> On 28 Sep 2021, at 09:39, Anthony PERARD <anthony.per...@citrix.com> wrote:
>
> This will help prevent the CI loop from having build failures when
> `checkpolicy` isn't available when doing "randconfig" jobs.
>
> To prevent "randconfig" from selecting XSM_FLASK_POLICY when
> `checkpolicy` isn't available, we will actually override the config
> output with the use of KCONFIG_ALLCONFIG.
>
> Doing this way still allow a user/developer to set XSM_FLASK_POLICY
> even when "checkpolicy" isn't available. It also prevent the build
> system from reset the config when "checkpolicy" isn't available
> anymore. And XSM_FLASK_POLICY is still selected automatically when
> `checkpolicy` is available.
> But this also work well for "randconfig", as it will not select
> XSM_FLASK_POLICY when "checkpolicy" is missing.
>
> This patch allows to easily add more override which depends on the
> environment.
>
> Also, move the check out of Config.mk and into xen/ build system.
> Nothing in tools/ is using that information as it's done by
> ./configure.
>
> We named the new file ".allconfig.tmp" as ".*.tmp" are already ignored
> via .gitignore.
>
> Remove '= y' in Kconfig as it isn't needed, only a value "y" is true,
> anything else is considered false.
I don’t know if it is true, I’m having a look here:
https://www.kernel.org/doc/Documentation/kbuild/kconfig-language.txt
And the section “Menu dependencies” states that:
An expression can have a value of 'n', 'm' or 'y' (or 0, 1, 2
respectively for calculations).
So it seems to me that m and y are evaluated as true, am I wrong?
Cheers,
Luca
>
> Signed-off-by: Anthony PERARD <anthony.per...@citrix.com>
> ---
> v4:
> - keep XEN_ prefix for HAS_CHECKPOLICY
> - rework .allconfig.tmp file generation, so it is easier to read.
> - remove .allconfig.tmp on clean, .*.tmp files aren't all cleaned yet,
> maybe for another time.
> - add information about file name choice and Kconfig change in patch
> description.
>
> v3:
> - use KCONFIG_ALLCONFIG
> - don't override XSM_FLASK_POLICY value unless we do randconfig.
> - no more changes to the current behavior of kconfig, only to
> randconfig.
>
> v2 was "[XEN PATCH v2] xen: allow XSM_FLASK_POLICY only if checkpolicy binary
> is available"
> ---
> Config.mk | 6 ------
> xen/Makefile | 20 +++++++++++++++++---
> xen/common/Kconfig | 2 +-
> 3 files changed, 18 insertions(+), 10 deletions(-)
>
> diff --git a/Config.mk b/Config.mk
> index e85bf186547f..d5490e35d03d 100644
> --- a/Config.mk
> +++ b/Config.mk
> @@ -137,12 +137,6 @@ export XEN_HAS_BUILD_ID=y
> build_id_linker := --build-id=sha1
> endif
>
> -ifndef XEN_HAS_CHECKPOLICY
> - CHECKPOLICY ?= checkpolicy
> - XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen &&
> echo y || echo n)
> - export XEN_HAS_CHECKPOLICY
> -endif
> -
> define buildmakevars2shellvars
> export PREFIX="$(prefix)"; \
> export XEN_SCRIPT_DIR="$(XEN_SCRIPT_DIR)"; \
> diff --git a/xen/Makefile b/xen/Makefile
> index f47423dacd9a..7c2ffce0fc77 100644
> --- a/xen/Makefile
> +++ b/xen/Makefile
> @@ -17,6 +17,8 @@ export XEN_BUILD_HOST ?= $(shell hostname)
> PYTHON_INTERPRETER := $(word 1,$(shell which python3 python python2
> 2>/dev/null) python)
> export PYTHON ?= $(PYTHON_INTERPRETER)
>
> +export CHECKPOLICY ?= checkpolicy
> +
> export BASEDIR := $(CURDIR)
> export XEN_ROOT := $(BASEDIR)/..
>
> @@ -178,6 +180,8 @@ CFLAGS += $(CLANG_FLAGS)
> export CLANG_FLAGS
> endif
>
> +export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep
> -q xen)
> +
> export root-make-done := y
> endif # root-make-done
>
> @@ -189,14 +193,24 @@ ifeq ($(config-build),y)
> # *config targets only - make sure prerequisites are updated, and descend
> # in tools/kconfig to make the *config target
>
> +# Create a file for KCONFIG_ALLCONFIG which depends on the environment.
> +# This will be use by kconfig targets
> allyesconfig/allmodconfig/allnoconfig/randconfig
> +filechk_kconfig_allconfig = \
> + $(if $(findstring n,$(XEN_HAS_CHECKPOLICY)), echo
> 'CONFIG_XSM_FLASK_POLICY=n';) \
> + $(if $(KCONFIG_ALLCONFIG), cat $(KCONFIG_ALLCONFIG);) \
> + :
> +
> +.allconfig.tmp: FORCE
> + set -e; { $(call filechk_kconfig_allconfig); } > $@
> +
> config: FORCE
> $(MAKE) $(kconfig) $@
>
> # Config.mk tries to include .config file, don't try to remake it
> %/.config: ;
>
> -%config: FORCE
> - $(MAKE) $(kconfig) $@
> +%config: .allconfig.tmp FORCE
> + $(MAKE) $(kconfig) KCONFIG_ALLCONFIG=$< $@
>
> else # !config-build
>
> @@ -368,7 +382,7 @@ _clean: delete-unfresh-files
> -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec
> rm -f {} \;
> rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi
> $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core
> rm -f asm-offsets.s include/asm-*/asm-offsets.h
> - rm -f .banner
> + rm -f .banner .allconfig.tmp
>
> .PHONY: _distclean
> _distclean: clean
> diff --git a/xen/common/Kconfig b/xen/common/Kconfig
> index db687b1785e7..eb6c2edb7bfe 100644
> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -251,7 +251,7 @@ config XSM_FLASK_AVC_STATS
>
> config XSM_FLASK_POLICY
> bool "Compile Xen with a built-in FLASK security policy"
> - default y if "$(XEN_HAS_CHECKPOLICY)" = "y"
> + default y if "$(XEN_HAS_CHECKPOLICY)"
> depends on XSM_FLASK
> ---help---
> This includes a default XSM policy in the hypervisor so that the
> --
> Anthony PERARD
>
>
