Improve kernel config reproducibility and consistency in armbian_kernel_config__disable_various_options #8565
Description
Summary
This issue addresses code improvements identified during review of PR #8560 that were deemed out of scope for that PR but should be addressed separately.
Background
In lib/functions/compilation/armbian-kernel.sh, the armbian_kernel_config__disable_various_options function has some inconsistencies around configuration tracking and naming conventions.
Issues to Address
1. Incomplete configuration tracking for reproducibility
Currently, only some enforced CONFIG options are recorded in kernel_config_modifying_hashes:
CONFIG_MODULE_SIG=nCONFIG_LOCALVERSION_AUTO=nEXPERT=y
However, the function also enforces additional options that aren't tracked:
CONFIG_SECURITY_LOCKDOWN_LSM=nCONFIG_MODULE_SIG_ALL=nMODULE_SIG_FORCE=nIMA_APPRAISE_MODSIG=nCONFIG_LOCALVERSION=""
If .config is absent, these extra toggles won't be tracked or re-applied later.
2. Inconsistent CONFIG_ prefix usage
The function mixes prefixed and unprefixed symbols (e.g., CONFIG_MODULE_SIG vs MODULE_SIG_FORCE). While helpers support both, consistency improves readability.
Suggested Patches
Option A: Track all enforced options
-kernel_config_modifying_hashes+=(\CONFIG_MODULE_SIG=n\ \CONFIG_LOCALVERSION_AUTO=n\ \EXPERT=y\)
+kernel_config_modifying_hashes+=(
+ \EXPERT=y\
+ \CONFIG_LOCALVERSION_AUTO=n\
+ 'CONFIG_LOCALVERSION=\\'
+ \CONFIG_MODULE_SIG=n\
+ \CONFIG_MODULE_SIG_ALL=n\
+ \MODULE_SIG_FORCE=n\
+ \IMA_APPRAISE_MODSIG=n\
+ \CONFIG_SECURITY_LOCKDOWN_LSM=n\
+)Consistency fix for CONFIG_ prefixes:
- kernel_config_set_n MODULE_SIG_FORCE
+ kernel_config_set_n CONFIG_MODULE_SIG_FORCEReferences
- Original discussion: armbian build machinery - allow kernel module compression. #8560 (comment)
- Related PR: armbian build machinery - allow kernel module compression. #8560
/cc @leggewie @tabrisnet