[PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[Michael Adler]

While the cip-core x86-64 kernel configuration includes the necessary options
for container engines like Docker, the arm64 configuration does not.
I have identified the required kernel configuration options to ensure
compatibility with Docker and Podman.
Instead of integrating these options directly into the arm64 configuration, I
am providing them as a drop-in snippet to support custom kernel
configurations.

Note: I am open to feedback on whether this should remain a drop-in snippet or
be merged into the default configuration.


Michael Adler (1):
  linux-cip: add kernel config snippet for container compatibility

 conf/machine/qemu-amd64.conf              |   1 +
 conf/machine/qemu-arm64.conf              |   1 +
 recipes-kernel/linux/files/container.cfg  | 114 ++++++++++++++++++++++
 recipes-kernel/linux/linux-cip-common.inc |   5 +
 4 files changed, 121 insertions(+)
 create mode 100644 recipes-kernel/linux/files/container.cfg

-- 
2.47.1

[PATCH 1/1] linux-cip: add kernel config snippet for container compatibility

[Michael Adler]

Obtaining a fully functional kernel configuration as required by popular
container engines such as Docker or Podman can be challenging. By
setting the Bitbake variable USE_CIP_KERNEL_CONTAINER_CONFIG to 1, a
kernel config snippet is included to ensure compatibility with these
container engines.

Note: This feature is designed to be separate from the cip-kernel-config
project to allow for custom kernel configurations.

Signed-off-by: Michael Adler <michael.adler@siemens.com>
---
 conf/machine/qemu-amd64.conf              |   1 +
 conf/machine/qemu-arm64.conf              |   1 +
 recipes-kernel/linux/files/container.cfg  | 114 ++++++++++++++++++++++
 recipes-kernel/linux/linux-cip-common.inc |   5 +
 4 files changed, 121 insertions(+)
 create mode 100644 recipes-kernel/linux/files/container.cfg

diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
index d786646..dad6504 100644
--- a/conf/machine/qemu-amd64.conf
+++ b/conf/machine/qemu-amd64.conf
@@ -10,4 +10,5 @@ DISTRO_ARCH = "amd64"
 
 IMAGE_FSTYPES ?= "ext4"
 USE_CIP_KERNEL_CONFIG = "1"
+USE_CIP_KERNEL_CONTAINER_CONFIG = "1"
 KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_merged_defconfig"
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index a2c5e53..8fd824c 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -10,6 +10,7 @@ DISTRO_ARCH = "arm64"
 
 IMAGE_FSTYPES ?= "ext4"
 USE_CIP_KERNEL_CONFIG = "1"
+USE_CIP_KERNEL_CONTAINER_CONFIG = "1"
 KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/cip_merged_defconfig"
 
 # watchdog is not yet supported in our QEMU executor for this platform, disable it
diff --git a/recipes-kernel/linux/files/container.cfg b/recipes-kernel/linux/files/container.cfg
new file mode 100644
index 0000000..18f8b2b
--- /dev/null
+++ b/recipes-kernel/linux/files/container.cfg
@@ -0,0 +1,114 @@
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+#  Michael Adler <michael.adler@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+
+# Kernel configuration required by container runtimes such as Docker.
+# Based on the following scripts:
+#
+#   - https://github.com/moby/moby/blob/master/contrib/check-config.sh
+#   - https://github.com/opencontainers/runc/blob/main/script/check-config.sh
+#
+# NOTE: CONFIG_SECURITY_SELINUX and CONFIG_SECURITY_APPARMOR are intentionally
+# not enabled.
+
+CONFIG_NAMESPACES=y
+CONFIG_NET_NS=y
+CONFIG_PID_NS=y
+CONFIG_IPC_NS=y
+CONFIG_UTS_NS=y
+
+CONFIG_CPUSETS=y
+CONFIG_CRYPTO=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_SEQIV=y
+CONFIG_KEYS=y
+CONFIG_MEMCG=y
+CONFIG_CHECKPOINT_RESTORE=y
+
+CONFIG_OVERLAY_FS=m
+
+CONFIG_CGROUPS=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CGROUP_PERF=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CGROUP_BPF=y
+CONFIG_BPF_SYSCALL=y
+CONFIG_CFS_BANDWIDTH=y
+CONFIG_RT_GROUP_SCHED=y
+
+CONFIG_HUGETLBFS=y
+CONFIG_CGROUP_HUGETLB=y
+
+CONFIG_BLK_CGROUP=y
+CONFIG_BLK_CGROUP_IOCOST=y
+CONFIG_BLK_DEV_THROTTLING=y
+
+CONFIG_NET=y
+CONFIG_NET_CLS_CGROUP=y
+CONFIG_NET_CLS_ACT=y
+CONFIG_NET_EMATCH=y
+CONFIG_NET_SCHED=y
+CONFIG_NETLABEL=y
+CONFIG_INET=y
+CONFIG_POSIX_MQUEUE=y
+
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+CONFIG_VETH=m
+CONFIG_BRIDGE=m
+CONFIG_BRIDGE_NETFILTER=m
+CONFIG_BRIDGE_VLAN_FILTERING=m
+CONFIG_VXLAN=m
+CONFIG_IPVLAN=m
+CONFIG_MACVLAN=m
+
+CONFIG_NETFILTER=y
+CONFIG_NETFILTER_ADVANCED=y
+CONFIG_NETFILTER_XT_MARK=m
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
+CONFIG_NETFILTER_XT_MATCH_BPF=m
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
+CONFIG_NETFILTER_XT_MATCH_IPVS=m
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_IPTABLES=m
+CONFIG_IP_NF_MANGLE=m
+CONFIG_IP_NF_NAT=m
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_IP_VS=m
+CONFIG_IP_VS_NFCT=y
+CONFIG_IP_VS_PROTO_TCP=y
+CONFIG_IP_VS_PROTO_UDP=y
+CONFIG_IP_VS_RR=m
+
+CONFIG_NF_TABLES=m
+CONFIG_NF_TABLES_INET=y
+CONFIG_NF_TABLES_NETDEV=y
+CONFIG_NF_CONNTRACK=m
+CONFIG_NF_CONNTRACK_FTP=m
+CONFIG_NF_CT_NETLINK=m
+CONFIG_NF_NAT=m
+CONFIG_NF_NAT_IPV4=m
+CONFIG_NF_NAT_MASQUERADE=m
+CONFIG_NF_NAT_NEEDED=m
+
+CONFIG_NFT_COMPAT=m
+CONFIG_NFT_CT=m
+CONFIG_NFT_HASH=m
+CONFIG_NFT_LIMIT=m
+CONFIG_NFT_LOG=m
+CONFIG_NFT_MASQ=m
+CONFIG_NFT_NAT=m
+CONFIG_NFT_REDIR=m
+CONFIG_NFT_REJECT=m
diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
index 5d1b8ac..437ee17 100644
--- a/recipes-kernel/linux/linux-cip-common.inc
+++ b/recipes-kernel/linux/linux-cip-common.inc
@@ -23,4 +23,9 @@ SRC_URI += " \
     https://cdn.kernel.org/pub/linux/kernel/projects/cip/${KERNEL_MAJOR_MINOR}/linux-cip-${PV}.tar.xz \
     "
 
+SRC_URI:append = " ${@ \
+    'file://container.cfg' \
+    if d.getVar('USE_CIP_KERNEL_CONTAINER_CONFIG') == '1' else '' \
+    }"
+
 S = "${WORKDIR}/linux-cip-${PV}"
-- 
2.47.1

Re: [PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[MOESSBAUER, Felix]

On Wed, 2025-01-08 at 11:07 +0100, Michael Adler wrote:
> While the cip-core x86-64 kernel configuration includes the necessary
> options
> for container engines like Docker, the arm64 configuration does not.
> I have identified the required kernel configuration options to ensure
> compatibility with Docker and Podman.
> Instead of integrating these options directly into the arm64
> configuration, I
> am providing them as a drop-in snippet to support custom kernel
> configurations.
> 
> Note: I am open to feedback on whether this should remain a drop-in
> snippet or
> be merged into the default configuration.

Hi, IMHO this should be merged into the cip defconf. At least the non-
arch specific features should be consistent across architectures.

Putting Nobuhiro in CC, as he maintains the cip kernel config.

We further should validate the both platforms with the runc checker
script:
https://github.com/opencontainers/runc/blob/main/script/check-config.sh

Best regards,
Felix

> 
> 
> Michael Adler (1):
>   linux-cip: add kernel config snippet for container compatibility
> 
>  conf/machine/qemu-amd64.conf              |   1 +
>  conf/machine/qemu-arm64.conf              |   1 +
>  recipes-kernel/linux/files/container.cfg  | 114
> ++++++++++++++++++++++
>  recipes-kernel/linux/linux-cip-common.inc |   5 +
>  4 files changed, 121 insertions(+)
>  create mode 100644 recipes-kernel/linux/files/container.cfg
> 

Re: [PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[Jan Kiszka]

On 08.01.25 11:17, MOESSBAUER, Felix wrote:
> On Wed, 2025-01-08 at 11:07 +0100, Michael Adler wrote:
>> While the cip-core x86-64 kernel configuration includes the necessary
>> options
>> for container engines like Docker, the arm64 configuration does not.
>> I have identified the required kernel configuration options to ensure
>> compatibility with Docker and Podman.
>> Instead of integrating these options directly into the arm64
>> configuration, I
>> am providing them as a drop-in snippet to support custom kernel
>> configurations.
>>
>> Note: I am open to feedback on whether this should remain a drop-in
>> snippet or
>> be merged into the default configuration.
> 
> Hi, IMHO this should be merged into the cip defconf. At least the non-
> arch specific features should be consistent across architectures.

It must be merged there to have practical effect: support scope
extension, test coverage for the kernel.

Once merged, please propose a patch for isar-cip-core to bump the
cip-kernel-config revision here (and tag it with [isar-cip-core], please).

Thanks,
Jan

> 
> Putting Nobuhiro in CC, as he maintains the cip kernel config.
> 
> We further should validate the both platforms with the runc checker
> script:
> https://github.com/opencontainers/runc/blob/main/script/check-config.sh
> 
> Best regards,
> Felix
> 
>>
>>
>> Michael Adler (1):
>>   linux-cip: add kernel config snippet for container compatibility
>>
>>  conf/machine/qemu-amd64.conf              |   1 +
>>  conf/machine/qemu-arm64.conf              |   1 +
>>  recipes-kernel/linux/files/container.cfg  | 114
>> ++++++++++++++++++++++
>>  recipes-kernel/linux/linux-cip-common.inc |   5 +
>>  4 files changed, 121 insertions(+)
>>  create mode 100644 recipes-kernel/linux/files/container.cfg
>>
> 


-- 
Siemens AG, Foundational Technologies
Linux Expert Center

Re: [cip-dev] [PATCH 1/1] linux-cip: add kernel config snippet for container compatibility

[Florian Bezdeka]

On Wed, 2025-01-08 at 11:07 +0100, Michael Adler via lists.cip-
project.org wrote:
> Obtaining a fully functional kernel configuration as required by popular
> container engines such as Docker or Podman can be challenging. By
> setting the Bitbake variable USE_CIP_KERNEL_CONTAINER_CONFIG to 1, a
> kernel config snippet is included to ensure compatibility with these
> container engines.
> 
> Note: This feature is designed to be separate from the cip-kernel-config
> project to allow for custom kernel configurations.
> 
> Signed-off-by: Michael Adler <michael.adler@siemens.com>
> ---
>  conf/machine/qemu-amd64.conf              |   1 +
>  conf/machine/qemu-arm64.conf              |   1 +
>  recipes-kernel/linux/files/container.cfg  | 114 ++++++++++++++++++++++
>  recipes-kernel/linux/linux-cip-common.inc |   5 +
>  4 files changed, 121 insertions(+)
>  create mode 100644 recipes-kernel/linux/files/container.cfg
> 
> diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
> index d786646..dad6504 100644
> --- a/conf/machine/qemu-amd64.conf
> +++ b/conf/machine/qemu-amd64.conf
> @@ -10,4 +10,5 @@ DISTRO_ARCH = "amd64"
>  
>  IMAGE_FSTYPES ?= "ext4"
>  USE_CIP_KERNEL_CONFIG = "1"
> +USE_CIP_KERNEL_CONTAINER_CONFIG = "1"
>  KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_merged_defconfig"
> diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
> index a2c5e53..8fd824c 100644
> --- a/conf/machine/qemu-arm64.conf
> +++ b/conf/machine/qemu-arm64.conf
> @@ -10,6 +10,7 @@ DISTRO_ARCH = "arm64"
>  
>  IMAGE_FSTYPES ?= "ext4"
>  USE_CIP_KERNEL_CONFIG = "1"
> +USE_CIP_KERNEL_CONTAINER_CONFIG = "1"

I get the idea, but the user / downstream could append your kconfig
file to the SRC_URI directly. No need for the variable. Files ending in
.cfg are "auto detected" as kernel configuration files.

>  KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/cip_merged_defconfig"
>  
>  # watchdog is not yet supported in our QEMU executor for this platform, disable it
> diff --git a/recipes-kernel/linux/files/container.cfg b/recipes-kernel/linux/files/container.cfg
> new file mode 100644
> index 0000000..18f8b2b
> --- /dev/null
> +++ b/recipes-kernel/linux/files/container.cfg
> @@ -0,0 +1,114 @@
> +# Copyright (c) Siemens AG, 2025
> +#
> +# Authors:
> +#  Michael Adler <michael.adler@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +
> +# Kernel configuration required by container runtimes such as Docker.
> +# Based on the following scripts:
> +#
> +#   - https://github.com/moby/moby/blob/master/contrib/check-config.sh
> +#   - https://github.com/opencontainers/runc/blob/main/script/check-config.sh
> +#
> +# NOTE: CONFIG_SECURITY_SELINUX and CONFIG_SECURITY_APPARMOR are intentionally
> +# not enabled.
> +
> +CONFIG_NAMESPACES=y
> +CONFIG_NET_NS=y
> +CONFIG_PID_NS=y
> +CONFIG_IPC_NS=y
> +CONFIG_UTS_NS=y
> +
> +CONFIG_CPUSETS=y
> +CONFIG_CRYPTO=y
> +CONFIG_CRYPTO_AEAD=y
> +CONFIG_CRYPTO_GCM=y
> +CONFIG_CRYPTO_GHASH=y
> +CONFIG_CRYPTO_SEQIV=y
> +CONFIG_KEYS=y
> +CONFIG_MEMCG=y
> +CONFIG_CHECKPOINT_RESTORE=y
> +
> +CONFIG_OVERLAY_FS=m
> +
> +CONFIG_CGROUPS=y
> +CONFIG_CGROUP_CPUACCT=y
> +CONFIG_CGROUP_DEVICE=y
> +CONFIG_CGROUP_FREEZER=y
> +CONFIG_CGROUP_NET_PRIO=y
> +CONFIG_CGROUP_PERF=y
> +CONFIG_CGROUP_PIDS=y
> +CONFIG_CGROUP_SCHED=y
> +CONFIG_FAIR_GROUP_SCHED=y
> +CONFIG_CGROUP_BPF=y
> +CONFIG_BPF_SYSCALL=y
> +CONFIG_CFS_BANDWIDTH=y
> +CONFIG_RT_GROUP_SCHED=y
> +
> +CONFIG_HUGETLBFS=y
> +CONFIG_CGROUP_HUGETLB=y
> +
> +CONFIG_BLK_CGROUP=y
> +CONFIG_BLK_CGROUP_IOCOST=y
> +CONFIG_BLK_DEV_THROTTLING=y
> +
> +CONFIG_NET=y
> +CONFIG_NET_CLS_CGROUP=y
> +CONFIG_NET_CLS_ACT=y
> +CONFIG_NET_EMATCH=y
> +CONFIG_NET_SCHED=y
> +CONFIG_NETLABEL=y
> +CONFIG_INET=y
> +CONFIG_POSIX_MQUEUE=y
> +
> +CONFIG_NETDEVICES=y
> +CONFIG_NET_CORE=y
> +CONFIG_VETH=m
> +CONFIG_BRIDGE=m
> +CONFIG_BRIDGE_NETFILTER=m
> +CONFIG_BRIDGE_VLAN_FILTERING=m
> +CONFIG_VXLAN=m
> +CONFIG_IPVLAN=m
> +CONFIG_MACVLAN=m
> +
> +CONFIG_NETFILTER=y
> +CONFIG_NETFILTER_ADVANCED=y
> +CONFIG_NETFILTER_XT_MARK=m
> +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
> +CONFIG_NETFILTER_XT_MATCH_BPF=m
> +CONFIG_NETFILTER_XT_MATCH_COMMENT=m
> +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
> +CONFIG_NETFILTER_XT_MATCH_IPVS=m
> +CONFIG_IP_NF_FILTER=m
> +CONFIG_IP_NF_IPTABLES=m
> +CONFIG_IP_NF_MANGLE=m
> +CONFIG_IP_NF_NAT=m
> +CONFIG_IP_NF_TARGET_MASQUERADE=m
> +CONFIG_IP_NF_TARGET_REDIRECT=m
> +CONFIG_IP_VS=m
> +CONFIG_IP_VS_NFCT=y
> +CONFIG_IP_VS_PROTO_TCP=y
> +CONFIG_IP_VS_PROTO_UDP=y
> +CONFIG_IP_VS_RR=m
> +
> +CONFIG_NF_TABLES=m
> +CONFIG_NF_TABLES_INET=y
> +CONFIG_NF_TABLES_NETDEV=y
> +CONFIG_NF_CONNTRACK=m
> +CONFIG_NF_CONNTRACK_FTP=m
> +CONFIG_NF_CT_NETLINK=m
> +CONFIG_NF_NAT=m
> +CONFIG_NF_NAT_IPV4=m
> +CONFIG_NF_NAT_MASQUERADE=m
> +CONFIG_NF_NAT_NEEDED=m
> +
> +CONFIG_NFT_COMPAT=m
> +CONFIG_NFT_CT=m
> +CONFIG_NFT_HASH=m
> +CONFIG_NFT_LIMIT=m
> +CONFIG_NFT_LOG=m
> +CONFIG_NFT_MASQ=m
> +CONFIG_NFT_NAT=m
> +CONFIG_NFT_REDIR=m
> +CONFIG_NFT_REJECT=m

All CIP kernels are building fine with this config enabled? I'm missing
the testing part...

> diff --git a/recipes-kernel/linux/linux-cip-common.inc b/recipes-kernel/linux/linux-cip-common.inc
> index 5d1b8ac..437ee17 100644
> --- a/recipes-kernel/linux/linux-cip-common.inc
> +++ b/recipes-kernel/linux/linux-cip-common.inc
> @@ -23,4 +23,9 @@ SRC_URI += " \
>      https://cdn.kernel.org/pub/linux/kernel/projects/cip/${KERNEL_MAJOR_MINOR}/linux-cip-${PV}.tar.xz \
>      "
>  
> +SRC_URI:append = " ${@ \
> +    'file://container.cfg' \
> +    if d.getVar('USE_CIP_KERNEL_CONTAINER_CONFIG') == '1' else '' \
> +    }"
> +

As said, could be moved to the user.

>  S = "${WORKDIR}/linux-cip-${PV}"
> -- 
> 2.47.1

RE: [PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[nobuhiro1.iwamatsu]

Hi all,

Sorry for reply was late.

> -----Original Message-----
> From: MOESSBAUER, Felix <felix.moessbauer@siemens.com>
> Sent: Wednesday, January 8, 2025 7:17 PM
> To: cip-dev@lists.cip-project.org; Adler, Michael
> <michael.adler@siemens.com>
> Cc: iwamatsu nobuhiro(岩松 信洋 ○ＤＩＴＣ□ＤＩＴ○ＯＳＴ)
> <nobuhiro1.iwamatsu@toshiba.co.jp>
> Subject: Re: [PATCH 0/1] linux-cip: add kernel config snippet for container
> compatibility
> 
> On Wed, 2025-01-08 at 11:07 +0100, Michael Adler wrote:
> > While the cip-core x86-64 kernel configuration includes the necessary
> > options for container engines like Docker, the arm64 configuration
> > does not.
> > I have identified the required kernel configuration options to ensure
> > compatibility with Docker and Podman.
> > Instead of integrating these options directly into the arm64
> > configuration, I am providing them as a drop-in snippet to support
> > custom kernel configurations.
> >
> > Note: I am open to feedback on whether this should remain a drop-in
> > snippet or be merged into the default configuration.
> 
> Hi, IMHO this should be merged into the cip defconf. At least the non- arch
> specific features should be consistent across architectures.
> 
> Putting Nobuhiro in CC, as he maintains the cip kernel config.
> 

Yes, please send us patches.
There is no reason to distribute and manage CIP kernel configs.

Best regards,
  Nobuhiro

Re: [PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[Michael Adler]

Hi Nobuhiro,

thanks for your reply.

> Yes, please send us patches.
> There is no reason to distribute and manage CIP kernel configs.

I was hoping you could incorporate the options (which I sent in this patch) because I'm not really sure where to start:

- There seems to be a lot of duplication, even at the file level (e.g., `find . -name '*_defconfig' | xargs md5sum | awk '{ print $1; }' | sort | uniq -c`).
  Do you manage everything manually, or do you have scripts to automate the process?
- Device-specific configs include non-device settings (e.g., cgroups, filesystems). In which file should the container settings go? cip_merged_defconfig or is that file auto-generated?
- There are kernel versions listed that were never LTS upstream (e.g., 6.11, 6.13). Are these versions officially supported by CIP?

Kind Regards,
  Michael

-- 
Michael Adler

Siemens AG
Technology
Connectivity & Edge
Open Source Embedded Systems
FT RPD CED OES-DE
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann
Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive
Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese;
Registered offices: Berlin and Munich, Germany; Commercial registries:
Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

RE: [PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[nobuhiro1.iwamatsu]

Hi Michael,

> I was hoping you could incorporate the options (which I sent in this patch)
> because I'm not really sure where to start:
> 
> - There seems to be a lot of duplication, even at the file level (e.g., `find . -name
> '*_defconfig' | xargs md5sum | awk '{ print $1; }' | sort | uniq -c`).
>   Do you manage everything manually, or do you have scripts to automate the
> process?

The kernel configurations without merged_defconfig currently maintained in the repository
are hardware-specific and submitted by the company that provided the hardware. Therefore,
there is no script.

> - Device-specific configs include non-device settings (e.g., cgroups,
> filesystems). In which file should the container settings go?
> cip_merged_defconfig or is that file auto-generated?

In my opinion, it is better to create a separate config for containers from cip_merged_defconfig
first. For example, “cip_container_defconfig”. Because cip_merged_defconfig contains many
configurations that depend on a specific CIP reference HW.
In the future, it could be combined with cip_merged_defconfig for build resources and testing.

> - There are kernel versions listed that were never LTS upstream (e.g., 6.11, 6.13).
> Are these versions officially supported by CIP?
>

No, 6.11 and other configurations exist for use in past CI's (they were removed from the
repository yesterday). Please ignore CIP kernels and non-LTS versions.

First, could you create a config for the container, as wrote above?]

Best regards,
  Nobuhiro
> -----Original Message-----
> From: Michael Adler <michael.adler@siemens.com>
> Sent: Tuesday, January 28, 2025 6:44 PM
> To: iwamatsu nobuhiro(岩松 信洋 ○ＤＩＴＣ□ＤＩＴ○ＯＳＴ)
> <nobuhiro1.iwamatsu@toshiba.co.jp>; felix.moessbauer@siemens.com;
> cip-dev@lists.cip-project.org
> Subject: Re: [PATCH 0/1] linux-cip: add kernel config snippet for container
> compatibility
> 
> Hi Nobuhiro,
> 
> thanks for your reply.
> 
> > Yes, please send us patches.
> > There is no reason to distribute and manage CIP kernel configs.
> 
> I was hoping you could incorporate the options (which I sent in this patch)
> because I'm not really sure where to start:
> 
> - There seems to be a lot of duplication, even at the file level (e.g., `find . -name
> '*_defconfig' | xargs md5sum | awk '{ print $1; }' | sort | uniq -c`).
>   Do you manage everything manually, or do you have scripts to automate the
> process?
> - Device-specific configs include non-device settings (e.g., cgroups,
> filesystems). In which file should the container settings go?
> cip_merged_defconfig or is that file auto-generated?
> - There are kernel versions listed that were never LTS upstream (e.g., 6.11, 6.13).
> Are these versions officially supported by CIP?
> 
> Kind Regards,
>   Michael
> 
> --
> Michael Adler
> 
> Siemens AG
> Technology
> Connectivity & Edge
> Open Source Embedded Systems
> FT RPD CED OES-DE
> Friedrich-Ludwig-Bauer-Str. 3
> 85748 Garching, Germany
> 
> Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim
> Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and
> Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas,
> Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial
> registries:
> Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE
> 23691322

Re: [PATCH 0/1] linux-cip: add kernel config snippet for container compatibility

[Michael Adler]

Hi Nobuhiro,

> First, could you create a config for the container, as wrote above?]

I'm not sure if I understood you correctly, but here we go anyway:

https://gitlab.com/cip-project/cip-kernel/cip-kernel-config/-/merge_requests/112

Here's how I created the config:

- took cip_merged_defconfig
- appended the options from my container.cfg
- removed duplicates

If that's alright, I will go ahead and do the same for the other kernel
versions.

Kind regards,
  Michael

-- 
Michael Adler

Siemens AG
Technology
Connectivity & Edge
Open Source Embedded Systems
FT RPD CED OES-DE
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann
Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive
Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese;
Registered offices: Berlin and Munich, Germany; Commercial registries:
Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322