From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 6194A65860; Fri, 16 Sep 2022 05:00:17 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id B5702657F5; Fri, 16 Sep 2022 05:00:14 +0000 (UTC) Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by atuin.qyliss.net (Postfix) with ESMTPS id ACB91657F3 for ; Fri, 16 Sep 2022 05:00:10 +0000 (UTC) Received: by mail-ej1-x62f.google.com with SMTP id bj12so46709695ejb.13 for ; Thu, 15 Sep 2022 22:00:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unikie.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=IXgteDYan2Xdq//t6WrE+hPxC4L5TnHI97+jsRmyv4c=; b=bXluw5gLLEPr+w0ZwWJQ64Nc5GcA6c6FjmyGieZtPadcyhncb+cZAge51m89LEtayf 36NIz/1+8uZpXNl9ddU115cwFrUx8ohQMzuH0nsOFFmAhGfWZyb83K+7Y8AXemWRgqdC teaGRZKBDv/W9WRqSdVvEWD04BSlzD01W48e83t55LKAsgO62uZmkpskcMwUi2hf4OVL 6ql7XEJudcfwBeHn5ji8iGZ9Gvz4zMdc+B7SNHPhAyiXoUeZ8DOgGUZamW+RJ/P2D++7 JTD2Drt4z1PeDOCaHSltHxN7jSKAo+DDPwE5tHjXn6pl5SvZfAoJHPM/+iZwvZ53Kupp /L3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=IXgteDYan2Xdq//t6WrE+hPxC4L5TnHI97+jsRmyv4c=; b=59FsUsZoQzi9gmqC3slXENwR2zMH9EEtuoPczCnX1CHfTIP6JiEd6qnQeCBIciP4d/ OXhyRN8FEzGvlJxqvqR7Dc8P/NVS/kXkNJ9UY4iXHyTDEpITyNPQJgxgen9h755iY61N Qk9ZKklKnkMiZJblJDjMTJSMb6zM0DNnqAHakubTKlVfdf6ixAcifJyq+hMdWDg6ggCT hbd/0y4gUH8JTyjLzkC/QEHDYREoRIpjohPC/GTcSvXVxeLuXukg77byVtt8qjSomQ6n UtsVMpiwZWsDJPCxI9ioBWzID2dv+r46LQeXVNfWRy2w4dodtIz9+9wmTa5w08kf6AaG QhJA== X-Gm-Message-State: ACrzQf2ycNv1GqPKy5gDFFX5E6W4VlPKr4Q/YIO/tVDwQfLpJC9w5CX7 1C8w3eTHLNPubc577+bs1zikCpNyGidLg28OusKxtvfZjB5HqsgU X-Google-Smtp-Source: AMsMyM5QT3L6xATpbpRs9f1dgbZp9o4NnAAGA5RBaTN7Nod2RnyVIiKPvKHVsQRlIBFEpL+9/fpj1+2wKtPkYUz2TEc= X-Received: by 2002:a17:907:1c03:b0:77b:9d77:c5 with SMTP id nc3-20020a1709071c0300b0077b9d7700c5mr2222143ejc.225.1663304408022; Thu, 15 Sep 2022 22:00:08 -0700 (PDT) MIME-Version: 1.0 References: <20220915073515.47855-1-jose.pekkarinen@unikie.com> <87mtb1xd38.fsf@alyssa.is> <87h718yiuk.fsf@alyssa.is> <87zgf0vklc.fsf@alyssa.is> In-Reply-To: <87zgf0vklc.fsf@alyssa.is> From: =?UTF-8?Q?Jos=C3=A9_Pekkarinen?= Date: Fri, 16 Sep 2022 07:59:32 +0300 Message-ID: Subject: Re: [PATCH] Add image configuration option To: Alyssa Ross Content-Type: multipart/alternative; boundary="00000000000064d46b05e8c43caa" Message-ID-Hash: BG5MNQMVULFSCNZL2JGKFCBJNJGZMVV5 X-Message-ID-Hash: BG5MNQMVULFSCNZL2JGKFCBJNJGZMVV5 X-MailFrom: jose.pekkarinen@unikie.com X-Mailman-Rule-Hits: header-match-devel.spectrum-os.org-0 X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1 CC: devel@spectrum-os.org X-Mailman-Version: 3.3.5 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --00000000000064d46b05e8c43caa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Sep 15, 2022 at 4:22 PM Alyssa Ross wrote: > Jos=C3=A9 Pekkarinen writes: > > > On Thu, Sep 15, 2022 at 2:31 PM Alyssa Ross wrote: > > [...] > > You mean you'd like to manually provide a Kconfig file, rathen than > using Nixpkgs' (not very good) structured config mechanism, right? > That should be possible with an overlay, but maybe some documentation > with an example would be a good idea? > Yes, but, for example, if I provide the overlay that uses that that Kconfig, the Kconfig should be present in your system, as some sort of default configuration for the developer to consume if they want to use the overlay in question, otherwise, the developer needs to fetch spectrum sources, and then fetch out the default configuration somewhere else, put them together and test. The goal would be to upstream the overlay so that one can take spectrum source code, make a config.nix to select the overlay, and build, without extra steps to fetch other artifacts. [...] > > Well, it's not the size of the change that's important, but whether it > can be demonstrated that the change solves a problem. A big change to > fix a clear problem is fine! > It is offering a way to template configurations for the cases we were commenting before. So it solves a problem, the problem is that currently the source code doesn't ship default configurations for developers to test, so I can create a config.nix file downstream that makes the overlay for the hardened kernel use case, and now, instead of upstreaming and shipping it with any spectrum checkout, I have to publish it somewhere else, and document how to put the puzzle together so that a developer can test, use, and develop further. For now, it doesn't let combine configuration files, so these templates may be fat, because you can only make one template per case, and choose it. In the future it would be good if they are small snippets that do a particular purpose, and we list all the snippets we want to make the full use case the user want(for ex. making a cross compiled build from x86_64 of arm64 which includes security plus debugging). Jos=C3=A9. --00000000000064d46b05e8c43caa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, Sep 15, 2022 at 4:22 PM Alyss= a Ross <hi@alyssa.is> wrote:
<= /div>
Jos=C3=A9 Pekkarinen= <jose.p= ekkarinen@unikie.com> writes:

> On Thu, Sep 15, 2022 at 2:31 PM Alyssa Ross <hi@alyssa.is> wrote:

[...]
You mean you'd like to manually provide a Kconfig file, rathen than
using Nixpkgs' (not very good) structured config mechanism, right?
That should be possible with an overlay, but maybe some documentation
with an example would be a good idea?

=
Yes,=C2=A0 but, for example, if I provide the overlay= that uses that
that Kconfig, the Kconfig should be= present in your system, as some
sort of default configuration for the = developer to consume if they want
to use the overlay in question,= otherwise, the developer needs to fetch
spectrum sources, and th= en fetch out the default configuration somewhere
else, put them t= ogether and test. The goal would be to upstream the overlay
so th= at one can take spectrum source code, make a config.nix to select
the overlay, and build, without extra steps to fetch other artifacts.
<= div>

[...]

Well, it's not the size of the change that's important, but whether= it
can be demonstrated that the change solves a problem.=C2=A0 A big change to=
fix a clear problem is fine!

It is offering a way to template configur= ations for the cases
we were commenting= before. So it solves a problem, the problem is
that currently the sour= ce code doesn't ship default configurations for
developers to= test, so I can create a config.nix file downstream that
makes th= e overlay for the hardened kernel use case, and now, instead
of u= pstreaming and shipping it with any spectrum checkout, I have
to = publish it somewhere else, and document how to put the puzzle
tog= ether so that a developer can test, use, and develop further. For
now, it doesn't let combine configuration files, so these templates
may be fat, because you can only make one template per case,
<= div>and choose it. In the future it would be good if they are small snippet= s
that do a particular purpose, and we list all the snippets we w= ant
to make the full use case the user want(for ex. making a cros= s compiled
build from x86_64 of arm64 which includes security plu= s debugging).
=C2=A0=
Jos=C3=A9.
--00000000000064d46b05e8c43caa--