a7099ed8e3
To avoid something like https://gitlab.com/postmarketOS/pmaports/-/issues/3050 we should make sure the libcamera configs are enabled. This also addresses: https://gitlab.com/postmarketOS/pmbootstrap/-/issues/2174#note_1884069175 Signed-off-by: Alistair Francis <alistair@alistair23.me> Tweaked-By: Oliver Smith <ollieparanoid@postmarketos.org> [ci:skip-vercheck]: don't need to bump the version for kernel packages in this patchset where we only removed pmb:kconfigcheck-community. [ci:skip-build]: too many kernels changed
326 lines
9.6 KiB
TOML
326 lines
9.6 KiB
TOML
# pmaports CI and "pmbootstrap kconfig check" use this file to ensure our
|
|
# kernels have certain kernel config options set. Which categories are checked
|
|
# depends on options="pmb:kconfigcheck-…" in the linux APKBUILD. If no such
|
|
# option is set, see the default in ["category:default".">=0.0.0"."all"] below.
|
|
|
|
[aliases]
|
|
# Devices with options="pmb:kconfigcheck-community" in the device APKBUILD will
|
|
# check for the following categories. A CI check ensures that all devices in
|
|
# device/main and device/community dirs have this option. Devices in testing
|
|
# may also have "pmb:kconfigcheck-community", but it may be removed when
|
|
# modifying the required options and adjusting the devices in testing is too
|
|
# much effort. Device maintainers may fix it up afterwards and add it back.
|
|
community = [
|
|
"category:default",
|
|
"category:community_various",
|
|
"category:containers",
|
|
"category:libcamera",
|
|
"category:filesystems",
|
|
"category:iwd",
|
|
"category:netboot",
|
|
"category:nftables",
|
|
"category:usb_gadgets",
|
|
"category:waydroid",
|
|
"category:wireguard",
|
|
"category:zram",
|
|
]
|
|
|
|
# Format for rule sections:
|
|
# ["category:<NAME>"."<KERNEL_VERSION>"."<ARCHITECTURES>"]
|
|
# Implemented value types:
|
|
# - boolean (e.g. 'ANDROID_PARANOID_NETWORK = false'):
|
|
# - false: disabled
|
|
# - true: enabled, either as module or built-in
|
|
# - list (e.g. 'ANDROID_BINDER_DEVICES = ["binder", "hwbinder"]'):
|
|
# - each element of the array must be contained in the kernel config string,
|
|
# in any order. The example above would accept the following in the config:
|
|
# CONFIG_ANDROID_BINDER_DEVICES="hwbinder,vndbinder,binder"
|
|
# - string (e.g. 'LSM = "lockdown,yama,loadpin,safesetid,integrity"'):
|
|
# - the value in the kernel config must be the same as the given string. Use
|
|
# this e.g. if the order of the elements is important.
|
|
|
|
# default: all devices must satisfy these
|
|
["category:default".">=0.0.0"."all"]
|
|
ANDROID_PARANOID_NETWORK = false
|
|
BLK_DEV_INITRD = true
|
|
CGROUPS = true
|
|
CRYPTO_AES = true
|
|
CRYPTO_XTS = true
|
|
DEVTMPFS = true
|
|
DM_CRYPT = true
|
|
INPUT_EVDEV = true
|
|
EXT4_FS = true
|
|
KINETO_GAN = false
|
|
PFT = false
|
|
SEC_RESTRICT_ROOTING = false
|
|
SYSVIPC = true
|
|
TMPFS_POSIX_ACL = true
|
|
USE_VFB = false
|
|
VT = true
|
|
["category:default".">=2.6.0"."all"]
|
|
BINFMT_ELF = true
|
|
["category:default".">=3.10.0"."all"]
|
|
BINFMT_SCRIPT = true
|
|
["category:default".">=4.0.0"."all"]
|
|
UEVENT_HELPER = true
|
|
USER_NS = true
|
|
["category:default"."<4.7.0"."all"]
|
|
DEVPTS_MULTIPLE_INSTANCES = true
|
|
["category:default"."<4.14.0"."all"]
|
|
SAMSUNG_TUI = false
|
|
TZDEV = false
|
|
["category:default"."<5.2.0"."armhf armv7 x86"]
|
|
LBDAF = true
|
|
|
|
# waydroid: android compatibility layer
|
|
["category:waydroid".">=0.0.0"."all"]
|
|
ANDROID_BINDERFS = false
|
|
ANDROID_BINDER_DEVICES = ["binder", "hwbinder", "vndbinder"]
|
|
ANDROID_BINDER_IPC = true
|
|
ANDROID_BINDER_IPC_SELFTEST = false
|
|
BLK_DEV_LOOP = true
|
|
BPF_SYSCALL = true
|
|
BRIDGE = true
|
|
BRIDGE_VLAN_FILTERING = true
|
|
CGROUP_BPF = true
|
|
FUSE_FS = true
|
|
IP_NF_MANGLE = true
|
|
NETFILTER_XTABLES = true
|
|
NETFILTER_XT_MATCH_COMMENT = true
|
|
PSI = true
|
|
PSI_DEFAULT_DISABLED = false
|
|
SQUASHFS = true
|
|
SQUASHFS_XATTR = true
|
|
SQUASHFS_XZ = true
|
|
TMPFS_XATTR = true
|
|
TUN = true
|
|
VETH = true
|
|
VLAN_8021Q = true # prerequisite for bridge
|
|
["category:waydroid".">=3.5"."all"]
|
|
CROSS_MEMORY_ATTACH = true
|
|
["category:waydroid".">=4.20.0"."all"]
|
|
PSI = true # required by userspace OOM killer
|
|
PSI_DEFAULT_DISABLED = false
|
|
["category:waydroid"."<5.18"."all"]
|
|
ASHMEM = true
|
|
|
|
# iwd: modern inet wireless daemon
|
|
# Obtained from 'grep ADD_MISSING src/main.c' in iwd.git
|
|
["category:iwd".">=0.0.0"."all"]
|
|
ASYMMETRIC_KEY_TYPE = true
|
|
ASYMMETRIC_PUBLIC_KEY_SUBTYPE = true
|
|
CRYPTO_AES = true
|
|
CRYPTO_CBC = true
|
|
CRYPTO_CMAC = true
|
|
CRYPTO_DES = true
|
|
CRYPTO_ECB = true
|
|
CRYPTO_HMAC = true
|
|
CRYPTO_MD5 = true
|
|
CRYPTO_SHA1 = true
|
|
CRYPTO_SHA256 = true
|
|
CRYPTO_SHA512 = true
|
|
CRYPTO_USER_API_HASH = true
|
|
CRYPTO_USER_API_SKCIPHER = true
|
|
KEYS = true
|
|
KEY_DH_OPERATIONS = true
|
|
PKCS7_MESSAGE_PARSER = true
|
|
PKCS8_PRIVATE_KEY_PARSER = true
|
|
X509_CERTIFICATE_PARSER = true
|
|
RFKILL = true
|
|
|
|
# nftables: firewall, not related to nft scams
|
|
["category:nftables".">=3.13.0"."all"]
|
|
NETFILTER = true
|
|
NF_CONNTRACK = true
|
|
NF_TABLES = true
|
|
NF_TABLES_INET = true
|
|
NFT_CT = true
|
|
NFT_LOG = true
|
|
NFT_LIMIT = true
|
|
NFT_MASQ = true
|
|
NFT_NAT = true
|
|
NFT_REJECT = true
|
|
NF_TABLES_IPV4 = true
|
|
NF_REJECT_IPV4 = true
|
|
IP_NF_IPTABLES = true
|
|
IP_NF_FILTER = true
|
|
IP_NF_TARGET_REJECT = true
|
|
IP_NF_NAT = true
|
|
NF_TABLES_IPV6 = true
|
|
NF_REJECT_IPV6 = true
|
|
IP6_NF_IPTABLES = true
|
|
IP6_NF_FILTER = true
|
|
IP6_NF_TARGET_REJECT = true
|
|
IP6_NF_NAT = true
|
|
["category:nftables".">=3.13.0 <0.17"."all"]
|
|
NFT_COUNTER = true
|
|
|
|
# containers: lxc, docker, etc.
|
|
["category:containers".">=0.0.0"."all"]
|
|
NAMESPACES = true
|
|
NET_NS = true
|
|
PID_NS = true
|
|
IPC_NS = true
|
|
UTS_NS = true
|
|
CGROUPS = true
|
|
CGROUP_CPUACCT = true
|
|
CGROUP_DEVICE = true
|
|
CGROUP_FREEZER = true
|
|
CGROUP_SCHED = true
|
|
CPUSETS = true
|
|
KEYS = true
|
|
VETH = true
|
|
BRIDGE = true # (also needed for waydroid)
|
|
BRIDGE_NETFILTER = true
|
|
IP_NF_FILTER = true
|
|
IP_NF_TARGET_MASQUERADE = true
|
|
NETFILTER_XT_MATCH_ADDRTYPE = true
|
|
NETFILTER_XT_MATCH_CONNTRACK = true
|
|
NETFILTER_XT_MATCH_IPVS = true
|
|
NETFILTER_XT_MARK = true
|
|
NETFILTER_XT_TARGET_CHECKSUM = true # Needed for lxc
|
|
IP_NF_NAT = true
|
|
NF_NAT = true
|
|
POSIX_MQUEUE = true
|
|
BLK_DEV_DM = true # Storage Drivers
|
|
DUMMY = true # Network Drivers
|
|
# USER_NS = true # This is already in pmOS kconfig check
|
|
BLK_CGROUP = true # Optional section
|
|
BLK_DEV_THROTTLING = true # Optional section
|
|
CGROUP_PERF = true # Optional section
|
|
NET_CLS_CGROUP = true # Optional section
|
|
FAIR_GROUP_SCHED = true # Optional section
|
|
IP_NF_TARGET_REDIRECT = true # Optional section
|
|
IP_VS = true # Optional section
|
|
IP_VS_NFCT = true # Optional section
|
|
IP_VS_PROTO_TCP = true # Optional section
|
|
IP_VS_PROTO_UDP = true # Optional section
|
|
IP_VS_RR = true # Optional section
|
|
# EXT4_FS = true # This is already in pmOS kconfig check
|
|
EXT4_FS_POSIX_ACL = true # Optional section
|
|
EXT4_FS_SECURITY = true # Optional section
|
|
["category:containers".">=3.2"."all"]
|
|
CFS_BANDWIDTH = true # Optional section
|
|
["category:containers".">=3.3"."all"]
|
|
CHECKPOINT_RESTORE = true # Needed for lxc
|
|
["category:containers".">=3.6"."all"]
|
|
MEMCG = true
|
|
DM_THIN_PROVISIONING = true # Storage Drivers
|
|
SWAP = true
|
|
["category:containers".">=3.6"."x86 x64_64"]
|
|
HUGETLB_PAGE = true
|
|
CGROUP_HUGETLB = true # Optional section
|
|
["category:containers".">=3.6 <6.1_rc1"."all"]
|
|
MEMCG_SWAP = true
|
|
["category:containers".">=3.7 <5.0"."all"]
|
|
NF_NAT_IPV4 = true # Needed for lxc
|
|
NF_NAT_IPV6 = true # Needed for lxc
|
|
["category:containers".">=3.7"."all"]
|
|
VXLAN = true # Network Drivers
|
|
IP6_NF_TARGET_MASQUERADE = true # Needed for lxc
|
|
["category:containers".">=3.9"."all"]
|
|
BRIDGE_VLAN_FILTERING = true # Network Drivers (also for waydroid)
|
|
MACVLAN = true # Network Drivers
|
|
["category:containers".">=3.13"."all"]
|
|
NFT_COMPAT = true
|
|
["category:containers".">=3.14"."all"]
|
|
CGROUP_NET_PRIO = true # Optional section
|
|
["category:containers".">=3.18"."all"]
|
|
OVERLAY_FS = true # Storage Drivers
|
|
["category:containers".">=3.19"."all"]
|
|
IPVLAN = true # Network Drivers
|
|
SECCOMP = true # Optional section
|
|
["category:containers".">=4.4"."all"]
|
|
CGROUP_PIDS = true # Optional section
|
|
|
|
# zram: RAM disk with on-the-fly compression
|
|
["category:zram".">=3.14.0"."all"]
|
|
ZRAM = true
|
|
ZSMALLOC = true
|
|
CRYPTO_LZ4 = true
|
|
LZ4_COMPRESS = true
|
|
SWAP = true
|
|
|
|
# netboot: https://postmarketos.org/netboot
|
|
["category:netboot".">=0.0.0"."all"]
|
|
BLK_DEV_NBD = true
|
|
|
|
# wireguard: VPN software, also includes options for wg-quick
|
|
["category:wireguard".">=5.6_rc1"."all"]
|
|
WIREGUARD = true
|
|
IP_ADVANCED_ROUTER = true
|
|
IP_MULTIPLE_TABLES = true
|
|
IPV6_MULTIPLE_TABLES = true
|
|
NF_TABLES = true
|
|
NF_TABLES_IPV4 = true
|
|
NF_TABLES_IPV6 = true
|
|
NFT_CT = true
|
|
NFT_FIB = true
|
|
NFT_FIB_IPV4 = true
|
|
NFT_FIB_IPV6 = true
|
|
NF_CONNTRACK_MARK = true
|
|
|
|
# filesystems
|
|
["category:filesystems".">=0.0.0"."all"]
|
|
BTRFS_FS = true
|
|
EXFAT_FS = true
|
|
EXT4_FS = true
|
|
F2FS_FS = true
|
|
|
|
# usb_gadgets
|
|
["category:usb_gadgets".">=0.0.0"."all"]
|
|
# disable legacy gadgets
|
|
USB_ETH = false
|
|
USB_FUNCTIONFS = false
|
|
USB_MASS_STORAGE = false
|
|
USB_G_SERIAL = false
|
|
# enable configfs gadgets
|
|
USB_CONFIGFS_NCM = true # USB networking via NCM
|
|
USB_CONFIGFS_RNDIS = true # USB networking via RNDIS (legacy)
|
|
|
|
# community_various: Various options that were not categorized properly due to
|
|
# inflexibility of previous kconfigcheck related code. We should move these to
|
|
# proper categories above and/or invent new categories with meaningful names.
|
|
# >> Do not add more here!! <<
|
|
["category:community_various".">=0.0.0"."all"]
|
|
BINFMT_MISC = true # register binary formats
|
|
CIFS = true # mount SMB shares
|
|
INPUT_UINPUT = true # buffyboard
|
|
LEDS_TRIGGER_PATTERN = true # feedbackd
|
|
LEDS_TRIGGER_TIMER = true # hfd-service
|
|
NETFILTER_XT_MATCH_STATISTIC = true # kube-proxy
|
|
NETFILTER_XT_MATCH_TCPMSS = true # change MTU e.g. for Wireguard
|
|
NETFILTER_XT_TARGET_TCPMSS = true # change MTU e.g. for Wireguard
|
|
# TODO = Depends on SUSPEND which is not enabled for some devices
|
|
# PM_WAKELOCKS = true # Sxmo
|
|
SND_USB_AUDIO = true # USB audio devices
|
|
UCLAMP_TASK = true # Scheduler hints
|
|
UCLAMP_TASK_GROUP = true # Scheduler hints
|
|
UHID = true # e.g. Bluetooth input devices
|
|
USB_STORAGE = true # USB mass storage devices
|
|
RT_GROUP_SCHED = false # https://gitlab.com/postmarketOS/pmaports/-/issues/2652
|
|
|
|
# uefi: proper modern booting
|
|
["category:uefi".">=0.0.0"."all"]
|
|
EFI_STUB = true
|
|
EFI = true
|
|
DMI = true
|
|
EFI_ESRT = true
|
|
EFI_VARS_PSTORE = true
|
|
EFI_RUNTIME_WRAPPERS = true
|
|
VFAT_FS = true
|
|
NLS_ASCII = true
|
|
["category:uefi".">=0.0.0"."x86_64"]
|
|
EFI_MIXED = true
|
|
["category:uefi".">=0.0.0"."aarch64 armv7"]
|
|
EFI_GENERIC_STUB = true
|
|
EFI_PARAMS_FROM_FDT = true
|
|
["category:uefi".">=6.1.0"."aarch64"]
|
|
# Required EFI booting compressed kernels on this arch
|
|
EFI_ZBOOT = true
|
|
|
|
["category:libcamera".">=0.0.0"."aarch64"]
|
|
DMABUF_HEAPS_CMA = true
|
|
DMABUF_HEAPS = true
|
|
DMA_CMA = true
|
|
CMA = true
|