linux: make sure all config options have the same value

Currently, kernel config options whose value is "yes" always override options whose value is "no". This is not always desired. Generally speaking, if someone defines an option to have the value "no", presumably they are disabling the option for a reason, so it's not always OK to silently enable it due to another, probably unrelated reason. For example, a user may want to reduce the kernel attack surface and therefore may want to disable features that are being enabled in common-config.nix. In fact, common-config.nix was already silently enabling options that were intended to be disabled in hardened/config.nix for security reasons, such as INET_DIAG. By eliminating the custom merge function, these config options will now use the default module option merge functions which make sure that all options with the highest priority have the same value. A user that wishes to override an option defined in common-config.nix can currently use mkForce or mkOverride to do so, e.g.: BINFMT_MISC = mkForce (option no); That said, this is not going to be necessary in the future, because the plan is for kernel config options defined in nixpkgs to use a lower priority by default, like it currently happens for other module options.
2024-11-11 04:02:55 +03:00 · 2020-05-29 14:25:48 +02:00 · 2020-05-29 14:25:48 +02:00 · 6feb61233b
commit 6feb61233b
parent 0aeba64fb2
1 changed files with 1 additions and 21 deletions
--- a/nixos/modules/system/boot/kernel_config.nix
+++ b/nixos/modules/system/boot/kernel_config.nix
@ -2,24 +2,6 @@

 with lib;
 let
-  findWinner = candidates: winner:
-    any (x: x == winner) candidates;
-
-  # winners is an ordered list where first item wins over 2nd etc
-  mergeAnswer = winners: locs: defs:
-    let
-      values = map (x: x.value) defs;
-      inter = intersectLists values winners;
-      winner = head winners;
-    in
-    if defs == [] then abort "This case should never happen."
-    else if winner == [] then abort "Give a valid list of winner"
-    else if inter == [] then mergeOneOption locs defs
-    else if findWinner values winner then
-      winner
-    else
-      mergeAnswer (tail winners) locs defs;
-
  mergeFalseByDefault = locs: defs:
    if defs == [] then abort "This case should never happen."
    else if any (x: x == false) (getValues defs) then false
@ -28,9 +10,7 @@ let
  kernelItem = types.submodule {
    options = {
      tristate = mkOption {
-        type = types.enum [ "y" "m" "n" null ] // {
-          merge = mergeAnswer [ "y" "m" "n" ];
-        };
+        type = types.enum [ "y" "m" "n" null ];
        default = null;
        internal = true;
        visible = true;