Improving custom configuration for alternate kernels

jchw · May 11, 2024, 1:09pm

An acquaintance was having trouble getting custom kernel configuration to work on NixOS when they used anything other than stock kernels, e.g. Linux-libre. boot.kernelPatches was being set, but it just didn’t seem to get plumbed through. After some digging, I figured out why: Setting boot.kernelPackages = pkgs.linuxPackages_latest-libre; will cause boot.kernelPatches to do nothing: changing it won’t even cause a rebuild. The reason why is because of how boot.kernelPatches gets applied:

      apply = kernelPackages: kernelPackages.extend (self: super: {
        kernel = super.kernel.override (originalArgs: {
          inherit randstructSeed;
          kernelPatches = (originalArgs.kernelPatches or []) ++ kernelPatches;
          features = lib.recursiveUpdate super.kernel.features features;
        });
      });

When using Linux-libre this just silently does absolutely nothing, because deblobKernel calls callPackage which of course calls callPackageWith that calls makeOverridable, so when we try to override the kernel we’re really overriding the linux-libre wrapper and the arguments go silently unused.

This is pretty unfortunate. Anybody have suggestions? I think it’d be great to prevent future pain here. Here’s what I’ve thought of so far:

Remove callPackage usage. Works but not ideal. Doesn’t prevent users from accidentally running into the same problem with their own kernel overrides.
Carry kernelPatches forward. I guess this would make boot.kernelPatches function but it seems even more confusing because you wouldn’t be able to see or modify the kernelPatches that the Linux kernel derivation itself has. Also doesn’t stop the user from making the same mistake.
Spitballing, but… somehow copy override to overrideKernel for kernels? I am not 100% sure if this works and isn’t broken, but the idea is that no matter how many times makeOverridable gets called, it would still be possible to access the original override for the kernel derivation itself.

I would love to get this fixed in a future NixOS release…

P.S.: It also is probably worth mentioning that if you make a typo in boot.kernelPatches, e.g. structuredExtraConfig instead of extraStructuredConfig, it also doesn’t cause an error. I’m guessing that’s because the type of boot.kernelPatches is type = types.listOf types.attrs and so extra unused attributes don’t cause any errors. I don’t have advanced enough knowledge of the type-checking logic to try to fix this, but that too would be a great rough edge to smooth out.

amjoseph · May 11, 2024, 1:56pm

Yes, this drives me nuts too. I opened a PR to fix it a year ago:

github.com/NixOS/nixpkgs

linux/kernel/generic.nix: assert if constraints would be ignored

NixOS:master ←

opened 07:06PM - 24 Apr 23 UTC

ghost

+8 -1

###### Description of changes There appears to be a real mess with the naming o…f the attribute which contains structured extra configuration: - Nixpkgs' linux kernel expression uses structuredExtraConfig. - NixOS uses extraStructuredConfig. - Nixpkgs' kernelPatches use extraStructuredConfig. At the moment, if the user uses the wrong convention the configuration constraints are silently dropped. Let's `assert` instead so they at least know that their request isn't being respected. We can try to harmonize the naming later.  ###### Things done - Built on platform(s) - [ ] x86_64-linux - [ ] aarch64-linux - [ ] x86_64-darwin - [ ] aarch64-darwin - [ ] For non-Linux: Is `sandbox = true` set in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html)) - [ ] Tested, as applicable: - [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) - and/or [package tests](https://nixos.org/manual/nixpkgs/unstable/#sec-package-tests) - or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test) - made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages - [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage) - [ ] Tested basic functionality of all binary files (usually in `./result/bin/`) - [23.05 Release Notes (or backporting 22.11 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2305-release-notes) - [ ] (Package updates) Added a release notes entry if the change is major or breaking - [ ] (Module updates) Added a release notes entry if the change is significant - [ ] (Module addition) Added a release notes entry if adding a new NixOS module - [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).

and the response I got from the package maintainer was… basically bikeshedding over which of the two spellings was better than the other. Which kinda misses the point that whichever one we pick, there needs to be an error or other feedback if the user uses the other one by mistake.

The nixpkgs kernel expressions have been a source of frustration for me for a long time. Part of the problem is that we never built a declarative eval-time interface to Kconfig… the constraints are known only to a perl script which doesn’t run until build time. The solution to this is kconfig-cli; when it’s ready I plan to start over with new kernel expressions; I think the current ones are beyond hope of salvaging.

jade · May 11, 2024, 9:19pm

is there somewhere i can read more about this? it sounds exciting!