On Thu, Sep 15, 2022 at 4:22 PM Alyssa Ross wrote: > José Pekkarinen writes: > > > On Thu, Sep 15, 2022 at 2:31 PM Alyssa Ross wrote: > > [...] > > You mean you'd like to manually provide a Kconfig file, rathen than > using Nixpkgs' (not very good) structured config mechanism, right? > That should be possible with an overlay, but maybe some documentation > with an example would be a good idea? > Yes, but, for example, if I provide the overlay that uses that that Kconfig, the Kconfig should be present in your system, as some sort of default configuration for the developer to consume if they want to use the overlay in question, otherwise, the developer needs to fetch spectrum sources, and then fetch out the default configuration somewhere else, put them together and test. The goal would be to upstream the overlay so that one can take spectrum source code, make a config.nix to select the overlay, and build, without extra steps to fetch other artifacts. [...] > > Well, it's not the size of the change that's important, but whether it > can be demonstrated that the change solves a problem. A big change to > fix a clear problem is fine! > It is offering a way to template configurations for the cases we were commenting before. So it solves a problem, the problem is that currently the source code doesn't ship default configurations for developers to test, so I can create a config.nix file downstream that makes the overlay for the hardened kernel use case, and now, instead of upstreaming and shipping it with any spectrum checkout, I have to publish it somewhere else, and document how to put the puzzle together so that a developer can test, use, and develop further. For now, it doesn't let combine configuration files, so these templates may be fat, because you can only make one template per case, and choose it. In the future it would be good if they are small snippets that do a particular purpose, and we list all the snippets we want to make the full use case the user want(for ex. making a cross compiled build from x86_64 of arm64 which includes security plus debugging). José.