From 10ab948988282129ae0c33ddaca17d8c9ff87762 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 4 Nov 2025 17:12:48 +0100 Subject: [PATCH 01/15] chore: move persistent-mount under bob --- .../mkosi.skeleton/etc/systemd/system/persistent-mount.service | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {base => bob-common}/mkosi.skeleton/etc/systemd/system/persistent-mount.service (100%) diff --git a/base/mkosi.skeleton/etc/systemd/system/persistent-mount.service b/bob-common/mkosi.skeleton/etc/systemd/system/persistent-mount.service similarity index 100% rename from base/mkosi.skeleton/etc/systemd/system/persistent-mount.service rename to bob-common/mkosi.skeleton/etc/systemd/system/persistent-mount.service From 4a1202dc064ed7e9e83030cd070654218f534af0 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 4 Nov 2025 17:16:31 +0100 Subject: [PATCH 02/15] chore: tidy up gitignore --- .gitignore | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 483e4b6..34c4139 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,21 @@ +# mkosi artifacts + build/ -mkosi/ env.json -mkosi.packages/ -mkosi.cache/ mkosi.builddir/ -*.qcow2 -.claudesync/ -.claudeignore +mkosi.cache/ +mkosi.packages/ +mkosi/ + +# temporary files + +.temp tmp/ + +# IDEs/agents/whatnot + +.claudeignore +.claudesync/ +.vscode +*.qcow2 NvVars From 447a82301cd26b0eb41191d0287e27d68a767da0 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Wed, 5 Nov 2025 08:56:34 +0100 Subject: [PATCH 03/15] fix: specify the package during rust builds --- scripts/build_rust_package.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/build_rust_package.sh b/scripts/build_rust_package.sh index 58f313f..eaa2858 100755 --- a/scripts/build_rust_package.sh +++ b/scripts/build_rust_package.sh @@ -50,10 +50,10 @@ build_rust_package() { CARGO_TERM_COLOR='never' cd '/build/$package' cargo fetch - cargo build --release --frozen ${extra_features:+--features $extra_features} + cargo build --release --frozen ${extra_features:+--features $extra_features} --package $package " # Cache and install the built binary install -m 755 "$build_dir/target/release/$package" "$cached_binary" install -m 755 "$cached_binary" "$dest_path" -} \ No newline at end of file +} From 145218b2f3b6a12c14bd437b13cc2de71a392e83 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 12:19:50 +0100 Subject: [PATCH 04/15] feat: implement blanket gcp image build --- base/mkosi.skeleton/etc/sysconfig/.gitkeep | 0 l2/kernel.config | 3 + l2/mkosi.build | 66 +++++++++++++++++++ l2/mkosi.conf | 24 +++++++ .../etc/default/prometheus-node-exporter | 7 ++ .../etc/default/prometheus-process-exporter | 6 ++ l2/mkosi.extra/etc/flashbots/l2.yaml | 6 ++ .../etc/google-cloud-ops-agent/config.yaml | 18 +++++ .../prometheus-process-exporter/config.yaml | 4 ++ .../etc/systemd/system/automount-data.service | 16 +++++ .../systemd/system/ptlb-routes-nanny.service | 15 +++++ .../systemd/system/ptlb-routes-nanny.timer | 9 +++ .../systemd-networkd.service.d/override.conf | 3 + .../etc/systemd/system/vault-agent.service | 33 ++++++++++ .../gomplate/authorized_keys.ctmpl | 8 +++ .../vault-agent/gomplate/authorized_keys.hcl | 13 ++++ .../etc/vault-agent/gomplate/config.hcl | 20 ++++++ l2/mkosi.extra/usr/bin/automount-data.sh | 26 ++++++++ l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh | 57 ++++++++++++++++ l2/mkosi.postinst | 33 ++++++++++ mkosi.profiles/devtools/mkosi.conf | 7 ++ mkosi.profiles/devtools/mkosi.postinst | 31 ++++++++- mkosi.profiles/gcp/mkosi.conf | 8 ++- .../gcp/mkosi.extra/etc/chrony}/chrony.conf | 0 .../gcp/mkosi.extra/etc/logrotate.d/rsyslog | 13 ++++ .../etc/rsyslog.d/01-json-template.conf | 40 +++++++++++ .../gcp/mkosi.extra/etc/systemd/journald.conf | 50 ++++++++++++++ .../system/logrotate.timer.d/override.conf | 3 + .../etc/systemd/system/set-hostname.service | 14 ++++ .../gcp/mkosi.extra/usr/bin/set-hostname.sh | 16 +++++ mkosi.profiles/gcp/mkosi.postinst | 39 +++++++++++ 31 files changed, 586 insertions(+), 2 deletions(-) create mode 100644 base/mkosi.skeleton/etc/sysconfig/.gitkeep create mode 100644 l2/kernel.config create mode 100755 l2/mkosi.build create mode 100644 l2/mkosi.conf create mode 100644 l2/mkosi.extra/etc/default/prometheus-node-exporter create mode 100644 l2/mkosi.extra/etc/default/prometheus-process-exporter create mode 100644 l2/mkosi.extra/etc/flashbots/l2.yaml create mode 100644 l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml create mode 100644 l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml create mode 100644 l2/mkosi.extra/etc/systemd/system/automount-data.service create mode 100644 l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service create mode 100644 l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer create mode 100644 l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf create mode 100644 l2/mkosi.extra/etc/systemd/system/vault-agent.service create mode 100644 l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl create mode 100644 l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl create mode 100644 l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl create mode 100755 l2/mkosi.extra/usr/bin/automount-data.sh create mode 100644 l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh create mode 100755 l2/mkosi.postinst rename {services => mkosi.profiles/gcp/mkosi.extra/etc/chrony}/chrony.conf (100%) create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf create mode 100644 mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service create mode 100755 mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh create mode 100755 mkosi.profiles/gcp/mkosi.postinst diff --git a/base/mkosi.skeleton/etc/sysconfig/.gitkeep b/base/mkosi.skeleton/etc/sysconfig/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/l2/kernel.config b/l2/kernel.config new file mode 100644 index 0000000..556a833 --- /dev/null +++ b/l2/kernel.config @@ -0,0 +1,3 @@ +CONFIG_NET_VENDOR_GOOGLE=y +CONFIG_GVE=y +CONFIG_XFS_FS=y diff --git a/l2/mkosi.build b/l2/mkosi.build new file mode 100755 index 0000000..ba4022f --- /dev/null +++ b/l2/mkosi.build @@ -0,0 +1,66 @@ +#!/bin/bash + +set -euxo pipefail + +ENV_YAML="$SRCDIR/l2/mkosi.extra/etc/flashbots/l2.yaml" + +VAULT_VERSION=$(mkosi-chroot yq -r .vault.version < "$ENV_YAML") +GOMPLATE_VERSION=$(mkosi-chroot yq -r .deps.gomplate_version < "$ENV_YAML") +OPS_AGENT_VERSION=$(mkosi-chroot yq -r .deps.ops_agent_version < "$ENV_YAML") + +source scripts/make_git_package.sh + +# build gomplate +make_git_package \ + "gomplate" \ + "v${GOMPLATE_VERSION}" \ + "https://github.com/hairyhenderson/gomplate" \ + 'go build -trimpath -ldflags "-s -w -buildid=" -o ./build/gomplate ./cmd/gomplate' \ + "build/gomplate:/usr/bin/gomplate" +chmod +x $DESTDIR/usr/bin/gomplate + +# build vault +make_git_package \ + "vault" \ + "v${VAULT_VERSION}" \ + "https://github.com/hashicorp/vault.git" \ + 'go build -trimpath -ldflags "-s -w -buildid=" -o ./bin/vault .' \ + "bin/vault:/usr/bin/vault" +chmod +x $DESTDIR/usr/bin/vault + +cd "$BUILDROOT" + +# Build Google Cloud Ops Agent +IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" +BUILD_CMD=" + # Fluentbit + export SOURCE_DATE_EPOCH=0 PATH=/usr/local/go/bin:\$PATH + export CFLAGS='-fno-ident -Wno-date-time' CXXFLAGS='-fno-ident -Wno-date-time' + git submodule update --init --depth 1 submodules/fluent-bit + ./builds/fluent_bit.sh \$(pwd)/out + + # Main gcs agent binaries + mkdir -p out/libexec + LDFLAGS='-s -w -buildid=' + go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS \\ + -X $IMPORT_PATH/internal/version.BuildDistro=debian13 \\ + -X $IMPORT_PATH/internal/version.Version=$OPS_AGENT_VERSION\" \\ + -o out/libexec/google_cloud_ops_agent_engine \\ + $IMPORT_PATH/cmd/google_cloud_ops_agent_engine + + go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS\" \\ + -o out/libexec/google_cloud_ops_agent_wrapper \\ + $IMPORT_PATH/cmd/agent_wrapper +" + +make_git_package \ + "google-cloud-ops-agent" \ + "$OPS_AGENT_VERSION" \ + "https://github.com/GoogleCloudPlatform/ops-agent" \ + "$BUILD_CMD" \ + "out/libexec:/opt/google-cloud-ops-agent/libexec" \ + "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \ + "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ + "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" + +sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.conf b/l2/mkosi.conf new file mode 100644 index 0000000..1b42627 --- /dev/null +++ b/l2/mkosi.conf @@ -0,0 +1,24 @@ +[Include] +Include=base/mkosi.conf + +[Config] +Profiles=gcp + +[Build] +Environment=KERNEL_CONFIG_SNIPPETS=kernel/snippets/ubuntu.config,l2/kernel.config +WithNetwork=true + +[Content] +BuildScripts=l2/mkosi.build +ExtraTrees=l2/mkosi.extra +PostInstallationScripts=l2/mkosi.postinst + +Packages=prometheus-node-exporter + prometheus-process-exporter + usrmerge + xfsprogs + +BuildPackages=golang + libssl-dev + unzip + yq diff --git a/l2/mkosi.extra/etc/default/prometheus-node-exporter b/l2/mkosi.extra/etc/default/prometheus-node-exporter new file mode 100644 index 0000000..93dea25 --- /dev/null +++ b/l2/mkosi.extra/etc/default/prometheus-node-exporter @@ -0,0 +1,7 @@ +# Set the command-line arguments to pass to the server. +ARGS="\ +--collector.systemd \ +--collector.systemd.unit-include=\".*(prometheus-node-exporter|prometheus-process-exporter|vault-agent).*\" \ +--log.format=json \ +--web.listen-address=0.0.0.0:9100 \ +" diff --git a/l2/mkosi.extra/etc/default/prometheus-process-exporter b/l2/mkosi.extra/etc/default/prometheus-process-exporter new file mode 100644 index 0000000..71b8d97 --- /dev/null +++ b/l2/mkosi.extra/etc/default/prometheus-process-exporter @@ -0,0 +1,6 @@ +# Set the command-line arguments to pass to the server. +ARGS="\ +-config.path=/etc/prometheus-process-exporter/config.yaml \ +-threads=false \ +-web.listen-address=0.0.0.0:9256 \ +" diff --git a/l2/mkosi.extra/etc/flashbots/l2.yaml b/l2/mkosi.extra/etc/flashbots/l2.yaml new file mode 100644 index 0000000..7e01f1d --- /dev/null +++ b/l2/mkosi.extra/etc/flashbots/l2.yaml @@ -0,0 +1,6 @@ +vault: + version: 1.20.1 + +deps: + gomplate_version: 4.3.0 + ops_agent_version: 2.57.0 diff --git a/l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml b/l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml new file mode 100644 index 0000000..2c740cf --- /dev/null +++ b/l2/mkosi.extra/etc/google-cloud-ops-agent/config.yaml @@ -0,0 +1,18 @@ +logging: + receivers: + syslog: + type: files + include_paths: + - /var/log/messages + - /var/log/syslog + processors: + parse_json: + type: parse_json + field: message + time_key: "@timestamp" + time_format: "%Y-%m-%dT%H:%M:%S.%L%z" + service: + pipelines: + default_pipeline: + receivers: [syslog] + processors: [parse_json] diff --git a/l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml b/l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml new file mode 100644 index 0000000..2941f04 --- /dev/null +++ b/l2/mkosi.extra/etc/prometheus-process-exporter/config.yaml @@ -0,0 +1,4 @@ +process_names: + - name: vault-agent + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*vault[-.0-9a-zA-Z]* ' diff --git a/l2/mkosi.extra/etc/systemd/system/automount-data.service b/l2/mkosi.extra/etc/systemd/system/automount-data.service new file mode 100644 index 0000000..bf2887f --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/automount-data.service @@ -0,0 +1,16 @@ +[Unit] +Description=Automatically mount data volume + +[Service] +Type=oneshot +SyslogIdentifier=automount-data +User=root +Group=root + +RemainAfterExit=yes + +EnvironmentFile=-/etc/sysconfig/automount-data.env +ExecStart=/usr/bin/automount-data.sh + +[Install] +WantedBy=default.target diff --git a/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service new file mode 100644 index 0000000..cab73ee --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.service @@ -0,0 +1,15 @@ +[Unit] +Description=Ensure presence of local routes required for passthrough load-balancer +After=network-online.target +Wants=network-online.target +StartLimitIntervalSec=2 +StartLimitBurst=2 + +[Service] +User=root +Group=root +Type=oneshot +ExecStart=/usr/bin/ptlb-routes-nanny.sh + +[Install] +WantedBy=multi-user.target diff --git a/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer new file mode 100644 index 0000000..fe1cb6e --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/ptlb-routes-nanny.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Ensure presence of local routes required for passthrough load-balancer + +[Timer] +OnCalendar=*-*-* *:*:5 +Unit=ptlb-routes-nanny.service + +[Install] +WantedBy=multi-user.target diff --git a/l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf b/l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf new file mode 100644 index 0000000..937d2fc --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/systemd-networkd.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +Environment=SYSTEMD_LOG_LEVEL=debug +Environment=SYSTEMD_LOG_LOCATION=1 diff --git a/l2/mkosi.extra/etc/systemd/system/vault-agent.service b/l2/mkosi.extra/etc/systemd/system/vault-agent.service new file mode 100644 index 0000000..96f2784 --- /dev/null +++ b/l2/mkosi.extra/etc/systemd/system/vault-agent.service @@ -0,0 +1,33 @@ +[Unit] +Description=HashiCorp Vault Agent +After=network.target network-setup.service +Requires=automount-data.service +Wants=network-setup.service + +[Service] +Type=simple +SyslogIdentifier=vault-agent +User=root +Group=root + +KillMode=process +KillSignal=SIGINT +NoNewPrivileges=yes +Restart=on-failure +RestartSec=5s +TimeoutStopSec=30 + +ExecStartPre=/usr/bin/gomplate \ + --left-delim "[[" \ + --right-delim "]]" \ + --input-dir "/etc/vault-agent/gomplate" \ + --output-dir "/etc/vault-agent" \ + --include "*.hcl,*.ctmpl" + +ExecStart=/usr/bin/vault agent \ + -config /etc/vault-agent \ + -log-level info \ + -log-format json + +[Install] +WantedBy=default.target diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl new file mode 100644 index 0000000..05107cb --- /dev/null +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.ctmpl @@ -0,0 +1,8 @@ +# +# rendered by vault-agent/gomplate +# +[[- range ( ( gcp.Meta "attributes/ssh-keys" ) | strings.Split "\n" ) ]] +[[- if strings.HasPrefix "ubuntu:" . ]] +[[ strings.TrimPrefix "ubuntu:" . ]] +[[- end ]] +[[- end ]] diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl new file mode 100644 index 0000000..9e313f8 --- /dev/null +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/authorized_keys.hcl @@ -0,0 +1,13 @@ +[[- if ( file.Exists "/home/ubuntu/.ssh/authorized_keys" ) ]] +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/authorized_keys.ctmpl" + destination = "/home/ubuntu/.ssh/authorized_keys" + + user = "ubuntu" + group = "ubuntu" + perms = "0600" +} +[[- end ]] diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl new file mode 100644 index 0000000..5fe9779 --- /dev/null +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl @@ -0,0 +1,20 @@ +pid_file = "/var/run/vault-agent.pid" + +vault { + address = "[[ gcp.Meta "attributes/vault_addr" ]]" + + retry { + num_retries = 5 + } +} + +auto_auth { + method "gcp" { + mount_path = "[[ gcp.Meta "vault_auth_mount_gcp" ]]" + + config = { + type = "gce" + role = "[[ gcp.Meta "name" ]]" + } + } +} diff --git a/l2/mkosi.extra/usr/bin/automount-data.sh b/l2/mkosi.extra/usr/bin/automount-data.sh new file mode 100755 index 0000000..07f6cca --- /dev/null +++ b/l2/mkosi.extra/usr/bin/automount-data.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +set -eu + +udevadm trigger --subsystem-match=block +udevadm settle --timeout=30 + +if [ -e /dev/disk/by-id/google-data ]; then + device=$( realpath /dev/disk/by-id/google-data ) + if ! grep -qs "${device}" /proc/mounts; then + eval $( blkid --output export ${device} ) + if [ -z "${TYPE:-}" ]; then + mkfs.ext4 -m 0 ${device} + eval $( blkid --output export ${device} ) + fi + echo "UUID=${UUID} ${MOUNT:-/var/opt/peristent} ${TYPE} defaults 0 0" >> /etc/fstab + mkdir -p ${MOUNT:-/var/opt/peristent} + chmod 0777 ${MOUNT:-/var/opt/peristent} + systemctl daemon-reload + mount --all + else + echo "Device ${device} is already mounted, skipping..." + fi +else + echo "Directory /dev/disk/by-id/google-data doesn't exist, skipping..." +fi diff --git a/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh new file mode 100644 index 0000000..80f38f9 --- /dev/null +++ b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +set -eu + +is_ip4() { + echo "$1" | awk -F. ' + $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && + $1 >= 0 && $2 >= 0 && $3 >= 0 && $4 >= 0 && + $1 != "" && $2 != "" && $3 != "" && $4 != "" && + NF == 4 + { exit 0 } + { exit 1 } + ' +} + +for line in "$( + ip -br link show | grep -v lo +)"; do + interface="${line%% *}" + + for idx in $( + curl \ + --header "metadata-flavor: Google" \ + --max-time 1 \ + --show-error \ + --silent \ + http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/forwarded-ips/ + ); do + ip=$( + curl \ + --header "metadata-flavor: Google" \ + --max-time 1 \ + --show-error \ + --silent \ + http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/forwarded-ips/${idx} + ) + + if is_ip4 "${ip}"; then + route="local ${ip} dev ${interface} proto 66 scope host" + + if ! ip route show table local | grep -q "${route}"; then + echo "---" + echo "$ ip route show table local" + ip route show table local + echo "---" + echo "Route is missing, adding..." + echo "---" + echo "$ ip route add ${route}" + ip route add ${route} + echo "---" + echo "$ ip route show table local" + ip route show table local + echo "---" + fi + fi + done +done diff --git a/l2/mkosi.postinst b/l2/mkosi.postinst new file mode 100755 index 0000000..8b2b36e --- /dev/null +++ b/l2/mkosi.postinst @@ -0,0 +1,33 @@ +#!/bin/bash + +set -euxo pipefail + +# Enable systemd services + +mkdir "$BUILDROOT/etc/systemd/system/minimal.target.wants" || true + +for service in \ + automount-data.service \ + google-cloud-ops-agent-fluent-bit.service \ + google-cloud-ops-agent.service \ + prometheus-node-exporter.service \ + prometheus-process-exporter.service \ + ptlb-routes-nanny.timer \ + vault-agent.service +do + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done + +# Remove automatically generated vault cert + +rm -rf "$BUILDROOT/opt/vault/tls" + +# Fix permissions + +mkosi-chroot mkdir -p /vault/secrets +mkosi-chroot chmod 0770 /vault/secrets + +mkosi-chroot chmod 0750 /etc/vault-agent +mkosi-chroot chmod 0750 /etc/vault-agent/gomplate +mkosi-chroot sh -c "chmod 0640 /etc/vault-agent/gomplate/*" diff --git a/mkosi.profiles/devtools/mkosi.conf b/mkosi.profiles/devtools/mkosi.conf index c720603..f012ea7 100644 --- a/mkosi.profiles/devtools/mkosi.conf +++ b/mkosi.profiles/devtools/mkosi.conf @@ -6,12 +6,19 @@ Packages=adjtimex bash-completion curl dnsutils + iftop + iotop iputils-ping + jq net-tools netcat-openbsd openssh-server + screen socat strace + sudo tcpdump tcpflow vim + wget + zstd diff --git a/mkosi.profiles/devtools/mkosi.postinst b/mkosi.profiles/devtools/mkosi.postinst index 5eca88d..76880e4 100755 --- a/mkosi.profiles/devtools/mkosi.postinst +++ b/mkosi.profiles/devtools/mkosi.postinst @@ -1,6 +1,17 @@ #!/bin/bash + set -euxo pipefail +# Enable systemd services + +mkdir "$BUILDROOT/etc/systemd/system/minimal.target.wants" || true +for service in \ + serial-console.service +do + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done + # Deterministically set root password PASSWORD="dqSPjo4p" HASH=$(mkosi-chroot openssl passwd -6 -salt salt "$PASSWORD") @@ -11,8 +22,26 @@ if [ -f "$BUILDROOT/etc/default/dropbear" ]; then # Remove -s, -w, -g flags from dropbear args sed -i '/^DROPBEAR_EXTRA_ARGS=/s/-[swg] \?//g' "$BUILDROOT/etc/default/dropbear" else - echo "PermitRootLogin yes" >> "$BUILDROOT/etc/ssh/sshd_config" + echo "PermitRootLogin yes" >> "$BUILDROOT/etc/ssh/sshd_config" echo "PasswordAuthentication yes" >> "$BUILDROOT/etc/ssh/sshd_config" mkosi-chroot systemctl enable ssh.service mkosi-chroot systemctl unmask ssh.service ssh.socket fi + +# Create users and groups +mkosi-chroot groupadd -g 1000 ubuntu || true +mkosi-chroot useradd -u 1000 -g ubuntu -m -s /bin/bash ubuntu || true + +cat < "$BUILDROOT/etc/sudoers.d/ubuntu" +# user "ubuntu" b/c all our current scripts assume "ubuntu" exists +ubuntu ALL=(ALL) NOPASSWD:ALL +EOF +mkosi-chroot chmod 0440 /etc/sudoers.d/ubuntu + +mkosi-chroot mkdir -p /home/ubuntu/.ssh +mkosi-chroot chmod 0750 /home/ubuntu/.ssh +mkosi-chroot chown ubuntu:ubuntu /home/ubuntu/.ssh + +mkosi-chroot touch /home/ubuntu/.ssh/authorized_keys +mkosi-chroot chmod 0600 /home/ubuntu/.ssh/authorized_keys +mkosi-chroot chown ubuntu:ubuntu /home/ubuntu/.ssh/authorized_keys diff --git a/mkosi.profiles/gcp/mkosi.conf b/mkosi.profiles/gcp/mkosi.conf index c1ab042..344c421 100644 --- a/mkosi.profiles/gcp/mkosi.conf +++ b/mkosi.profiles/gcp/mkosi.conf @@ -1,4 +1,10 @@ [Content] ExtraTrees=mkosi.extra -Packages=udev +Packages=chrony + dbus + logrotate + nvme-cli + rsyslog + udev + xxd diff --git a/services/chrony.conf b/mkosi.profiles/gcp/mkosi.extra/etc/chrony/chrony.conf similarity index 100% rename from services/chrony.conf rename to mkosi.profiles/gcp/mkosi.extra/etc/chrony/chrony.conf diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog b/mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..16d7e1e --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/logrotate.d/rsyslog @@ -0,0 +1,13 @@ +/var/log/syslog { + hourly + rotate 2 + notifempty + create + nocompress + missingok + size 128M + sharedscripts + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf b/mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf new file mode 100644 index 0000000..c3e9362 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/rsyslog.d/01-json-template.conf @@ -0,0 +1,40 @@ +# This template formats an event's metadata as JSON while leaving the event's message as-is (expects already JSON) +# The position.from addresses this known behavior https://www.rsyslog.com/log-normalization-and-the-leading-space/ +template(name="json-event-json-msg" + type="list") { + constant(value="{") + constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339") + constant(value="\",\"sysloghost\":\"") property(name="hostname") + constant(value="\",\"procid\":\"") property(name="procid") + constant(value="\",\"facility\":\"") property(name="syslogfacility-text") + constant(value="\",\"severity\":\"") property(name="syslogseverity-text") + constant(value="\",\"source\":\"") property(name="programname") + constant(value="\",\"message\":") property(name="msg" position.from="2") + constant(value="}\n") +} + +# This template formats an event's metadata and message as JSON (expects message is string) +# The position.from addresses this known behavior https://www.rsyslog.com/log-normalization-and-the-leading-space/ +template(name="json-event-string-msg" + type="list") { + constant(value="{") + constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339") + constant(value="\",\"sysloghost\":\"") property(name="hostname") + constant(value="\",\"procid\":\"") property(name="procid") + constant(value="\",\"facility\":\"") property(name="syslogfacility-text") + constant(value="\",\"severity\":\"") property(name="syslogseverity-text") + constant(value="\",\"source\":\"") property(name="programname") + constant(value="\",\"message\":\"") property(name="msg" format="json" position.from="2") + constant(value="\"}\n") +} + +# This conditional action determines which template to use based on the beginning of the event's message value +# Assumes that if a message starts with {, then that message is JSON +# This follows the pattern found in /etc/rsyslog.d/50-default.conf +if ($msg startswith " {") then { + *.*;auth,authpriv.none -/var/log/syslog;json-event-json-msg + & stop +} else { + *.*;auth,authpriv.none -/var/log/syslog;json-event-string-msg + & stop +} diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf new file mode 100644 index 0000000..1000e11 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/journald.conf @@ -0,0 +1,50 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# Entries in this file show the compile time defaults. Local configuration +# should be created by either modifying this file (or a copy of it placed in +# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in +# the /etc/systemd/journald.conf.d/ directory. The latter is generally +# recommended. Defaults can be restored by simply deleting the main +# configuration file and all drop-ins located in /etc/. +# +# Use 'systemd-analyze cat-config systemd/journald.conf' to display the full config. +# +# See journald.conf(5) for details. + +[Journal] +#Storage=auto +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +#RateLimitIntervalSec=30s +#RateLimitBurst=10000 +#SystemMaxUse= +#SystemKeepFree= +SystemMaxFileSize=128M +SystemMaxFiles=2 +#RuntimeMaxUse=64K +#RuntimeKeepFree= +RuntimeMaxFileSize=512K +RuntimeMaxFiles=2 +#MaxRetentionSec=0 +#MaxFileSec=1month +#ForwardToSyslog=no +#ForwardToKMsg=no +#ForwardToConsole=no +#ForwardToWall=yes +#TTYPath=/dev/console +#MaxLevelStore=debug +#MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg +#MaxLevelSocket=debug +#LineMax=48K +#ReadKMsg=yes +#Audit=yes diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf new file mode 100644 index 0000000..67bfdb7 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/logrotate.timer.d/override.conf @@ -0,0 +1,3 @@ +[Timer] +OnCalendar=*-*-* *:0/5:42 +RandomizedDelaySec=15 diff --git a/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service new file mode 100644 index 0000000..209cd01 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/etc/systemd/system/set-hostname.service @@ -0,0 +1,14 @@ +[Unit] +Description=Set hostname +ConditionFirstBoot=yes +After=network.target network-setup.service +Wants=network-setup.service + +[Service] +User=root +Group=root +Type=oneshot +ExecStart=/usr/bin/set-hostname.sh + +[Install] +WantedBy=default.target diff --git a/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh b/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh new file mode 100755 index 0000000..697dd41 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.extra/usr/bin/set-hostname.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +while true; do + if hostname=$( + curl --header "Metadata-Flavor: Google" --silent --show-error \ + http://169.254.169.254/computeMetadata/v1/instance/name + ); then + echo "Setting up hostname to '${hostname}'..." + hostname ${hostname} + echo 127.0.0.1 "${hostname}" >> /etc/hosts + systemctl restart rsyslog + exit 0 + fi + + sleep 1 +done diff --git a/mkosi.profiles/gcp/mkosi.postinst b/mkosi.profiles/gcp/mkosi.postinst new file mode 100755 index 0000000..067a5f8 --- /dev/null +++ b/mkosi.profiles/gcp/mkosi.postinst @@ -0,0 +1,39 @@ +#!/bin/bash + +set -euxo pipefail + +# Enable systemd services + +mkdir "$BUILDROOT/etc/systemd/system/minimal.target.wants" || true +for service in \ + rsyslog.service \ + sys-kernel-config.mount \ + syslog.socket +do + mkosi-chroot systemctl unmask "$service" + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done +for service in \ + chrony.service \ + logrotate.timer \ + ptlb-routes-nanny.timer \ + rsyslog.service \ + set-hostname.service \ + vault-agent.service +do + mkosi-chroot systemctl enable "$service" + ln -sf "/etc/systemd/system/$service" "$BUILDROOT/etc/systemd/system/minimal.target.wants/" +done + +if [ -f /etc/rsyslog.d/50-default.conf ]; then + sed -i 's/^.*\/var\/log\/syslog.*$/# &/' /etc/rsyslog.d/50-default.conf +fi + +# Limit root filesystem size to 4GB + +mkosi-chroot sed -i '1a mount -o remount,size=4G /' /init + +# Remove automatically generated nvme data + +rm -rf "$BUILDROOT/etc/nvme/hostid" "$BUILDROOT/etc/nvme/hostnqn" From c8dc66ea3f0391157af6b86193d365862440bfca Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 12:53:58 +0100 Subject: [PATCH 05/15] fix: measurement output --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5154bc6..215b6d7 100644 --- a/Makefile +++ b/Makefile @@ -60,7 +60,7 @@ measure-gcp: ## Export TDX measurements for GCP echo "Error: build/tdx-debian.efi not found. Run 'make build' first."; \ exit 1; \ fi - @$(WRAPPER) dstack-mr -uki build/tdx-debian.efi -json > build/gcp_measurements.json + @$(WRAPPER) bash -c "dstack-mr -uki build/tdx-debian.efi -json > build/gcp_measurements.json" echo "GCP Measurements exported to build/gcp_measurements.json" # Clean build artifacts From 323947cf1a0bfb115e687d9b13a53c94f30c8e74 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 13:33:15 +0100 Subject: [PATCH 06/15] feat: use available resources + 2.0 readiness --- scripts/env_wrapper.sh | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/scripts/env_wrapper.sh b/scripts/env_wrapper.sh index bafd74c..e50ec45 100755 --- a/scripts/env_wrapper.sh +++ b/scripts/env_wrapper.sh @@ -8,7 +8,7 @@ should_use_lima() { # Use Lima by default for now true || # Use Lima on macOS or if FORCE_LIMA is set - [[ "$OSTYPE" == "darwin"* ]] || [ -n "${FORCE_LIMA:-}" ] || + [[ "$OSTYPE" == "darwin"* ]] || [ -n "${FORCE_LIMA:-}" ] || # Use Lima if it's available but Nix is not (command -v limactl &>/dev/null && ! command -v nix &>/dev/null) } @@ -22,29 +22,42 @@ setup_lima() { exit 1 fi + LIMA_CPUS="${LIMA_CPUS:-$( nproc )}" + LIMA_MEMORY="${LIMA_MEMORY:-$( free -g | awk '/^Mem:/ {print $2-2 }' )}" + # Create VM if it doesn't exist if ! limactl list "$LIMA_VM" > /dev/null 2>&1; then declare -a args=() - if [ -n "${LIMA_CPUS:-}" ]; then - args+=("--cpus" "$LIMA_CPUS") - fi - if [ -n "${LIMA_MEMORY:-}" ]; then - args+=("--memory" "$LIMA_MEMORY") - fi + args+=("--cpus" "$LIMA_CPUS") + args+=("--memory" "$LIMA_MEMORY") if [ -n "${LIMA_DISK:-}" ]; then args+=("--disk" "$LIMA_DISK") fi echo -e "Creating $LIMA_VM VM..." # Portable way to expand array on bash 3 & 4 - limactl create -y --name "$LIMA_VM" ${args[@]+"${args[@]}"} lima.yaml + limactl create --yes \ + --name "$LIMA_VM" \ + --set ".mounts=[{\"location\":\"$( pwd )\",\"mountPoint\":\"/home/debian/mnt\",\"writable\":true}]" \ + ${args[@]+"${args[@]}"} \ + lima.yaml fi # Start VM if not running status=$(limactl list "$LIMA_VM" --format "{{.Status}}") if [ "$status" != "Running" ]; then + declare -a args=() + args+=("--cpus" "$LIMA_CPUS") + args+=("--memory" "$LIMA_MEMORY") + if [ -n "${LIMA_DISK:-}" ]; then + args+=("--disk" "$LIMA_DISK") + fi + echo -e "Starting $LIMA_VM VM..." - limactl start -y "$LIMA_VM" + limactl start --yes \ + --timeout 30m \ + ${args[@]+"${args[@]}"} \ + "$LIMA_VM" rm -f NvVars # Remove stray file created by QEMU fi @@ -76,7 +89,7 @@ is_mkosi_cmd() { } if is_mkosi_cmd && [ -n "${MKOSI_EXTRA_ARGS:-}" ]; then - # TODO: these args will be overriden by default cache/out dir in Lima + # TODO: these args will be overridden by default cache/out dir in Lima # Not a big deal, but might worth fixing cmd+=($MKOSI_EXTRA_ARGS) fi From ed22ad0be86b79c833161d21c05e983a4f145bb3 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 7 Nov 2025 13:52:27 +0100 Subject: [PATCH 07/15] feat: add preflight command --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 215b6d7..2176715 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,9 @@ check-perms: ## Check repository permissions setup: ## Install dependencies (Linux only) @scripts/setup_deps.sh +preflight: + @$(WRAPPER) echo "Ready to build" + # Build module build: check-perms setup ## Build the specified module $(WRAPPER) mkosi --force -I $(IMAGE).conf From 7e48660adac977c06b5a77c732faef99c48bb001 Mon Sep 17 00:00:00 2001 From: Ilya Lukyanov Date: Fri, 7 Nov 2025 17:34:17 +0000 Subject: [PATCH 08/15] use fixed time in kernel build --- kernel/mkosi.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/mkosi.build b/kernel/mkosi.build index 76875d9..808485b 100755 --- a/kernel/mkosi.build +++ b/kernel/mkosi.build @@ -37,7 +37,7 @@ else # Build kernel cd "$build_dir" cp "$config_file" .config - export KBUILD_BUILD_TIMESTAMP="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%s)})" + export KBUILD_BUILD_TIMESTAMP="$(date -u -d @$(git log -1 --pretty=%ct))" export KBUILD_BUILD_USER="mkosi" KBUILD_BUILD_HOST="mkosi-builder" mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" make olddefconfig From c41a2cd64cf19fbf59d68da5d74af6814b9a6fcd Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 00:05:16 +0100 Subject: [PATCH 09/15] fix: "normalise" yocto kernel --- kernel/kernel-yocto.config | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/kernel/kernel-yocto.config b/kernel/kernel-yocto.config index 67deb8c..8bb6190 100644 --- a/kernel/kernel-yocto.config +++ b/kernel/kernel-yocto.config @@ -2,7 +2,7 @@ # Automatically generated file; DO NOT EDIT. # Linux/x86 6.6.35 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="x86_64-poky-linux-gcc (GCC) 13.3.0" +CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=130300 CONFIG_CLANG_VERSION=0 @@ -11,12 +11,14 @@ CONFIG_AS_VERSION=24200 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=24200 CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y -CONFIG_PAHOLE_VERSION=125 +CONFIG_PAHOLE_VERSION=0 CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -39,7 +41,7 @@ CONFIG_HAVE_KERNEL_LZ4=y CONFIG_HAVE_KERNEL_ZSTD=y # CONFIG_KERNEL_GZIP is not set # CONFIG_KERNEL_BZIP2 is not set -CONFIG_KERNEL_LZMA=y +# CONFIG_KERNEL_LZMA is not set # CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_LZO is not set # CONFIG_KERNEL_LZ4 is not set @@ -316,7 +318,6 @@ CONFIG_X86_X2APIC=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set # CONFIG_X86_CPU_RESCTRL is not set -# CONFIG_QEMUX86 is not set CONFIG_X86_EXTENDED_PLATFORM=y # CONFIG_X86_VSMP is not set # CONFIG_X86_GOLDFISH is not set @@ -747,7 +748,6 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y -# CONFIG_GCC_PLUGINS is not set CONFIG_FUNCTION_ALIGNMENT_4B=y CONFIG_FUNCTION_ALIGNMENT_16B=y CONFIG_FUNCTION_ALIGNMENT=16 @@ -1178,6 +1178,7 @@ CONFIG_NF_DEFRAG_IPV6=y # CONFIG_NF_CONNTRACK_BRIDGE is not set # CONFIG_BRIDGE_NF_EBTABLES is not set # CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set # CONFIG_TIPC is not set @@ -3942,10 +3943,8 @@ CONFIG_OVERLAY_FS_METACOPY=y CONFIG_FAT_FS=y # CONFIG_MSDOS_FS is not set CONFIG_VFAT_FS=y -# CONFIG_VFAT_FS_NO_DUALNAMES is not set CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" -# CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES is not set # CONFIG_FAT_DEFAULT_UTF8 is not set # CONFIG_EXFAT_FS is not set # CONFIG_NTFS_FS is not set @@ -3978,7 +3977,6 @@ CONFIG_EFIVAR_FS=y CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=y # CONFIG_NFS_V2 is not set -CONFIG_NFS_DEF_FILE_IO_SIZE=4096 CONFIG_NFS_V3=y # CONFIG_NFS_V3_ACL is not set CONFIG_NFS_V4=y @@ -4386,10 +4384,14 @@ CONFIG_CRC32_SLICEBY8=y # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=m CONFIG_CRC8=m +CONFIG_XXHASH=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y +CONFIG_ZSTD_COMMON=y +CONFIG_ZSTD_DECOMPRESS=y # CONFIG_XZ_DEC is not set CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_ZSTD=y CONFIG_GENERIC_ALLOCATOR=y CONFIG_INTERVAL_TREE=y CONFIG_ASSOCIATIVE_ARRAY=y @@ -4471,10 +4473,9 @@ CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y # CONFIG_DEBUG_INFO_REDUCED is not set CONFIG_DEBUG_INFO_COMPRESSED_NONE=y # CONFIG_DEBUG_INFO_COMPRESSED_ZLIB is not set +# CONFIG_DEBUG_INFO_COMPRESSED_ZSTD is not set # CONFIG_DEBUG_INFO_SPLIT is not set # CONFIG_DEBUG_INFO_BTF is not set -CONFIG_PAHOLE_HAS_SPLIT_BTF=y -CONFIG_PAHOLE_HAS_LANG_EXCLUDE=y # CONFIG_GDB_SCRIPTS is not set CONFIG_FRAME_WARN=2048 # CONFIG_STRIP_ASM_SYMS is not set From 865b9f8a4717d279f13853b74e9b91fb3bf12a15 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 00:06:33 +0100 Subject: [PATCH 10/15] fix: "normalise" ubuntu kernel config snippet --- kernel/snippets/ubuntu.config | 2858 ++++++++++++++++++++++++++------- 1 file changed, 2263 insertions(+), 595 deletions(-) diff --git a/kernel/snippets/ubuntu.config b/kernel/snippets/ubuntu.config index 3bbf3f4..bd2e3c6 100644 --- a/kernel/snippets/ubuntu.config +++ b/kernel/snippets/ubuntu.config @@ -1,55 +1,702 @@ +CONFIG_6LOWPAN=y +CONFIG_8139CP=y +CONFIG_8139TOO=y CONFIG_ACCESSIBILITY=y CONFIG_ACPI_AC=y CONFIG_ACPI_APEI=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BGRT=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_DEBUG=y +CONFIG_ACPI_DEBUGGER=y +CONFIG_ACPI_DOCK=y +CONFIG_ACPI_DPTF=y +CONFIG_ACPI_FAN=y +CONFIG_ACPI_FFH=y +CONFIG_ACPI_FPDT=y +CONFIG_ACPI_HED=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_ACPI_MDIO=y +CONFIG_ACPI_PCI_SLOT=y +CONFIG_ACPI_PRMT=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +CONFIG_ACPI_SPCR_TABLE=y +CONFIG_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_THERMAL=y +CONFIG_ACPI_VIDEO=y +CONFIG_ACPI_WMI=y +CONFIG_ACRN_GUEST=y +CONFIG_AGP_AMD64=y +CONFIG_AGP_VIA=y +CONFIG_AIX_PARTITION=y +CONFIG_ALX=y +CONFIG_AMD_IOMMU=y +CONFIG_AMD_MEM_ENCRYPT=y +CONFIG_AMIGA_PARTITION=y +CONFIG_ANON_VMA_NAME=y +CONFIG_APPLE_PROPERTIES=y +CONFIG_ATARI_PARTITION=y +CONFIG_ATA_GENERIC=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATH5K=y +CONFIG_ATH9K=y +CONFIG_ATH9K_COMMON=y +CONFIG_ATH9K_HW=y +CONFIG_ATH_COMMON=y +CONFIG_ATL1=y +CONFIG_ATL1C=y +CONFIG_ATL1E=y +CONFIG_ATL2=y +CONFIG_AUDIT=y +CONFIG_AUXDISPLAY=y +CONFIG_AX88796B_PHY=y +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BASE_SMALL is not set +CONFIG_BATTERY_SAMSUNG_SDI=y +CONFIG_BCM84881_PHY=y +CONFIG_BCMA=y +CONFIG_BLK_CGROUP_IOPRIO=y +CONFIG_BLK_DEV_BSG=y +CONFIG_BLK_DEV_FD=y +CONFIG_BLK_DEV_INTEGRITY=y +CONFIG_BLK_DEV_MD=y +CONFIG_BLK_DEV_ZONED=y +CONFIG_BLK_INLINE_ENCRYPTION=y +CONFIG_BLK_SED_OPAL=y +CONFIG_BLK_WBT=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BNX2X=y +CONFIG_BNXT=y +CONFIG_BOOT_CONFIG=y +CONFIG_BOOT_PRINTK_DELAY=y +CONFIG_BPF_JIT_ALWAYS_ON=y +CONFIG_BPF_STREAM_PARSER=y +CONFIG_BPF_UNPRIV_DEFAULT_OFF=y +CONFIG_BSD_DISKLABEL=y +CONFIG_BT_6LOWPAN=y +CONFIG_BT_BNEP=y +CONFIG_BT_HIDP=y +CONFIG_BT_RFCOMM=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_CFG80211=y +CONFIG_CFS_BANDWIDTH=y +CONFIG_CHROME_PLATFORMS=y +CONFIG_CHR_DEV_SG=y +CONFIG_CMDLINE_PARTITION=y +CONFIG_COMPACTION=y +CONFIG_COMPAT_32BIT_TIME=y +CONFIG_CONFIGFS_FS=y +CONFIG_CORDIC=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y +CONFIG_CPU_FREQ_GOV_POWERSAVE=y +CONFIG_CPU_FREQ_GOV_USERSPACE=y +CONFIG_CPU_IDLE_GOV_HALTPOLL=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_TEO=y +CONFIG_CPU_ISOLATION=y +CONFIG_CPU_MITIGATIONS=y +CONFIG_CRASH_DUMP=y +CONFIG_CRC64=y +CONFIG_CRC_CCITT=y +CONFIG_CRC_T10DIF=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_CRYPTO_BLAKE2S_X86=y +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_CTR=y +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_HW=y +CONFIG_CRYPTO_LIB_ARC4=y +CONFIG_CRYPTO_LIB_GF128MUL=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_AEAD=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_RNG=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +CONFIG_DAX=y +CONFIG_DCB=y +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_INFO_DWARF5=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +CONFIG_DEBUG_MISC=y +CONFIG_DEBUG_WX=y +# CONFIG_DEFAULT_SECURITY_DAC is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEVMEM=y +CONFIG_DEVPORT=y +CONFIG_DEVTMPFS_SAFE=y +CONFIG_DL2K=y +CONFIG_DMABUF_HEAPS=y +CONFIG_DMABUF_MOVE_NOTIFY=y +CONFIG_DMADEVICES=y +CONFIG_DMIID=y +CONFIG_DM_INIT=y +CONFIG_DM_UEVENT=y +CONFIG_DRM_ACCEL=y +CONFIG_DRM_BUDDY=y +CONFIG_DRM_CIRRUS_QEMU=y +CONFIG_DRM_DISPLAY_HELPER=y +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_I915=y +CONFIG_DRM_LOAD_EDID_FIRMWARE=y +CONFIG_DRM_SIMPLEDRM=y +CONFIG_DRM_TTM=y +CONFIG_DYNAMIC_DEBUG=y +CONFIG_DYNAMIC_DEBUG_CORE=y +CONFIG_EARLY_PRINTK_DBGP=y +CONFIG_EARLY_PRINTK_USB_XDBC=y +CONFIG_EDD=y +CONFIG_EEPROM_AT24=y +CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +CONFIG_EFI_DXE_MEM_ATTRIBUTES=y +CONFIG_EFI_HANDOVER_PROTOCOL=y +CONFIG_EFI_MIXED=y +CONFIG_EFI_RCI2_TABLE=y +CONFIG_ENCRYPTED_KEYS=y +CONFIG_ENERGY_MODEL=y +CONFIG_ETHTOOL_NETLINK=y +CONFIG_EXPERT=y +CONFIG_EXPORTFS_BLOCK_OPS=y +CONFIG_EXT4_USE_FOR_EXT2=y +CONFIG_EXTCON=y +CONFIG_FANOTIFY=y +CONFIG_FB_ASILIANT=y +CONFIG_FB_DEVICE=y +CONFIG_FB_IMSTT=y +CONFIG_FB_TILEBLITTING=y +CONFIG_FB_UVESA=y +CONFIG_FDDI=y +CONFIG_FIRMWARE_EDID=y +CONFIG_FIXED_PHY=y +CONFIG_FONTS=y +CONFIG_FORTIFY_SOURCE=y +CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y +CONFIG_FS_ENCRYPTION=y +CONFIG_FS_VERITY=y +CONFIG_FTRACE=y +CONFIG_FUSION=y +CONFIG_FWNODE_MDIO=y +CONFIG_FW_LOADER_COMPRESS=y +CONFIG_FW_LOADER_USER_HELPER=y +CONFIG_FW_UPLOAD=y +CONFIG_GART_IOMMU=y +CONFIG_GDB_SCRIPTS=y +CONFIG_GENERIC_PHY=y +CONFIG_GPIOLIB=y +CONFIG_HAMRADIO=y +CONFIG_HARDENED_USERCOPY=y +CONFIG_HARDLOCKUP_DETECTOR=y +CONFIG_HIBERNATION=y +CONFIG_HID_PID=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_HOTPLUG_PCI_ACPI=y +CONFIG_HOTPLUG_PCI_CPCI=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_HOTPLUG_PCI_SHPC=y +CONFIG_HPET_MMAP_DEFAULT=y +CONFIG_HTE=y +CONFIG_HUGETLBFS=y +CONFIG_HWMON=y +CONFIG_HWSPINLOCK=y +CONFIG_HW_RANDOM_TPM=y +CONFIG_I2C_CHARDEV=y +CONFIG_I2C_DESIGNWARE_PLATFORM=y +CONFIG_I2C_SLAVE=y +CONFIG_IDLE_PAGE_TRACKING=y +CONFIG_IGBVF=y +CONFIG_IGC=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y +CONFIG_INPUT_JOYSTICK=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_SPARSEKMAP=y +CONFIG_INTEL_HFI_THERMAL=y +CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_SCU_PCI=y +CONFIG_INTERCONNECT=y +# CONFIG_IO_DELAY_0X80 is not set +CONFIG_IO_DELAY_0XED=y +CONFIG_IPV6_IOAM6_LWTUNNEL=y +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_SEG6_HMAC=y +CONFIG_IPV6_SEG6_LWTUNNEL=y +CONFIG_IP_FIB_TRIE_STATS=y +CONFIG_IP_MROUTE_MULTIPLE_TABLES=y +CONFIG_IRQ_POLL=y +CONFIG_JAILHOUSE_GUEST=y +CONFIG_JME=y +CONFIG_JUMP_LABEL=y +CONFIG_KALLSYMS_ALL=y +CONFIG_KARMA_PARTITION=y +CONFIG_KEXEC=y +CONFIG_KEXEC_FILE=y +CONFIG_KEYS_REQUEST_CACHE=y +CONFIG_KEY_DH_OPERATIONS=y +CONFIG_KFENCE=y +CONFIG_KGDB=y +CONFIG_KPROBES=y +CONFIG_KSM=y +CONFIG_LATENCYTOP=y +CONFIG_LDISC_AUTOLOAD=y +CONFIG_LDM_PARTITION=y +CONFIG_LEDS_BRIGHTNESS_HW_CHANGED=y +CONFIG_LEDS_TRIGGER_CPU=y +CONFIG_LEDS_TRIGGER_DISK=y +CONFIG_LEDS_TRIGGER_PANIC=y +CONFIG_LED_TRIGGER_PHY=y +CONFIG_LEGACY_PTYS=y +CONFIG_LIBNVDIMM=y +CONFIG_LRU_GEN=y +CONFIG_LWTUNNEL=y +CONFIG_MAC80211=y +CONFIG_MACINTOSH_DRIVERS=y +CONFIG_MACVTAP=y +CONFIG_MAC_PARTITION=y +CONFIG_MAGIC_SYSRQ_SERIAL=y +CONFIG_MAILBOX=y +CONFIG_MAXSMP=y +CONFIG_MCTP=y +CONFIG_MDIO=y +CONFIG_MDIO_BUS=y +CONFIG_MDIO_DEVICE=y +CONFIG_MDIO_DEVRES=y +CONFIG_MEDIA_CEC_SUPPORT=y +CONFIG_MEGARAID_NEWGEN=y +CONFIG_MELLANOX_PLATFORM=y +CONFIG_MEMORY=y +CONFIG_MEMORY_FAILURE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMTEST=y +CONFIG_MEM_SOFT_DIRTY=y +CONFIG_MFD_88PM860X=y +CONFIG_MFD_AS3711=y +CONFIG_MFD_DA9052_I2C=y +CONFIG_MFD_DA9055=y +CONFIG_MFD_DA9063=y +CONFIG_MFD_LP8788=y +CONFIG_MFD_MAX14577=y +CONFIG_MFD_MAX77693=y +CONFIG_MFD_MAX77843=y +CONFIG_MFD_MAX8925=y +CONFIG_MFD_MAX8997=y +CONFIG_MFD_MAX8998=y +CONFIG_MFD_PALMAS=y +CONFIG_MFD_RC5T583=y +CONFIG_MFD_SYSCON=y +CONFIG_MFD_TPS65090=y +CONFIG_MFD_TPS6586X=y +CONFIG_MFD_TPS65912_I2C=y +CONFIG_MFD_WM831X_I2C=y +CONFIG_MFD_WM8350_I2C=y +CONFIG_MFD_WM8400=y +CONFIG_MINIX_SUBPARTITION=y +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_MODULES is not set +CONFIG_MPTCP=y +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MTRR_SANITIZER=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETWORK_PHY_TIMESTAMPING=y +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_FC=y +CONFIG_NET_IP_TUNNEL=y +CONFIG_NET_L3_MASTER_DEV=y +CONFIG_NET_MPLS_GSO=y +CONFIG_NET_NCSI=y +CONFIG_NET_NSH=y +CONFIG_NET_SCHED=y +CONFIG_NET_SELFTESTS=y +CONFIG_NET_SWITCHDEV=y +CONFIG_NET_UDP_TUNNEL=y +CONFIG_NET_VENDOR_ADAPTEC=y +CONFIG_NET_VENDOR_AGERE=y +CONFIG_NET_VENDOR_ALACRITECH=y +CONFIG_NET_VENDOR_ALTEON=y +CONFIG_NET_VENDOR_AMAZON=y +CONFIG_NET_VENDOR_AQUANTIA=y +CONFIG_NET_VENDOR_ARC=y +CONFIG_NET_VENDOR_ASIX=y +CONFIG_NET_VENDOR_BROCADE=y +CONFIG_NET_VENDOR_CADENCE=y +CONFIG_NET_VENDOR_CAVIUM=y +CONFIG_NET_VENDOR_CHELSIO=y +CONFIG_NET_VENDOR_CISCO=y +CONFIG_NET_VENDOR_CORTINA=y +CONFIG_NET_VENDOR_DAVICOM=y +CONFIG_NET_VENDOR_DEC=y +CONFIG_NET_VENDOR_EMULEX=y +CONFIG_NET_VENDOR_ENGLEDER=y +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_FUNGIBLE=y +CONFIG_NET_VENDOR_HUAWEI=y +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_LITEX=y +CONFIG_NET_VENDOR_MELLANOX=y +CONFIG_NET_VENDOR_MICREL=y +CONFIG_NET_VENDOR_MICROCHIP=y +CONFIG_NET_VENDOR_MICROSEMI=y +CONFIG_NET_VENDOR_MICROSOFT=y +CONFIG_NET_VENDOR_MYRI=y +CONFIG_NET_VENDOR_NATSEMI=y +CONFIG_NET_VENDOR_NETERION=y +CONFIG_NET_VENDOR_NETRONOME=y +CONFIG_NET_VENDOR_NI=y +CONFIG_NET_VENDOR_NVIDIA=y +CONFIG_NET_VENDOR_OKI=y +CONFIG_NET_VENDOR_PACKET_ENGINES=y +CONFIG_NET_VENDOR_PENSANDO=y +CONFIG_NET_VENDOR_QLOGIC=y +CONFIG_NET_VENDOR_QUALCOMM=y +CONFIG_NET_VENDOR_RDC=y +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +CONFIG_NET_VENDOR_SIS=y +CONFIG_NET_VENDOR_SMSC=y +CONFIG_NET_VENDOR_SOCIONEXT=y +CONFIG_NET_VENDOR_SOLARFLARE=y +CONFIG_NET_VENDOR_STMICRO=y +CONFIG_NET_VENDOR_SUN=y +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +CONFIG_NET_VENDOR_TI=y +CONFIG_NET_VENDOR_VERTEXCOM=y +CONFIG_NET_VENDOR_VIA=y +CONFIG_NET_VENDOR_WANGXUN=y +CONFIG_NET_VENDOR_WIZNET=y +CONFIG_NET_VENDOR_XILINX=y +CONFIG_NMI_CHECK_CPU=y +CONFIG_NO_HZ_FULL=y +# CONFIG_NO_HZ_IDLE is not set +CONFIG_NR_CPUS=8192 +CONFIG_NR_CPUS_DEFAULT=8192 +CONFIG_NR_CPUS_RANGE_BEGIN=8192 +CONFIG_NR_CPUS_RANGE_END=8192 +CONFIG_NUMA=y +CONFIG_OPENVSWITCH=y +CONFIG_OSF_PARTITION=y +CONFIG_PACKING=y +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POOL_STATS=y +CONFIG_PARPORT=y +CONFIG_PARPORT_PC=y +CONFIG_PATA_SIS=y +CONFIG_PCIEAER=y +CONFIG_PCIE_DW_PLAT_HOST=y +CONFIG_PCIE_PTM=y +CONFIG_PCI_ENDPOINT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_PCI_PASID=y +CONFIG_PCI_PRI=y +CONFIG_PCI_REALLOC_ENABLE_AUTO=y +CONFIG_PCNET32=y +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_PERF_EVENTS_AMD_BRS=y +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_PGTABLE_LEVELS=5 +CONFIG_PHYLIB=y +CONFIG_PHYLINK=y +CONFIG_PINCTRL_AMD=y +CONFIG_PINCTRL_BAYTRAIL=y +CONFIG_PINCTRL_CHERRYVIEW=y +CONFIG_PINCTRL_SX150X=y +CONFIG_PMIC_ADP5520=y +CONFIG_PMIC_DA903X=y +CONFIG_PMIC_OPREGION=y +CONFIG_PM_DEVFREQ=y +CONFIG_POWERCAP=y +CONFIG_POWER_RESET=y +CONFIG_PPP=y +CONFIG_PPS=y +# CONFIG_PREEMPT is not set +CONFIG_PREEMPT_DYNAMIC=y +CONFIG_PREEMPT_VOLUNTARY=y +CONFIG_PRINTER=y +CONFIG_PROC_EVENTS=y +CONFIG_PROFILING=y +CONFIG_PSE_CONTROLLER=y +CONFIG_PSI=y +CONFIG_PTP_1588_CLOCK=y +CONFIG_PVH=y +CONFIG_PVPANIC=y +CONFIG_PWM=y +CONFIG_QUOTA=y +CONFIG_R8169=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y +CONFIG_RANDOM_KMALLOC_CACHES=y +CONFIG_RAPIDIO=y +CONFIG_RAS=y +CONFIG_RCU_CPU_STALL_CPUTIME=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZ4=y +CONFIG_RD_LZMA=y +CONFIG_RD_LZO=y +CONFIG_RD_XZ=y +CONFIG_REALTEK_PHY=y +CONFIG_REGMAP_I2C=y +CONFIG_REGULATOR=y +CONFIG_REMOTEPROC=y +CONFIG_RESET_ATTACK_MITIGATION=y +CONFIG_RESET_CONTROLLER=y +CONFIG_RFKILL=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_INTF_DEV=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_NVMEM=y +CONFIG_RTC_SYSTOHC=y +CONFIG_RUNTIME_TESTING_MENU=y +CONFIG_SAMPLES=y +CONFIG_SATA_PMP=y +CONFIG_SATA_ZPODD=y +CONFIG_SCHEDSTATS=y +CONFIG_SCHED_AUTOGROUP=y +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_CORE=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_SCHED_STACK_END_CHECK=y +CONFIG_SCSI_CONSTANTS=y +CONFIG_SCSI_DH=y +CONFIG_SCSI_LOGGING=y +CONFIG_SCSI_PROC_FS=y +CONFIG_SCSI_SCAN_ASYNC=y +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_SECURITY=y +CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_SERIAL_8250_16550A_VARIANTS=y +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_FINTEK=y +CONFIG_SERIAL_8250_MID=y +CONFIG_SERIAL_8250_RT288X=y +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_NONSTANDARD=y +CONFIG_SERIAL_SCCNXP=y +CONFIG_SGI_PARTITION=y +CONFIG_SHUFFLE_PAGE_ALLOCATOR=y +CONFIG_SIGNED_PE_FILE_VERIFICATION=y +CONFIG_SKGE=y +CONFIG_SKY2=y +CONFIG_SLAB_FREELIST_HARDENED=y +CONFIG_SLAB_FREELIST_RANDOM=y +CONFIG_SLAB_MERGE_DEFAULT=y +CONFIG_SLUB_CPU_PARTIAL=y +CONFIG_SMSC_PHY=y +CONFIG_SOC_TI=y +CONFIG_SOFTLOCKUP_DETECTOR=y +CONFIG_SOLARIS_X86_PARTITION=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_SPI=y +CONFIG_SRAM=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACK_VALIDATION=y +CONFIG_STAGING=y +CONFIG_SUN_PARTITION=y +CONFIG_SURFACE_PLATFORMS=y +CONFIG_SUSPEND=y +CONFIG_SWIOTLB_DYNAMIC=y +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_SYSFB_SIMPLEFB=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y +CONFIG_SYSV68_PARTITION=y +CONFIG_TAP=y +CONFIG_TASKSTATS=y +CONFIG_TCP_CONG_ADVANCED=y +CONFIG_TCP_MD5SIG=y +CONFIG_THERMAL_EMULATION=y +CONFIG_THERMAL_GOV_BANG_BANG=y +CONFIG_THERMAL_GOV_FAIR_SHARE=y +CONFIG_THERMAL_GOV_USER_SPACE=y +CONFIG_THERMAL_NETLINK=y +CONFIG_THERMAL_STATISTICS=y +CONFIG_TIGON3=y +CONFIG_TMPFS_INODE64=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_QUOTA=y +CONFIG_TOUCHSCREEN_ELAN=y +CONFIG_TOUCHSCREEN_USB_COMPOSITE=y +CONFIG_TRANSPARENT_HUGEPAGE=y +CONFIG_TRUSTED_KEYS=y +CONFIG_TWL4030_CORE=y +CONFIG_TWL6040_CORE=y +CONFIG_TYPHOON=y +CONFIG_UBSAN=y +CONFIG_UCLAMP_TASK=y +CONFIG_UDMABUF=y +CONFIG_UEVENT_HELPER=y +CONFIG_ULTRIX_PARTITION=y +CONFIG_UNICODE=y +CONFIG_UNIXWARE_DISKLABEL=y +CONFIG_USB_ANNOUNCE_NEW_DEVICES=y +CONFIG_USB_DEFAULT_PERSIST=y +CONFIG_USB_DWC2=y +CONFIG_USB_DYNAMIC_MINORS=y +CONFIG_USB_EHCI_HCD_PLATFORM=y +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_KAWETH=y +CONFIG_USB_LED_TRIG=y +CONFIG_USB_NET_AX88179_178A=y +CONFIG_USB_NET_AX8817X=y +CONFIG_USB_NET_CDCETHER=y +CONFIG_USB_NET_CDC_EEM=y +CONFIG_USB_NET_CDC_NCM=y +CONFIG_USB_NET_CDC_SUBSET=y +CONFIG_USB_NET_CDC_SUBSET_ENABLE=y +CONFIG_USB_NET_DM9601=y +CONFIG_USB_NET_DRIVERS=y +CONFIG_USB_NET_MCS7830=y +CONFIG_USB_NET_RNDIS_HOST=y +CONFIG_USB_NET_SMSC75XX=y +CONFIG_USB_NET_SMSC95XX=y +CONFIG_USB_OHCI_HCD_PLATFORM=y +CONFIG_USB_PCI=y +CONFIG_USB_PEGASUS=y +CONFIG_USB_ROLE_SWITCH=y +CONFIG_USB_RTL8150=y +CONFIG_USB_RTL8152=y +CONFIG_USB_RTL8153_ECM=y +CONFIG_USB_USBNET=y +CONFIG_USB_XHCI_DBGCAP=y +CONFIG_USELIB=y +CONFIG_USERFAULTFD=y +CONFIG_VALIDATE_FS_PARSER=y +CONFIG_VGA_SWITCHEROO=y +CONFIG_VHOST_MENU=y +CONFIG_VIRTIO_INPUT=y +CONFIG_VIRTIO_IOMMU=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTUALIZATION=y +CONFIG_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_VMAP_STACK=y +CONFIG_VXLAN=y +CONFIG_WAN=y +CONFIG_WATCHDOG_CORE=y +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_SYSFS=y +CONFIG_WATCH_QUEUE=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_MICROCHIP=y +CONFIG_WLAN_VENDOR_PURELIFI=y +CONFIG_WLAN_VENDOR_QUANTENNA=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_SILABS=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y +CONFIG_WQ_CPU_INTENSIVE_REPORT=y +CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y +CONFIG_X86_5LEVEL=y +CONFIG_X86_ACPI_CPUFREQ_CPB=y +CONFIG_X86_AMD_PSTATE=y +CONFIG_X86_CPU_RESCTRL=y +CONFIG_X86_DEBUG_FPU=y +CONFIG_X86_INTEL_LPSS=y +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_IOPL_IOPERM=y +CONFIG_X86_MCELOG_LEGACY=y +CONFIG_X86_MPPARSE=y +CONFIG_X86_PCC_CPUFREQ=y +CONFIG_X86_PLATFORM_DRIVERS_DELL=y +CONFIG_X86_PLATFORM_DRIVERS_HP=y +CONFIG_X86_PMEM_LEGACY=y +CONFIG_X86_POWERNOW_K8=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +CONFIG_X86_SGX=y +CONFIG_X86_SPEEDSTEP_CENTRINO=y +CONFIG_X86_USER_SHADOW_STACK=y +CONFIG_XDP_SOCKETS=y +CONFIG_XEN=y +CONFIG_XZ_DEC=y +CONFIG_ZERO_CALL_USED_REGS=y +CONFIG_ZSWAP=y +# CONFIG_6LOWPAN_DEBUGFS is not set +# CONFIG_A11Y_BRAILLE_CONSOLE is not set +# CONFIG_ACENIC is not set +# CONFIG_ACPI_APEI_EINJ is not set +# CONFIG_ACPI_APEI_ERST_DEBUG is not set CONFIG_ACPI_APEI_GHES=y CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_PCIEAER=y -CONFIG_ACPI_BATTERY=y -CONFIG_ACPI_BGRT=y -CONFIG_ACPI_BUTTON=y CONFIG_ACPI_CPPC_LIB=y -CONFIG_ACPI_DEBUG=y -CONFIG_ACPI_DEBUGGER=y CONFIG_ACPI_DEBUGGER_USER=y -CONFIG_ACPI_DOCK=y -CONFIG_ACPI_DPTF=y CONFIG_ACPI_EC=y -CONFIG_ACPI_FAN=y -CONFIG_ACPI_FFH=y -CONFIG_ACPI_FPDT=y -CONFIG_ACPI_HED=y +# CONFIG_ACPI_EXTLOG is not set CONFIG_ACPI_HMAT=y CONFIG_ACPI_HOTPLUG_MEMORY=y -CONFIG_ACPI_I2C_OPREGION=y CONFIG_ACPI_MADT_WAKEUP=y -CONFIG_ACPI_MDIO=y CONFIG_ACPI_NUMA=y CONFIG_ACPI_PCC=y -CONFIG_ACPI_PCI_SLOT=y -CONFIG_ACPI_PRMT=y -CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +CONFIG_ACPI_PLATFORM_PROFILE=y +# CONFIG_ACPI_QUICKSTART is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set CONFIG_ACPI_SLEEP=y -CONFIG_ACPI_SPCR_TABLE=y -CONFIG_ACPI_TABLE_UPGRADE=y -CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_TAD is not set CONFIG_ACPI_THERMAL_LIB=y CONFIG_ACPI_VIOT=y -CONFIG_ACRN_GUEST=y -CONFIG_AGP_AMD64=y -CONFIG_AGP_VIA=y -CONFIG_AIX_PARTITION=y -CONFIG_AMD_IOMMU=y -CONFIG_AMD_MEM_ENCRYPT=y +# CONFIG_ACRN_HSM is not set +# CONFIG_ADAPTEC_STARFIRE is not set +# CONFIG_ADFS_FS is not set +# CONFIG_ADIN1110 is not set +# CONFIG_ADM8211 is not set +# CONFIG_AFFS_FS is not set +# CONFIG_AIR_EN8811H_PHY is not set +CONFIG_ALIENWARE_WMI=y +CONFIG_ALIENWARE_WMI_LEGACY=y +CONFIG_ALIENWARE_WMI_WMAX=y +# CONFIG_ALTERA_MBOX is not set +# CONFIG_ALTERA_MSGDMA is not set +# CONFIG_AMD_3D_VCACHE is not set +# CONFIG_AMD_ATL is not set +# CONFIG_AMD_HSMP_ACPI is not set +# CONFIG_AMD_HSMP_PLAT is not set +CONFIG_AMD_NODE=y CONFIG_AMD_NUMA=y +# CONFIG_AMD_PMC is not set +# CONFIG_AMD_PTDMA is not set +# CONFIG_AMD_QDMA is not set CONFIG_AMD_WBRF=y -CONFIG_AMIGA_PARTITION=y -CONFIG_ANON_VMA_NAME=y -CONFIG_APPLE_PROPERTIES=y +# CONFIG_AMILO_RFKILL is not set +# CONFIG_AQTION is not set CONFIG_ARCH_DEFAULT_CRASH_DUMP=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y CONFIG_ARCH_ENABLE_THP_MIGRATION=y CONFIG_ARCH_HAS_CPU_PASID=y +CONFIG_ARCH_HAS_CRC32=y +CONFIG_ARCH_HAS_CRC64=y +CONFIG_ARCH_HAS_CRC_T10DIF=y CONFIG_ARCH_HAS_DMA_OPS=y CONFIG_ARCH_HAS_EARLY_DEBUG=y CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION=y @@ -57,157 +704,269 @@ CONFIG_ARCH_HAS_HW_PTE_YOUNG=y CONFIG_ARCH_HAS_KERNEL_FPU_SUPPORT=y CONFIG_ARCH_HAS_PKEYS=y CONFIG_ARCH_HAS_PREEMPT_LAZY=y +CONFIG_ARCH_HAS_PTDUMP=y CONFIG_ARCH_HAS_UBSAN=y CONFIG_ARCH_HAS_USER_SHADOW_STACK=y CONFIG_ARCH_HAS_ZONE_DMA_SET=y CONFIG_ARCH_HAVE_EXTRA_ELF_NOTES=y CONFIG_ARCH_HIBERNATION_HEADER=y CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PKEY_BITS=4 CONFIG_ARCH_SELECTS_KEXEC_FILE=y CONFIG_ARCH_SUPPORTS_AUTOFDO_CLANG=y CONFIG_ARCH_SUPPORTS_HUGE_PFNMAP=y +CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS=y CONFIG_ARCH_SUPPORTS_PMD_PFNMAP=y CONFIG_ARCH_SUPPORTS_PROPELLER_CLANG=y +CONFIG_ARCH_SUPPORTS_PT_RECLAIM=y CONFIG_ARCH_SUPPORTS_PUD_PFNMAP=y CONFIG_ARCH_SUPPORTS_RT=y CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y CONFIG_ARCH_USES_PG_ARCH_2=y +CONFIG_ARCH_VMLINUX_NEEDS_RELOCS=y +CONFIG_ARCH_WANT_HUGETLB_VMEMMAP_PREINIT=y CONFIG_ARCH_WANT_PMD_MKWRITE=y -CONFIG_ASM_MODVERSIONS=y CONFIG_ASN1_ENCODER=y +# CONFIG_ASUS_TF103C_DOCK is not set +# CONFIG_ASUS_WMI is not set CONFIG_ASYNC_TX_DMA=y CONFIG_AS_HAS_NON_CONST_ULEB128=y CONFIG_AS_VAES=y CONFIG_AS_VPCLMULQDQ=y -CONFIG_ATARI_PARTITION=y -CONFIG_ATA_GENERIC=y -CONFIG_ATA_VERBOSE_ERROR=y -CONFIG_AUDIT=y +# CONFIG_AT76C50X_USB is not set +# CONFIG_AT803X_PHY is not set +# CONFIG_ATH11K is not set +# CONFIG_ATH12K is not set +# CONFIG_ATH5K_TRACER is not set +CONFIG_ATH9K_RFKILL=y +# CONFIG_ATOMIC64_SELFTEST is not set CONFIG_AUDITSYSCALL=y -CONFIG_AUXDISPLAY=y -CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_AX25 is not set +# CONFIG_B43 is not set +# CONFIG_B43LEGACY is not set +# CONFIG_BACKLIGHT_88PM860X is not set +# CONFIG_BACKLIGHT_AAT2870 is not set +# CONFIG_BACKLIGHT_ADP5520 is not set +# CONFIG_BACKLIGHT_AS3711 is not set +# CONFIG_BACKLIGHT_DA903X is not set +# CONFIG_BACKLIGHT_DA9052 is not set +# CONFIG_BACKLIGHT_GPIO is not set +# CONFIG_BACKLIGHT_KTD253 is not set +# CONFIG_BACKLIGHT_KTD2801 is not set +# CONFIG_BACKLIGHT_LM3509 is not set +# CONFIG_BACKLIGHT_LM3630A is not set +# CONFIG_BACKLIGHT_LP855X is not set +# CONFIG_BACKLIGHT_LP8788 is not set +# CONFIG_BACKLIGHT_MAX8925 is not set +# CONFIG_BACKLIGHT_MP3309C is not set +# CONFIG_BACKLIGHT_PANDORA is not set +# CONFIG_BACKLIGHT_PWM is not set +# CONFIG_BACKLIGHT_WM831X is not set +# CONFIG_BACKTRACE_SELF_TEST is not set CONFIG_BALLOON_COMPACTION=y -CONFIG_BATTERY_SAMSUNG_SDI=y -CONFIG_BCM84881_PHY=y -CONFIG_BLK_CGROUP_IOPRIO=y +# CONFIG_BARCO_P50_GPIO is not set +# CONFIG_BATTERY_88PM860X is not set +# CONFIG_BATTERY_DA9030 is not set +# CONFIG_BATTERY_DA9052 is not set +# CONFIG_BATTERY_MAX1720X is not set +# CONFIG_BCACHEFS_FS is not set +# CONFIG_BCMA_DRIVER_GPIO is not set +# CONFIG_BE2NET is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_BIG_KEYS is not set CONFIG_BLK_DEBUG_FS=y -CONFIG_BLK_DEV_BSG=y -CONFIG_BLK_DEV_INTEGRITY=y CONFIG_BLK_DEV_IO_TRACE=y -CONFIG_BLK_DEV_MD=y -CONFIG_BLK_DEV_WRITE_MOUNTED=y -CONFIG_BLK_DEV_ZONED=y -CONFIG_BLK_INLINE_ENCRYPTION=y +CONFIG_BLK_DEV_PMEM=y +CONFIG_BLK_DEV_WRITE_MOUNTED=y CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y -CONFIG_BLK_SED_OPAL=y -CONFIG_BLK_WBT=y CONFIG_BLK_WBT_MQ=y -CONFIG_BLOCK_LEGACY_AUTOLOAD=y +# CONFIG_BNA is not set +# CONFIG_BNXT_DCB is not set +CONFIG_BNXT_HWMON=y +# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set CONFIG_BOOTTIME_TRACING=y -CONFIG_BOOT_CONFIG=y -CONFIG_BOOT_PRINTK_DELAY=y +# CONFIG_BOOT_CONFIG_EMBED is not set +# CONFIG_BOOT_CONFIG_FORCE is not set CONFIG_BPF_EVENTS=y -CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_KPROBE_OVERRIDE=y CONFIG_BPF_LSM=y -CONFIG_BPF_STREAM_PARSER=y -CONFIG_BPF_UNPRIV_DEFAULT_OFF=y CONFIG_BRANCH_PROFILE_NONE=y -CONFIG_BSD_DISKLABEL=y +# CONFIG_BRCMFMAC is not set +# CONFIG_BRCMSMAC is not set +# CONFIG_BRIDGE_NF_EBTABLES_LEGACY is not set +CONFIG_BROADCAST_TLB_FLUSH=y CONFIG_BTT=y +CONFIG_BT_DEBUGFS=y +# CONFIG_BT_INTEL_PCIE is not set +# CONFIG_BT_MTKUART is not set +# CONFIG_BT_NXPUART is not set CONFIG_BUILDTIME_MCOUNT_SORT=y CONFIG_BUILTIN_MODULE_RANGES=y CONFIG_BYTCRC_PMIC_OPREGION=y CONFIG_CALL_PADDING=y CONFIG_CALL_THUNKS=y -CONFIG_CC_CAN_LINK=y -CONFIG_CC_CAN_LINK_STATIC=y -CONFIG_CC_HAS_COUNTED_BY=y -CONFIG_CC_HAS_KASAN_SW_TAGS=y -CONFIG_CC_HAS_MIN_FUNCTION_ALIGNMENT=y +# CONFIG_CALL_THUNKS_DEBUG is not set +# CONFIG_CASSINI is not set +# CONFIG_CAVIUM_PTP is not set CONFIG_CC_HAS_NAMED_AS=y CONFIG_CC_HAS_NAMED_AS_FIXED_SANITIZERS=y -CONFIG_CC_HAS_SANE_FUNCTION_ALIGNMENT=y CONFIG_CC_HAS_UBSAN_BOUNDS_STRICT=y CONFIG_CC_NO_STRINGOP_OVERFLOW=y -CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y -CONFIG_CFS_BANDWIDTH=y +# CONFIG_CEC_CH7322 is not set +# CONFIG_CEC_GPIO is not set +# CONFIG_CEC_NXP_TDA9950 is not set +# CONFIG_CEC_SECO is not set +# CONFIG_CFG80211_CERTIFICATION_ONUS is not set +# CONFIG_CFG80211_DEBUGFS is not set +# CONFIG_CGROUP_DMEM is not set CONFIG_CGROUP_HUGETLB=y +# CONFIG_CHARGER_BQ24190 is not set +# CONFIG_CHARGER_BQ24257 is not set +# CONFIG_CHARGER_BQ24735 is not set +# CONFIG_CHARGER_BQ2515X is not set +# CONFIG_CHARGER_BQ256XX is not set +# CONFIG_CHARGER_BQ25890 is not set +# CONFIG_CHARGER_BQ25980 is not set +# CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_LT3651 is not set CONFIG_CHARGER_MANAGER=y +# CONFIG_CHARGER_MAX14577 is not set +# CONFIG_CHARGER_MAX77693 is not set +# CONFIG_CHARGER_RT9455 is not set +# CONFIG_CHARGER_RT9467 is not set +# CONFIG_CHARGER_RT9471 is not set +# CONFIG_CHARGER_SMB347 is not set +# CONFIG_CHARGER_TPS65090 is not set CONFIG_CHARLCD_BL_FLASH=y -CONFIG_CHROME_PLATFORMS=y -CONFIG_CHR_DEV_SG=y +# CONFIG_CHARLCD_BL_OFF is not set +# CONFIG_CHARLCD_BL_ON is not set +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +# CONFIG_CHROMEOS_ACPI is not set +# CONFIG_CHROMEOS_LAPTOP is not set +# CONFIG_CHROMEOS_PRIVACY_SCREEN is not set +# CONFIG_CHROMEOS_PSTORE is not set +# CONFIG_CHROMEOS_TBMC is not set CONFIG_CHTCRC_PMIC_OPREGION=y CONFIG_CHT_WC_PMIC_OPREGION=y -CONFIG_CMDLINE_PARTITION=y -CONFIG_COMPACTION=y -CONFIG_COMPAT_32BIT_TIME=y -CONFIG_CONFIGFS_FS=y +# CONFIG_CLK_TWL is not set +# CONFIG_CLK_TWL6040 is not set +# CONFIG_COMMON_CLK_PALMAS is not set +# CONFIG_COMMON_CLK_PWM is not set +# CONFIG_COMMON_CLK_WM831X is not set +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +# CONFIG_COMPAL_LAPTOP is not set CONFIG_CONSOLE_POLL=y CONFIG_CONTEXT_SWITCH_TRACER=y CONFIG_CONTEXT_TRACKING_USER=y +# CONFIG_CONTEXT_TRACKING_USER_FORCE is not set CONFIG_CONTIG_ALLOC=y -CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_CPUFREQ_ARCH_CUR_FREQ=y CONFIG_CPUMASK_OFFSTACK=y -CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y -CONFIG_CPU_FREQ_GOV_POWERSAVE=y -CONFIG_CPU_FREQ_GOV_USERSPACE=y -CONFIG_CPU_IDLE_GOV_HALTPOLL=y -CONFIG_CPU_IDLE_GOV_LADDER=y -CONFIG_CPU_IDLE_GOV_TEO=y -CONFIG_CPU_ISOLATION=y -CONFIG_CPU_MITIGATIONS=y -CONFIG_CRASH_DUMP=y +# CONFIG_CPUSETS_V1 is not set +# CONFIG_CRAMFS is not set CONFIG_CRASH_HOTPLUG=y +CONFIG_CRASH_MAX_MEMORY_RANGES=8192 CONFIG_CRASH_RESERVE=y -CONFIG_CRC64=y -CONFIG_CRC64_ROCKSOFT=y -CONFIG_CRC_CCITT=y -CONFIG_CRC_T10DIF=y -CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_CRC32_ARCH=y +CONFIG_CRC64_ARCH=y +CONFIG_CRC_OPTIMIZATIONS=y +CONFIG_CRC_T10DIF_ARCH=y +# CONFIG_CROS_EC is not set +# CONFIG_CROS_HPS_I2C is not set +# CONFIG_CROS_KBD_LED_BACKLIGHT is not set CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y -CONFIG_CRYPTO_BLAKE2S_X86=y -CONFIG_CRYPTO_CRC64_ROCKSOFT=y -CONFIG_CRYPTO_CRCT10DIF=y -CONFIG_CRYPTO_CTR=y -CONFIG_CRYPTO_DEFLATE=y +# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set CONFIG_CRYPTO_DEV_CCP=y +CONFIG_CRYPTO_DEV_CCP_CRYPTO=y +CONFIG_CRYPTO_DEV_CCP_DD=y +# CONFIG_CRYPTO_DEV_CCP_DEBUGFS is not set +# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set CONFIG_CRYPTO_DEV_PADLOCK=y -CONFIG_CRYPTO_DH=y +# CONFIG_CRYPTO_DEV_PADLOCK_AES is not set +# CONFIG_CRYPTO_DEV_PADLOCK_SHA is not set +# CONFIG_CRYPTO_DEV_QAT_420XX is not set +# CONFIG_CRYPTO_DEV_QAT_4XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set +# CONFIG_CRYPTO_DEV_QAT_C62X is not set +# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +CONFIG_CRYPTO_DEV_SP_CCP=y +CONFIG_CRYPTO_DEV_SP_PSP=y +# CONFIG_CRYPTO_DEV_VIRTIO is not set CONFIG_CRYPTO_DH_RFC7919_GROUPS=y -CONFIG_CRYPTO_DRBG_CTR=y -CONFIG_CRYPTO_DRBG_HASH=y -CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_GENIV=y -CONFIG_CRYPTO_GHASH=y -CONFIG_CRYPTO_HW=y +CONFIG_CRYPTO_HKDF=y +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64 +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE=32 +CONFIG_CRYPTO_JITTERENTROPY_OSR=1 CONFIG_CRYPTO_KDF800108_CTR=y -CONFIG_CRYPTO_LIB_GF128MUL=y -CONFIG_CRYPTO_LZO=y -CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y -CONFIG_CRYPTO_MD5=y -CONFIG_CRYPTO_SEQIV=y -CONFIG_CRYPTO_SHA1=y -CONFIG_DAX=y +# CONFIG_CRYPTO_KRB5 is not set +# CONFIG_CRYPTO_KRB5ENC is not set +CONFIG_CRYPTO_LIB_AESCFB=y +CONFIG_CRYPTO_LIB_AESGCM=y +# CONFIG_CW1200 is not set +# CONFIG_DA9052_WATCHDOG is not set +# CONFIG_DA9055_WATCHDOG is not set +# CONFIG_DA9063_WATCHDOG is not set CONFIG_DA_MON_EVENTS=y CONFIG_DA_MON_EVENTS_ID=y -CONFIG_DCB=y -CONFIG_DEBUG_FS=y +CONFIG_DCDBAS=y +# CONFIG_DE2104X is not set +# CONFIG_DEBUG_BOOT_PARAMS is not set +# CONFIG_DEBUG_CGROUP_REF is not set +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set CONFIG_DEBUG_FS_ALLOW_ALL=y -CONFIG_DEBUG_INFO_BTF=y -CONFIG_DEBUG_INFO_BTF_MODULES=y -CONFIG_DEBUG_INFO_DWARF5=y -CONFIG_DEBUG_MISC=y -CONFIG_DEBUG_WX=y +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_GPIO is not set +# CONFIG_DEBUG_NET_SMALL_RTNL is not set +# CONFIG_DEBUG_PAGE_REF is not set +# CONFIG_DEBUG_RSEQ is not set +# CONFIG_DEBUG_VFS is not set CONFIG_DECOMPRESS_BZIP2=y CONFIG_DECOMPRESS_LZ4=y CONFIG_DECOMPRESS_LZMA=y CONFIG_DECOMPRESS_LZO=y CONFIG_DECOMPRESS_XZ=y -CONFIG_DECOMPRESS_ZSTD=y +# CONFIG_DEFAULT_BIC is not set CONFIG_DEFAULT_CUBIC=y +# CONFIG_DEFAULT_HTCP is not set +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_SECURITY_APPARMOR=y -CONFIG_DETECT_HUNG_TASK=y +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set +# CONFIG_DEFAULT_WESTWOOD is not set +# CONFIG_DEFXX is not set +CONFIG_DELL_LAPTOP=y +CONFIG_DELL_PC=y +CONFIG_DELL_RBTN=y +CONFIG_DELL_RBU=y +CONFIG_DELL_SMBIOS=y +CONFIG_DELL_SMBIOS_SMM=y +CONFIG_DELL_SMBIOS_WMI=y +CONFIG_DELL_SMO8800=y +# CONFIG_DELL_UART_BACKLIGHT is not set +CONFIG_DELL_WMI=y +CONFIG_DELL_WMI_AIO=y +CONFIG_DELL_WMI_DDV=y +CONFIG_DELL_WMI_DESCRIPTOR=y +CONFIG_DELL_WMI_LED=y +# CONFIG_DELL_WMI_PRIVACY is not set +CONFIG_DELL_WMI_SYSMAN=y +CONFIG_DETECT_HUNG_TASK_BLOCKER=y CONFIG_DEVFREQ_GOV_PASSIVE=y CONFIG_DEVFREQ_GOV_PERFORMANCE=y CONFIG_DEVFREQ_GOV_POWERSAVE=y @@ -216,169 +975,323 @@ CONFIG_DEVFREQ_GOV_USERSPACE=y CONFIG_DEVFREQ_THERMAL=y CONFIG_DEVICE_MIGRATION=y CONFIG_DEVICE_PRIVATE=y -CONFIG_DEVMEM=y -CONFIG_DEVPORT=y -CONFIG_DEVTMPFS_SAFE=y CONFIG_DEV_COREDUMP=y -CONFIG_DMABUF_HEAPS=y +# CONFIG_DEV_DAX is not set +# CONFIG_DEV_DAX_HMEM is not set +# CONFIG_DLM is not set +# CONFIG_DM9051 is not set +# CONFIG_DM9102 is not set CONFIG_DMABUF_HEAPS_SYSTEM=y -CONFIG_DMABUF_MOVE_NOTIFY=y -CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set CONFIG_DMAR_TABLE=y +# CONFIG_DMATEST is not set CONFIG_DMA_ACPI=y CONFIG_DMA_COHERENT_POOL=y CONFIG_DMA_ENGINE=y +# CONFIG_DMA_MAP_BENCHMARK is not set CONFIG_DMA_NEED_SYNC=y CONFIG_DMA_OPS_HELPERS=y CONFIG_DMA_VIRTUAL_CHANNELS=y -CONFIG_DMIID=y CONFIG_DM_AUDIT=y -CONFIG_DM_INIT=y -CONFIG_DM_UEVENT=y -CONFIG_DRM_ACCEL=y +# CONFIG_DM_VDO is not set +# CONFIG_DM_ZONED is not set +# CONFIG_DP83640_PHY is not set +# CONFIG_DP83TG720_PHY is not set +# CONFIG_DPM_WATCHDOG is not set +CONFIG_DPTF_PCH_FIVR=y +CONFIG_DPTF_POWER=y +# CONFIG_DRM_ACCEL_AMDXDNA is not set +# CONFIG_DRM_ACCEL_HABANALABS is not set +# CONFIG_DRM_ACCEL_IVPU is not set +# CONFIG_DRM_APPLETBDRM is not set CONFIG_DRM_CLIENT=y +CONFIG_DRM_CLIENT_DEFAULT="fbdev" +CONFIG_DRM_CLIENT_DEFAULT_FBDEV=y CONFIG_DRM_CLIENT_LIB=y +# CONFIG_DRM_CLIENT_LOG is not set CONFIG_DRM_CLIENT_SELECTION=y CONFIG_DRM_CLIENT_SETUP=y -CONFIG_DRM_FBDEV_EMULATION=y -CONFIG_DRM_LOAD_EDID_FIRMWARE=y +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set +# CONFIG_DRM_DEBUG_MODESET_LOCK is not set +# CONFIG_DRM_DISPLAY_DP_AUX_CEC is not set +# CONFIG_DRM_DISPLAY_DP_AUX_CHARDEV is not set +CONFIG_DRM_DISPLAY_DSC_HELPER=y +CONFIG_DRM_DRAW=y +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_HISI_HIBMC is not set +# CONFIG_DRM_I915_DEBUG is not set +# CONFIG_DRM_I915_DEBUG_GUC is not set +# CONFIG_DRM_I915_DEBUG_MMIO is not set +# CONFIG_DRM_I915_DEBUG_RUNTIME_PM is not set +# CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set +# CONFIG_DRM_I915_DEBUG_WAKEREF is not set +# CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set +# CONFIG_DRM_I915_REPLAY_GPU_HANGS_API is not set +# CONFIG_DRM_I915_SELFTEST is not set +# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set +# CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set +# CONFIG_DRM_I915_WERROR is not set +# CONFIG_DRM_PANEL_AUO_A030JTN01 is not set +# CONFIG_DRM_PANEL_ILITEK_ILI9341 is not set +# CONFIG_DRM_PANEL_MIPI_DBI is not set +# CONFIG_DRM_PANEL_ORISETECH_OTA5601A is not set +# CONFIG_DRM_PANEL_WIDECHIPS_WS2401 is not set CONFIG_DRM_PANIC=y -CONFIG_DRM_SIMPLEDRM=y -CONFIG_DYNAMIC_DEBUG=y -CONFIG_DYNAMIC_DEBUG_CORE=y +CONFIG_DRM_PANIC_BACKGROUND_COLOR=0x000000 +# CONFIG_DRM_PANIC_DEBUG is not set +CONFIG_DRM_PANIC_FOREGROUND_COLOR=0xffffff +CONFIG_DRM_PANIC_SCREEN="user" +# CONFIG_DRM_WERROR is not set +# CONFIG_DRM_XE is not set +# CONFIG_DRM_XEN_FRONTEND is not set +# CONFIG_DWC_PCIE_PMU is not set +# CONFIG_DWC_XLGMAC is not set +# CONFIG_DW_DMAC is not set +# CONFIG_DW_DMAC_PCI is not set +# CONFIG_DW_EDMA is not set CONFIG_DYNAMIC_EVENTS=y CONFIG_DYNAMIC_FTRACE=y CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y CONFIG_DYNAMIC_FTRACE_WITH_REGS=y CONFIG_DYNAMIC_MEMORY_LAYOUT=y -CONFIG_EARLY_PRINTK_DBGP=y CONFIG_EARLY_PRINTK_USB=y -CONFIG_EARLY_PRINTK_USB_XDBC=y CONFIG_ECRYPT_FS=y CONFIG_ECRYPT_FS_MESSAGING=y CONFIG_EDAC=y +# CONFIG_EDAC_AMD64 is not set +# CONFIG_EDAC_DEBUG is not set +CONFIG_EDAC_DECODE_MCE=y +# CONFIG_EDAC_E752X is not set +# CONFIG_EDAC_ECS is not set CONFIG_EDAC_GHES=y -CONFIG_EDD=y +# CONFIG_EDAC_I10NM is not set +# CONFIG_EDAC_I3000 is not set +# CONFIG_EDAC_I3200 is not set +# CONFIG_EDAC_I5100 is not set +# CONFIG_EDAC_I5400 is not set +# CONFIG_EDAC_I7300 is not set +# CONFIG_EDAC_I7CORE is not set +# CONFIG_EDAC_I82975X is not set +# CONFIG_EDAC_IE31200 is not set +# CONFIG_EDAC_IGEN6 is not set +CONFIG_EDAC_LEGACY_SYSFS=y +# CONFIG_EDAC_MEM_REPAIR is not set +# CONFIG_EDAC_PND2 is not set +# CONFIG_EDAC_SBRIDGE is not set +# CONFIG_EDAC_SCRUB is not set +# CONFIG_EDAC_SKX is not set +# CONFIG_EDAC_X38 is not set CONFIG_EDD_OFF=y -CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +# CONFIG_EEPROM_93XX46 is not set +# CONFIG_EEPROM_AT25 is not set CONFIG_EFI_DEV_PATH_PARSER=y -CONFIG_EFI_DXE_MEM_ATTRIBUTES=y -CONFIG_EFI_HANDOVER_PROTOCOL=y -CONFIG_EFI_MIXED=y -CONFIG_EFI_RCI2_TABLE=y CONFIG_EFI_RUNTIME_MAP=y CONFIG_EFI_SOFT_RESERVE=y -CONFIG_ENCRYPTED_KEYS=y -CONFIG_ENERGY_MODEL=y -CONFIG_ETHTOOL_NETLINK=y +CONFIG_EFI_VARS_PSTORE=y +# CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set +# CONFIG_EFS_FS is not set +# CONFIG_ENA_ETHERNET is not set +# CONFIG_ENC28J60 is not set +# CONFIG_ENCX24J600 is not set +# CONFIG_ENIC is not set +# CONFIG_EPIC100 is not set +# CONFIG_EROFS_FS is not set +# CONFIG_ET131X is not set CONFIG_EVENT_TRACING=y CONFIG_EVM=y CONFIG_EVM_ADD_XATTRS=y CONFIG_EVM_ATTR_FSUUID=y CONFIG_EVM_EXTRA_SMACK_XATTRS=y +# CONFIG_EVM_LOAD_X509 is not set CONFIG_EXECMEM=y -CONFIG_EXPERT=y -CONFIG_EXPORTFS_BLOCK_OPS=y -CONFIG_EXT4_USE_FOR_EXT2=y -CONFIG_EXTCON=y -CONFIG_EXT_GROUP_SCHED=y +# CONFIG_EXTCON_FSA9480 is not set +# CONFIG_EXTCON_GPIO is not set +# CONFIG_EXTCON_INTEL_CHT_WC is not set +# CONFIG_EXTCON_INTEL_INT3496 is not set +# CONFIG_EXTCON_LC824206XA is not set +# CONFIG_EXTCON_MAX14577 is not set +# CONFIG_EXTCON_MAX3355 is not set +# CONFIG_EXTCON_MAX77693 is not set +# CONFIG_EXTCON_MAX77843 is not set +# CONFIG_EXTCON_MAX8997 is not set +# CONFIG_EXTCON_PALMAS is not set +# CONFIG_EXTCON_PTN5150 is not set +# CONFIG_EXTCON_RT8973A is not set +# CONFIG_EXTCON_SM5502 is not set +# CONFIG_EXTCON_USB_GPIO is not set CONFIG_EZX_PCAP=y -CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y -CONFIG_FB_ASILIANT=y -CONFIG_FB_DEVICE=y -CONFIG_FB_IMSTT=y +# CONFIG_FBNIC is not set +CONFIG_FB_IOMEM_HELPERS_DEFERRED=y +# CONFIG_FB_SM750 is not set +# CONFIG_FB_SSD1307 is not set CONFIG_FB_SYSMEM_FOPS=y CONFIG_FB_SYSMEM_HELPERS=y CONFIG_FB_SYSMEM_HELPERS_DEFERRED=y CONFIG_FB_SYS_COPYAREA=y CONFIG_FB_SYS_FILLRECT=y CONFIG_FB_SYS_IMAGEBLIT=y -CONFIG_FB_TILEBLITTING=y -CONFIG_FDDI=y -CONFIG_FIRMWARE_EDID=y +# CONFIG_FB_TFT is not set +# CONFIG_FB_UDL is not set +# CONFIG_FB_VIA is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FIND_BIT_BENCHMARK is not set CONFIG_FIRMWARE_TABLE=y -CONFIG_FIXED_PHY=y -CONFIG_FONTS=y +# CONFIG_FONT_10x18 is not set CONFIG_FONT_6x10=y +# CONFIG_FONT_6x11 is not set +# CONFIG_FONT_6x8 is not set +# CONFIG_FONT_7x14 is not set CONFIG_FONT_ACORN_8x8=y +# CONFIG_FONT_MINI_4x6 is not set +# CONFIG_FONT_PEARL_8x8 is not set +# CONFIG_FONT_SUN12x22 is not set +# CONFIG_FONT_SUN8x16 is not set CONFIG_FONT_TER16x32=y -CONFIG_FORTIFY_SOURCE=y +# CONFIG_FORCEDETH is not set CONFIG_FPROBE=y CONFIG_FPROBE_EVENTS=y -CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y -CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y -CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y +# CONFIG_FRAMER is not set CONFIG_FS_DAX=y CONFIG_FS_DAX_PMD=y -CONFIG_FS_ENCRYPTION=y CONFIG_FS_ENCRYPTION_ALGS=y CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y CONFIG_FS_STACK=y -CONFIG_FS_VERITY=y CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y -CONFIG_FTRACE=y CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_FTRACE_MCOUNT_USE_CC=y +# CONFIG_FTRACE_RECORD_RECURSION is not set +# CONFIG_FTRACE_SORT_STARTUP_TEST is not set +# CONFIG_FTRACE_STARTUP_TEST is not set CONFIG_FTRACE_SYSCALLS=y +# CONFIG_FTRACE_VALIDATE_RCU_IS_WATCHING is not set +# CONFIG_FUEL_GAUGE_MM8013 is not set CONFIG_FUNCTION_ERROR_INJECTION=y CONFIG_FUNCTION_GRAPH_RETADDR=y CONFIG_FUNCTION_GRAPH_RETVAL=y CONFIG_FUNCTION_GRAPH_TRACER=y CONFIG_FUNCTION_PROFILER=y CONFIG_FUNCTION_TRACER=y +# CONFIG_FUN_ETH is not set +CONFIG_FUSE_IO_URING=y CONFIG_FUSE_PASSTHROUGH=y -CONFIG_FUSION=y +# CONFIG_FUSION_FC is not set CONFIG_FUSION_LOGGING=y -CONFIG_FWNODE_MDIO=y +CONFIG_FUSION_MAX_SGE=128 +# CONFIG_FUSION_SAS is not set +# CONFIG_FUSION_SPI is not set +# CONFIG_FWCTL is not set +CONFIG_FW_ATTR_CLASS=y CONFIG_FW_CACHE=y -CONFIG_FW_LOADER_COMPRESS=y CONFIG_FW_LOADER_COMPRESS_XZ=y CONFIG_FW_LOADER_COMPRESS_ZSTD=y CONFIG_FW_LOADER_DEBUG=y CONFIG_FW_LOADER_PAGED_BUF=y CONFIG_FW_LOADER_SYSFS=y -CONFIG_FW_LOADER_USER_HELPER=y -CONFIG_FW_UPLOAD=y -CONFIG_GART_IOMMU=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set CONFIG_GCC_NO_STRINGOP_OVERFLOW=y -CONFIG_GCC_PLUGINS=y -CONFIG_GDB_SCRIPTS=y +# CONFIG_GCOV_KERNEL is not set CONFIG_GENERIC_CLOCKEVENTS_BROADCAST_IDLE=y -CONFIG_GENERIC_CPU=y CONFIG_GENERIC_CPU_DEVICES=y -CONFIG_GENERIC_PHY=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set CONFIG_GENERIC_PINCONF=y CONFIG_GENERIC_TRACER=y +CONFIG_GENERIC_VDSO_DATA_STORE=y CONFIG_GENERIC_VDSO_OVERFLOW_PROTECT=y CONFIG_GET_FREE_REGION=y -CONFIG_GPIOLIB=y +# CONFIG_GIGABYTE_WMI is not set +# CONFIG_GPIB is not set +CONFIG_GPIOLIB_FASTPATH_LIMIT=512 CONFIG_GPIOLIB_IRQCHIP=y +# CONFIG_GPIO_104_DIO_48E is not set +# CONFIG_GPIO_104_IDIO_16 is not set +# CONFIG_GPIO_104_IDI_48 is not set +# CONFIG_GPIO_74X164 is not set CONFIG_GPIO_ACPI=y +# CONFIG_GPIO_ADP5520 is not set +# CONFIG_GPIO_AGGREGATOR is not set +# CONFIG_GPIO_ALTERA is not set +# CONFIG_GPIO_AMD8111 is not set +# CONFIG_GPIO_AMDPT is not set +# CONFIG_GPIO_AMD_FCH is not set +# CONFIG_GPIO_BT8XX is not set CONFIG_GPIO_CDEV=y CONFIG_GPIO_CDEV_V1=y CONFIG_GPIO_CRYSTAL_COVE=y +# CONFIG_GPIO_DA9052 is not set +# CONFIG_GPIO_DA9055 is not set +# CONFIG_GPIO_DS4520 is not set +# CONFIG_GPIO_DWAPB is not set +# CONFIG_GPIO_ELKHARTLAKE is not set +# CONFIG_GPIO_F7188X is not set +# CONFIG_GPIO_FXL6408 is not set CONFIG_GPIO_GENERIC=y CONFIG_GPIO_GENERIC_PLATFORM=y +# CONFIG_GPIO_GPIO_MM is not set +# CONFIG_GPIO_GRANITERAPIDS is not set +# CONFIG_GPIO_IT87 is not set +# CONFIG_GPIO_LATCH is not set +# CONFIG_GPIO_MAX3191X is not set +# CONFIG_GPIO_MAX7300 is not set +# CONFIG_GPIO_MAX7301 is not set +# CONFIG_GPIO_MAX732X is not set +# CONFIG_GPIO_MB86S7X is not set +# CONFIG_GPIO_MC33880 is not set +# CONFIG_GPIO_ML_IOH is not set +# CONFIG_GPIO_MOCKUP is not set +# CONFIG_GPIO_MPSSE is not set CONFIG_GPIO_PALMAS=y +# CONFIG_GPIO_PCA953X is not set +# CONFIG_GPIO_PCA9570 is not set +# CONFIG_GPIO_PCF857X is not set +# CONFIG_GPIO_PCIE_IDIO_24 is not set +# CONFIG_GPIO_PCI_IDIO_16 is not set +# CONFIG_GPIO_PISOSR is not set +# CONFIG_GPIO_POLARFIRE_SOC is not set CONFIG_GPIO_RC5T583=y +# CONFIG_GPIO_RDC321X is not set +# CONFIG_GPIO_SCH311X is not set +# CONFIG_GPIO_SIM is not set +# CONFIG_GPIO_SLOPPY_LOGIC_ANALYZER is not set CONFIG_GPIO_SYSFS=y +# CONFIG_GPIO_TPIC2810 is not set CONFIG_GPIO_TPS6586X=y CONFIG_GPIO_TPS65910=y +# CONFIG_GPIO_TPS65912 is not set +# CONFIG_GPIO_TWL4030 is not set +# CONFIG_GPIO_TWL6040 is not set +# CONFIG_GPIO_VIRTIO is not set +# CONFIG_GPIO_VIRTUSER is not set +# CONFIG_GPIO_VX855 is not set +# CONFIG_GPIO_WINBOND is not set +# CONFIG_GPIO_WM831X is not set +# CONFIG_GPIO_WM8350 is not set +# CONFIG_GPIO_WS16C48 is not set +# CONFIG_GPIO_XILINX is not set +# CONFIG_GPIO_XRA1403 is not set +# CONFIG_GP_PCI1XXXX is not set CONFIG_GROUP_SCHED_WEIGHT=y CONFIG_GUEST_PERF_EVENTS=y -CONFIG_HAMRADIO=y -CONFIG_HARDENED_USERCOPY=y -CONFIG_HARDLOCKUP_DETECTOR=y +# CONFIG_GUP_TEST is not set +# CONFIG_HAMACHI is not set +# CONFIG_HAPPYMEAL is not set +CONFIG_HARDENED_USERCOPY_DEFAULT_ON=y +# CONFIG_HARDLOCKUP_DETECTOR_ARCH is not set +# CONFIG_HARDLOCKUP_DETECTOR_BUDDY is not set CONFIG_HARDLOCKUP_DETECTOR_COUNTS_HRTIMER=y CONFIG_HARDLOCKUP_DETECTOR_PERF=y +# CONFIG_HARDLOCKUP_DETECTOR_PREFER_BUDDY is not set +CONFIG_HAS_SECURITY_AUDIT=y CONFIG_HAVE_ARCH_NODE_DEV_GROUP=y CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y CONFIG_HAVE_ARCH_USERFAULTFD_WP=y CONFIG_HAVE_BOOTMEM_INFO_NODE=y CONFIG_HAVE_CALL_THUNKS=y -CONFIG_HAVE_FUNCTION_GRAPH_RETVAL=y +CONFIG_HAVE_FTRACE_GRAPH_FUNC=y +CONFIG_HAVE_FTRACE_REGS_HAVING_PT_REGS=y +CONFIG_HAVE_FUNCTION_GRAPH_FREGS=y CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y CONFIG_HAVE_GUP_FAST=y CONFIG_HAVE_IMA_KEXEC=y @@ -386,213 +1299,362 @@ CONFIG_HAVE_INTEL_TXT=y CONFIG_HAVE_PAGE_SIZE_4KB=y CONFIG_HAVE_RELIABLE_STACKTRACE=y CONFIG_HAVE_TRUSTED_KEYS=y +# CONFIG_HD44780 is not set +# CONFIG_HDLC is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_HFS_FS is not set CONFIG_HIBERNATE_CALLBACKS=y -CONFIG_HIBERNATION=y CONFIG_HIBERNATION_COMP_LZO=y +CONFIG_HIBERNATION_DEF_COMP="lzo" CONFIG_HIBERNATION_SNAPSHOT_DEV=y -CONFIG_HID_PID=y -CONFIG_HIGH_RES_TIMERS=y +# CONFIG_HIBMCGE is not set +# CONFIG_HID_APPLETB_BL is not set +# CONFIG_HID_APPLETB_KBD is not set +# CONFIG_HID_BPF is not set +# CONFIG_HID_GOODIX_SPI is not set +# CONFIG_HID_KYSONA is not set +# CONFIG_HID_MCP2200 is not set +# CONFIG_HID_UNIVERSAL_PIDFF is not set +# CONFIG_HID_WINWING is not set +# CONFIG_HINIC is not set CONFIG_HIST_TRIGGERS=y +# CONFIG_HIST_TRIGGERS_DEBUG is not set CONFIG_HMEM_REPORTING=y -CONFIG_HOTPLUG_PCI_ACPI=y -CONFIG_HOTPLUG_PCI_CPCI=y +# CONFIG_HOTPLUG_PCI_ACPI_IBM is not set +# CONFIG_HOTPLUG_PCI_CPCI_GENERIC is not set +# CONFIG_HOTPLUG_PCI_CPCI_ZT5550 is not set CONFIG_HOTPLUG_PCI_OCTEONEP=y -CONFIG_HOTPLUG_PCI_PCIE=y -CONFIG_HOTPLUG_PCI_SHPC=y -CONFIG_HPET_MMAP_DEFAULT=y +# CONFIG_HPFS_FS is not set +CONFIG_HP_ACCEL=y +CONFIG_HP_BIOSCFG=y +CONFIG_HP_WMI=y CONFIG_HSU_DMA=y -CONFIG_HTE=y -CONFIG_HUGETLBFS=y +# CONFIG_HT16K33 is not set +# CONFIG_HUAWEI_WMI is not set CONFIG_HUGETLB_PAGE=y CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING=y CONFIG_HVC_IRQ=y CONFIG_HVC_XEN=y CONFIG_HVC_XEN_FRONTEND=y CONFIG_HWLAT_TRACER=y -CONFIG_HWMON=y -CONFIG_HWSPINLOCK=y -CONFIG_HW_RANDOM_TPM=y -CONFIG_I2C_CHARDEV=y +# CONFIG_HWMON_DEBUG_CHIP is not set +# CONFIG_HWPOISON_INJECT is not set +# CONFIG_HYPERV_TESTING is not set +# CONFIG_I2C_CBUS_GPIO is not set +# CONFIG_I2C_CHT_WC is not set +# CONFIG_I2C_DESIGNWARE_AMDPSP is not set CONFIG_I2C_DESIGNWARE_BAYTRAIL=y CONFIG_I2C_DESIGNWARE_CORE=y -CONFIG_I2C_DESIGNWARE_PLATFORM=y -CONFIG_I2C_SLAVE=y +# CONFIG_I2C_DESIGNWARE_SLAVE is not set +# CONFIG_I2C_GPIO is not set +# CONFIG_I2C_SLAVE_EEPROM is not set +# CONFIG_I2C_SLAVE_TESTUNIT is not set +# CONFIG_I2C_ZHAOXIN is not set +# CONFIG_IA32_EMULATION_DEFAULT_DISABLED is not set +# CONFIG_IDEAPAD_LAPTOP is not set CONFIG_IDLE_INJECT=y -CONFIG_IDLE_PAGE_TRACKING=y +# CONFIG_IDPF is not set +CONFIG_IGB_HWMON=y CONFIG_IMA=y CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_ARCH_POLICY=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y +# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set +CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" +# CONFIG_IMA_DISABLE_HTABLE is not set CONFIG_IMA_KEXEC=y +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y +CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y -CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y -CONFIG_INITRAMFS_PRESERVE_MTIME=y -CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y -CONFIG_INPUT_JOYSTICK=y -CONFIG_INPUT_MOUSEDEV_PSAUX=y +# CONFIG_IMA_READ_POLICY is not set +# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_WRITE_POLICY is not set +# CONFIG_IMG_ASCII_LCD is not set +CONFIG_INET_MPTCP_DIAG=y +# CONFIG_INPUT_88PM860X_ONKEY is not set +# CONFIG_INPUT_DA9052_ONKEY is not set +# CONFIG_INPUT_DA9055_ONKEY is not set +# CONFIG_INPUT_DA9063_ONKEY is not set +# CONFIG_INPUT_DRV260X_HAPTICS is not set +# CONFIG_INPUT_GPIO_BEEPER is not set +# CONFIG_INPUT_GPIO_DECODER is not set +# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set +# CONFIG_INPUT_GPIO_VIBRA is not set +# CONFIG_INPUT_IBM_PANEL is not set +# CONFIG_INPUT_MAX77693_HAPTIC is not set +# CONFIG_INPUT_MAX8925_ONKEY is not set +# CONFIG_INPUT_MAX8997_HAPTIC is not set +# CONFIG_INPUT_PALMAS_PWRBUTTON is not set +# CONFIG_INPUT_PCAP is not set +# CONFIG_INPUT_PWM_BEEPER is not set +# CONFIG_INPUT_PWM_VIBRA is not set +# CONFIG_INPUT_REGULATOR_HAPTIC is not set +# CONFIG_INPUT_TWL4030_PWRBUTTON is not set +# CONFIG_INPUT_TWL4030_VIBRA is not set +# CONFIG_INPUT_TWL6040_VIBRA is not set +# CONFIG_INPUT_WM831X_ON is not set +CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y +# CONFIG_INSPUR_PLATFORM_PROFILE is not set CONFIG_INTEGRITY=y CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y +# CONFIG_INTEGRITY_CA_MACHINE_KEYRING is not set CONFIG_INTEGRITY_MACHINE_KEYRING=y CONFIG_INTEGRITY_PLATFORM_KEYRING=y CONFIG_INTEGRITY_SIGNATURE=y CONFIG_INTEGRITY_TRUSTED_KEYRING=y -CONFIG_INTEL_HFI_THERMAL=y -CONFIG_INTEL_IOMMU=y +# CONFIG_INTEL_BYTCRC_PWRSRC is not set +# CONFIG_INTEL_IDMA64 is not set +# CONFIG_INTEL_IDXD is not set +# CONFIG_INTEL_IDXD_COMPAT is not set +# CONFIG_INTEL_INT0002_VGPIO is not set +# CONFIG_INTEL_IOATDMA is not set CONFIG_INTEL_IOMMU_DEFAULT_ON=y CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_INTEL_IOMMU_PERF_EVENTS=y CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y CONFIG_INTEL_IOMMU_SVM=y CONFIG_INTEL_LDMA=y +# CONFIG_INTEL_OAKTRAIL is not set +# CONFIG_INTEL_RAPL is not set CONFIG_INTEL_SCU=y CONFIG_INTEL_SCU_IPC=y -CONFIG_INTEL_SCU_PCI=y +# CONFIG_INTEL_SCU_IPC_UTIL is not set +# CONFIG_INTEL_SKL_INT3472 is not set CONFIG_INTEL_SOC_PMIC=y +# CONFIG_INTEL_SOC_PMIC_CHTDC_TI is not set CONFIG_INTEL_SOC_PMIC_CHTWC=y +# CONFIG_INTEL_SOC_PMIC_MRFLD is not set +# CONFIG_INTEL_THC_HID is not set CONFIG_INTEL_TURBO_MAX_3=y CONFIG_INTEL_TXT=y -CONFIG_INTERCONNECT=y +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_DEBUGFS is not set CONFIG_IOMMU_HELPER=y CONFIG_IOMMU_IOPF=y CONFIG_IOMMU_IO_PGTABLE=y CONFIG_IOMMU_MM_DATA=y CONFIG_IOMMU_SVA=y +# CONFIG_IONIC is not set CONFIG_IOSF_MBI_DEBUG=y -CONFIG_IO_DELAY_0XED=y +# CONFIG_IO_STRICT_DEVMEM is not set +CONFIG_IO_URING_ZCRX=y +# CONFIG_IP6_NF_IPTABLES_LEGACY is not set +CONFIG_IPE_BOOT_POLICY="" CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y CONFIG_IPE_PROP_FS_VERITY=y CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y -CONFIG_IPV6_IOAM6_LWTUNNEL=y -CONFIG_IPV6_MROUTE=y +# CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y -CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_PIMSM_V2=y -CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_SEG6_BPF=y -CONFIG_IPV6_SEG6_HMAC=y -CONFIG_IPV6_SEG6_LWTUNNEL=y CONFIG_IPV6_SUBTREES=y -CONFIG_IP_FIB_TRIE_STATS=y -CONFIG_IP_MROUTE_MULTIPLE_TABLES=y -CONFIG_IRQ_POLL=y +# CONFIG_IPW2100 is not set +# CONFIG_IPW2200 is not set +# CONFIG_IP_NF_ARPFILTER is not set +CONFIG_IP_NF_IPTABLES_LEGACY=y +# CONFIG_IP_NF_SECURITY is not set +# CONFIG_IRQSOFF_TRACER is not set CONFIG_ISA_BUS=y -CONFIG_JAILHOUSE_GUEST=y -CONFIG_JUMP_LABEL=y -CONFIG_KALLSYMS_ALL=y -CONFIG_KARMA_PARTITION=y +# CONFIG_IWL3945 is not set +# CONFIG_IWL4965 is not set +# CONFIG_IWLWIFI is not set +# CONFIG_JOYSTICK_A3D is not set +# CONFIG_JOYSTICK_ADI is not set +# CONFIG_JOYSTICK_ANALOG is not set +# CONFIG_JOYSTICK_AS5011 is not set +# CONFIG_JOYSTICK_COBRA is not set +# CONFIG_JOYSTICK_DB9 is not set +# CONFIG_JOYSTICK_FSIA6B is not set +# CONFIG_JOYSTICK_GAMECON is not set +# CONFIG_JOYSTICK_GF2K is not set +# CONFIG_JOYSTICK_GRIP is not set +# CONFIG_JOYSTICK_GRIP_MP is not set +# CONFIG_JOYSTICK_GUILLEMOT is not set +# CONFIG_JOYSTICK_IFORCE is not set +# CONFIG_JOYSTICK_INTERACT is not set +# CONFIG_JOYSTICK_JOYDUMP is not set +# CONFIG_JOYSTICK_MAGELLAN is not set +# CONFIG_JOYSTICK_PSXPAD_SPI is not set +# CONFIG_JOYSTICK_PXRC is not set +# CONFIG_JOYSTICK_QWIIC is not set +# CONFIG_JOYSTICK_SEESAW is not set +# CONFIG_JOYSTICK_SENSEHAT is not set +# CONFIG_JOYSTICK_SIDEWINDER is not set +# CONFIG_JOYSTICK_SPACEBALL is not set +# CONFIG_JOYSTICK_SPACEORB is not set +# CONFIG_JOYSTICK_STINGER is not set +# CONFIG_JOYSTICK_TMDC is not set +# CONFIG_JOYSTICK_TURBOGRAFX is not set +# CONFIG_JOYSTICK_TWIDJOY is not set +# CONFIG_JOYSTICK_WALKERA0701 is not set +# CONFIG_JOYSTICK_WARRIOR is not set +# CONFIG_JOYSTICK_XPAD is not set +# CONFIG_JOYSTICK_ZHENHUA is not set +CONFIG_KDB_CONTINUE_CATASTROPHIC=0 +CONFIG_KDB_DEFAULT_ENABLE=0x1 CONFIG_KDB_KEYBOARD=y -CONFIG_KEXEC=y +# CONFIG_KEBA_CP500 is not set CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y CONFIG_KEXEC_CORE=y -CONFIG_KEXEC_FILE=y CONFIG_KEXEC_JUMP=y CONFIG_KEXEC_SIG=y -CONFIG_KEYS_REQUEST_CACHE=y -CONFIG_KEY_DH_OPERATIONS=y +# CONFIG_KEXEC_SIG_FORCE is not set +# CONFIG_KEYBOARD_ADP5520 is not set +# CONFIG_KEYBOARD_APPLESPI is not set +# CONFIG_KEYBOARD_GPIO is not set +# CONFIG_KEYBOARD_GPIO_POLLED is not set +# CONFIG_KEYBOARD_MATRIX is not set +# CONFIG_KEYBOARD_PINEPHONE is not set +# CONFIG_KEYBOARD_TWL4030 is not set CONFIG_KEY_NOTIFICATIONS=y -CONFIG_KFENCE=y -CONFIG_KGDB=y -CONFIG_KGDB_HONOUR_BLOCKLIST=y +# CONFIG_KFENCE_DEFERRABLE is not set +CONFIG_KFENCE_NUM_OBJECTS=255 +CONFIG_KFENCE_SAMPLE_INTERVAL=100 +# CONFIG_KFENCE_STATIC_KEYS is not set +CONFIG_KFENCE_STRESS_TEST_FAULTS=0 CONFIG_KGDB_KDB=y CONFIG_KGDB_LOW_LEVEL_TRAP=y CONFIG_KGDB_SERIAL_CONSOLE=y -CONFIG_KPROBES=y +# CONFIG_KGDB_TESTS is not set CONFIG_KPROBES_ON_FTRACE=y CONFIG_KPROBE_EVENTS=y +# CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set CONFIG_KRETPROBES=y CONFIG_KRETPROBE_ON_RETHOOK=y -CONFIG_KSM=y -CONFIG_LATENCYTOP=y -CONFIG_LDISC_AUTOLOAD=y -CONFIG_LDM_PARTITION=y -CONFIG_LEDS_BRIGHTNESS_HW_CHANGED=y -CONFIG_LEDS_TRIGGER_CPU=y -CONFIG_LEDS_TRIGGER_DISK=y -CONFIG_LEDS_TRIGGER_PANIC=y -CONFIG_LED_TRIGGER_PHY=y -CONFIG_LEGACY_PTYS=y -CONFIG_LIBNVDIMM=y +# CONFIG_KS0108 is not set +# CONFIG_KS8842 is not set +# CONFIG_KS8851 is not set +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_KVFREE_RCU_BATCHED=y +# CONFIG_KVM is not set +# CONFIG_LAN743X is not set +# CONFIG_LAN865X is not set +# CONFIG_LATTICE_ECP3_CONFIG is not set +# CONFIG_LCD2S is not set +# CONFIG_LDM_DEBUG is not set +CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y +# CONFIG_LEDS_88PM860X is not set +# CONFIG_LEDS_ADP5520 is not set +# CONFIG_LEDS_CHT_WCOVE is not set +# CONFIG_LEDS_DA903X is not set +# CONFIG_LEDS_DA9052 is not set +# CONFIG_LEDS_DAC124S085 is not set +# CONFIG_LEDS_GPIO is not set +# CONFIG_LEDS_LP3952 is not set +# CONFIG_LEDS_LP8788 is not set +# CONFIG_LEDS_LT3593 is not set +# CONFIG_LEDS_MAX8997 is not set +# CONFIG_LEDS_PWM is not set +# CONFIG_LEDS_REGULATOR is not set +# CONFIG_LEDS_SPI_BYTE is not set +# CONFIG_LEDS_TRIGGER_GPIO is not set +# CONFIG_LEDS_TRIGGER_INPUT_EVENTS is not set +# CONFIG_LEDS_WM831X_STATUS is not set +# CONFIG_LEDS_WM8350 is not set +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_LENOVO_SE10_WDT is not set +# CONFIG_LENOVO_SE30_WDT is not set +# CONFIG_LENOVO_WMI_CAMERA is not set +# CONFIG_LENOVO_WMI_HOTKEY_UTILITIES is not set +# CONFIG_LG_LAPTOP is not set +# CONFIG_LIBERTAS is not set +# CONFIG_LIBERTAS_THINFIRM is not set CONFIG_LINEAR_RANGES=y -CONFIG_LIVEPATCH=y +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +# CONFIG_LKDTM is not set +# CONFIG_LMK04832 is not set CONFIG_LOAD_UEFI_KEYS=y CONFIG_LOCKUP_DETECTOR=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -CONFIG_LRU_GEN=y +# CONFIG_LOCK_EVENT_COUNTS is not set CONFIG_LRU_GEN_ENABLED=y +# CONFIG_LRU_GEN_STATS is not set CONFIG_LRU_GEN_WALKS_MMU=y -CONFIG_LWTUNNEL=y +CONFIG_LSM_MMAP_MIN_ADDR=65536 +# CONFIG_LWQ_TEST is not set CONFIG_LWTUNNEL_BPF=y CONFIG_LZ4_DECOMPRESS=y CONFIG_LZO_COMPRESS=y CONFIG_LZO_DECOMPRESS=y -CONFIG_MACINTOSH_DRIVERS=y -CONFIG_MAC_PARTITION=y -CONFIG_MAGIC_SYSRQ_SERIAL=y -CONFIG_MAILBOX=y -CONFIG_MAXSMP=y -CONFIG_MCTP=y -CONFIG_MDIO_BUS=y -CONFIG_MDIO_DEVICE=y -CONFIG_MDIO_DEVRES=y +# CONFIG_MACB is not set +# CONFIG_MAC_EMUMOUSEBTN is not set +CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" +# CONFIG_MAX31827 is not set +# CONFIG_MAX6959 is not set +# CONFIG_MAX8925_POWER is not set +# CONFIG_MCTP_SERIAL is not set +# CONFIG_MCTP_TRANSPORT_I2C is not set +# CONFIG_MCTP_TRANSPORT_USB is not set +# CONFIG_MDIO_MSCC_MIIM is not set CONFIG_MD_AUTODETECT=y -CONFIG_MEDIA_CEC_SUPPORT=y -CONFIG_MEGARAID_NEWGEN=y -CONFIG_MELLANOX_PLATFORM=y -CONFIG_MEMORY=y -CONFIG_MEMORY_FAILURE=y -CONFIG_MEMORY_HOTPLUG=y +# CONFIG_MD_LINEAR is not set +# CONFIG_MD_RAID0 is not set +# CONFIG_MD_RAID1 is not set +# CONFIG_MD_RAID10 is not set +# CONFIG_MD_RAID456 is not set +# CONFIG_MEEGOPAD_ANX7428 is not set +# CONFIG_MEGARAID_MM is not set +# CONFIG_MEMCG_V1 is not set CONFIG_MEMORY_HOTREMOVE=y CONFIG_MEMORY_ISOLATION=y CONFIG_MEMREGION=y -CONFIG_MEMTEST=y -CONFIG_MEM_SOFT_DIRTY=y -CONFIG_MFD_88PM860X=y +# CONFIG_MEM_ALLOC_PROFILING is not set +# CONFIG_MEN_A21_WDT is not set CONFIG_MFD_AAT2870_CORE=y -CONFIG_MFD_AS3711=y +# CONFIG_MFD_ARIZONA_SPI is not set +# CONFIG_MFD_CGBC is not set CONFIG_MFD_CORE=y -CONFIG_MFD_DA9052_I2C=y +# CONFIG_MFD_CS40L50_I2C is not set +# CONFIG_MFD_CS40L50_SPI is not set CONFIG_MFD_DA9052_SPI=y -CONFIG_MFD_DA9055=y -CONFIG_MFD_DA9063=y -CONFIG_MFD_LP8788=y -CONFIG_MFD_MAX14577=y -CONFIG_MFD_MAX77693=y -CONFIG_MFD_MAX77843=y -CONFIG_MFD_MAX8925=y -CONFIG_MFD_MAX8997=y -CONFIG_MFD_MAX8998=y -CONFIG_MFD_PALMAS=y -CONFIG_MFD_RC5T583=y -CONFIG_MFD_SYSCON=y -CONFIG_MFD_TPS65090=y -CONFIG_MFD_TPS6586X=y +# CONFIG_MFD_INTEL_M10_BMC_SPI is not set +# CONFIG_MFD_MAX77705 is not set +# CONFIG_MFD_MC13XXX_SPI is not set +# CONFIG_MFD_OCELOT is not set +# CONFIG_MFD_QNAP_MCU is not set CONFIG_MFD_TPS65910=y CONFIG_MFD_TPS65912=y -CONFIG_MFD_TPS65912_I2C=y CONFIG_MFD_TPS65912_SPI=y +# CONFIG_MFD_TPS6594_SPI is not set CONFIG_MFD_TWL4030_AUDIO=y +# CONFIG_MFD_UPBOARD_FPGA is not set CONFIG_MFD_WM831X=y -CONFIG_MFD_WM831X_I2C=y CONFIG_MFD_WM831X_SPI=y CONFIG_MFD_WM8350=y -CONFIG_MFD_WM8350_I2C=y -CONFIG_MFD_WM8400=y +CONFIG_MHP_DEFAULT_ONLINE_TYPE_OFFLINE=y +# CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO is not set +# CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_KERNEL is not set +# CONFIG_MHP_DEFAULT_ONLINE_TYPE_ONLINE_MOVABLE is not set CONFIG_MHP_MEMMAP_ON_MEMORY=y +# CONFIG_MICREL_KS8995MA is not set +# CONFIG_MICROSOFT_MANA is not set CONFIG_MIGRATION=y -CONFIG_MINIX_SUBPARTITION=y -CONFIG_MISC_FILESYSTEMS=y +# CONFIG_MINIX_FS is not set CONFIG_MITIGATION_CALL_DEPTH_TRACKING=y +CONFIG_MITIGATION_GDS=y CONFIG_MITIGATION_IBPB_ENTRY=y CONFIG_MITIGATION_IBRS_ENTRY=y +CONFIG_MITIGATION_ITS=y CONFIG_MITIGATION_L1TF=y CONFIG_MITIGATION_MDS=y CONFIG_MITIGATION_MMIO_STALE_DATA=y @@ -609,301 +1671,553 @@ CONFIG_MITIGATION_SRBDS=y CONFIG_MITIGATION_SRSO=y CONFIG_MITIGATION_SSB=y CONFIG_MITIGATION_TAA=y +CONFIG_MITIGATION_TSA=y CONFIG_MITIGATION_UNRET_ENTRY=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXFW is not set +# CONFIG_MLXREG_HOTPLUG is not set +# CONFIG_MLXREG_IO is not set +# CONFIG_MLXREG_LC is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLX_WDT is not set CONFIG_MMCONF_FAM10H=y CONFIG_MMC_CRYPTO=y +CONFIG_MMC_SDHCI_UHS2=y +# CONFIG_MMC_SPI is not set CONFIG_MMIOTRACE=y CONFIG_MMU_NOTIFIER=y -CONFIG_MODULE_COMPRESS=y -CONFIG_MODULE_COMPRESS_ZSTD=y -CONFIG_MODULE_DECOMPRESS=y -CONFIG_MODULE_SIG=y -CONFIG_MODULE_SIG_ALL=y +CONFIG_MM_ID=y CONFIG_MODULE_SIG_FORMAT=y -CONFIG_MODULE_SIG_KEY_TYPE_RSA=y -CONFIG_MODULE_SIG_SHA512=y -CONFIG_MODULE_SRCVERSION_ALL=y -CONFIG_MODVERSIONS=y -CONFIG_MPTCP=y +# CONFIG_MOST is not set +# CONFIG_MOUSE_GPIO is not set +# CONFIG_MOXA_INTELLIO is not set +# CONFIG_MOXA_SMARTIO is not set CONFIG_MPTCP_IPV6=y -CONFIG_MQ_IOSCHED_DEADLINE=y -CONFIG_MTRR_SANITIZER=y +# CONFIG_MSE102X is not set +# CONFIG_MSHV_ROOT is not set +# CONFIG_MSI_EC is not set +# CONFIG_MSI_LAPTOP is not set +# CONFIG_MSI_WMI_PLATFORM is not set +# CONFIG_MT7601U is not set +# CONFIG_MT7603E is not set +# CONFIG_MT7615E is not set +# CONFIG_MT7663S is not set +# CONFIG_MT7663U is not set +# CONFIG_MT76x0E is not set +# CONFIG_MT76x0U is not set +# CONFIG_MT76x2E is not set +# CONFIG_MT76x2U is not set +# CONFIG_MT7915E is not set +# CONFIG_MT7921E is not set +# CONFIG_MT7921S is not set +# CONFIG_MT7921U is not set +# CONFIG_MT7925E is not set +# CONFIG_MT7925U is not set +# CONFIG_MT7996E is not set +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +# CONFIG_MWIFIEX is not set +# CONFIG_MWL8K is not set +# CONFIG_MYRI10GE is not set +# CONFIG_NATSEMI is not set CONFIG_NCSI_OEM_CMD_GET_MAC=y +# CONFIG_NCSI_OEM_CMD_KEEP_PHY is not set +CONFIG_ND_BTT=y CONFIG_ND_CLAIM=y +CONFIG_ND_PFN=y +# CONFIG_NE2K_PCI is not set CONFIG_NEED_TASKS_RCU=y -CONFIG_NETFILTER_EGRESS=y -CONFIG_NETFILTER_INGRESS=y +# CONFIG_NETCONSOLE_DYNAMIC is not set +# CONFIG_NETDEVSIM is not set CONFIG_NETFILTER_SKIP_EGRESS=y +# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set +# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set CONFIG_NETKIT=y CONFIG_NETLABEL=y -CONFIG_NETWORK_PHY_TIMESTAMPING=y -CONFIG_NETWORK_SECMARK=y +# CONFIG_NETXEN_NIC is not set +# CONFIG_NET_ACT_BPF is not set +# CONFIG_NET_ACT_CSUM is not set +# CONFIG_NET_ACT_GACT is not set +# CONFIG_NET_ACT_GATE is not set +# CONFIG_NET_ACT_IFE is not set +# CONFIG_NET_ACT_MIRRED is not set +# CONFIG_NET_ACT_MPLS is not set +# CONFIG_NET_ACT_NAT is not set +# CONFIG_NET_ACT_PEDIT is not set +# CONFIG_NET_ACT_POLICE is not set +# CONFIG_NET_ACT_SAMPLE is not set +# CONFIG_NET_ACT_SIMP is not set +# CONFIG_NET_ACT_SKBEDIT is not set +# CONFIG_NET_ACT_SKBMOD is not set +# CONFIG_NET_ACT_TUNNEL_KEY is not set +# CONFIG_NET_ACT_VLAN is not set CONFIG_NET_CLS=y CONFIG_NET_CLS_ACT=y +# CONFIG_NET_CLS_BASIC is not set +# CONFIG_NET_CLS_BPF is not set +# CONFIG_NET_CLS_CGROUP is not set +# CONFIG_NET_CLS_FLOW is not set +# CONFIG_NET_CLS_FLOWER is not set +# CONFIG_NET_CLS_FW is not set +# CONFIG_NET_CLS_MATCHALL is not set +# CONFIG_NET_CLS_ROUTE4 is not set +# CONFIG_NET_CLS_U32 is not set CONFIG_NET_DEVMEM=y CONFIG_NET_DROP_MONITOR=y -CONFIG_NET_EMATCH=y -CONFIG_NET_FC=y -CONFIG_NET_L3_MASTER_DEV=y -CONFIG_NET_NCSI=y -CONFIG_NET_PTP_CLASSIFY=y -CONFIG_NET_SCHED=y -CONFIG_NET_SCH_FIFO=y -CONFIG_NET_SELFTESTS=y -CONFIG_NET_SWITCHDEV=y -CONFIG_NET_TC_SKB_EXT=y -CONFIG_NET_TULIP=y -CONFIG_NET_VENDOR_8390=y -CONFIG_NET_VENDOR_ADAPTEC=y -CONFIG_NET_VENDOR_ADI=y -CONFIG_NET_VENDOR_AGERE=y -CONFIG_NET_VENDOR_ALACRITECH=y -CONFIG_NET_VENDOR_ALTEON=y -CONFIG_NET_VENDOR_AMAZON=y -CONFIG_NET_VENDOR_AQUANTIA=y -CONFIG_NET_VENDOR_ARC=y -CONFIG_NET_VENDOR_ASIX=y -CONFIG_NET_VENDOR_BROCADE=y -CONFIG_NET_VENDOR_CADENCE=y -CONFIG_NET_VENDOR_CAVIUM=y -CONFIG_NET_VENDOR_CHELSIO=y -CONFIG_NET_VENDOR_CISCO=y -CONFIG_NET_VENDOR_CORTINA=y -CONFIG_NET_VENDOR_DAVICOM=y -CONFIG_NET_VENDOR_DEC=y -CONFIG_NET_VENDOR_EMULEX=y -CONFIG_NET_VENDOR_ENGLEDER=y -CONFIG_NET_VENDOR_EZCHIP=y -CONFIG_NET_VENDOR_FUNGIBLE=y -CONFIG_NET_VENDOR_HUAWEI=y -CONFIG_NET_VENDOR_I825XX=y -CONFIG_NET_VENDOR_LITEX=y -CONFIG_NET_VENDOR_MELLANOX=y +CONFIG_NET_EMATCH=y +# CONFIG_NET_EMATCH_CMP is not set +# CONFIG_NET_EMATCH_IPT is not set +# CONFIG_NET_EMATCH_META is not set +# CONFIG_NET_EMATCH_NBYTE is not set +CONFIG_NET_EMATCH_STACK=32 +# CONFIG_NET_EMATCH_TEXT is not set +# CONFIG_NET_EMATCH_U32 is not set +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NET_SCH_CAKE is not set +# CONFIG_NET_SCH_CBS is not set +# CONFIG_NET_SCH_CHOKE is not set +# CONFIG_NET_SCH_CODEL is not set +# CONFIG_NET_SCH_DEFAULT is not set +# CONFIG_NET_SCH_DRR is not set +# CONFIG_NET_SCH_ETF is not set +# CONFIG_NET_SCH_ETS is not set +CONFIG_NET_SCH_FIFO=y +# CONFIG_NET_SCH_FQ is not set +# CONFIG_NET_SCH_FQ_CODEL is not set +# CONFIG_NET_SCH_GRED is not set +# CONFIG_NET_SCH_HFSC is not set +# CONFIG_NET_SCH_HHF is not set +# CONFIG_NET_SCH_HTB is not set +# CONFIG_NET_SCH_INGRESS is not set +# CONFIG_NET_SCH_MQPRIO is not set +# CONFIG_NET_SCH_MULTIQ is not set +# CONFIG_NET_SCH_NETEM is not set +# CONFIG_NET_SCH_PIE is not set +# CONFIG_NET_SCH_PLUG is not set +# CONFIG_NET_SCH_PRIO is not set +# CONFIG_NET_SCH_QFQ is not set +# CONFIG_NET_SCH_RED is not set +# CONFIG_NET_SCH_SFB is not set +# CONFIG_NET_SCH_SFQ is not set +# CONFIG_NET_SCH_SKBPRIO is not set +# CONFIG_NET_SCH_TAPRIO is not set +# CONFIG_NET_SCH_TBF is not set +# CONFIG_NET_SCH_TEQL is not set +CONFIG_NET_TC_SKB_EXT=y +CONFIG_NET_TULIP=y +CONFIG_NET_VENDOR_8390=y +CONFIG_NET_VENDOR_ADI=y +CONFIG_NET_VENDOR_HISILICON=y CONFIG_NET_VENDOR_META=y -CONFIG_NET_VENDOR_MICREL=y -CONFIG_NET_VENDOR_MICROCHIP=y -CONFIG_NET_VENDOR_MICROSEMI=y -CONFIG_NET_VENDOR_MICROSOFT=y -CONFIG_NET_VENDOR_MYRI=y -CONFIG_NET_VENDOR_NATSEMI=y -CONFIG_NET_VENDOR_NETERION=y -CONFIG_NET_VENDOR_NETRONOME=y -CONFIG_NET_VENDOR_NI=y -CONFIG_NET_VENDOR_NVIDIA=y -CONFIG_NET_VENDOR_OKI=y -CONFIG_NET_VENDOR_PACKET_ENGINES=y -CONFIG_NET_VENDOR_PENSANDO=y -CONFIG_NET_VENDOR_QLOGIC=y -CONFIG_NET_VENDOR_QUALCOMM=y -CONFIG_NET_VENDOR_RDC=y -CONFIG_NET_VENDOR_RENESAS=y -CONFIG_NET_VENDOR_ROCKER=y -CONFIG_NET_VENDOR_SAMSUNG=y -CONFIG_NET_VENDOR_SEEQ=y -CONFIG_NET_VENDOR_SILAN=y -CONFIG_NET_VENDOR_SIS=y -CONFIG_NET_VENDOR_SMSC=y -CONFIG_NET_VENDOR_SOCIONEXT=y -CONFIG_NET_VENDOR_SOLARFLARE=y -CONFIG_NET_VENDOR_STMICRO=y -CONFIG_NET_VENDOR_SUN=y -CONFIG_NET_VENDOR_SYNOPSYS=y -CONFIG_NET_VENDOR_TEHUTI=y -CONFIG_NET_VENDOR_TI=y -CONFIG_NET_VENDOR_VERTEXCOM=y -CONFIG_NET_VENDOR_VIA=y -CONFIG_NET_VENDOR_WANGXUN=y -CONFIG_NET_VENDOR_WIZNET=y -CONFIG_NET_VENDOR_XILINX=y -CONFIG_NMI_CHECK_CPU=y +# CONFIG_NET_VRF is not set +# CONFIG_NFP is not set +# CONFIG_NFS_FSCACHE is not set +# CONFIG_NF_CONNTRACK_SECMARK is not set +# CONFIG_NGBE is not set +# CONFIG_NIU is not set +# CONFIG_NI_XGE_MANAGEMENT_ENET is not set +CONFIG_NODES_SHIFT=10 CONFIG_NOP_TRACER=y -CONFIG_NO_HZ_FULL=y -CONFIG_NUMA=y +# CONFIG_NO_PAGE_MAPCOUNT is not set +# CONFIG_NS83820 is not set +# CONFIG_NSM is not set +# CONFIG_NTSYNC is not set CONFIG_NUMA_BALANCING=y CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y +# CONFIG_NUMA_EMU is not set CONFIG_NUMA_KEEP_MEMINFO=y CONFIG_NUMA_MEMBLKS=y CONFIG_NVDIMM_DAX=y CONFIG_NVDIMM_KEYS=y CONFIG_NVDIMM_PFN=y +# CONFIG_NVDIMM_SECURITY_TEST is not set +# CONFIG_NVMEM_LAYOUTS is not set +# CONFIG_NVME_HOST_AUTH is not set +# CONFIG_NVME_HWMON is not set +# CONFIG_NVME_TARGET is not set +# CONFIG_NVSW_SN2201 is not set +# CONFIG_NXP_TJA11XX_PHY is not set +# CONFIG_N_HDLC is not set +# CONFIG_OBJTOOL_WERROR is not set +# CONFIG_OCFS2_FS is not set +# CONFIG_OCTEON_EP_VF is not set +# CONFIG_OMFS_FS is not set CONFIG_OPTPROBES=y -CONFIG_OSF_PARTITION=y +# CONFIG_ORANGEFS_FS is not set CONFIG_OSNOISE_TRACER=y -CONFIG_PACKING=y +# CONFIG_P54_COMMON is not set CONFIG_PADATA=y CONFIG_PAGE_IDLE_FLAG=y -CONFIG_PAGE_POISONING=y -CONFIG_PAGE_POOL_STATS=y +CONFIG_PAGE_MAPCOUNT=y +CONFIG_PAGE_SHIFT=12 CONFIG_PAGE_SIZE_4KB=y CONFIG_PARAVIRT_XXL=y -CONFIG_PATA_SIS=y +# CONFIG_PARPORT_PANEL is not set CONFIG_PC104=y CONFIG_PCC=y -CONFIG_PCIEAER=y +# CONFIG_PCENGINES_APU2 is not set +# CONFIG_PCIEAER_INJECT is not set CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_PEER2PEER is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_TUNE_OFF is not set CONFIG_PCIE_DPC=y CONFIG_PCIE_DW=y +# CONFIG_PCIE_DW_DEBUGFS is not set CONFIG_PCIE_DW_EP=y CONFIG_PCIE_DW_HOST=y CONFIG_PCIE_DW_PLAT=y CONFIG_PCIE_DW_PLAT_EP=y -CONFIG_PCIE_DW_PLAT_HOST=y +# CONFIG_PCIE_ECRC is not set CONFIG_PCIE_EDR=y -CONFIG_PCIE_PTM=y CONFIG_PCIE_THERMAL=y CONFIG_PCIE_TPH=y -CONFIG_PCI_ENDPOINT=y +# CONFIG_PCI_DOE is not set CONFIG_PCI_ENDPOINT_CONFIGFS=y -CONFIG_PCI_MMCONFIG=y +# CONFIG_PCI_EPF_NTB is not set +# CONFIG_PCI_EPF_TEST is not set CONFIG_PCI_NPEM=y CONFIG_PCI_P2PDMA=y -CONFIG_PCI_PASID=y -CONFIG_PCI_PRI=y -CONFIG_PCI_REALLOC_ENABLE_AUTO=y +# CONFIG_PCI_PWRCTL_SLOT is not set CONFIG_PCI_XEN=y -CONFIG_PCPU_DEV_REFCNT=y -CONFIG_PERF_EVENTS_AMD_BRS=y -CONFIG_PERF_EVENTS_INTEL_UNCORE=y -CONFIG_PERSISTENT_KEYRINGS=y +CONFIG_PCP_BATCH_SCALE_MAX=5 +# CONFIG_PCS_XPCS is not set +# CONFIG_PFCP is not set CONFIG_PGTABLE_HAS_HUGE_LEAVES=y -CONFIG_PHYLIB=y +# CONFIG_PHY_SAMSUNG_USB2 is not set CONFIG_PINCONF=y -CONFIG_PINCTRL_AMD=y -CONFIG_PINCTRL_BAYTRAIL=y -CONFIG_PINCTRL_CHERRYVIEW=y CONFIG_PINCTRL_INTEL=y -CONFIG_PINCTRL_SX150X=y +# CONFIG_PINCTRL_INTEL_PLATFORM is not set +# CONFIG_PINCTRL_METEORPOINT is not set CONFIG_PINMUX=y -CONFIG_PMIC_ADP5520=y -CONFIG_PMIC_DA903X=y +# CONFIG_PLFXLC is not set +# CONFIG_PLX_DMA is not set +# CONFIG_PMBUS is not set CONFIG_PMIC_DA9052=y -CONFIG_PMIC_OPREGION=y -CONFIG_PM_DEVFREQ=y +# CONFIG_PM_AUTOSLEEP is not set CONFIG_PM_DEVFREQ_EVENT=y CONFIG_PM_OPP=y CONFIG_PM_SLEEP=y CONFIG_PM_SLEEP_DEBUG=y CONFIG_PM_SLEEP_SMP=y +CONFIG_PM_STD_PARTITION="" +# CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y +# CONFIG_PM_USERSPACE_AUTOSLEEP is not set CONFIG_PM_WAKELOCKS=y CONFIG_PM_WAKELOCKS_GC=y -CONFIG_POWERCAP=y -CONFIG_POWER_RESET=y +CONFIG_PM_WAKELOCKS_LIMIT=100 CONFIG_POWER_RESET_RESTART=y +# CONFIG_POWER_SEQUENCING is not set CONFIG_POWER_SUPPLY_HWMON=y -CONFIG_PPP=y +# CONFIG_PPPOE is not set +CONFIG_PPPOE_HASH_BITS=4 +# CONFIG_PPP_ASYNC is not set +# CONFIG_PPP_BSDCOMP is not set +# CONFIG_PPP_DEFLATE is not set CONFIG_PPP_FILTER=y +# CONFIG_PPP_MPPE is not set CONFIG_PPP_MULTILINK=y -CONFIG_PPS=y -CONFIG_PREEMPT_DYNAMIC=y -CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PPP_SYNC_TTY is not set +# CONFIG_PPS_CLIENT_GPIO is not set +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_PARPORT is not set +# CONFIG_PPS_DEBUG is not set +# CONFIG_PPS_GENERATOR is not set +# CONFIG_PREEMPT_LAZY is not set +# CONFIG_PREEMPT_RT is not set +# CONFIG_PREEMPT_TRACER is not set CONFIG_PREFIX_SYMBOLS=y +# CONFIG_PRINTK_INDEX is not set CONFIG_PROBE_EVENTS=y -CONFIG_PROBE_EVENTS_BTF_ARGS=y CONFIG_PROCESSOR_SELECT=y CONFIG_PROC_CPU_RESCTRL=y -CONFIG_PROC_EVENTS=y CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_PROC_VMCORE=y CONFIG_PROC_VMCORE_DEVICE_DUMP=y -CONFIG_PROFILING=y -CONFIG_PSE_CONTROLLER=y -CONFIG_PSI=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PSE_PD692X0 is not set +# CONFIG_PSE_REGULATOR is not set +# CONFIG_PSE_TPS23881 is not set +# CONFIG_PSI_DEFAULT_DISABLED is not set CONFIG_PSTORE=y +# CONFIG_PSTORE_BLK is not set CONFIG_PSTORE_COMPRESS=y -CONFIG_PTDUMP_CORE=y +# CONFIG_PSTORE_CONSOLE is not set +CONFIG_PSTORE_DEFAULT_KMSG_BYTES=10240 +# CONFIG_PSTORE_FTRACE is not set +# CONFIG_PSTORE_PMSG is not set +# CONFIG_PSTORE_RAM is not set +CONFIG_PTDUMP=y +# CONFIG_PTDUMP_DEBUGFS is not set CONFIG_PTE_MARKER_UFFD_WP=y -CONFIG_PTP_1588_CLOCK=y -CONFIG_PVH=y -CONFIG_PVPANIC=y -CONFIG_PWM=y +# CONFIG_PTP_1588_CLOCK_FC3W is not set +# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set +# CONFIG_PTP_1588_CLOCK_IDTCM is not set +# CONFIG_PTP_1588_CLOCK_INES is not set +CONFIG_PTP_1588_CLOCK_KVM=y +# CONFIG_PTP_1588_CLOCK_MOCK is not set +CONFIG_PTP_1588_CLOCK_VMCLOCK=y +# CONFIG_PTP_1588_CLOCK_VMW is not set +CONFIG_PT_RECLAIM=y +# CONFIG_PVPANIC_MMIO is not set +# CONFIG_PVPANIC_PCI is not set +# CONFIG_PWM_CLK is not set CONFIG_PWM_CRC=y +# CONFIG_PWM_DEBUG is not set +# CONFIG_PWM_DWC is not set +# CONFIG_PWM_GPIO is not set CONFIG_PWM_LPSS=y CONFIG_PWM_LPSS_PCI=y CONFIG_PWM_LPSS_PLATFORM=y -CONFIG_QUOTA=y +# CONFIG_PWM_PCA9685 is not set +# CONFIG_PWM_TWL is not set +# CONFIG_PWM_TWL_LED is not set +# CONFIG_QCA808X_PHY is not set +# CONFIG_QCA83XX_PHY is not set +# CONFIG_QCOM_EMAC is not set +# CONFIG_QCOM_HIDMA is not set +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QED is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_QTNFMAC_PCIE is not set CONFIG_QUOTACTL=y +# CONFIG_QUOTA_DEBUG is not set CONFIG_QUOTA_NETLINK_INTERFACE=y -CONFIG_RANDOMIZE_BASE=y -CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y +# CONFIG_R6040 is not set CONFIG_RANDOMIZE_MEMORY=y -CONFIG_RANDOM_KMALLOC_CACHES=y -CONFIG_RAPIDIO=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa +# CONFIG_RAPIDIO_CHMAN is not set +# CONFIG_RAPIDIO_CPS_GEN2 is not set +# CONFIG_RAPIDIO_CPS_XX is not set +# CONFIG_RAPIDIO_DEBUG is not set +CONFIG_RAPIDIO_DISC_TIMEOUT=30 CONFIG_RAPIDIO_DMA_ENGINE=y -CONFIG_RAS=y +# CONFIG_RAPIDIO_ENABLE_RX_TX_PORTS is not set +# CONFIG_RAPIDIO_ENUM_BASIC is not set +# CONFIG_RAPIDIO_MPORT_CDEV is not set +# CONFIG_RAPIDIO_RXS_GEN3 is not set +# CONFIG_RAPIDIO_TSI721 is not set CONFIG_RAS_CEC=y -CONFIG_RCU_CPU_STALL_CPUTIME=y +# CONFIG_RAS_CEC_DEBUG is not set +# CONFIG_RAVE_SP_CORE is not set +# CONFIG_RBTREE_TEST is not set CONFIG_RCU_LAZY=y CONFIG_RCU_LAZY_DEFAULT_OFF=y CONFIG_RCU_NOCB_CPU=y -CONFIG_RD_BZIP2=y -CONFIG_RD_LZ4=y -CONFIG_RD_LZMA=y -CONFIG_RD_LZO=y -CONFIG_RD_XZ=y -CONFIG_REGMAP_I2C=y +# CONFIG_RCU_NOCB_CPU_DEFAULT_ALL is not set +# CONFIG_READ_ONLY_THP_FOR_FS is not set +# CONFIG_REALTEK_PHY_HWMON is not set +# CONFIG_REED_SOLOMON_TEST is not set CONFIG_REGMAP_IRQ=y CONFIG_REGMAP_MMIO=y CONFIG_REGMAP_SPI=y -CONFIG_REGULATOR=y +# CONFIG_REGULATOR_88PG86X is not set +# CONFIG_REGULATOR_88PM8607 is not set +# CONFIG_REGULATOR_AAT2870 is not set +# CONFIG_REGULATOR_ACT8865 is not set +# CONFIG_REGULATOR_AD5398 is not set +# CONFIG_REGULATOR_AS3711 is not set +# CONFIG_REGULATOR_AW37503 is not set +# CONFIG_REGULATOR_DA903X is not set +# CONFIG_REGULATOR_DA9052 is not set +# CONFIG_REGULATOR_DA9055 is not set +# CONFIG_REGULATOR_DA9210 is not set +# CONFIG_REGULATOR_DA9211 is not set +# CONFIG_REGULATOR_DEBUG is not set +# CONFIG_REGULATOR_FAN53555 is not set +# CONFIG_REGULATOR_FIXED_VOLTAGE is not set +# CONFIG_REGULATOR_GPIO is not set +# CONFIG_REGULATOR_ISL6271A is not set +# CONFIG_REGULATOR_ISL9305 is not set +# CONFIG_REGULATOR_LP3971 is not set +# CONFIG_REGULATOR_LP3972 is not set +# CONFIG_REGULATOR_LP872X is not set +# CONFIG_REGULATOR_LP8755 is not set +# CONFIG_REGULATOR_LP8788 is not set +# CONFIG_REGULATOR_LTC3589 is not set +# CONFIG_REGULATOR_LTC3676 is not set +# CONFIG_REGULATOR_MAX14577 is not set +# CONFIG_REGULATOR_MAX1586 is not set +# CONFIG_REGULATOR_MAX20086 is not set +# CONFIG_REGULATOR_MAX20411 is not set +# CONFIG_REGULATOR_MAX77503 is not set +# CONFIG_REGULATOR_MAX77693 is not set +# CONFIG_REGULATOR_MAX77826 is not set +# CONFIG_REGULATOR_MAX77857 is not set +# CONFIG_REGULATOR_MAX8649 is not set +# CONFIG_REGULATOR_MAX8660 is not set +# CONFIG_REGULATOR_MAX8893 is not set +# CONFIG_REGULATOR_MAX8925 is not set +# CONFIG_REGULATOR_MAX8952 is not set +# CONFIG_REGULATOR_MAX8997 is not set +# CONFIG_REGULATOR_MAX8998 is not set +# CONFIG_REGULATOR_MP8859 is not set +# CONFIG_REGULATOR_MT6311 is not set CONFIG_REGULATOR_NETLINK_EVENTS=y -CONFIG_REMOTEPROC=y +# CONFIG_REGULATOR_PALMAS is not set +# CONFIG_REGULATOR_PCA9450 is not set +# CONFIG_REGULATOR_PCAP is not set +# CONFIG_REGULATOR_PF9453 is not set +# CONFIG_REGULATOR_PV88060 is not set +# CONFIG_REGULATOR_PV88080 is not set +# CONFIG_REGULATOR_PV88090 is not set +# CONFIG_REGULATOR_PWM is not set +# CONFIG_REGULATOR_RAA215300 is not set +# CONFIG_REGULATOR_RC5T583 is not set +# CONFIG_REGULATOR_RT4801 is not set +# CONFIG_REGULATOR_RT4803 is not set +# CONFIG_REGULATOR_RT5190A is not set +# CONFIG_REGULATOR_RT5739 is not set +# CONFIG_REGULATOR_RT5759 is not set +# CONFIG_REGULATOR_RT6160 is not set +# CONFIG_REGULATOR_RT6190 is not set +# CONFIG_REGULATOR_RT6245 is not set +# CONFIG_REGULATOR_RTMV20 is not set +# CONFIG_REGULATOR_RTQ2134 is not set +# CONFIG_REGULATOR_RTQ2208 is not set +# CONFIG_REGULATOR_RTQ6752 is not set +# CONFIG_REGULATOR_SLG51000 is not set +# CONFIG_REGULATOR_TPS51632 is not set +# CONFIG_REGULATOR_TPS62360 is not set +# CONFIG_REGULATOR_TPS65023 is not set +# CONFIG_REGULATOR_TPS6507X is not set +# CONFIG_REGULATOR_TPS65090 is not set +# CONFIG_REGULATOR_TPS65132 is not set +# CONFIG_REGULATOR_TPS6524X is not set +# CONFIG_REGULATOR_TPS6586X is not set +# CONFIG_REGULATOR_TPS65910 is not set +# CONFIG_REGULATOR_TPS65912 is not set +# CONFIG_REGULATOR_TWL4030 is not set +# CONFIG_REGULATOR_USERSPACE_CONSUMER is not set +# CONFIG_REGULATOR_VIRTUAL_CONSUMER is not set +# CONFIG_REGULATOR_WM831X is not set +# CONFIG_REGULATOR_WM8350 is not set +# CONFIG_REGULATOR_WM8400 is not set CONFIG_REMOTEPROC_CDEV=y -CONFIG_RESET_ATTACK_MITIGATION=y -CONFIG_RESET_CONTROLLER=y +CONFIG_RESCTRL_FS_PSEUDO_LOCK=y +# CONFIG_RESET_GPIO is not set CONFIG_RESET_SIMPLE=y +# CONFIG_RESET_TI_SYSCON is not set +# CONFIG_RESET_TI_TPS380X is not set CONFIG_RETHOOK=y -CONFIG_RFKILL=y +# CONFIG_RFKILL_GPIO is not set CONFIG_RFKILL_INPUT=y CONFIG_RFKILL_LEDS=y CONFIG_RING_BUFFER=y -CONFIG_RTC_HCTOSYS=y -CONFIG_RTC_INTF_DEV=y -CONFIG_RTC_INTF_PROC=y -CONFIG_RTC_INTF_SYSFS=y -CONFIG_RTC_NVMEM=y -CONFIG_RTC_SYSTOHC=y -CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_RING_BUFFER_BENCHMARK is not set +# CONFIG_RING_BUFFER_STARTUP_TEST is not set +# CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set +# CONFIG_RIONET is not set +# CONFIG_RMNET is not set +# CONFIG_ROCKER is not set +# CONFIG_ROMFS_FS is not set +CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y +# CONFIG_RPMB is not set +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RSI_91X is not set +# CONFIG_RT2X00 is not set +# CONFIG_RTASE is not set +# CONFIG_RTC_DRV_88PM860X is not set +# CONFIG_RTC_DRV_DA9052 is not set +# CONFIG_RTC_DRV_DA9055 is not set +# CONFIG_RTC_DRV_DA9063 is not set +# CONFIG_RTC_DRV_DS1302 is not set +# CONFIG_RTC_DRV_DS1305 is not set +# CONFIG_RTC_DRV_DS1343 is not set +# CONFIG_RTC_DRV_DS1347 is not set +# CONFIG_RTC_DRV_DS1390 is not set +# CONFIG_RTC_DRV_LP8788 is not set +# CONFIG_RTC_DRV_M41T93 is not set +# CONFIG_RTC_DRV_M41T94 is not set +# CONFIG_RTC_DRV_MAX31335 is not set +# CONFIG_RTC_DRV_MAX6902 is not set +# CONFIG_RTC_DRV_MAX6916 is not set +# CONFIG_RTC_DRV_MAX8925 is not set +# CONFIG_RTC_DRV_MAX8997 is not set +# CONFIG_RTC_DRV_MAX8998 is not set +# CONFIG_RTC_DRV_MCP795 is not set +# CONFIG_RTC_DRV_PALMAS is not set +# CONFIG_RTC_DRV_PCAP is not set +# CONFIG_RTC_DRV_PCF2123 is not set +# CONFIG_RTC_DRV_R9701 is not set +# CONFIG_RTC_DRV_RC5T583 is not set +# CONFIG_RTC_DRV_RS5C348 is not set +# CONFIG_RTC_DRV_RX4581 is not set +# CONFIG_RTC_DRV_RX8111 is not set +# CONFIG_RTC_DRV_SD2405AL is not set +# CONFIG_RTC_DRV_TPS6586X is not set +# CONFIG_RTC_DRV_TPS65910 is not set +# CONFIG_RTC_DRV_WM831X is not set +# CONFIG_RTC_DRV_WM8350 is not set +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTL8180 is not set +# CONFIG_RTL8187 is not set +# CONFIG_RTL8188EE is not set +# CONFIG_RTL8192CE is not set +# CONFIG_RTL8192CU is not set +# CONFIG_RTL8192DE is not set +# CONFIG_RTL8192DU is not set +# CONFIG_RTL8192EE is not set +# CONFIG_RTL8192SE is not set +# CONFIG_RTL8723AE is not set +# CONFIG_RTL8723BE is not set +# CONFIG_RTL8821AE is not set +# CONFIG_RTL8XXXU is not set +CONFIG_RTL_CARDS=y +# CONFIG_RTW88 is not set +# CONFIG_RTW89 is not set +CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=0 CONFIG_RV=y +# CONFIG_RV_MON_SCHED is not set CONFIG_RV_MON_WWNR=y CONFIG_RV_REACTORS=y CONFIG_RV_REACT_PANIC=y CONFIG_RV_REACT_PRINTK=y -CONFIG_SAMPLES=y -CONFIG_SATA_PMP=y -CONFIG_SATA_ZPODD=y -CONFIG_SCHEDSTATS=y -CONFIG_SCHED_AUTOGROUP=y -CONFIG_SCHED_CLASS_EXT=y -CONFIG_SCHED_CLUSTER=y -CONFIG_SCHED_CORE=y -CONFIG_SCHED_DEBUG=y +# CONFIG_S2IO is not set +# CONFIG_SAMPLE_AUXDISPLAY is not set +# CONFIG_SAMPLE_FTRACE_OPS is not set +# CONFIG_SAMPLE_HUNG_TASK is not set +# CONFIG_SAMPLE_KOBJECT is not set +# CONFIG_SAMPLE_VFIO_MDEV_MDPY_FB is not set +# CONFIG_SAMPLE_WATCHDOG is not set +# CONFIG_SAMSUNG_GALAXYBOOK is not set +# CONFIG_SATA_DWC is not set +# CONFIG_SC92031 is not set CONFIG_SCHED_HRTICK=y CONFIG_SCHED_INFO=y -CONFIG_SCHED_MC=y CONFIG_SCHED_MC_PRIO=y -CONFIG_SCHED_OMIT_FRAME_POINTER=y -CONFIG_SCHED_STACK_END_CHECK=y CONFIG_SCHED_TRACER=y CONFIG_SCREEN_INFO=y -CONFIG_SCSI_CONSTANTS=y -CONFIG_SCSI_DH=y -CONFIG_SCSI_LOGGING=y -CONFIG_SCSI_PROC_FS=y -CONFIG_SCSI_SCAN_ASYNC=y -CONFIG_SECONDARY_TRUSTED_KEYRING=y -CONFIG_SECTION_MISMATCH_WARN_ONLY=y -CONFIG_SECURITY=y +# CONFIG_SCSI_DH_ALUA is not set +# CONFIG_SCSI_DH_EMC is not set +# CONFIG_SCSI_DH_HP_SW is not set +# CONFIG_SCSI_DH_RDAC is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING_SIGNED_BY_BUILTIN is not set CONFIG_SECURITY_APPARMOR=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y -CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY_IPE=y CONFIG_SECURITY_LANDLOCK=y +# CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_LOCKDOWN_LSM=y CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y CONFIG_SECURITY_NETWORK=y @@ -912,57 +2226,296 @@ CONFIG_SECURITY_SAFESETID=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y +# CONFIG_SECURITY_SELINUX_DEBUG is not set CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 +CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 CONFIG_SECURITY_SMACK=y CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y +# CONFIG_SECURITY_SMACK_BRINGUP is not set CONFIG_SECURITY_SMACK_NETFILTER=y CONFIG_SECURITY_TOMOYO=y +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" +# CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" CONFIG_SECURITY_YAMA=y -CONFIG_SERIAL_8250_16550A_VARIANTS=y +# CONFIG_SEG_LED_GPIO is not set +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_AD7314 is not set +# CONFIG_SENSORS_AD7414 is not set +# CONFIG_SENSORS_AD7418 is not set +# CONFIG_SENSORS_ADC128D818 is not set +# CONFIG_SENSORS_ADCXX is not set +# CONFIG_SENSORS_ADM1025 is not set +# CONFIG_SENSORS_ADM1026 is not set +# CONFIG_SENSORS_ADM1029 is not set +# CONFIG_SENSORS_ADM1031 is not set +# CONFIG_SENSORS_ADM1177 is not set +# CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADS7828 is not set +# CONFIG_SENSORS_ADS7871 is not set +# CONFIG_SENSORS_ADT7310 is not set +# CONFIG_SENSORS_ADT7410 is not set +# CONFIG_SENSORS_ADT7411 is not set +# CONFIG_SENSORS_ADT7462 is not set +# CONFIG_SENSORS_ADT7470 is not set +# CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_AHT10 is not set +# CONFIG_SENSORS_AMC6821 is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_AQUACOMPUTER_D5NEXT is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_ASB100 is not set +# CONFIG_SENSORS_ASC7621 is not set +# CONFIG_SENSORS_ASUS_EC is not set +# CONFIG_SENSORS_ASUS_ROG_RYUJIN is not set +# CONFIG_SENSORS_ASUS_WMI is not set +# CONFIG_SENSORS_ATK0110 is not set +# CONFIG_SENSORS_ATXP1 is not set +# CONFIG_SENSORS_AXI_FAN_CONTROL is not set +# CONFIG_SENSORS_CHIPCAP2 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_CORSAIR_CPRO is not set +# CONFIG_SENSORS_CORSAIR_PSU is not set +# CONFIG_SENSORS_DA9052_ADC is not set +# CONFIG_SENSORS_DA9055 is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_DME1737 is not set +# CONFIG_SENSORS_DRIVETEMP is not set +# CONFIG_SENSORS_DS1621 is not set +# CONFIG_SENSORS_DS620 is not set +# CONFIG_SENSORS_EMC1403 is not set +# CONFIG_SENSORS_EMC2103 is not set +# CONFIG_SENSORS_EMC2305 is not set +# CONFIG_SENSORS_EMC6W201 is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_F75375S is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_FSCHMD is not set +# CONFIG_SENSORS_FTSTEUTATES is not set +# CONFIG_SENSORS_G760A is not set +# CONFIG_SENSORS_G762 is not set +# CONFIG_SENSORS_GIGABYTE_WATERFORCE is not set +# CONFIG_SENSORS_GL518SM is not set +# CONFIG_SENSORS_GL520SM is not set +# CONFIG_SENSORS_HIH6130 is not set +# CONFIG_SENSORS_HP_WMI is not set +# CONFIG_SENSORS_HS3001 is not set +# CONFIG_SENSORS_HTU31 is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_INA209 is not set +# CONFIG_SENSORS_INA238 is not set +# CONFIG_SENSORS_INA2XX is not set +# CONFIG_SENSORS_INA3221 is not set +# CONFIG_SENSORS_ISL28022 is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_JC42 is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_LENOVO_EC is not set +# CONFIG_SENSORS_LINEAGE is not set +CONFIG_SENSORS_LIS3LV02D=y +# CONFIG_SENSORS_LM63 is not set +# CONFIG_SENSORS_LM70 is not set +# CONFIG_SENSORS_LM73 is not set +# CONFIG_SENSORS_LM75 is not set +# CONFIG_SENSORS_LM77 is not set +# CONFIG_SENSORS_LM78 is not set +# CONFIG_SENSORS_LM80 is not set +# CONFIG_SENSORS_LM83 is not set +# CONFIG_SENSORS_LM85 is not set +# CONFIG_SENSORS_LM87 is not set +# CONFIG_SENSORS_LM90 is not set +# CONFIG_SENSORS_LM92 is not set +# CONFIG_SENSORS_LM93 is not set +# CONFIG_SENSORS_LM95234 is not set +# CONFIG_SENSORS_LM95241 is not set +# CONFIG_SENSORS_LM95245 is not set +# CONFIG_SENSORS_LTC2945 is not set +# CONFIG_SENSORS_LTC2947_I2C is not set +# CONFIG_SENSORS_LTC2947_SPI is not set +# CONFIG_SENSORS_LTC2990 is not set +# CONFIG_SENSORS_LTC2991 is not set +# CONFIG_SENSORS_LTC2992 is not set +# CONFIG_SENSORS_LTC4151 is not set +# CONFIG_SENSORS_LTC4215 is not set +# CONFIG_SENSORS_LTC4222 is not set +# CONFIG_SENSORS_LTC4245 is not set +# CONFIG_SENSORS_LTC4260 is not set +# CONFIG_SENSORS_LTC4261 is not set +# CONFIG_SENSORS_LTC4282 is not set +# CONFIG_SENSORS_MAX1111 is not set +# CONFIG_SENSORS_MAX127 is not set +# CONFIG_SENSORS_MAX16065 is not set +# CONFIG_SENSORS_MAX1619 is not set +# CONFIG_SENSORS_MAX1668 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MAX31722 is not set +# CONFIG_SENSORS_MAX31730 is not set +# CONFIG_SENSORS_MAX31760 is not set +# CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MAX6620 is not set +# CONFIG_SENSORS_MAX6621 is not set +# CONFIG_SENSORS_MAX6639 is not set +# CONFIG_SENSORS_MAX6650 is not set +# CONFIG_SENSORS_MAX6697 is not set +# CONFIG_SENSORS_MC34VR500 is not set +# CONFIG_SENSORS_MCP3021 is not set +# CONFIG_SENSORS_MLXREG_FAN is not set +# CONFIG_SENSORS_MR75203 is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NCT6775_I2C is not set +# CONFIG_SENSORS_NCT7363 is not set +# CONFIG_SENSORS_NCT7802 is not set +# CONFIG_SENSORS_NCT7904 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_NZXT_KRAKEN2 is not set +# CONFIG_SENSORS_NZXT_KRAKEN3 is not set +# CONFIG_SENSORS_NZXT_SMART2 is not set +# CONFIG_SENSORS_OCC_P8_I2C is not set +# CONFIG_SENSORS_OXP is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_PCF8591 is not set +# CONFIG_SENSORS_POWERZ is not set +# CONFIG_SENSORS_POWR1220 is not set +# CONFIG_SENSORS_PT5161L is not set +# CONFIG_SENSORS_PWM_FAN is not set +# CONFIG_SENSORS_SBRMI is not set +# CONFIG_SENSORS_SBTSI is not set +# CONFIG_SENSORS_SCH5627 is not set +# CONFIG_SENSORS_SCH5636 is not set +# CONFIG_SENSORS_SHT15 is not set +# CONFIG_SENSORS_SHT21 is not set +# CONFIG_SENSORS_SHT3x is not set +# CONFIG_SENSORS_SHT4x is not set +# CONFIG_SENSORS_SHTC1 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47M192 is not set +# CONFIG_SENSORS_SPD5118 is not set +# CONFIG_SENSORS_STTS751 is not set +# CONFIG_SENSORS_TC654 is not set +# CONFIG_SENSORS_TC74 is not set +# CONFIG_SENSORS_THMC50 is not set +# CONFIG_SENSORS_TMP102 is not set +# CONFIG_SENSORS_TMP103 is not set +# CONFIG_SENSORS_TMP108 is not set +# CONFIG_SENSORS_TMP401 is not set +# CONFIG_SENSORS_TMP421 is not set +# CONFIG_SENSORS_TMP464 is not set +# CONFIG_SENSORS_TMP513 is not set +# CONFIG_SENSORS_TPS23861 is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627EHF is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83773G is not set +# CONFIG_SENSORS_W83781D is not set +# CONFIG_SENSORS_W83791D is not set +# CONFIG_SENSORS_W83792D is not set +# CONFIG_SENSORS_W83793 is not set +# CONFIG_SENSORS_W83795 is not set +# CONFIG_SENSORS_W83L785TS is not set +# CONFIG_SENSORS_W83L786NG is not set +# CONFIG_SENSORS_WM831X is not set +# CONFIG_SENSORS_WM8350 is not set +# CONFIG_SENSORS_XGENE is not set +# CONFIG_SERIAL_8250_DETECT_IRQ is not set CONFIG_SERIAL_8250_DMA=y -CONFIG_SERIAL_8250_EXTENDED=y -CONFIG_SERIAL_8250_FINTEK=y CONFIG_SERIAL_8250_MANY_PORTS=y -CONFIG_SERIAL_8250_MID=y +# CONFIG_SERIAL_8250_NI is not set CONFIG_SERIAL_8250_RSA=y -CONFIG_SERIAL_8250_RT288X=y CONFIG_SERIAL_8250_SHARE_IRQ=y -CONFIG_SERIAL_DEV_BUS=y CONFIG_SERIAL_DEV_CTRL_TTYPORT=y -CONFIG_SERIAL_KGDB_NMI=y +# CONFIG_SERIAL_MAX3100 is not set CONFIG_SERIAL_MAX310X=y CONFIG_SERIAL_MCTRL_GPIO=y -CONFIG_SERIAL_NONSTANDARD=y -CONFIG_SERIAL_SCCNXP=y +# CONFIG_SERIAL_MULTI_INSTANTIATE is not set CONFIG_SERIAL_SCCNXP_CONSOLE=y -CONFIG_SGI_PARTITION=y -CONFIG_SHUFFLE_PAGE_ALLOCATOR=y +# CONFIG_SERIO_GPIO_PS2 is not set +CONFIG_SEV_GUEST=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +# CONFIG_SFC_SIENA is not set +# CONFIG_SF_PDMA is not set +# CONFIG_SGI_GRU is not set +# CONFIG_SGI_XP is not set +# CONFIG_SHRINKER_DEBUG is not set CONFIG_SIGNATURE=y -CONFIG_SIGNED_PE_FILE_VERIFICATION=y +# CONFIG_SIS190 is not set +# CONFIG_SIS900 is not set +# CONFIG_SKFP is not set +# CONFIG_SKGE_DEBUG is not set +# CONFIG_SKY2_DEBUG is not set CONFIG_SLAB_BUCKETS=y -CONFIG_SLAB_FREELIST_HARDENED=y -CONFIG_SLAB_FREELIST_RANDOM=y -CONFIG_SLAB_MERGE_DEFAULT=y CONFIG_SLAB_OBJ_EXT=y CONFIG_SLHC=y -CONFIG_SLUB_CPU_PARTIAL=y -CONFIG_SOC_TI=y -CONFIG_SOFTLOCKUP_DETECTOR=y -CONFIG_SOLARIS_X86_PARTITION=y -CONFIG_SPARSEMEM_VMEMMAP=y -CONFIG_SPI=y +# CONFIG_SLICOSS is not set +# CONFIG_SLUB_TINY is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +# CONFIG_SONY_LAPTOP is not set +CONFIG_SPARSEMEM_VMEMMAP_PREINIT=y +# CONFIG_SPEAKUP is not set +# CONFIG_SPI_ALTERA is not set +# CONFIG_SPI_AMD is not set +# CONFIG_SPI_AX88796C is not set +# CONFIG_SPI_AXI_SPI_ENGINE is not set +# CONFIG_SPI_BITBANG is not set +# CONFIG_SPI_BUTTERFLY is not set +# CONFIG_SPI_CADENCE is not set +# CONFIG_SPI_CH341 is not set +# CONFIG_SPI_DEBUG is not set +# CONFIG_SPI_DESIGNWARE is not set CONFIG_SPI_DYNAMIC=y +# CONFIG_SPI_GPIO is not set +# CONFIG_SPI_INTEL_PCI is not set +# CONFIG_SPI_INTEL_PLATFORM is not set +# CONFIG_SPI_LANTIQ_SSC is not set +# CONFIG_SPI_LM70_LLP is not set CONFIG_SPI_MASTER=y CONFIG_SPI_MEM=y +# CONFIG_SPI_MICROCHIP_CORE is not set +# CONFIG_SPI_MICROCHIP_CORE_QSPI is not set +# CONFIG_SPI_MUX is not set +# CONFIG_SPI_MXIC is not set +# CONFIG_SPI_OC_TINY is not set +# CONFIG_SPI_PCI1XXXX is not set +# CONFIG_SPI_PXA2XX is not set +# CONFIG_SPI_SC18IS602 is not set +# CONFIG_SPI_SIFIVE is not set CONFIG_SPI_SLAVE=y +# CONFIG_SPI_SLAVE_SYSTEM_CONTROL is not set +# CONFIG_SPI_SLAVE_TIME is not set +# CONFIG_SPI_SPIDEV is not set +# CONFIG_SPI_TLE62X0 is not set +# CONFIG_SPI_XCOMM is not set +# CONFIG_SPI_XILINX is not set +# CONFIG_SPI_ZYNQMP_GQSPI is not set CONFIG_SPLIT_PMD_PTLOCKS=y CONFIG_SPLIT_PTE_PTLOCKS=y CONFIG_SQUASHFS=y +# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set CONFIG_SQUASHFS_CHOICE_DECOMP_BY_MOUNT=y CONFIG_SQUASHFS_DECOMP_MULTI=y CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y CONFIG_SQUASHFS_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_EMBEDDED is not set +# CONFIG_SQUASHFS_FILE_CACHE is not set CONFIG_SQUASHFS_FILE_DIRECT=y +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 CONFIG_SQUASHFS_LZ4=y CONFIG_SQUASHFS_LZO=y CONFIG_SQUASHFS_MOUNT_DECOMP_THREADS=y @@ -970,187 +2523,277 @@ CONFIG_SQUASHFS_XATTR=y CONFIG_SQUASHFS_XZ=y CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_ZSTD=y -CONFIG_SRAM=y -CONFIG_STACKPROTECTOR=y +# CONFIG_SSIF_IPMI_BMC is not set +CONFIG_STACKDEPOT_MAX_FRAMES=64 CONFIG_STACKPROTECTOR_STRONG=y CONFIG_STACK_TRACER=y -CONFIG_STACK_VALIDATION=y -CONFIG_STAGING=y CONFIG_STAGING_MEDIA=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_STMMAC_ETH is not set CONFIG_STREAM_PARSER=y CONFIG_STRICT_DEVMEM=y -CONFIG_SUN_PARTITION=y -CONFIG_SURFACE_PLATFORMS=y -CONFIG_SUSPEND=y +# CONFIG_SUNGEM is not set +# CONFIG_SURFACE3_WMI is not set +# CONFIG_SURFACE_3_POWER_OPREGION is not set +# CONFIG_SURFACE_AGGREGATOR is not set +# CONFIG_SURFACE_GPE is not set +# CONFIG_SURFACE_HOTPLUG is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set CONFIG_SUSPEND_FREEZER=y -CONFIG_SWIOTLB_DYNAMIC=y +# CONFIG_SUSPEND_SKIP_SYNC is not set CONFIG_SWIOTLB_XEN=y CONFIG_SW_SYNC=y -CONFIG_SYMBOLIC_ERRNAME=y +# CONFIG_SXGBE_ETH is not set CONFIG_SYNTH_EVENTS=y -CONFIG_SYSFB_SIMPLEFB=y -CONFIG_SYSTEM_BLACKLIST_KEYRING=y -CONFIG_SYSTEM_EXTRA_CERTIFICATE=y +# CONFIG_SYSTEM76_ACPI is not set +# CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE is not set +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_REVOCATION_KEYS="" CONFIG_SYSTEM_REVOCATION_LIST=y -CONFIG_SYSV68_PARTITION=y CONFIG_SYS_HYPERVISOR=y -CONFIG_TASKSTATS=y CONFIG_TASKS_RUDE_RCU=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_IO_ACCOUNTING=y CONFIG_TASK_XACCT=y +# CONFIG_TCG_TIS_SPI is not set +# CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TPM2_HMAC=y +# CONFIG_TCG_XEN is not set CONFIG_TCP_AO=y -CONFIG_TCP_CONG_ADVANCED=y -CONFIG_TCP_MD5SIG=y +# CONFIG_TCP_CONG_BBR is not set +CONFIG_TCP_CONG_BIC=y +# CONFIG_TCP_CONG_CDG is not set +# CONFIG_TCP_CONG_DCTCP is not set +# CONFIG_TCP_CONG_HSTCP is not set +CONFIG_TCP_CONG_HTCP=y +# CONFIG_TCP_CONG_HYBLA is not set +# CONFIG_TCP_CONG_ILLINOIS is not set +# CONFIG_TCP_CONG_LP is not set +# CONFIG_TCP_CONG_NV is not set +# CONFIG_TCP_CONG_SCALABLE is not set +# CONFIG_TCP_CONG_VEGAS is not set +# CONFIG_TCP_CONG_VENO is not set +CONFIG_TCP_CONG_WESTWOOD=y +# CONFIG_TCP_CONG_YEAH is not set CONFIG_TCP_SIGPOOL=y -CONFIG_THERMAL_EMULATION=y -CONFIG_THERMAL_GOV_BANG_BANG=y -CONFIG_THERMAL_GOV_FAIR_SHARE=y +# CONFIG_TEHUTI is not set +# CONFIG_TEHUTI_TN40 is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_BITOPS is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +# CONFIG_TEST_DHRY is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_TEST_DYNAMIC_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_HMM is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_MULDIV64 is not set +# CONFIG_TEST_REF_TRACKER is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_THERMAL_CORE_TESTING is not set +# CONFIG_THERMAL_DEBUGFS is not set +# CONFIG_THERMAL_DEFAULT_GOV_BANG_BANG is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set CONFIG_THERMAL_GOV_POWER_ALLOCATOR=y -CONFIG_THERMAL_GOV_USER_SPACE=y CONFIG_THERMAL_HWMON=y -CONFIG_THERMAL_NETLINK=y -CONFIG_THERMAL_STATISTICS=y +# CONFIG_THINKPAD_ACPI is not set CONFIG_THP_SWAP=y +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_THUNDER_NIC_VF is not set +CONFIG_TIGON3_HWMON=y CONFIG_TIMERLAT_TRACER=y -CONFIG_TMPFS_INODE64=y -CONFIG_TMPFS_POSIX_ACL=y -CONFIG_TMPFS_QUOTA=y -CONFIG_TOUCHSCREEN_ELAN=y +# CONFIG_TINYDRM_HX8357D is not set +# CONFIG_TINYDRM_ILI9163 is not set +# CONFIG_TINYDRM_ILI9225 is not set +# CONFIG_TINYDRM_ILI9341 is not set +# CONFIG_TINYDRM_ILI9486 is not set +# CONFIG_TINYDRM_MI0283QT is not set +# CONFIG_TINYDRM_REPAPER is not set +# CONFIG_TINYDRM_SHARP_MEMORY is not set +# CONFIG_TINYDRM_ST7586 is not set +# CONFIG_TINYDRM_ST7735R is not set +# CONFIG_TI_CPSW_PHY_SEL is not set +# CONFIG_TLAN is not set +# CONFIG_TOUCHSCREEN_88PM860X is not set +# CONFIG_TOUCHSCREEN_AD7877 is not set +# CONFIG_TOUCHSCREEN_ADS7846 is not set +# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set +# CONFIG_TOUCHSCREEN_CY8CTMG110 is not set +CONFIG_TOUCHSCREEN_DA9034=y +# CONFIG_TOUCHSCREEN_DA9052 is not set +# CONFIG_TOUCHSCREEN_GOODIX is not set +# CONFIG_TOUCHSCREEN_GOODIX_BERLIN_I2C is not set +# CONFIG_TOUCHSCREEN_GOODIX_BERLIN_SPI is not set +# CONFIG_TOUCHSCREEN_MSG2638 is not set +# CONFIG_TOUCHSCREEN_PCAP is not set +# CONFIG_TOUCHSCREEN_RM_TS is not set +# CONFIG_TOUCHSCREEN_SIS_I2C is not set +# CONFIG_TOUCHSCREEN_SURFACE3_SPI is not set +# CONFIG_TOUCHSCREEN_TSC2005 is not set +# CONFIG_TOUCHSCREEN_WM831X is not set +# CONFIG_TOUCHSCREEN_ZFORCE is not set +# CONFIG_TPS65010 is not set CONFIG_TRACEPOINTS=y +# CONFIG_TRACEPOINT_BENCHMARK is not set CONFIG_TRACER_MAX_TRACE=y CONFIG_TRACER_SNAPSHOT=y +# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set CONFIG_TRACE_CLOCK=y +# CONFIG_TRACE_EVAL_MAP_FILE is not set CONFIG_TRACE_EVENT_INJECT=y CONFIG_TRACING=y CONFIG_TRACING_MAP=y -CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y -CONFIG_TRUSTED_KEYS=y +# CONFIG_TRANSPARENT_HUGEPAGE_NEVER is not set CONFIG_TRUSTED_KEYS_TPM=y +CONFIG_TSM_REPORTS=y +# CONFIG_TSNEP is not set CONFIG_TTY_PRINTK=y -CONFIG_TWL4030_CORE=y -CONFIG_TWL6040_CORE=y -CONFIG_UBSAN=y +CONFIG_TTY_PRINTK_LEVEL=6 +# CONFIG_TULIP is not set +# CONFIG_TWL4030_WATCHDOG is not set +# CONFIG_TXGBE is not set +# CONFIG_UBSAN_ALIGNMENT is not set CONFIG_UBSAN_BOOL=y CONFIG_UBSAN_BOUNDS=y CONFIG_UBSAN_BOUNDS_STRICT=y +# CONFIG_UBSAN_DIV_ZERO is not set CONFIG_UBSAN_ENUM=y CONFIG_UBSAN_SHIFT=y -CONFIG_UBSAN_SIGNED_WRAP=y -CONFIG_UCLAMP_TASK=y +# CONFIG_UBSAN_TRAP is not set +CONFIG_UCLAMP_BUCKETS_COUNT=5 CONFIG_UCLAMP_TASK_GROUP=y -CONFIG_UDMABUF=y CONFIG_UEFI_CPER=y CONFIG_UEFI_CPER_X86=y -CONFIG_UEVENT_HELPER=y -CONFIG_ULTRIX_PARTITION=y -CONFIG_UNICODE=y +CONFIG_UEVENT_HELPER_PATH="" +# CONFIG_UFS_FS is not set +# CONFIG_ULI526X is not set CONFIG_UNION_FIND=y -CONFIG_UNIXWARE_DISKLABEL=y CONFIG_UPROBES=y CONFIG_UPROBE_EVENTS=y -CONFIG_USB_ANNOUNCE_NEW_DEVICES=y -CONFIG_USB_DEFAULT_PERSIST=y -CONFIG_USB_DWC2=y +# CONFIG_USB_CONN_GPIO is not set +CONFIG_USB_DEFAULT_AUTHORIZATION_MODE=1 +# CONFIG_USB_DWC2_DEBUG is not set CONFIG_USB_DWC2_HOST=y -CONFIG_USB_DYNAMIC_MINORS=y -CONFIG_USB_EHCI_HCD_PLATFORM=y +# CONFIG_USB_DWC2_PCI is not set +# CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set CONFIG_USB_EHCI_PCI=y -CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_LED_TRIG=y +# CONFIG_USB_GPIO_VBUS is not set +# CONFIG_USB_HSO is not set +# CONFIG_USB_LJCA is not set +# CONFIG_USB_MAX3421_HCD is not set CONFIG_USB_OHCI_HCD_PCI=y -CONFIG_USB_OHCI_HCD_PLATFORM=y -CONFIG_USB_PCI=y +# CONFIG_USB_OTG_DISABLE_EXTERNAL_HUB is not set CONFIG_USB_PCI_AMD=y -CONFIG_USB_ROLE_SWITCH=y +# CONFIG_USB_PULSE8_CEC is not set +# CONFIG_USB_RAINSHADOW_CEC is not set +# CONFIG_USB_ROLES_INTEL_XHCI is not set CONFIG_USB_UHCI_HCD=y -CONFIG_USB_XHCI_DBGCAP=y +# CONFIG_USB_XEN_HCD is not set CONFIG_USB_XHCI_PCI=y -CONFIG_USELIB=y -CONFIG_USERFAULTFD=y CONFIG_USER_DECRYPTED_DATA=y CONFIG_USER_EVENTS=y CONFIG_USE_PERCPU_NUMA_NODE_ID=y CONFIG_USE_X86_SEG_SUPPORT=y -CONFIG_VALIDATE_FS_PARSER=y +CONFIG_UV_MMTIMER=y +# CONFIG_UV_SYSFS is not set CONFIG_VCAP=y CONFIG_VDSO_GETRANDOM=y -CONFIG_VGA_SWITCHEROO=y -CONFIG_VHOST_MENU=y +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_VSOCK is not set +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set CONFIG_VIDEO=y -CONFIG_VIRTIO_IOMMU=y -CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +# CONFIG_VIRTIO_DEBUG is not set +# CONFIG_VIRTIO_MEM is not set CONFIG_VIRTIO_PCI_ADMIN_LEGACY=y -CONFIG_VIRTIO_PCI_LEGACY=y CONFIG_VIRTIO_PCI_LIB_LEGACY=y -CONFIG_VIRTUALIZATION=y +# CONFIG_VIRTIO_PMEM is not set CONFIG_VIRT_CPU_ACCOUNTING=y -CONFIG_VIRT_CPU_ACCOUNTING_GEN=y -CONFIG_VMAP_STACK=y CONFIG_VMCORE_INFO=y CONFIG_VME_BUS=y +# CONFIG_VME_FAKE is not set +# CONFIG_VME_TSI148 is not set +# CONFIG_VME_USER is not set CONFIG_VMLINUX_MAP=y CONFIG_VT_CONSOLE_SLEEP=y -CONFIG_WAN=y +# CONFIG_VXFS_FS is not set CONFIG_WANT_DEV_COREDUMP=y -CONFIG_WATCHDOG_CORE=y -CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y CONFIG_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP=y +# CONFIG_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_PANIC is not set CONFIG_WATCHDOG_PRETIMEOUT_GOV=y CONFIG_WATCHDOG_PRETIMEOUT_GOV_NOOP=y -CONFIG_WATCHDOG_SYSFS=y -CONFIG_WATCH_QUEUE=y -CONFIG_WLAN_VENDOR_ADMTEK=y -CONFIG_WLAN_VENDOR_ATMEL=y -CONFIG_WLAN_VENDOR_BROADCOM=y -CONFIG_WLAN_VENDOR_INTEL=y -CONFIG_WLAN_VENDOR_INTERSIL=y -CONFIG_WLAN_VENDOR_MARVELL=y -CONFIG_WLAN_VENDOR_MEDIATEK=y -CONFIG_WLAN_VENDOR_MICROCHIP=y -CONFIG_WLAN_VENDOR_PURELIFI=y -CONFIG_WLAN_VENDOR_QUANTENNA=y -CONFIG_WLAN_VENDOR_RALINK=y -CONFIG_WLAN_VENDOR_REALTEK=y -CONFIG_WLAN_VENDOR_RSI=y -CONFIG_WLAN_VENDOR_SILABS=y -CONFIG_WLAN_VENDOR_ST=y -CONFIG_WLAN_VENDOR_TI=y -CONFIG_WLAN_VENDOR_ZYDAS=y -CONFIG_WQ_CPU_INTENSIVE_REPORT=y -CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y -CONFIG_X86_5LEVEL=y +CONFIG_WATCHDOG_PRETIMEOUT_GOV_PANIC=y +CONFIG_WATCHDOG_PRETIMEOUT_GOV_SEL=y +# CONFIG_WFX is not set +# CONFIG_WILC1000_SDIO is not set +# CONFIG_WILC1000_SPI is not set +# CONFIG_WINBOND_840 is not set +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_WL1251 is not set +# CONFIG_WL12XX is not set +# CONFIG_WL18XX is not set +# CONFIG_WLCORE is not set +# CONFIG_WM831X_BACKUP is not set +# CONFIG_WM831X_POWER is not set +# CONFIG_WM831X_WATCHDOG is not set +# CONFIG_WM8350_POWER is not set +# CONFIG_WM8350_WATCHDOG is not set CONFIG_X86_64_ACPI_NUMA=y -CONFIG_X86_ACPI_CPUFREQ_CPB=y -CONFIG_X86_AMD_PSTATE=y +CONFIG_X86_AMD_PSTATE_DEFAULT_MODE=3 +# CONFIG_X86_ANDROID_TABLETS is not set CONFIG_X86_BUS_LOCK_DETECT=y CONFIG_X86_CET=y -CONFIG_X86_CPU_RESCTRL=y -CONFIG_X86_DEBUG_FPU=y +# CONFIG_X86_CPA_STATISTICS is not set +CONFIG_X86_CX8=y +CONFIG_X86_DISABLED_FEATURE_CENTAUR_MCR=y +CONFIG_X86_DISABLED_FEATURE_CYRIX_ARR=y +CONFIG_X86_DISABLED_FEATURE_IBT=y +CONFIG_X86_DISABLED_FEATURE_K6_MTRR=y +CONFIG_X86_DISABLED_FEATURE_LAM=y +CONFIG_X86_DISABLED_FEATURE_SEV_SNP=y +CONFIG_X86_DISABLED_FEATURE_VME=y CONFIG_X86_FRED=y CONFIG_X86_HAVE_PAE=y -CONFIG_X86_INTEL_LPSS=y -CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y -CONFIG_X86_IOPL_IOPERM=y -CONFIG_X86_MCELOG_LEGACY=y -CONFIG_X86_MPPARSE=y +# CONFIG_X86_MCE_INJECT is not set CONFIG_X86_NEED_RELOCS=y CONFIG_X86_NUMACHIP=y -CONFIG_X86_PCC_CPUFREQ=y -CONFIG_X86_PLATFORM_DRIVERS_DELL=y -CONFIG_X86_PLATFORM_DRIVERS_HP=y -CONFIG_X86_PMEM_LEGACY=y CONFIG_X86_PMEM_LEGACY_DEVICE=y -CONFIG_X86_POWERNOW_K8=y -CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y -CONFIG_X86_SGX=y -CONFIG_X86_SPEEDSTEP_CENTRINO=y -CONFIG_X86_USER_SHADOW_STACK=y +# CONFIG_X86_POSTED_MSI is not set +CONFIG_X86_REQUIRED_FEATURE_ALWAYS=y +CONFIG_X86_REQUIRED_FEATURE_CMOV=y +CONFIG_X86_REQUIRED_FEATURE_CPUID=y +CONFIG_X86_REQUIRED_FEATURE_CX8=y +CONFIG_X86_REQUIRED_FEATURE_FPU=y +CONFIG_X86_REQUIRED_FEATURE_FXSR=y +CONFIG_X86_REQUIRED_FEATURE_LM=y +CONFIG_X86_REQUIRED_FEATURE_MSR=y +CONFIG_X86_REQUIRED_FEATURE_NOPL=y +CONFIG_X86_REQUIRED_FEATURE_PAE=y +CONFIG_X86_REQUIRED_FEATURE_XMM=y +CONFIG_X86_REQUIRED_FEATURE_XMM2=y CONFIG_X86_UV=y CONFIG_XARRAY_MULTI=y -CONFIG_XDP_SOCKETS=y -CONFIG_XEN=y +# CONFIG_XDP_SOCKETS_DIAG is not set +CONFIG_XENFS=y CONFIG_XEN_512GB=y CONFIG_XEN_ACPI=y CONFIG_XEN_ACPI_PROCESSOR=y @@ -1158,16 +2801,33 @@ CONFIG_XEN_AUTO_XLATE=y CONFIG_XEN_BACKEND=y CONFIG_XEN_BALLOON=y CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y +# CONFIG_XEN_BLKDEV_BACKEND is not set CONFIG_XEN_BLKDEV_FRONTEND=y +CONFIG_XEN_COMPAT_XENFS=y +# CONFIG_XEN_DEBUG_FS is not set +CONFIG_XEN_DEV_EVTCHN=y CONFIG_XEN_DOM0=y CONFIG_XEN_EFI=y +CONFIG_XEN_FBDEV_FRONTEND=y +CONFIG_XEN_GNTDEV=y +# CONFIG_XEN_GNTDEV_DMABUF is not set +CONFIG_XEN_GRANT_DEV_ALLOC=y CONFIG_XEN_GRANT_DMA_ALLOC=y CONFIG_XEN_GRANT_DMA_OPS=y CONFIG_XEN_HAVE_PVMMU=y CONFIG_XEN_HAVE_VPMU=y CONFIG_XEN_MCE_LOG=y +CONFIG_XEN_MEMORY_HOTPLUG_LIMIT=512 +# CONFIG_XEN_NETDEV_BACKEND is not set CONFIG_XEN_NETDEV_FRONTEND=y +CONFIG_XEN_PCIDEV_BACKEND=y +CONFIG_XEN_PCIDEV_FRONTEND=y +CONFIG_XEN_PCI_STUB=y +CONFIG_XEN_PRIVCMD=y +# CONFIG_XEN_PRIVCMD_EVENTFD is not set CONFIG_XEN_PV=y +# CONFIG_XEN_PVCALLS_BACKEND is not set +# CONFIG_XEN_PVCALLS_FRONTEND is not set CONFIG_XEN_PVH=y CONFIG_XEN_PVHVM=y CONFIG_XEN_PVHVM_GUEST=y @@ -1177,12 +2837,18 @@ CONFIG_XEN_PV_MSR_SAFE=y CONFIG_XEN_PV_SMP=y CONFIG_XEN_SAVE_RESTORE=y CONFIG_XEN_SCRUB_PAGES_DEFAULT=y +# CONFIG_XEN_SCSI_FRONTEND is not set +CONFIG_XEN_SYMS=y CONFIG_XEN_SYS_HYPERVISOR=y CONFIG_XEN_UNPOPULATED_ALLOC=y CONFIG_XEN_VIRTIO=y +# CONFIG_XEN_VIRTIO_FORCE_GRANT is not set +# CONFIG_XEN_WDT is not set CONFIG_XEN_XENBUS_FRONTEND=y -CONFIG_XXHASH=y -CONFIG_XZ_DEC=y +# CONFIG_XILINX_DMA is not set +# CONFIG_XILINX_EMACLITE is not set +# CONFIG_XILINX_LL_TEMAC is not set +# CONFIG_XILINX_XDMA is not set CONFIG_XZ_DEC_ARM=y CONFIG_XZ_DEC_ARM64=y CONFIG_XZ_DEC_ARMTHUMB=y @@ -1191,26 +2857,28 @@ CONFIG_XZ_DEC_MICROLZMA=y CONFIG_XZ_DEC_POWERPC=y CONFIG_XZ_DEC_RISCV=y CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_TEST is not set CONFIG_XZ_DEC_X86=y -CONFIG_ZBUD=y -CONFIG_ZERO_CALL_USED_REGS=y +# CONFIG_YELLOWFIN is not set +# CONFIG_YT2_1380 is not set +# CONFIG_ZD1211RW is not set CONFIG_ZLIB_DEFLATE=y +# CONFIG_ZONEFS_FS is not set CONFIG_ZONE_DEVICE=y CONFIG_ZPOOL=y +# CONFIG_ZRAM is not set CONFIG_ZSMALLOC=y -CONFIG_ZSTD_COMMON=y +CONFIG_ZSMALLOC_CHAIN_SIZE=8 +# CONFIG_ZSMALLOC_STAT is not set CONFIG_ZSTD_COMPRESS=y -CONFIG_ZSTD_DECOMPRESS=y -CONFIG_ZSWAP=y +CONFIG_ZSWAP_COMPRESSOR_DEFAULT="lzo" +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_842 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_DEFLATE is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4 is not set +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZ4HC is not set CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y +# CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD is not set +# CONFIG_ZSWAP_DEFAULT_ON is not set CONFIG_ZSWAP_SHRINKER_DEFAULT_ON=y -CONFIG_ZSWAP_ZPOOL_DEFAULT_ZBUD=y - -# Summary: -# Ubuntu config has 2134 enabled parameters -# Yocto config has 1160 enabled parameters -# Need to add 1207 parameters to Yocto config -# -# Breakdown: -# - 551 parameters exist in Yocto but are disabled -# - 656 parameters are completely new to Yocto (likely introduced in 6.9-6.13) +CONFIG_ZSWAP_ZPOOL_DEFAULT="zsmalloc" +CONFIG_ZSWAP_ZPOOL_DEFAULT_ZSMALLOC=y From 7ad92884ecb1fbb7ae1e9726f66e9dacafb360c5 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 11:54:14 +0100 Subject: [PATCH 11/15] feat: allow modular kernel config snippets --- kernel/mkosi.build | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/kernel/mkosi.build b/kernel/mkosi.build index 808485b..c6e69f2 100755 --- a/kernel/mkosi.build +++ b/kernel/mkosi.build @@ -15,9 +15,20 @@ if [[ -n "${KERNEL_CONFIG_SNIPPETS:-}" ]]; then IFS=',' read -ra snippets <<< "$KERNEL_CONFIG_SNIPPETS" for snippet in "${snippets[@]}"; do snippet_file="$SRCDIR/$snippet" - [[ -f "$snippet_file" ]] && cat "$snippet_file" >> "$config_file" + if [[ -f "$snippet_file" ]]; then + cat "$snippet_file" >> "$config_file" || true + fi done fi +for snippets_var in "${!KERNEL_CONFIG_SNIPPETS_@}"; do + IFS=',' read -ra snippets <<< "${!snippets_var}" + for snippet in "${snippets[@]}"; do + snippet_file="$SRCDIR/$snippet" + if [[ -f "$snippet_file" ]]; then + cat "$snippet_file" >> "$config_file" || true + fi + done +done # Calculate cache key and paths config_hash=$(sha256sum "$config_file" | cut -d' ' -f1 | cut -c1-12) @@ -43,6 +54,9 @@ else mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" make olddefconfig mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" make -j "$(nproc 2>/dev/null || echo 2)" bzImage ARCH=x86_64 CONFIG_EFI_STUB=y + echo "# kernel config:" + mkosi-chroot --chdir "/build/kernel-${KERNEL_VERSION}" cat .config + # Cache result mkdir -p "$cache_dir" cp arch/x86_64/boot/bzImage "$cache_dir/" From 9c28591802d6a60de0dacebda2ee0b7f1fcd6faf Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 11:55:07 +0100 Subject: [PATCH 12/15] feat: add reproducibility check --- .gitignore | 1 + Makefile | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/.gitignore b/.gitignore index 34c4139..6cbb6ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ # mkosi artifacts build/ +build.*/ env.json mkosi.builddir/ mkosi.cache/ diff --git a/Makefile b/Makefile index 2176715..f177a7b 100644 --- a/Makefile +++ b/Makefile @@ -50,6 +50,38 @@ build-dev: check-perms setup ## Build module with development tools ##@ Utilities +check-repro: ## Build same module twice and compare resulting images + @rm -rf build.1 + @rm -rf build.2 + + @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* + @sleep 5 + + @echo "Building image #1..." + $(WRAPPER) mkosi --force -I $(IMAGE).conf + @cp -r build build.1 + + @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* + @sleep 5 + + @echo "Building image #2..." + $(WRAPPER) mkosi --force -I $(IMAGE).conf + @cp -r build build.2 + + @echo "Comparing..." + + @echo "" + @sha256sum build.1/tdx-debian.vmlinuz + @sha256sum build.2/tdx-debian.vmlinuz + + @echo "" + @sha256sum build.1/tdx-debian.initrd + @sha256sum build.2/tdx-debian.initrd + + @echo "" + @sha256sum build.1/tdx-debian.efi + @sha256sum build.2/tdx-debian.efi + measure: ## Export TDX measurements for the built EFI file @if [ ! -f build/tdx-debian.efi ]; then \ echo "Error: build/tdx-debian.efi not found. Run 'make build' first."; \ From e85b24dc5beda08bfd0fa1a44ef2f13c494a4999 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Tue, 11 Nov 2025 11:55:39 +0100 Subject: [PATCH 13/15] feat: implement base l2 image --- l2/kernel.config | 2 -- l2/mkosi.conf | 2 +- mkosi.profiles/gcp/kernel.config | 2 ++ mkosi.profiles/gcp/mkosi.conf | 3 +++ 4 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 mkosi.profiles/gcp/kernel.config diff --git a/l2/kernel.config b/l2/kernel.config index 556a833..32f7f6d 100644 --- a/l2/kernel.config +++ b/l2/kernel.config @@ -1,3 +1 @@ -CONFIG_NET_VENDOR_GOOGLE=y -CONFIG_GVE=y CONFIG_XFS_FS=y diff --git a/l2/mkosi.conf b/l2/mkosi.conf index 1b42627..0a9ca2b 100644 --- a/l2/mkosi.conf +++ b/l2/mkosi.conf @@ -5,7 +5,7 @@ Include=base/mkosi.conf Profiles=gcp [Build] -Environment=KERNEL_CONFIG_SNIPPETS=kernel/snippets/ubuntu.config,l2/kernel.config +Environment=KERNEL_CONFIG_SNIPPETS_L2=kernel/snippets/ubuntu.config,l2/kernel.config WithNetwork=true [Content] diff --git a/mkosi.profiles/gcp/kernel.config b/mkosi.profiles/gcp/kernel.config new file mode 100644 index 0000000..f87a006 --- /dev/null +++ b/mkosi.profiles/gcp/kernel.config @@ -0,0 +1,2 @@ +CONFIG_NET_VENDOR_GOOGLE=y +CONFIG_GVE=y diff --git a/mkosi.profiles/gcp/mkosi.conf b/mkosi.profiles/gcp/mkosi.conf index 344c421..ce03a5a 100644 --- a/mkosi.profiles/gcp/mkosi.conf +++ b/mkosi.profiles/gcp/mkosi.conf @@ -1,3 +1,6 @@ +[Build] +Environment=KERNEL_CONFIG_SNIPPETS_GCP=mkosi.profiles/gcp/kernel.config + [Content] ExtraTrees=mkosi.extra From 77f5ff33089c17d6b5932e2a50f781ec837692e2 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Wed, 12 Nov 2025 09:59:34 +0100 Subject: [PATCH 14/15] fix: build profile-less base --- Makefile | 8 ++++++-- base/debloat.sh | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index f177a7b..e91df80 100644 --- a/Makefile +++ b/Makefile @@ -55,14 +55,18 @@ check-repro: ## Build same module twice and compare resulting images @rm -rf build.2 @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* - @sleep 5 +# hack: there's some race condition under lima that causes apt to fail while trying to +# create a temp dir under apt cache + @sleep 15 @echo "Building image #1..." $(WRAPPER) mkosi --force -I $(IMAGE).conf @cp -r build build.1 @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* - @sleep 5 +# hack: there's some race condition under lima that causes apt to fail while trying to +# create a temp dir under apt cache + @sleep 15 @echo "Building image #2..." $(WRAPPER) mkosi --force -I $(IMAGE).conf diff --git a/base/debloat.sh b/base/debloat.sh index 89a3b10..1906010 100755 --- a/base/debloat.sh +++ b/base/debloat.sh @@ -39,7 +39,7 @@ debloat_paths=( "/nix" ) -if [[ ! "$PROFILES" == *"devtools"* ]]; then +if [[ ! "${PROFILES:-}" == *"devtools"* ]]; then debloat_paths+=( "/usr/share/bash-completion" ) From dbaeecc8efef48d2f64428db05ff6984a71a3d42 Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 13 Nov 2025 15:17:23 +0100 Subject: [PATCH 15/15] wip --- Makefile | 33 +++-- README.md | 7 +- l2-builder.conf | 6 + l2/_op_rbuilder/mkosi.build | 73 +++++++++++ l2/_op_rbuilder/mkosi.conf | 17 +++ .../etc/default/prometheus-node-exporter | 7 ++ .../etc/flashbots/op-rbuilder.yaml | 14 +++ .../prometheus-process-exporter/config.yaml | 13 ++ .../etc/sysconfig/automount-data.env | 1 + .../systemd/system/node-healthchecker.service | 25 ++++ .../systemd/system/tdx-quote-provider.service | 26 ++++ .../vault-agent/gomplate/discovery-secret.hcl | 29 +++++ .../etc/vault-agent/gomplate/genesis.json.hcl | 31 +++++ .../etc/vault-agent/gomplate/jwtsecret.hcl | 16 +++ .../vault-agent/gomplate/op-rbuilder.env.hcl | 48 ++++++++ .../gomplate/op-rbuilder.service.ctmpl | 116 ++++++++++++++++++ .../gomplate/op-rbuilder.service.hcl | 33 +++++ .../vault-agent/gomplate/rproxy-tls.crt.hcl | 28 +++++ .../vault-agent/gomplate/rproxy-tls.key.hcl | 28 +++++ .../vault-agent/gomplate/rproxy.service.ctmpl | 75 +++++++++++ .../vault-agent/gomplate/rproxy.service.hcl | 23 ++++ .../mkosi.extra/usr/bin/init-op-rbuilder.sh | 34 +++++ l2/_op_rbuilder/mkosi.postinst | 7 ++ l2/mkosi.build | 26 ++-- l2/mkosi.extra/etc/flashbots/l2.yaml | 12 +- .../etc/vault-agent/gomplate/config.hcl | 2 +- l2/mkosi.extra/usr/bin/automount-data.sh | 7 +- l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh | 2 +- l2/op-rbuilder.conf | 3 + scripts/build_rust_package.sh | 3 +- scripts/make_git_package.sh | 25 ++-- 31 files changed, 713 insertions(+), 57 deletions(-) create mode 100644 l2-builder.conf create mode 100755 l2/_op_rbuilder/mkosi.build create mode 100644 l2/_op_rbuilder/mkosi.conf create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl create mode 100644 l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl create mode 100755 l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh create mode 100755 l2/_op_rbuilder/mkosi.postinst mode change 100644 => 100755 l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh create mode 100644 l2/op-rbuilder.conf diff --git a/Makefile b/Makefile index e91df80..34996bc 100644 --- a/Makefile +++ b/Makefile @@ -42,11 +42,11 @@ preflight: # Build module build: check-perms setup ## Build the specified module - $(WRAPPER) mkosi --force -I $(IMAGE).conf + time $(WRAPPER) mkosi --force -I $(IMAGE).conf # Build module with devtools profile build-dev: check-perms setup ## Build module with development tools - $(WRAPPER) mkosi --force --profile=devtools -I $(IMAGE).conf + time $(WRAPPER) mkosi --force --profile=devtools -I $(IMAGE).conf ##@ Utilities @@ -60,8 +60,10 @@ check-repro: ## Build same module twice and compare resulting images @sleep 15 @echo "Building image #1..." - $(WRAPPER) mkosi --force -I $(IMAGE).conf - @cp -r build build.1 + time $(WRAPPER) mkosi --force -I $(IMAGE).conf + @mkdir -p build/cache + @mv mkosi.builddir/* build/cache/ + @mv build build.1 @rm -rf build/* mkosi.builddir/* mkosi.cache/* mkosi.packages/* # hack: there's some race condition under lima that causes apt to fail while trying to @@ -69,22 +71,17 @@ check-repro: ## Build same module twice and compare resulting images @sleep 15 @echo "Building image #2..." - $(WRAPPER) mkosi --force -I $(IMAGE).conf - @cp -r build build.2 + time $(WRAPPER) mkosi --force -I $(IMAGE).conf + @mkdir -p build/cache + @mv mkosi.builddir/* build/cache/ + @mv build build.2 @echo "Comparing..." - - @echo "" - @sha256sum build.1/tdx-debian.vmlinuz - @sha256sum build.2/tdx-debian.vmlinuz - - @echo "" - @sha256sum build.1/tdx-debian.initrd - @sha256sum build.2/tdx-debian.initrd - - @echo "" - @sha256sum build.1/tdx-debian.efi - @sha256sum build.2/tdx-debian.efi + @for file in $$( find build.1 -type f ); do \ + sha256sum $$file; \ + sha256sum $${file/build1/build.2}; \ + echo ""; \ + done measure: ## Export TDX measurements for the built EFI file @if [ ! -f build/tdx-debian.efi ]; then \ diff --git a/README.md b/README.md index 53cc573..1662692 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,10 @@ For more information about this repository, see ### Prerequisites -In order to build images, you'll need to install [Lima](https://lima-vm.io/) for your operating system. Building images without Lima is possible, but due to inconsistencies between distributions, it is not supported for generating official reproducible images. +In order to build images, you'll need to install [Lima](https://lima-vm.io/) for +your operating system. Building images without Lima is possible, but due to +inconsistencies between distributions, it is not supported for generating +official reproducible images. ### Building Images @@ -94,7 +97,7 @@ This generates measurement files in the `build/` directory for attestation and v ``` > [!NOTE] -> +> > Depending on your Linux distro, these commands may require changing the > supplied OVMF paths or installing your distro's OVMF package. diff --git a/l2-builder.conf b/l2-builder.conf new file mode 100644 index 0000000..c6d33f3 --- /dev/null +++ b/l2-builder.conf @@ -0,0 +1,6 @@ +[Include] +Include=base/mkosi.conf +Include=l2/l2-builder.conf + +[Config] +Profiles=gcp diff --git a/l2/_op_rbuilder/mkosi.build b/l2/_op_rbuilder/mkosi.build new file mode 100755 index 0000000..8c5d7a1 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.build @@ -0,0 +1,73 @@ +#!/bin/bash + +set -euxo pipefail + +ENV_YAML="$SRCDIR/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml" + +RUST_VERSION=$(mkosi-chroot yq -r .rust.version < "$ENV_YAML") + +OP_RBUILDER_REF=$(mkosi-chroot yq -r .op_rbuilder.git_reference < "$ENV_YAML") +TDX_QUOTE_PROVIDER_REF=$(mkosi-chroot yq -r .tdx_quote_provider.git_reference < "$ENV_YAML") +RPROXY_REF=$(mkosi-chroot yq -r .rproxy.git_reference < "$ENV_YAML") +NODE_HEALTHCHECKER_REF=$(mkosi-chroot yq -r .node_healthchecker.git_reference < "$ENV_YAML") + +export RUSTUP_HOME="/rustup" +export CARGO_HOME="/cargo" +mkosi-chroot rustup toolchain install $RUST_VERSION +mkosi-chroot rustup default $RUST_VERSION +export PATH="$CARGO_HOME/bin:$PATH" + +source scripts/make_git_package.sh +source scripts/build_rust_package.sh + +# build op-rbuilder + +if [ -f "l2/_op_rbuilder/mkosi.extra/usr/bin/op-rbuilder" ]; then + echo "Using pre-built op-rbuilder binary" +else + build_rust_package \ + "op-rbuilder" \ + "${OP_RBUILDER_REF}" \ + "https://github.com/flashbots/op-rbuilder.git" \ + "" "" "-g" +fi + +# build tdx-quote-provider + +if [ -f "l2/_op_rbuilder/mkosi.extra/usr/bin/tdx-quote-provider" ]; then + echo "Using pre-built tdx-quote-provider binary" +else + build_rust_package \ + "tdx-quote-provider" \ + "${TDX_QUOTE_PROVIDER_REF}" \ + "https://github.com/flashbots/op-rbuilder.git" \ + "" "" "-g" +fi + +# build rproxy + +if [ -f "l2/_op_rbuilder/mkosi.extra/usr/bin/rproxy" ]; then + echo "Using pre-built rproxy binary" +else + make_git_package \ + "rproxy" \ + "${RPROXY_REF}" \ + "https://github.com/flashbots/rproxy.git" \ + 'TARGET=x86_64-unknown-linux-gnu ./build.sh' \ + "target/x86_64-unknown-linux-gnu/release/rproxy:/usr/bin/rproxy" + chmod +x $DESTDIR/usr/bin/rproxy +fi + +# build node-healthchecker + +if [ -f "l2/mkosi.extra/usr/bin/node-healthchecker" ]; then + echo "Using pre-built node-healthchecker binary" +else + make_git_package \ + "node-healthchecker" \ + "${NODE_HEALTHCHECKER_REF}" \ + "https://github.com/flashbots/node-healthchecker.git" \ + 'go build -trimpath -ldflags "-s -w -X main.version=${NODE_HEALTHCHECKER_REF} -buildid=" -o ./bin/node-healthchecker github.com/flashbots/node-healthchecker/cmd' \ + "bin/node-healthchecker:/usr/bin/node-healthchecker" + chmod +x $DESTDIR/usr/bin/node-healthchecker +fi diff --git a/l2/_op_rbuilder/mkosi.conf b/l2/_op_rbuilder/mkosi.conf new file mode 100644 index 0000000..0e3d966 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.conf @@ -0,0 +1,17 @@ +[Build] +WithNetwork=true + +[Content] +BuildScripts=l2/_op_rbuilder/mkosi.build +ExtraTrees=l2/_op_rbuilder/mkosi.extra +PostInstallationScripts=l2/_op_rbuilder/mkosi.postinst + +Packages=libtss2-dev + sudo + unzip + +BuildPackages=golang + libssl-dev + rustup + unzip + yq diff --git a/l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter b/l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter new file mode 100644 index 0000000..5f6e858 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/default/prometheus-node-exporter @@ -0,0 +1,7 @@ +# Set the command-line arguments to pass to the server. +ARGS="\ +--collector.systemd \ +--collector.systemd.unit-include=\".*(node-healthchecker|op-rbuilder|prometheus-node-exporter|prometheus-process-exporter|rproxy|vault-agent).*\" \ +--log.format=json \ +--web.listen-address=0.0.0.0:9100 \ +" diff --git a/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml new file mode 100644 index 0000000..9d0a3f5 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml @@ -0,0 +1,14 @@ +rust: + version: 1.91.1 + +node_healthchecker: + git_reference: v0.1.11 + +op_rbuilder: + git_reference: op-rbuilder/v0.2.9 + +rproxy: + git_reference: v0.0.6 + +tdx_quote_provider: + git_reference: tdx-quote-provider/v0.1.0 diff --git a/l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml b/l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml new file mode 100644 index 0000000..4e58d4d --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/prometheus-process-exporter/config.yaml @@ -0,0 +1,13 @@ +process_names: + - name: node-healthchecker + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*node-healthchecker[-.0-9a-zA-Z]* ' + - name: op-rbuilder + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*op-rbuilder[-.0-9a-zA-Z]* ' + - name: rproxy + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*rproxy[-.0-9a-zA-Z]* ' + - name: vault-agent + cmdline: + - '^\/([-.0-9a-zA-Z]+\/)*vault[-.0-9a-zA-Z]* ' diff --git a/l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env b/l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env new file mode 100644 index 0000000..2963c60 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/sysconfig/automount-data.env @@ -0,0 +1 @@ +AUTOMOUNT_PATH_DATA=/var/opt/optimism diff --git a/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service new file mode 100644 index 0000000..35ef612 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service @@ -0,0 +1,25 @@ +[Unit] +Description=Blockchain node healthchecker +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=node-healthchecker +User=op-rbuilder +Group=optimism + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +ExecStart=/usr/bin/node-healthchecker serve \ + --healthcheck-block-age-threshold 10s \ + --healthcheck-timeout 500ms \ + --healthcheck-reth-base-url http://127.0.0.1:18645 \ + --healthcheck-unconditional-fail-duration 1m \ + --http-status-warning 200 \ + --server-listen-address 0.0.0.0:8080 + +[Install] +WantedBy=default.target diff --git a/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service new file mode 100644 index 0000000..e9aa03f --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/systemd/system/tdx-quote-provider.service @@ -0,0 +1,26 @@ +[Install] +WantedBy=default.target + +[Unit] +Description=TDX quote provider +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=tdx-quote-provider +User=root +Group=root + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +ExecStart=/usr/bin/tdx-quote-provider \ + --service-host 127.0.0.1 \ + --service-port 5757 \ + --metrics \ + --metrics-host 0.0.0.0 \ + --metrics-port 9009 \ + --log-level trace \ + --log-format json diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl new file mode 100644 index 0000000..396f56c --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/discovery-secret.hcl @@ -0,0 +1,29 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/var/opt/optimism/rbuilder/discovery-secret" + + user = "op-rbuilder" + group = "optimism" + perms = "0600" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # discovery-secret + chown op-rbuilder:optimism /var/opt/optimism/rbuilder + chmod 0750 /var/opt/optimism/rbuilder + systemctl restart op-rbuilder + EOT + ] + } + + contents = <<-EOT + ((- $node := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/[[ gcp.Meta "name" ]]" ).Data.data -)) + + ((- $node.el_nodekey -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl new file mode 100644 index 0000000..f7920fc --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/genesis.json.hcl @@ -0,0 +1,31 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/var/opt/optimism/rbuilder/genesis.json.tar.gz.base64" + + user = "op-rbuilder" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # genesis.json + chown op-rbuilder:optimism /var/opt/optimism/rbuilder + chmod 0750 /var/opt/optimism/rbuilder + systemctl restart op-rbuilder + EOT + ] + } + + contents = <<-EOT + ((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data -)) + + ((- if $service.genesis_json -)) + ((- $service.genesis_json -)) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl new file mode 100644 index 0000000..52f9060 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/jwtsecret.hcl @@ -0,0 +1,16 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/var/opt/optimism/jwtsecret" + + user = "root" + group = "optimism" + perms = "0440" + + contents = <<-EOT + ((- with secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/[[ gcp.Meta "name" ]]" -)) + (( .Data.data.jwt_secret )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl new file mode 100644 index 0000000..5118676 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.env.hcl @@ -0,0 +1,48 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/etc/sysconfig/op-rbuilder.env" + + user = "root" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # op-rbuilder.env + systemctl restart op-rbuilder + EOT + ] + } + + contents = <<-EOT + ((- printf "# %s\n\n" "op-rbuilder" -)) + + ((- $node := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/[[ gcp.Meta "name" ]]" ).Data.data -)) + ((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data -)) + + ((- if $node.builder_secret_key -)) + BUILDER_SECRET_KEY=(( $node.builder_secret_key ))(( "\n" )) + ((- end -)) + + ((- if $node.coinbase_secret_key -)) + COINBASE_SECRET_KEY=(( $node.coinbase_secret_key ))(( "\n" )) + ((- end -)) + + ((- if $service.otel_exporter_otlp_endpoint -)) + OTEL_EXPORTER_OTLP_ENDPOINT=(( $service.otel_exporter_otlp_endpoint ))(( "\n" )) + ((- end -)) + + ((- if $node.otel_exporter_otlp_headers -)) + OTEL_EXPORTER_OTLP_HEADERS=(( $node.otel_exporter_otlp_headers ))(( "\n" )) + ((- end -)) + + ((- if $service.otel_service_name -)) + OTEL_SERVICE_NAME=(( $service.otel_service_name ))(( "\n" )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl new file mode 100644 index 0000000..63fe934 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl @@ -0,0 +1,116 @@ +# op-rbuilder + +[Install] +WantedBy=default.target + +[Unit] +Description=op-rbuilder +After=network-online.target +Before=rproxy.service node-healthchecker.service +Requires=automount-data.service vault-agent.service +Wants=network-online.target + +[Service] +Type=simple +SyslogIdentifier=op-rbuilder +User=op-rbuilder +Group=optimism + +EnvironmentFile=-/etc/sysconfig/op-rbuilder.env +KillMode=control-group +KillSignal=SIGINT +OOMScoreAdjust=-500 +Restart=always +RestartSec=10s +TimeoutStopSec=120 + +Environment=HOME=/home/op-rbuilder +Environment=RUST_BACKTRACE=full + +ExecStartPre=+/usr/bin/init-op-rbuilder.sh + +((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data )) + +ExecStart=/usr/bin/op-rbuilder node \ + --authrpc.addr '0.0.0.0' \ + --authrpc.jwtsecret '/var/opt/optimism/jwtsecret' \ + --authrpc.port '18651' \ + ((- if $service.el_bootnodes ))(( range $idx, $enode := $service.el_bootnodes )) + --bootnodes '(( printf "%s" $enode ))' \ + ((- end ))(( end )) + ((- if $service.feat_revert_protection ))(( if $service.feat_revert_protection | parseBool )) + --builder.enable-revert-protection \ + ((- end ))(( end )) + --builder.extra-block-deadline-secs '30' \ + --builder.extradata 'Illuminate Dmocratize Dstribute' \ + --builder.log-pool-transactions \ + ((- if $service.genesis_json )) + --chain '/var/opt/optimism/rbuilder/genesis.json' \ + ((- else ))(( if $service.network_name )) + --chain '(( $service.network_name ))' \ + ((- end ))(( end )) + --color 'never' \ + --datadir '/var/opt/optimism/rbuilder' \ + --discovery.port '9200' \ + --enable-discv5-discovery \ + ((- if $service.feat_flashblocks ))(( if $service.feat_flashblocks | parseBool )) + --flashblocks.addr '0.0.0.0' \ + --flashblocks.enabled \ + --flashblocks.port '11111' \ + ((- if $service.feat_flashblocks_number_contract_address )) + --flashblocks.number-contract-address '(( $service.feat_flashblocks_number_contract_address ))' \ + ((- end )) + ((- end ))(( end )) + ((- if $service.feat_flashtestations ))(( if $service.feat_flashtestations | parseBool )) + ((- if $service.feat_flashtestations_builder_policy_address )) + --flashtestations.builder-policy-address '(( $service.feat_flashtestations_builder_policy_address ))' \ + ((- end )) + ((- if $service.feat_flashtestations_block_proofs ))(( if $service.feat_flashtestations_block_proofs | parseBool )) + --flashtestations.enable-block-proofs \ + ((- end ))(( end )) + --flashtestations.enabled \ + --flashtestations.quote-provider http://127.0.0.1:5757/attest \ + ((- if $service.feat_flashtestations_registry_address )) + --flashtestations.registry-address '(( $service.feat_flashtestations_registry_address ))' \ + ((- end )) + ((- if $service.feat_flashtestations_rpc_url )) + --flashtestations.rpc-url '(( $service.feat_flashtestations_rpc_url ))' \ + ((- end )) + ((- end ))(( end )) + --http \ + --http.addr '0.0.0.0' \ + --http.api 'admin,debug,eth,net,trace,txpool' \ + --http.corsdomain '*' \ + --http.port '18645' \ + --log.file.filter 'off' \ + --log.stdout.format 'json' \ + --metrics '0.0.0.0:9001' \ + --port '40404' \ + --rollup.disable-tx-pool-gossip \ + --rpc-max-connections '5000' \ + --rpc-max-logs-per-response '200000' \ + --rpc-max-request-size '150' \ + --rpc-max-response-size '1150' \ + --rpc-max-subscriptions-per-connection '10240' \ + --rpc-max-tracing-requests '250' \ + ((- if $service.feat_telemetry_sampling_ratio ))(( if $service.feat_telemetry_sampling_ratio )) + --telemetry.sampling-ratio '(( $service.feat_telemetry_sampling_ratio ))' \ + ((- end ))(( end )) + ((- if $service.el_static_peers ))(( range $idx, $enode := $service.el_static_peers )) + --trusted-peers '(( printf "%s" $enode ))' \ + ((- end ))(( end )) + --txpool.max-new-pending-txs-notifications '100000' \ + --txpool.max-new-txns '100000' \ + --txpool.max-pending-txns '100000' \ + --ws \ + --ws.addr '0.0.0.0' \ + --ws.api 'admin,debug,eth,net,trace,txpool' \ + --ws.origins '*' \ + --ws.port '8646' \ + ((- if $service.custom_flags ))(( range $idx, $flag := $service.custom_flags )) + (( printf "%s" $flag )) \ + ((- end ))(( end )) + +ExecStop=+/usr/bin/sh -c "kill -1 $( pgrep node-health ) | true" +ExecStop=+/usr/bin/sleep 15 +ExecStop=+/usr/bin/sh -c "PID=$( pgrep op-rbuilder ); if [ \"0${PID}\" -gt 0 ]; then kill -2 ${PID}; while kill -0 ${PID} 2>/dev/null; do sleep 1; done; fi" diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl new file mode 100644 index 0000000..68fe661 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl @@ -0,0 +1,33 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/op-rbuilder.service.ctmpl" + destination = "/etc/systemd/system/op-rbuilder.service" + + user = "root" + group = "root" + perms = "0644" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + # op-rbuilder + + systemctl daemon-reload + systemctl enable op-rbuilder + + # patterns longer than 15 chars result in 0 matches + PID=$( pgrep node-health ); if [ \"0${PID}\" -gt 0 ]; then kill -SIGHUP ${PID} | true; fi + sleep 5 + + PID=$( pgrep rproxy ); if [ \"0${PID}\" -gt 0 ]; then kill -SIGHUP ${PID} | true; fi + + systemctl restart op-rbuilder + systemctl restart node-healthchecker + EOT + ] + } +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl new file mode 100644 index 0000000..5781018 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.crt.hcl @@ -0,0 +1,28 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/etc/rproxy/tls.crt" + + user = "op-rbuilder" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + systemctl restart rproxy + EOT + ] + } + + contents = <<-EOT + ((- $tls_crt := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_crt -)) + + ((- if $tls_crt -)) + (( $tls_crt )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl new file mode 100644 index 0000000..581f9a7 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy-tls.key.hcl @@ -0,0 +1,28 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + destination = "/etc/rproxy/tls.key" + + user = "op-rbuilder" + group = "optimism" + perms = "0640" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + systemctl restart rproxy + EOT + ] + } + + contents = <<-EOT + ((- $tls_key := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_key -)) + + ((- if $tls_key -)) + (( $tls_key )) + ((- end -)) + EOT +} diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl new file mode 100644 index 0000000..430fbfb --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl @@ -0,0 +1,75 @@ +[Install] +WantedBy=default.target + +[Unit] +Description=L2 builder proxy +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=rproxy +User=op-rbuilder +Group=optimism + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +ExecStartPre=+/usr/bin/mkdir -p /etc/rproxy +ExecStartPre=+/usr/bin/chown -R op-rbuilder:optimism /etc/rproxy + +((- $service := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_common[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data )) +((- $tls_crt := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_crt )) +((- $tls_key := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_tls[[ if ( gcp.Meta "attributes/service" ) ]]_[[ gcp.Meta "attributes/service" | strings.ReplaceAll "-" "_" ]][[ end ]]" ).Data.data.tls_key )) + +ExecStart=/usr/bin/rproxy \ + --authrpc-backend 'http://127.0.0.1:18651' \ + --authrpc-enabled \ + --authrpc-listen-address '0.0.0.0:8651' \ + --authrpc-log-proxied-requests \ + --authrpc-log-proxied-responses \ + --authrpc-log-sanitise \ + --authrpc-max-request-size-mb '150' \ + --authrpc-max-response-size-mb '1150' \ + ((- if $service.authrpc_peers )) + ((- range $i, $e := $service.authrpc_peers )) + --authrpc-mirroring-peer '(( printf "%s" $e ))' \ + ((- end )) + --authrpc-remove-backend-from-mirroring-peers \ + ((- end )) + --flashblocks-backend 'ws://127.0.0.1:11111' \ + --flashblocks-enabled \ + --flashblocks-listen-address '0.0.0.0:1111' \ + --flashblocks-log-backend-messages \ + --flashblocks-log-client-messages \ + --flashblocks-log-sanitise \ + --metrics-listen-address '0.0.0.0:6786' \ + --rpc-backend 'http://127.0.0.1:18645' \ + --rpc-enabled \ + --rpc-listen-address '0.0.0.0:8645' \ + --rpc-log-proxied-requests \ + --rpc-log-proxied-responses \ + --rpc-log-sanitise \ + --rpc-max-request-size-mb '150' \ + --rpc-max-response-size-mb '1150' \ + ((- if $service.rpc_peers )) + --rpc-mirror-errored-requests \ + ((- range $idx, $enode := $service.rpc_peers )) + --rpc-mirroring-peer '(( printf "%s" $enode ))' \ + ((- end )) + --rpc-remove-backend-from-mirroring-peers \ + ((- end )) + ((- if $tls_crt )) + --tls-certificate '/etc/rproxy/tls.crt' \ + ((- end )) + ((- if $tls_key )) + --tls-key '/etc/rproxy/tls.key' \ + ((- end )) + ((- if $service.rproxy_custom_flags ))(( range $idx, $flag := $service.rproxy_custom_flags )) + (( printf "%s" $flag )) \ + ((- end ))(( end )) + +ExecStop=+/usr/bin/sh -c "kill -1 $( pgrep node-health ) | true" +ExecStop=+/usr/bin/sleep 15 +ExecStop=+/usr/bin/sh -c "PID=$( pgrep rproxy ); if [ \"0${PID}\" -gt 0 ]; then kill -2 ${PID}; while kill -0 ${PID} 2>/dev/null; do sleep 1; done; fi" diff --git a/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl new file mode 100644 index 0000000..29ce705 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl @@ -0,0 +1,23 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/rproxy.service.ctmpl" + destination = "/etc/systemd/system/rproxy.service" + + user = "root" + group = "root" + perms = "0644" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + systemctl daemon-reload + systemctl enable rproxy + systemctl restart rproxy + EOT + ] + } +} diff --git a/l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh b/l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh new file mode 100755 index 0000000..b7fcc01 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.extra/usr/bin/init-op-rbuilder.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +set -eu + +mkdir -p /home/op-rbuilder +chown -R op-rbuilder:optimism /home/op-rbuilder +chmod 0750 /home/op-rbuilder + +if [ ! -d /var/opt/optimism/rbuilder ]; then + mkdir -p /var/opt/optimism/rbuilder + chown op-rbuilder:optimism /var/opt/optimism/rbuilder + chmod 0750 /var/opt/optimism/rbuilder +fi + +if [ -f /var/opt/optimism/rbuilder/genesis.json.tar.gz.base64 ]; then + if [ -s /var/opt/optimism/rbuilder/genesis.json.tar.gz.base64 ]; then + if [ ! -f /var/opt/optimism/rbuilder/genesis.json ]; then + cat /var/opt/optimism/rbuilder/genesis.json.tar.gz.base64 | base64 -d | tar -xz -C /var/opt/optimism/rbuilder + chown op-rbuilder:optimism /var/opt/optimism/rbuilder/genesis.json + chmod 0640 /var/opt/optimism/rbuilder/genesis.json + fi + fi +fi + +if [ -f /var/opt/optimism/rbuilder/genesis.json ]; then + if [ ! -f /var/opt/optimism/rbuilder/db/database.version ]; then + sudo -u op-rbuilder /usr/bin/op-rbuilder init \ + --chain /var/opt/optimism/rbuilder/genesis.json \ + --color never \ + --datadir /var/opt/optimism/rbuilder \ + --log.stdout.format json + chown -R op-rbuilder:optimism /var/opt/optimism/rbuilder + fi +fi diff --git a/l2/_op_rbuilder/mkosi.postinst b/l2/_op_rbuilder/mkosi.postinst new file mode 100755 index 0000000..3e170b4 --- /dev/null +++ b/l2/_op_rbuilder/mkosi.postinst @@ -0,0 +1,7 @@ +#!/bin/bash + +set -euxo pipefail + +# Create users and groups +mkosi-chroot groupadd -g 2000 optimism || true +mkosi-chroot useradd -u 2002 -g optimism -m -s /bin/bash op-rbuilder || true diff --git a/l2/mkosi.build b/l2/mkosi.build index ba4022f..2cd037b 100755 --- a/l2/mkosi.build +++ b/l2/mkosi.build @@ -4,33 +4,35 @@ set -euxo pipefail ENV_YAML="$SRCDIR/l2/mkosi.extra/etc/flashbots/l2.yaml" -VAULT_VERSION=$(mkosi-chroot yq -r .vault.version < "$ENV_YAML") -GOMPLATE_VERSION=$(mkosi-chroot yq -r .deps.gomplate_version < "$ENV_YAML") -OPS_AGENT_VERSION=$(mkosi-chroot yq -r .deps.ops_agent_version < "$ENV_YAML") +VAULT_REF=$(mkosi-chroot yq -r .vault.git_reference < "$ENV_YAML") +GOMPLATE_REF=$(mkosi-chroot yq -r .gomplate.git_reference < "$ENV_YAML") +GCP_OPS_AGENT_REF=$(mkosi-chroot yq -r .gcp_ops_agent.git_reference < "$ENV_YAML") source scripts/make_git_package.sh # build gomplate + make_git_package \ "gomplate" \ - "v${GOMPLATE_VERSION}" \ + "${GOMPLATE_REF}" \ "https://github.com/hairyhenderson/gomplate" \ - 'go build -trimpath -ldflags "-s -w -buildid=" -o ./build/gomplate ./cmd/gomplate' \ + 'go build -trimpath -ldflags "-s -w -X github.com/hairyhenderson/gomplate/v4/version=${GOMPLATE_REF} -buildid=" -o ./build/gomplate ./cmd/gomplate' \ "build/gomplate:/usr/bin/gomplate" chmod +x $DESTDIR/usr/bin/gomplate # build vault + make_git_package \ "vault" \ - "v${VAULT_VERSION}" \ + "${VAULT_REF}" \ "https://github.com/hashicorp/vault.git" \ - 'go build -trimpath -ldflags "-s -w -buildid=" -o ./bin/vault .' \ + 'go build -trimpath -ldflags "-s -w -X github.com/hashicorp/vault/version.Version=${VAULT_REF} -buildid=" -o ./bin/vault .' \ "bin/vault:/usr/bin/vault" chmod +x $DESTDIR/usr/bin/vault -cd "$BUILDROOT" +# build gcp ops agent -# Build Google Cloud Ops Agent +cd "$BUILDROOT" IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent" BUILD_CMD=" # Fluentbit @@ -44,7 +46,7 @@ BUILD_CMD=" LDFLAGS='-s -w -buildid=' go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS \\ -X $IMPORT_PATH/internal/version.BuildDistro=debian13 \\ - -X $IMPORT_PATH/internal/version.Version=$OPS_AGENT_VERSION\" \\ + -X $IMPORT_PATH/internal/version.Version=$GCP_OPS_AGENT_REF\" \\ -o out/libexec/google_cloud_ops_agent_engine \\ $IMPORT_PATH/cmd/google_cloud_ops_agent_engine @@ -52,15 +54,13 @@ BUILD_CMD=" -o out/libexec/google_cloud_ops_agent_wrapper \\ $IMPORT_PATH/cmd/agent_wrapper " - make_git_package \ "google-cloud-ops-agent" \ - "$OPS_AGENT_VERSION" \ + "$GCP_OPS_AGENT_REF" \ "https://github.com/GoogleCloudPlatform/ops-agent" \ "$BUILD_CMD" \ "out/libexec:/opt/google-cloud-ops-agent/libexec" \ "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \ "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \ "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service" - sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service diff --git a/l2/mkosi.extra/etc/flashbots/l2.yaml b/l2/mkosi.extra/etc/flashbots/l2.yaml index 7e01f1d..bcc1a81 100644 --- a/l2/mkosi.extra/etc/flashbots/l2.yaml +++ b/l2/mkosi.extra/etc/flashbots/l2.yaml @@ -1,6 +1,8 @@ -vault: - version: 1.20.1 +gcp_ops_agent: + git_reference: 2.57.0 + +gomplate: + git_reference: v4.3.0 -deps: - gomplate_version: 4.3.0 - ops_agent_version: 2.57.0 +vault: + git_reference: v1.20.1 diff --git a/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl index 5fe9779..06b89b3 100644 --- a/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl +++ b/l2/mkosi.extra/etc/vault-agent/gomplate/config.hcl @@ -10,7 +10,7 @@ vault { auto_auth { method "gcp" { - mount_path = "[[ gcp.Meta "vault_auth_mount_gcp" ]]" + mount_path = "[[ gcp.Meta "attributes/vault_auth_mount_gcp" ]]" config = { type = "gce" diff --git a/l2/mkosi.extra/usr/bin/automount-data.sh b/l2/mkosi.extra/usr/bin/automount-data.sh index 07f6cca..e91fec9 100755 --- a/l2/mkosi.extra/usr/bin/automount-data.sh +++ b/l2/mkosi.extra/usr/bin/automount-data.sh @@ -13,9 +13,10 @@ if [ -e /dev/disk/by-id/google-data ]; then mkfs.ext4 -m 0 ${device} eval $( blkid --output export ${device} ) fi - echo "UUID=${UUID} ${MOUNT:-/var/opt/peristent} ${TYPE} defaults 0 0" >> /etc/fstab - mkdir -p ${MOUNT:-/var/opt/peristent} - chmod 0777 ${MOUNT:-/var/opt/peristent} + AUTOMOUNT_PATH_DATA=${AUTOMOUNT_PATH_DATA:-/var/opt/data} + echo "UUID=${UUID} ${AUTOMOUNT_PATH_DATA} ${TYPE} defaults 0 0" >> /etc/fstab + mkdir -p "${AUTOMOUNT_PATH_DATA}" + chmod 0777 "${AUTOMOUNT_PATH_DATA}" systemctl daemon-reload mount --all else diff --git a/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh old mode 100644 new mode 100755 index 80f38f9..cdd3033 --- a/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh +++ b/l2/mkosi.extra/usr/bin/ptlb-routes-nanny.sh @@ -35,7 +35,7 @@ for line in "$( http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/forwarded-ips/${idx} ) - if is_ip4 "${ip}"; then + if is_ip4 "${ip}" > /dev/null; then route="local ${ip} dev ${interface} proto 66 scope host" if ! ip route show table local | grep -q "${route}"; then diff --git a/l2/op-rbuilder.conf b/l2/op-rbuilder.conf new file mode 100644 index 0000000..beaf74e --- /dev/null +++ b/l2/op-rbuilder.conf @@ -0,0 +1,3 @@ +[Include] +Include=l2/mkosi.conf +Include=l2/_op_rbuilder/mkosi.conf diff --git a/scripts/build_rust_package.sh b/scripts/build_rust_package.sh index eaa2858..df7ad2d 100755 --- a/scripts/build_rust_package.sh +++ b/scripts/build_rust_package.sh @@ -19,7 +19,7 @@ build_rust_package() { fi # If binary is cached, skip compilation - local cached_binary="$BUILDDIR/${package}-${version}" + local cached_binary="$BUILDDIR/${package}-${version#${package}/}/${package}" if [ -f "$cached_binary" ]; then echo "Using cached binary for $package version $version" cp "$cached_binary" "$dest_path" @@ -54,6 +54,7 @@ build_rust_package() { " # Cache and install the built binary + mkdir -p "$( dirname $cached_binary )" install -m 755 "$build_dir/target/release/$package" "$cached_binary" install -m 755 "$cached_binary" "$dest_path" } diff --git a/scripts/make_git_package.sh b/scripts/make_git_package.sh index 5771e16..a53aa47 100644 --- a/scripts/make_git_package.sh +++ b/scripts/make_git_package.sh @@ -8,10 +8,10 @@ make_git_package() { local git_url="$3" local build_cmd="$4" # All remaining arguments are artifact mappings in src:dest format - + mkdir -p "$DESTDIR/usr/bin" local cache_dir="$BUILDDIR/${package}-${version}" - + # Use cached artifacts if available if [ -n "$cache_dir" ] && [ -d "$cache_dir" ] && [ "$(ls -A "$cache_dir" 2>/dev/null)" ]; then echo "Using cached artifacts for $package version $version" @@ -19,17 +19,16 @@ make_git_package() { local src="${artifact_map%%:*}" local dest="${artifact_map#*:}" mkdir -p "$(dirname "$DESTDIR$dest")" - local cached_name="$(echo "$src" | tr '/' '_')" - if [ -d "$cache_dir/$cached_name" ]; then + if [ -d "$cache_dir/$src" ]; then mkdir -p "$DESTDIR$dest" - cp -r "$cache_dir/$cached_name"/* "$DESTDIR$dest/" + cp -r "$cache_dir/$src"/* "$DESTDIR$dest/" else - cp "$cache_dir/$cached_name" "$DESTDIR$dest" + cp "$cache_dir/$src" "$DESTDIR$dest" fi done return 0 fi - + # Build from source local build_dir="$BUILDROOT/build/$package" git clone --depth 1 --branch "$version" "$git_url" "$build_dir" @@ -48,15 +47,15 @@ make_git_package() { mkdir -p "$(dirname "$DESTDIR$dest")" cp "$build_dir/$src" "$DESTDIR$dest" fi - + # Cache artifact mkdir -p "$cache_dir" - local cached_name="$(echo "$src" | tr '/' '_')" if [ -d "$build_dir/$src" ]; then - mkdir -p "$cache_dir/$cached_name" - cp -r "$build_dir/$src"/* "$cache_dir/$cached_name/" + mkdir -p "$cache_dir/$src" + cp -r "$build_dir/$src"/* "$cache_dir/$src/" else - cp "$build_dir/$src" "$cache_dir/$cached_name" + mkdir -p "$( dirname $cache_dir/$src )" + cp "$build_dir/$src" "$cache_dir/$src" fi done -} \ No newline at end of file +}