Modularize build system with Kconfig integration

This splits monolithic Makefile into mk/ fragments (toolchain, features,
deps, tests, format) and add Kconfiglib-based configuration via 'make
config' (interactive menuconfig) or 'make defconfig'.

Features (SLIRP networking, web observatory) are enabled by default and
toggled via CONFIG_HAS_WEB in .config. The build mode (debug/release) is
also configurable through Kconfig.

Kconfiglib is fetched on demand from sysprog21/Kconfiglib via shallow
clone into tools/kconfig/, cleaned by 'make distclean'.

Change-Id: I719856353c77c9c69872b9180fa6d6296b732a6c

Author: jserv

.github/workflows/build-kbox.yml

@@ -55,6 +55,9 @@ jobs:
             deps/
           key: rootfs-${{ hashFiles('scripts/alpine-sha256.txt', 'scripts/mkrootfs.sh', 'tests/guest/*.c', 'tests/stress/*.c', 'Makefile') }}
 
+      - name: Configure (defconfig)
+        run: make defconfig
+
       - name: Build kbox (debug + ASAN/UBSAN)
         run: make -j$(nproc)
 

.gitignore

@@ -1,4 +1,5 @@
 *.o
+*.d
 *.dSYM/
 *.ext4
 /kbox
@@ -7,6 +8,9 @@ deps/
 lkl-x86_64/
 lkl-aarch64/
 externals/minislirp/
+tools/kconfig/
+.config
+.config.old
 target/
 tests/guest/*-test
 !tests/guest/*-test.c

Makefile

@@ -1,264 +1,116 @@
-# kbox - Linux kernel as a library, rootless chroot via seccomp-unotify
-# Build: make [BUILD=release]
-# Test:  make check
-
-CC       ?= gcc
-CFLAGS   ?=
-LDFLAGS  ?=
-BUILD    ?= debug
-
-ARCH ?= $(shell uname -m)
-
-CFLAGS  += -std=gnu11 -D_GNU_SOURCE -Wall -Wextra -Wpedantic -Wshadow
-CFLAGS  += -Wno-unused-parameter
-CFLAGS  += -Iinclude -Isrc
-
-ifeq ($(BUILD),release)
-  CFLAGS  += -O2 -DNDEBUG
-else
-  CFLAGS  += -O0 -g3 -fsanitize=address,undefined -fno-omit-frame-pointer
-  LDFLAGS += -fsanitize=address,undefined
-endif
-
-# LKL library
-LKL_DIR  ?= lkl-$(ARCH)
-LKL_LIB   = $(LKL_DIR)/liblkl.a
-
-LDFLAGS += -L$(LKL_DIR) -L$(LKL_DIR)/lib
-LDLIBS   = -llkl -lpthread -ldl -lm -lrt
-
-# Optional: SLIRP networking (set KBOX_HAS_SLIRP=1 to enable)
-ifdef KBOX_HAS_SLIRP
-  SLIRP_DIR  = externals/minislirp
-  SLIRP_HDR  = $(SLIRP_DIR)/src/libslirp.h
-  CFLAGS    += -DKBOX_HAS_SLIRP -I$(SLIRP_DIR)/src
-  SLIRP_SRCS = $(wildcard $(SLIRP_DIR)/src/*.c)
-  SLIRP_OBJS = $(SLIRP_SRCS:.c=.o)
-endif
-
-# Optional: Web observatory (set KBOX_HAS_WEB=1 to enable)
-ifdef KBOX_HAS_WEB
-  CFLAGS    += -DKBOX_HAS_WEB
-  WEB_ASSET_SRC = $(SRC_DIR)/web-assets.c
+# Build:  make [BUILD=release]
+# Config: make config       (interactive menuconfig)
+#         make defconfig    (all features enabled)
+# Test:   make check
+
+.DEFAULT_GOAL := all
+
+# Kconfig integration
+
+KCONFIG_DIR  := tools/kconfig
+KCONFIG_CONF := configs/Kconfig
+
+# Load configuration (safe include -- no error if .config is absent)
+-include .config
+
+# Targets that don't require .config
+CONFIG_TARGETS    := config defconfig oldconfig savedefconfig clean distclean indent \
+                     check-unit fetch-lkl fetch-minislirp install-hooks \
+                     guest-bins stress-bins rootfs
+CONFIG_GENERATORS := config defconfig oldconfig
+
+# Require .config for build targets.
+# Note: 'make defconfig && make' is the correct two-step sequence.
+# 'make defconfig all' does NOT work because .config is parsed at
+# Make startup, before any recipe runs.
+BUILD_GOALS    := $(filter-out $(CONFIG_TARGETS),$(or $(MAKECMDGOALS),all))
+HAS_CONFIG_GEN := $(filter $(CONFIG_GENERATORS),$(MAKECMDGOALS))
+ifneq ($(BUILD_GOALS),)
+ifeq ($(HAS_CONFIG_GEN),)
+ifeq ($(wildcard .config),)
+    $(info )
+    $(info *** Configuration file ".config" not found!)
+    $(info *** Please run 'make config' or 'make defconfig' first.)
+    $(info )
+    $(error Configuration required)
 endif
-
-# Source files
-SRC_DIR  = src
-SRCS     = $(SRC_DIR)/main.c \
-           $(SRC_DIR)/cli.c \
-           $(SRC_DIR)/syscall-nr.c \
-           $(SRC_DIR)/lkl-wrap.c \
-           $(SRC_DIR)/fd-table.c \
-           $(SRC_DIR)/procmem.c \
-           $(SRC_DIR)/path.c \
-           $(SRC_DIR)/identity.c \
-           $(SRC_DIR)/elf.c \
-           $(SRC_DIR)/mount.c \
-           $(SRC_DIR)/probe.c \
-           $(SRC_DIR)/image.c \
-           $(SRC_DIR)/seccomp-bpf.c \
-           $(SRC_DIR)/seccomp-notify.c \
-           $(SRC_DIR)/shadow-fd.c \
-           $(SRC_DIR)/seccomp-dispatch.c \
-           $(SRC_DIR)/seccomp-supervisor.c \
-           $(SRC_DIR)/net-slirp.c \
-           $(SRC_DIR)/web-telemetry.c \
-           $(SRC_DIR)/web-events.c \
-           $(SRC_DIR)/web-server.c
-
-ifdef KBOX_HAS_WEB
-  SRCS    += $(WEB_ASSET_SRC)
 endif
-
-ifdef KBOX_HAS_SLIRP
-  SRCS    += $(SLIRP_SRCS)
 endif
 
-OBJS     = $(SRCS:.c=.o)
-TARGET   = kbox
-
-# Unit test files (no LKL dependency)
-TEST_DIR   = tests/unit
-TEST_SRCS  = $(TEST_DIR)/test-runner.c \
-             $(TEST_DIR)/test-fd-table.c \
-             $(TEST_DIR)/test-path.c \
-             $(TEST_DIR)/test-identity.c \
-             $(TEST_DIR)/test-syscall-nr.c \
-             $(TEST_DIR)/test-elf.c
-
-# Unit tests link only the pure-computation sources (no LKL)
-TEST_SUPPORT_SRCS = $(SRC_DIR)/fd-table.c \
-                    $(SRC_DIR)/path.c \
-                    $(SRC_DIR)/identity.c \
-                    $(SRC_DIR)/syscall-nr.c \
-                    $(SRC_DIR)/elf.c
-
-TEST_OBJS    = $(TEST_SRCS:.c=.o) $(TEST_SUPPORT_SRCS:.c=.o)
-TEST_TARGET  = tests/unit/test-runner
-
-# Guest test programs (compiled statically, run inside kbox)
-GUEST_DIR    = tests/guest
-GUEST_SRCS   = $(wildcard $(GUEST_DIR)/*-test.c)
-GUEST_BINS   = $(GUEST_SRCS:.c=)
-
-# Stress test programs (compiled statically, run inside kbox)
-STRESS_DIR   = tests/stress
-STRESS_SRCS  = $(wildcard $(STRESS_DIR)/*.c)
-STRESS_BINS  = $(STRESS_SRCS:.c=)
+# Include modular build fragments
+include mk/toolchain.mk
+include mk/features.mk
+include mk/deps.mk
+include mk/tests.mk
+include mk/format.mk
 
-# Rootfs image
-ROOTFS       = alpine.ext4
-
-# ---- Top-level targets ----
-
-.PHONY: all clean check check-unit check-integration check-stress guest-bins stress-bins rootfs fetch-lkl fetch-minislirp install-hooks web-assets indent
+# Top-level targets
+.PHONY: all clean distclean config defconfig oldconfig savedefconfig install-hooks
 
 all: $(TARGET)
-ifneq ($(wildcard .git),)
+ifneq ($(wildcard .git/hooks),)
 all: | .git/hooks/pre-commit
 endif
 
-$(TARGET): $(OBJS) | $(LKL_LIB)
-	$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+$(TARGET): $(OBJS) $(LKL_LIB)
+	@echo "  LD      $@"
+	$(Q)$(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+
+# Rebuild all objects when .config changes (CFLAGS may differ).
+$(OBJS): $(wildcard .config)
 
 %.o: %.c
-	$(CC) $(CFLAGS) -c -o $@ $<
+	@echo "  CC      $<"
+	$(Q)$(CC) $(CFLAGS) -MMD -MP -c -o $@ $<
 
 # Auto-install git hooks on first build (skipped in worktrees where .git is a file).
 .git/hooks/pre-commit: scripts/pre-commit.hook
-	@if [ -d .git/hooks ]; then $(MAKE) -s install-hooks; fi
-
-# Auto-fetch LKL if missing
-$(LKL_LIB):
-	@echo "LKL library not found at $(LKL_DIR). Fetching..."
-	./scripts/fetch-lkl.sh $(ARCH)
-
-# Auto-fetch minislirp if missing (shallow clone, no submodule).
-# $(wildcard) evaluates at parse time, so if minislirp has not been
-# fetched yet SLIRP_SRCS is empty.  Guard: fetch and re-exec make so
-# the wildcard picks up the newly-cloned sources.
-ifdef KBOX_HAS_SLIRP
-# Auto-fetch minislirp if the header is missing and a build target
-# was requested (skip for clean/fetch-only goals).
-ifneq ($(filter clean,$(MAKECMDGOALS)),clean)
-ifeq ($(wildcard $(SLIRP_HDR)),)
-$(shell ./scripts/fetch-minislirp.sh >&2)
-SLIRP_SRCS = $(wildcard $(SLIRP_DIR)/src/*.c)
-SLIRP_OBJS = $(SLIRP_SRCS:.c=.o)
-endif
-endif
-
-fetch-minislirp:
-	./scripts/fetch-minislirp.sh
-endif
-
-# ---- Test targets ----
-
-check: check-unit check-integration check-stress
-
-check-unit: $(TEST_TARGET)
-	./$(TEST_TARGET)
-
-# Unit tests are built WITHOUT linking LKL.
-# We define LKL stubs for functions referenced by test support code.
-$(TEST_TARGET): $(TEST_SRCS) $(TEST_SUPPORT_SRCS)
-	$(CC) $(CFLAGS) -DKBOX_UNIT_TEST -o $@ $^ $(LDFLAGS)
-
-check-integration: $(TARGET) guest-bins stress-bins $(ROOTFS)
-	./scripts/run-tests.sh ./$(TARGET) $(ROOTFS)
-
-check-stress: $(TARGET) stress-bins $(ROOTFS)
-	./scripts/run-stress.sh ./$(TARGET) $(ROOTFS) || \
-	  echo "(stress test failures are non-blocking -- see TODO.md)"
-
-# ---- Guest / stress binaries (static, no ASAN) ----
-# These are cross-compiled on Linux and placed into the rootfs.
-# They must be statically linked and cannot use sanitizers.
-
-guest-bins: $(GUEST_BINS)
-
-$(GUEST_DIR)/%-test: $(GUEST_DIR)/%-test.c
-	$(CC) -std=gnu11 -Wall -Wextra -O2 -static -o $@ $<
+	$(Q)if [ -d .git/hooks ]; then $(MAKE) install-hooks; fi
 
-stress-bins: $(STRESS_BINS)
-
-$(STRESS_DIR)/%: $(STRESS_DIR)/%.c
-	$(CC) -std=gnu11 -Wall -Wextra -O2 -static -pthread -o $@ $<
-
-# ---- Rootfs ----
-
-rootfs: $(ROOTFS)
-
-$(ROOTFS): scripts/mkrootfs.sh scripts/alpine-sha256.txt $(GUEST_BINS) $(STRESS_BINS)
-	ALPINE_ARCH=$(ARCH) ./scripts/mkrootfs.sh
-
-# ---- Utilities ----
-
-# Fetch LKL from nightly release if not cached locally.
-# To force re-download: rm -rf lkl-x86_64 && make fetch-lkl
-fetch-lkl:
-	./scripts/fetch-lkl.sh $(ARCH)
-
-# Install git hooks from scripts/*.hook into .git/hooks/.
-# Skips hooks that already exist (preserves user customizations).
 install-hooks:
-	@for hook in scripts/*.hook; do \
+	$(Q)for hook in scripts/*.hook; do \
 	    name=$$(basename "$$hook" .hook); \
 	    if [ ! -e .git/hooks/"$$name" ] && [ ! -L .git/hooks/"$$name" ]; then \
 	        ln -s ../../"$$hook" .git/hooks/"$$name"; \
 	        echo "Installed $$name hook"; \
 	    fi; \
 	done
 
-# Generate compiled-in web assets from web/ directory.
-# Re-run when any web/ file changes.
-ifdef KBOX_HAS_WEB
-WEB_SRCS_ALL = $(shell find web -type f \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' \) 2>/dev/null)
-$(WEB_ASSET_SRC): $(WEB_SRCS_ALL) scripts/gen-web-assets.sh
-	./scripts/gen-web-assets.sh
-web-assets: $(WEB_ASSET_SRC)
-endif
+# Kconfig targets
 
-# ---- Formatting ----
+# Fetch Kconfiglib on demand, then run the appropriate tool.
+config: | $(KCONFIG_DIR)/menuconfig.py
+	$(Q)KCONFIG_CONFIG=.config python3 $(KCONFIG_DIR)/menuconfig.py $(KCONFIG_CONF)
+	@echo "  CONFIG  .config"
 
-CLANG_FORMAT := $(shell command -v clang-format-20 2>/dev/null || \
-                        command -v clang-format 2>/dev/null)
-SHFMT        := shfmt
-BLACK        := black
+defconfig: | $(KCONFIG_DIR)/menuconfig.py
+	@echo "  CONFIG  defconfig"
+	$(Q)KCONFIG_CONFIG=.config python3 $(KCONFIG_DIR)/defconfig.py --kconfig $(KCONFIG_CONF) configs/defconfig
 
-C_SRCS_FMT  := $(wildcard src/*.c src/*.h include/kbox/*.h \
-                tests/unit/*.c tests/unit/*.h \
-                tests/guest/*.c tests/stress/*.c)
-SH_SRCS_FMT := $(wildcard scripts/*.sh)
-PY_SRCS_FMT := $(wildcard scripts/gdb/*.py)
+oldconfig: | $(KCONFIG_DIR)/menuconfig.py
+	@echo "  CONFIG  oldconfig"
+	$(Q)KCONFIG_CONFIG=.config python3 $(KCONFIG_DIR)/oldconfig.py $(KCONFIG_CONF)
 
-indent:
-ifeq ($(CLANG_FORMAT),)
-	$(error clang-format not found; install clang-format or clang-format-20)
-endif
-	@$(CLANG_FORMAT) --version | grep -q 'version 20' || \
-	  { echo "error: clang-format version 20 required"; exit 1; }
-	$(CLANG_FORMAT) -i $(C_SRCS_FMT)
-	$(SHFMT) -i 4 -fn -ci -sr -bn -w $(SH_SRCS_FMT)
-	$(BLACK) -q $(PY_SRCS_FMT)
+savedefconfig: | $(KCONFIG_DIR)/menuconfig.py
+	@echo "  CONFIG  savedefconfig"
+	$(Q)KCONFIG_CONFIG=.config python3 $(KCONFIG_DIR)/savedefconfig.py --kconfig $(KCONFIG_CONF) --out configs/defconfig
 
-clean:
-	rm -f $(OBJS) $(TARGET) $(TEST_TARGET) $(TEST_DIR)/*.o
-	rm -f src/*.o src/web-assets.c
-	rm -f $(GUEST_BINS) $(STRESS_BINS)
+$(KCONFIG_DIR)/menuconfig.py:
+	@echo "  FETCH   kconfiglib"
+	$(Q)scripts/fetch-kconfiglib.sh
+
+# Clean
 
-# ---- Dependencies ----
-# Auto-generate with gcc -MM if needed; keep it simple for now.
-$(SRC_DIR)/main.o: include/kbox/cli.h include/kbox/image.h
-$(SRC_DIR)/cli.o: include/kbox/cli.h
-$(SRC_DIR)/probe.o: include/kbox/probe.h src/seccomp-defs.h
-$(SRC_DIR)/image.o: include/kbox/image.h include/kbox/mount.h include/kbox/identity.h include/kbox/probe.h src/lkl-wrap.h src/net.h src/seccomp.h src/shadow-fd.h
-$(SRC_DIR)/shadow-fd.o: src/shadow-fd.h src/lkl-wrap.h src/syscall-nr.h
-$(SRC_DIR)/seccomp-dispatch.o: src/seccomp.h src/seccomp-defs.h src/fd-table.h src/lkl-wrap.h src/procmem.h include/kbox/path.h include/kbox/identity.h src/shadow-fd.h src/net.h
-$(SRC_DIR)/seccomp-supervisor.o: src/seccomp.h src/seccomp-defs.h src/syscall-nr.h
-$(SRC_DIR)/seccomp-bpf.o: src/seccomp.h src/seccomp-defs.h src/syscall-nr.h
-$(SRC_DIR)/seccomp-notify.o: src/seccomp.h src/seccomp-defs.h
-$(SRC_DIR)/net-slirp.o: src/net.h src/lkl-wrap.h src/syscall-nr.h
-$(SRC_DIR)/web-telemetry.o: src/web.h src/lkl-wrap.h src/syscall-nr.h
-$(SRC_DIR)/web-events.o: src/web.h
-$(SRC_DIR)/web-server.o: src/web.h src/fd-table.h src/lkl-wrap.h src/syscall-nr.h
+clean:
+	@echo "  CLEAN"
+	$(Q)rm -f $(OBJS) $(OBJS:.o=.d) $(TARGET) $(TEST_TARGET) $(TEST_DIR)/*.o
+	$(Q)rm -f src/*.o src/*.d src/web-assets.c
+	$(Q)rm -f $(GUEST_BINS) $(STRESS_BINS)
+
+distclean: clean
+	@echo "  CLEAN   distclean"
+	$(Q)rm -f .config .config.old
+	$(Q)rm -rf $(KCONFIG_DIR)
+
+# Auto-generated header dependencies (-MMD -MP writes .d alongside .o)
+-include $(OBJS:.o=.d)