": True, # Optional section
|
||||||
|
"CGROUP_PERF": True, # Optional section
|
||||||
|
"NET_CLS_CGROUP": True, # Optional section
|
||||||
|
"FAIR_GROUP_SCHED": True, # Optional section
|
||||||
|
"RT_GROUP_SCHED": True, # Optional section
|
||||||
|
"IP_NF_TARGET_REDIRECT": True, # Optional section
|
||||||
|
"IP_VS": True, # Optional section
|
||||||
|
"IP_VS_NFCT": True, # Optional section
|
||||||
|
"IP_VS_PROTO_TCP": True, # Optional section
|
||||||
|
"IP_VS_PROTO_UDP": True, # Optional section
|
||||||
|
"IP_VS_RR": True, # Optional section
|
||||||
|
# "EXT4_FS": True, # This is already in pmOS kconfig check
|
||||||
|
"EXT4_FS_POSIX_ACL": True, # Optional section
|
||||||
|
"EXT4_FS_SECURITY": True, # Optional section
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.2": {
|
||||||
|
"all": {
|
||||||
|
"CFS_BANDWIDTH": True, # Optional section
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.3": {
|
||||||
|
"all": { # all arches
|
||||||
|
"CHECKPOINT_RESTORE": True, # Needed for lxc
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.6": {
|
||||||
|
"all": { # all arches
|
||||||
|
"MEMCG": True,
|
||||||
|
"MEMCG_SWAP": True,
|
||||||
|
"DM_THIN_PROVISIONING": True, # Storage Drivers
|
||||||
|
},
|
||||||
|
"x86 x86_64": { # only for x86, x86_64 (and sparc64, ia64)
|
||||||
|
"CONFIG_HUGETLB_PAGE": True,
|
||||||
|
"CGROUP_HUGETLB": True, # Optional section
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.7 <5.0": {
|
||||||
|
"all": {
|
||||||
|
"NF_NAT_IPV4": True, # Needed for lxc
|
||||||
|
"NF_NAT_IPV6": True, # Needed for lxc
|
||||||
|
},
|
||||||
|
},
|
||||||
|
">=3.7": {
|
||||||
|
"all": { # all arches
|
||||||
|
"VXLAN": True, # Network Drivers
|
||||||
|
"IP6_NF_TARGET_MASQUERADE": True, # Needed for lxc
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.9": {
|
||||||
|
"all": { # all arches
|
||||||
|
"BRIDGE_VLAN_FILTERING": True, # Network Drivers (also for anbox)
|
||||||
|
"MACVLAN": True, # Network Drivers
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.14": {
|
||||||
|
"all": { # all arches
|
||||||
|
"CGROUP_NET_PRIO": True, # Optional section
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.18": {
|
||||||
|
"all": { # all arches
|
||||||
|
"OVERLAY_FS": True, # Storage Drivers
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=3.19": {
|
||||||
|
"all": { # all arches
|
||||||
|
"IPVLAN": True, # Network Drivers
|
||||||
|
"SECCOMP": True, # Optional section
|
||||||
|
}
|
||||||
|
},
|
||||||
|
">=4.4": {
|
||||||
|
"all": { # all arches
|
||||||
|
"CGROUP_PIDS": True, # Optional section
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# PARSE
|
# PARSE
|
||||||
#
|
#
|
||||||
|
@ -390,6 +501,7 @@ apkbuild_custom_valid_options = [
|
||||||
"!pmb:crossdirect",
|
"!pmb:crossdirect",
|
||||||
"!pmb:kconfig-check",
|
"!pmb:kconfig-check",
|
||||||
"pmb:kconfigcheck-anbox",
|
"pmb:kconfigcheck-anbox",
|
||||||
|
"pmb:kconfigcheck-containers",
|
||||||
"pmb:kconfigcheck-nftables",
|
"pmb:kconfigcheck-nftables",
|
||||||
"pmb:cross-native",
|
"pmb:cross-native",
|
||||||
"pmb:strict",
|
"pmb:strict",
|
||||||
|
|
|
@ -376,6 +376,7 @@ def kconfig(args):
|
||||||
if pmb.parse.kconfig.check_file(args, args.package,
|
if pmb.parse.kconfig.check_file(args, args.package,
|
||||||
anbox=args.anbox,
|
anbox=args.anbox,
|
||||||
nftables=args.nftables,
|
nftables=args.nftables,
|
||||||
|
containers=args.containers,
|
||||||
details=True):
|
details=True):
|
||||||
logging.info("kconfig check succeeded!")
|
logging.info("kconfig check succeeded!")
|
||||||
return
|
return
|
||||||
|
@ -403,10 +404,12 @@ def kconfig(args):
|
||||||
if "!pmb:kconfigcheck" in apkbuild["options"]:
|
if "!pmb:kconfigcheck" in apkbuild["options"]:
|
||||||
skipped += 1
|
skipped += 1
|
||||||
continue
|
continue
|
||||||
if not pmb.parse.kconfig.check(args, package,
|
if not pmb.parse.kconfig.check(
|
||||||
force_anbox_check=args.anbox,
|
args, package,
|
||||||
force_nftables_check=args.nftables,
|
force_anbox_check=args.anbox,
|
||||||
details=True):
|
force_nftables_check=args.nftables,
|
||||||
|
force_containers_check=args.containers,
|
||||||
|
details=True):
|
||||||
error = True
|
error = True
|
||||||
|
|
||||||
# At least one failure
|
# At least one failure
|
||||||
|
|
|
@ -439,6 +439,8 @@ def arguments_kconfig(subparser):
|
||||||
" options needed for anbox too")
|
" options needed for anbox too")
|
||||||
check.add_argument("--nftables", action="store_true", help="check"
|
check.add_argument("--nftables", action="store_true", help="check"
|
||||||
" options needed for nftables too")
|
" options needed for nftables too")
|
||||||
|
check.add_argument("--containers", action="store_true",
|
||||||
|
help="check options needed for containers too")
|
||||||
check_package = check.add_argument("package", default="", nargs='?')
|
check_package = check.add_argument("package", default="", nargs='?')
|
||||||
if argcomplete:
|
if argcomplete:
|
||||||
check_package.completer = kernel_completer
|
check_package.completer = kernel_completer
|
||||||
|
|
|
@ -65,7 +65,7 @@ def check_option(component, details, config, config_path_pretty, option,
|
||||||
|
|
||||||
|
|
||||||
def check_config(config_path, config_path_pretty, config_arch, pkgver,
|
def check_config(config_path, config_path_pretty, config_arch, pkgver,
|
||||||
anbox=False, nftables=False, details=False):
|
anbox=False, nftables=False, containers=False, details=False):
|
||||||
logging.debug(f"Check kconfig: {config_path}")
|
logging.debug(f"Check kconfig: {config_path}")
|
||||||
with open(config_path) as handle:
|
with open(config_path) as handle:
|
||||||
config = handle.read()
|
config = handle.read()
|
||||||
|
@ -75,6 +75,9 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver,
|
||||||
components["anbox"] = pmb.config.necessary_kconfig_options_anbox
|
components["anbox"] = pmb.config.necessary_kconfig_options_anbox
|
||||||
if nftables:
|
if nftables:
|
||||||
components["nftables"] = pmb.config.necessary_kconfig_options_nftables
|
components["nftables"] = pmb.config.necessary_kconfig_options_nftables
|
||||||
|
if containers:
|
||||||
|
components["containers"] = \
|
||||||
|
pmb.config.necessary_kconfig_options_containers
|
||||||
|
|
||||||
results = [check_config_options_set(config, config_path_pretty,
|
results = [check_config_options_set(config, config_path_pretty,
|
||||||
config_arch, options, component,
|
config_arch, options, component,
|
||||||
|
@ -118,7 +121,7 @@ def check_config_options_set(config, config_path_pretty, config_arch, options,
|
||||||
|
|
||||||
|
|
||||||
def check(args, pkgname, force_anbox_check=False, force_nftables_check=False,
|
def check(args, pkgname, force_anbox_check=False, force_nftables_check=False,
|
||||||
details=False):
|
force_containers_check=False, details=False):
|
||||||
"""
|
"""
|
||||||
Check for necessary kernel config options in a package.
|
Check for necessary kernel config options in a package.
|
||||||
|
|
||||||
|
@ -141,13 +144,18 @@ def check(args, pkgname, force_anbox_check=False, force_nftables_check=False,
|
||||||
"pmb:kconfigcheck-anbox" in apkbuild["options"])
|
"pmb:kconfigcheck-anbox" in apkbuild["options"])
|
||||||
check_nftables = force_nftables_check or (
|
check_nftables = force_nftables_check or (
|
||||||
"pmb:kconfigcheck-nftables" in apkbuild["options"])
|
"pmb:kconfigcheck-nftables" in apkbuild["options"])
|
||||||
|
check_containers = force_containers_check or (
|
||||||
|
"pmb:kconfigcheck-containers" in apkbuild["options"])
|
||||||
for config_path in glob.glob(aport + "/config-*"):
|
for config_path in glob.glob(aport + "/config-*"):
|
||||||
# The architecture of the config is in the name, so it just needs to be
|
# The architecture of the config is in the name, so it just needs to be
|
||||||
# extracted
|
# extracted
|
||||||
config_arch = os.path.basename(config_path).split(".")[1]
|
config_arch = os.path.basename(config_path).split(".")[1]
|
||||||
config_path_pretty = f"linux-{flavor}/{os.path.basename(config_path)}"
|
config_path_pretty = f"linux-{flavor}/{os.path.basename(config_path)}"
|
||||||
ret &= check_config(config_path, config_path_pretty, config_arch,
|
ret &= check_config(config_path, config_path_pretty, config_arch,
|
||||||
pkgver, anbox=check_anbox, nftables=check_nftables,
|
pkgver,
|
||||||
|
anbox=check_anbox,
|
||||||
|
nftables=check_nftables,
|
||||||
|
containers=check_containers,
|
||||||
details=details)
|
details=details)
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
@ -185,7 +193,7 @@ def extract_version(config_file):
|
||||||
|
|
||||||
|
|
||||||
def check_file(args, config_file, anbox=False, nftables=False,
|
def check_file(args, config_file, anbox=False, nftables=False,
|
||||||
details=False):
|
containers=False, details=False):
|
||||||
"""
|
"""
|
||||||
Check for necessary kernel config options in a kconfig file.
|
Check for necessary kernel config options in a kconfig file.
|
||||||
|
|
||||||
|
@ -196,4 +204,7 @@ def check_file(args, config_file, anbox=False, nftables=False,
|
||||||
logging.debug(f"Check kconfig: parsed arch={arch}, version={version} from "
|
logging.debug(f"Check kconfig: parsed arch={arch}, version={version} from "
|
||||||
"file: {config_file}")
|
"file: {config_file}")
|
||||||
return check_config(config_file, config_file, arch, version,
|
return check_config(config_file, config_file, arch, version,
|
||||||
anbox=anbox, nftables=nftables, details=details)
|
anbox=anbox,
|
||||||
|
nftables=nftables,
|
||||||
|
containers=containers,
|
||||||
|
details=details)
|
||||||
|
|
Loading…
Reference in New Issue