1 |
On Fri, Nov 04, 2011 at 01:59:14PM +0100, "Paweł Hajdan, Jr." wrote: |
2 |
> check_extra_config requires a configured kernel |
3 |
> (/usr/src/linux/.config), while I think it should also be satisfied by |
4 |
> /proc/config.gz (i.e. just a way to verify the config, not necessarily |
5 |
> kernel built locally). |
6 |
> |
7 |
> An example use case is www-client/chromium, which makes sure the kernel |
8 |
> will support its sandbox. It's generally a bad idea to run without full |
9 |
> sandboxing support (it can work without kernel support, just doesn't |
10 |
> prevent a compromised renderer from connecting to network or sending |
11 |
> signals to processes). |
12 |
chromium is using CONFIG_CHECK wrongly. |
13 |
It should be CONFIG_CHECK="~PID_NS ~NET_NS" |
14 |
|
15 |
- Does the package _build_ kernel modules? |
16 |
Yes: .config is required. |
17 |
No: .config is NOT required. All options must have '~' prefix. |
18 |
- Does the package use the options specified _during_ src_configure, |
19 |
src_compile, src_test process? |
20 |
(eg there's a testsuite that uses namespaces). |
21 |
Yes: .config/config.gz may not be available, devise an actual test |
22 |
that tries to use the option. |
23 |
No: Just keep the ~ prefix on the option. |
24 |
|
25 |
> # In the case where we don't require a .config, we can now bail out |
26 |
> # if the user has no .config as there is nothing to do. Otherwise |
27 |
> # code later will cause a failure due to missing .config. |
28 |
> if ! linux_config_exists; then |
29 |
[snip] |
30 |
> fi |
31 |
This will cause out-of-kernel module building to fail much later instead |
32 |
of correctly failing early when there is no .config. |
33 |
|
34 |
-- |
35 |
Robin Hugh Johnson |
36 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
37 |
E-Mail : robbat2@g.o |
38 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |