Let user select configs without absolute path

[dmknght]

System info:

Parrot OS 5.0, python 3
kconfig-hardened-check version 5.14
I've tried all options in help menu and I didn't find anything similar to my idea

Idea

1. Create an option to list all config. Maybe it supports search as well.
2. Let user select module without absolute path. For example, when I do Debian packaging for this tool, the configs are at /usr/lib/python3/dist-packages/kconfig_hardened_check/config_files/ and users don't know where to search configs / modules.
   Solution:
3. Add a __init__.py file into config_files. By this, folder configs is a module of the whole project.
4. You can do from kconfig-hardnerned-check.<any path> import config_files. Absolute path of the module will be config_files.__path__[0]
5. All modules are listed by walk_dir(config_files.__path__[0]). By this, you can have an option in argv to list all configs
6. When user provide -c flag, like -c distros/debian.config, absolute path is merged with config_files.__path__[0] so there's no need to know absolute path.

[a13xp0p0v]

Hello @dmknght,

Thanks for writing!

Actually, the config files in kconfig_hardened_check/config_files/ are provided as examples that are used for developing and testing of this tool. These configs are updated not that often, they don't cover all major distros.

The main use case for users is to check their own kernel config. The example from Fedora:

./bin/kconfig-hardened-check -c /boot/config-5.16.11-100.fc34.x86_64

So I don't think users care about the location of these example config files. How do you think?

[dmknght]

Hello @dmknght,

Thanks for writing!

Actually, the config files in kconfig_hardened_check/config_files/ are provided as examples that are used for developing and testing of this tool. These configs are updated not that often, they don't cover all major distros.

The main use case for users is to check their own kernel config. The example from Fedora:

./bin/kconfig-hardened-check -c /boot/config-5.16.11-100.fc34.x86_64

So I don't think users care about the location of these example config files. How do you think?

Hello! Sorry for very late reply. I had issue with my mail notification LuL. Anyway, I think that's a very interesting point that i didn't know. In this case, I think kconfig-hardened-check can have a flag like auto check to do the command automatically. The workflow is like:

1. Check if there is config file that matches kernel version at /boot/
2. If exists, run the system check automatically
3. If doesn't exists, tells user to try some examples. In this case, i think absolute path of examples is needed.

What do you think about this? To me I think it's easier to user to just do run and read the result without thinking about wrong profiles.

[Bernhard40]

Some distros don't expose kernel config at /boot and I don't see why average user would be interested in checking example config which is probably totally unrelated to their system.

[a13xp0p0v]

I agree with @Bernhard40.

@dmknght, I would avoid adding the code for searching the kernel config on a local machine.

Moreover, Linux kernel developers often use the kconfig-hardened-check tool for the configs of the kernels that they develop (not the config of the local machine).

Thanks!

[dmknght]

@dmknght, I would avoid adding the code for searching the kernel config on a local machine.

Well it's not that hard. From what i checked, you just need to get kernel version, and map the path /boot/config-<kernel version>

Moreover, Linux kernel developers often use the kconfig-hardened-check tool for the configs of the kernels that they develop (not the config of the local machine).
Well i see. So i guess I can close the issue now because the scope is different.