[request] mbedtls: add options to customize build with config.py for size optimization #29678
Description
Package
- Package Name/Version: mbedtls/3.6.5 (or latest)
Proposal
Currently, the mbedtls recipe builds the library with the default full configuration, which includes all features (TLS, X.509, all crypto algorithms). In resource-constrained environments (e.g., embedded systems), it's desirable to disable unused features to reduce code size.
Mbed TLS provides a scripts/config.py script that can manipulate the configuration file before building. The recipe should expose options to leverage this script, allowing users to customize the build.
Suggested method
I propose adding the following options to the recipe:
-
enable_tls,enable_x509,enable_...: boolean
Alternatively, finer-grained options could map toconfig.py set/unsetcommands. For example, setting-o mbedtls:enable_tls=Falsewould runscripts/config.py unset MBEDTLS_SSL_TLS_Cand its dependencies. -
config_profile: string (default: "full")
Values could be "full", "baremetal", "minimal", or a custom name corresponding to a preset configuration file provided by Mbed TLS (e.g.,config-baremetal.h). The recipe would then runscripts/config.pywith the appropriate preset before building.
Implementation Idea
In the source() or build() method of the recipe, after extracting sources, we could call python scripts/config.py based on the selected options to modify config.h. The exact command sequence would depend on the chosen options.
Motivation
This enhancement would make mbedtls packages more flexible for various deployment scenarios, especially in embedded and IoT contexts where binary size matters