Improve kernel config reproducibility and consistency in armbian_kernel_config__disable_various_options #8566
Description
Summary
This issue addresses code improvements identified during review of PR #8560 that were deemed out of scope for that PR but should be addressed separately.
Background
In lib/functions/compilation/armbian-kernel.sh, the armbian_kernel_config__disable_various_options function has some inconsistencies around configuration tracking and naming conventions.
Issues to Address
1. Incomplete configuration tracking for reproducibility
Currently, only some enforced CONFIG options are recorded in kernel_config_modifying_hashes:
- CONFIG_MODULE_SIG=n
- CONFIG_LOCALVERSION_AUTO=n
- EXPERT=y
However, the function also enforces additional options that aren't tracked:
- CONFIG_SECURITY_LOCKDOWN_LSM=n
- CONFIG_MODULE_SIG_ALL=n
- MODULE_SIG_FORCE=n
- IMA_APPRAISE_MODSIG=n
- CONFIG_LOCALVERSION=""
If .config is absent, these extra toggles won't be tracked or re-applied later.
2. Inconsistent CONFIG_ prefix usage
The function mixes prefixed and unprefixed symbols (e.g., CONFIG_MODULE_SIG vs MODULE_SIG_FORCE). While helpers support both, consistency improves readability.
Suggested Patches
Option A: Track all enforced options
-kernel_config_modifying_hashes+=("CONFIG_MODULE_SIG=n" "CONFIG_LOCALVERSION_AUTO=n" "EXPERT=y")
+kernel_config_modifying_hashes+=(
+ "EXPERT=y"
+ "CONFIG_LOCALVERSION_AUTO=n"
+ 'CONFIG_LOCALVERSION=""'
+ "CONFIG_MODULE_SIG=n"
+ "CONFIG_MODULE_SIG_ALL=n"
+ "MODULE_SIG_FORCE=n"
+ "IMA_APPRAISE_MODSIG=n"
+ "CONFIG_SECURITY_LOCKDOWN_LSM=n"
+)Consistency fix for CONFIG_ prefixes:
- kernel_config_set_n MODULE_SIG_FORCE
+ kernel_config_set_n CONFIG_MODULE_SIG_FORCEReferences
- Original discussion: armbian build machinery - allow kernel module compression. #8560
- Related PR: armbian build machinery - allow kernel module compression. #8560
/cc @leggewie @tabrisnet