This will help prevent the CI loop from having build failures when
`checkpolicy` isn't available when doing "randconfig" jobs.
To prevent "randconfig" from selecting XSM_FLASK_POLICY when
`checkpolicy` isn't available, we will actually override the config
output with the use of KCONFIG_ALLCONFIG.
Doing this way still allow a user/developer to set XSM_FLASK_POLICY
even when "checkpolicy" isn't available. It also prevent the build
system from reset the config when "checkpolicy" isn't available
anymore. And XSM_FLASK_POLICY is still selected automatically when
`checkpolicy` is available.
But this also work well for "randconfig", as it will not select
XSM_FLASK_POLICY when "checkpolicy" is missing.
This patch allows to easily add more override which depends on the
environment.
Also, move the check out of Config.mk and into xen/ build system.
Nothing in tools/ is using that information as it's done by
./configure.
We named the new file ".allconfig.tmp" as ".*.tmp" are already ignored
via .gitignore.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---
v5:
- remove changes to common/Kconfig in order to avoid change in
behavior for "default y if m" in future Kconfig update as the current
behavior doesn't seems to be explicitly documented.
v4:
- keep XEN_ prefix for HAS_CHECKPOLICY
- rework .allconfig.tmp file generation, so it is easier to read.
- remove .allconfig.tmp on clean, .*.tmp files aren't all cleaned yet,
maybe for another time.
- add information about file name choice and Kconfig change in patch
description.
v3:
- use KCONFIG_ALLCONFIG
- don't override XSM_FLASK_POLICY value unless we do randconfig.
- no more changes to the current behavior of kconfig, only to
randconfig.
v2 was "[XEN PATCH v2] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available"
---
Config.mk | 6 ------
xen/Makefile | 20 +++++++++++++++++---
2 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/Config.mk b/Config.mk
index e85bf186547f..d5490e35d03d 100644
--- a/Config.mk
+++ b/Config.mk
@@ -137,12 +137,6 @@ export XEN_HAS_BUILD_ID=y
build_id_linker := --build-id=sha1
endif
-ifndef XEN_HAS_CHECKPOLICY
- CHECKPOLICY ?= checkpolicy
- XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n)
- export XEN_HAS_CHECKPOLICY
-endif
-
define buildmakevars2shellvars
export PREFIX="$(prefix)"; \
export XEN_SCRIPT_DIR="$(XEN_SCRIPT_DIR)"; \
diff --git a/xen/Makefile b/xen/Makefile
index f47423dacd9a..7c2ffce0fc77 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -17,6 +17,8 @@ export XEN_BUILD_HOST ?= $(shell hostname)
PYTHON_INTERPRETER := $(word 1,$(shell which python3 python python2 2>/dev/null) python)
export PYTHON ?= $(PYTHON_INTERPRETER)
+export CHECKPOLICY ?= checkpolicy
+
export BASEDIR := $(CURDIR)
export XEN_ROOT := $(BASEDIR)/..
@@ -178,6 +180,8 @@ CFLAGS += $(CLANG_FLAGS)
export CLANG_FLAGS
endif
+export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q xen)
+
export root-make-done := y
endif # root-make-done
@@ -189,14 +193,24 @@ ifeq ($(config-build),y)
# *config targets only - make sure prerequisites are updated, and descend
# in tools/kconfig to make the *config target
+# Create a file for KCONFIG_ALLCONFIG which depends on the environment.
+# This will be use by kconfig targets allyesconfig/allmodconfig/allnoconfig/randconfig
+filechk_kconfig_allconfig = \
+ $(if $(findstring n,$(XEN_HAS_CHECKPOLICY)), echo 'CONFIG_XSM_FLASK_POLICY=n';) \
+ $(if $(KCONFIG_ALLCONFIG), cat $(KCONFIG_ALLCONFIG);) \
+ :
+
+.allconfig.tmp: FORCE
+ set -e; { $(call filechk_kconfig_allconfig); } > $@
+
config: FORCE
$(MAKE) $(kconfig) $@
# Config.mk tries to include .config file, don't try to remake it
%/.config: ;
-%config: FORCE
- $(MAKE) $(kconfig) $@
+%config: .allconfig.tmp FORCE
+ $(MAKE) $(kconfig) KCONFIG_ALLCONFIG=$< $@
else # !config-build
@@ -368,7 +382,7 @@ _clean: delete-unfresh-files
-o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \;
rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core
rm -f asm-offsets.s include/asm-*/asm-offsets.h
- rm -f .banner
+ rm -f .banner .allconfig.tmp
.PHONY: _distclean
_distclean: clean
--
Anthony PERARD
> On 28 Sep 2021, at 16:04, Anthony PERARD <anthony.perard@citrix.com> wrote: > > This will help prevent the CI loop from having build failures when > `checkpolicy` isn't available when doing "randconfig" jobs. > > To prevent "randconfig" from selecting XSM_FLASK_POLICY when > `checkpolicy` isn't available, we will actually override the config > output with the use of KCONFIG_ALLCONFIG. > > Doing this way still allow a user/developer to set XSM_FLASK_POLICY > even when "checkpolicy" isn't available. It also prevent the build > system from reset the config when "checkpolicy" isn't available > anymore. And XSM_FLASK_POLICY is still selected automatically when > `checkpolicy` is available. > But this also work well for "randconfig", as it will not select > XSM_FLASK_POLICY when "checkpolicy" is missing. > > This patch allows to easily add more override which depends on the > environment. > > Also, move the check out of Config.mk and into xen/ build system. > Nothing in tools/ is using that information as it's done by > ./configure. > > We named the new file ".allconfig.tmp" as ".*.tmp" are already ignored > via .gitignore. > > Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Luca Fancellu <luca.fancellu@arm.com> > --- > v5: > - remove changes to common/Kconfig in order to avoid change in > behavior for "default y if m" in future Kconfig update as the current > behavior doesn't seems to be explicitly documented. > > v4: > - keep XEN_ prefix for HAS_CHECKPOLICY > - rework .allconfig.tmp file generation, so it is easier to read. > - remove .allconfig.tmp on clean, .*.tmp files aren't all cleaned yet, > maybe for another time. > - add information about file name choice and Kconfig change in patch > description. > > v3: > - use KCONFIG_ALLCONFIG > - don't override XSM_FLASK_POLICY value unless we do randconfig. > - no more changes to the current behavior of kconfig, only to > randconfig. > > v2 was "[XEN PATCH v2] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available" > --- > Config.mk | 6 ------ > xen/Makefile | 20 +++++++++++++++++--- > 2 files changed, 17 insertions(+), 9 deletions(-) > > diff --git a/Config.mk b/Config.mk > index e85bf186547f..d5490e35d03d 100644 > --- a/Config.mk > +++ b/Config.mk > @@ -137,12 +137,6 @@ export XEN_HAS_BUILD_ID=y > build_id_linker := --build-id=sha1 > endif > > -ifndef XEN_HAS_CHECKPOLICY > - CHECKPOLICY ?= checkpolicy > - XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n) > - export XEN_HAS_CHECKPOLICY > -endif > - > define buildmakevars2shellvars > export PREFIX="$(prefix)"; \ > export XEN_SCRIPT_DIR="$(XEN_SCRIPT_DIR)"; \ > diff --git a/xen/Makefile b/xen/Makefile > index f47423dacd9a..7c2ffce0fc77 100644 > --- a/xen/Makefile > +++ b/xen/Makefile > @@ -17,6 +17,8 @@ export XEN_BUILD_HOST ?= $(shell hostname) > PYTHON_INTERPRETER := $(word 1,$(shell which python3 python python2 2>/dev/null) python) > export PYTHON ?= $(PYTHON_INTERPRETER) > > +export CHECKPOLICY ?= checkpolicy > + > export BASEDIR := $(CURDIR) > export XEN_ROOT := $(BASEDIR)/.. > > @@ -178,6 +180,8 @@ CFLAGS += $(CLANG_FLAGS) > export CLANG_FLAGS > endif > > +export XEN_HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q xen) > + > export root-make-done := y > endif # root-make-done > > @@ -189,14 +193,24 @@ ifeq ($(config-build),y) > # *config targets only - make sure prerequisites are updated, and descend > # in tools/kconfig to make the *config target > > +# Create a file for KCONFIG_ALLCONFIG which depends on the environment. > +# This will be use by kconfig targets allyesconfig/allmodconfig/allnoconfig/randconfig > +filechk_kconfig_allconfig = \ > + $(if $(findstring n,$(XEN_HAS_CHECKPOLICY)), echo 'CONFIG_XSM_FLASK_POLICY=n';) \ > + $(if $(KCONFIG_ALLCONFIG), cat $(KCONFIG_ALLCONFIG);) \ > + : > + > +.allconfig.tmp: FORCE > + set -e; { $(call filechk_kconfig_allconfig); } > $@ > + > config: FORCE > $(MAKE) $(kconfig) $@ > > # Config.mk tries to include .config file, don't try to remake it > %/.config: ; > > -%config: FORCE > - $(MAKE) $(kconfig) $@ > +%config: .allconfig.tmp FORCE > + $(MAKE) $(kconfig) KCONFIG_ALLCONFIG=$< $@ > > else # !config-build > > @@ -368,7 +382,7 @@ _clean: delete-unfresh-files > -o -name "*.gcno" -o -name ".*.cmd" -o -name "lib.a" \) -exec rm -f {} \; > rm -f include/asm $(TARGET) $(TARGET).gz $(TARGET).efi $(TARGET).efi.map $(TARGET)-syms $(TARGET)-syms.map *~ core > rm -f asm-offsets.s include/asm-*/asm-offsets.h > - rm -f .banner > + rm -f .banner .allconfig.tmp > > .PHONY: _distclean > _distclean: clean > -- > Anthony PERARD > >
On 28.09.2021 17:04, Anthony PERARD wrote: > This will help prevent the CI loop from having build failures when > `checkpolicy` isn't available when doing "randconfig" jobs. > > To prevent "randconfig" from selecting XSM_FLASK_POLICY when > `checkpolicy` isn't available, we will actually override the config > output with the use of KCONFIG_ALLCONFIG. > > Doing this way still allow a user/developer to set XSM_FLASK_POLICY > even when "checkpolicy" isn't available. It also prevent the build > system from reset the config when "checkpolicy" isn't available > anymore. And XSM_FLASK_POLICY is still selected automatically when > `checkpolicy` is available. > But this also work well for "randconfig", as it will not select > XSM_FLASK_POLICY when "checkpolicy" is missing. > > This patch allows to easily add more override which depends on the > environment. > > Also, move the check out of Config.mk and into xen/ build system. > Nothing in tools/ is using that information as it's done by > ./configure. > > We named the new file ".allconfig.tmp" as ".*.tmp" are already ignored > via .gitignore. > > Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
© 2016 - 2024 Red Hat, Inc.