Difference between revisions of "Building a Kernel from Source"

From Funtoo Linux
Jump to: navigation, search
(Created page with "Setting up a proper kernel yourself - tailored to your hardware and the funtoo way is somehow a kind of test, with which every funtoo linux user becomes a knight ;-) Even tho...")
 
Line 1: Line 1:
Setting up a proper kernel yourself - tailored to your hardware and the funtoo way is somehow a kind of test, with which every funtoo linux user becomes a knight ;-)
+
Setting up a proper kernel yourself - tailored to your hardware and this by the funtoo way is somehow a kind of test, with which every funtoo linux user becomes a knight ;-)
  
 
Even though many of us are using entreprise ready kernels in the operation centres, there is almost nobody who didn't (tried to) build a kernel for his Laptop / PC.
 
Even though many of us are using entreprise ready kernels in the operation centres, there is almost nobody who didn't (tried to) build a kernel for his Laptop / PC.
Line 10: Line 10:
 
'''assumptions'''
 
'''assumptions'''
 
You start from an installed funtoo system on the disk, or at least, you are on stage3 in a chrooted environment from a live cd, following somehow the Funto [[Installation (Tutorial)|Installation Tutorial]].
 
You start from an installed funtoo system on the disk, or at least, you are on stage3 in a chrooted environment from a live cd, following somehow the Funto [[Installation (Tutorial)|Installation Tutorial]].
 +
 +
In this usecase we are building a kernel that is booting root in LVM over encrypted LUKS container.
 +
If you don't have this setup, don't worry, you just don't need all modules, but everything else is similar.
 +
 +
 +
= Getting everything in order to start =
 +
 +
First there is the decision which linux kernel sources we need.
 +
There are plenty of repositories around, often it is not easy to distinct between them.
 +
 +
I would always trust my distribution of choice and take what is has to offer - and funtoo has a lot to offer!
 +
 +
== kernel sources ==
 +
We are going to use kernel sources from the funtoo git reository.
 +
 +
Which sources you like to use is upon you, and your needs.
 +
For my laptop or desktop system I am recommending either one of:
 +
 +
sys-kernel/pf-sources
 +
sys-kernel/ck-sources
 +
sys-kernel/gentoo-sources
 +
sys-kernel/git-sources
 +
sys-kernel/sysrescue-std-sources
 +
sys-kernel/debian-sources
 +
 +
Please, have a look in the ebuild description, look onto their homepage and take the one that suits you best!
 +
If you are unsure for now, use sys-kernel/gentoo-sources. That's always a save bet for a general system.
 +
 +
It is not a problem to have various kernels installed parallel, so go on with either one of them.
 +
 +
I am going to use the sys-kernel/pf-sources now, as I already had the gentoo-sources installed.
 +
 +
== prerequisites ==
 +
 +
I don't know which tools you have already installed, so here might some information be redundant.
 +
It doesn't harm to just copy and paste and do some steps again.
 +
 +
First, we look into our /etc/make.conf:
 +
 +
<pre>
 +
#These compiler flags are just tweaking (optimazation) and NOT necessary:
 +
CFLAGS="-O2 -pipe -march=native -ftracer -fforce-addr"
 +
CXXFLAGS="${CFLAGS} -fpermissive -fomit-frame-pointer"
 +
 +
KDIR=/usr/src/linux
 +
 +
KERNEL="symlink build"
 +
USE="$KERNEL ....here are your use flags...."
 +
## These modules are available:
 +
## DRACUT_MODULES="dracut_modules_biosdevname dracut_modules_btrfs dracut_modules_caps dracut_modules_crypt dracut_modules_crypt-gpg dracut_modules_dmraid dracut_modules_dmsquash-live dracut_modules_gensplash dracut_modules_iscsi dracut_modules_livenet dracut_modules_lvm dracut_modules_mdraid dracut_modules_multipath dracut_modules_nbd dracut_modules_nfs dracut_modules_plymouth dracut_modules_ssh-client dracut_modules_syslog"
 +
## We are using this ones:
 +
DRACUT_MODULES="dracut_modules_crypt dracut_modules_plymouth dracut_modules_dmraid dracut_modules_lvm"
 +
</pre>
 +
 +
Now we are setting the package keywords:
 +
<pre>
 +
/etc/portage/package.use/dracut:
 +
<console>
 +
sys-kernel/dracut dm net device-mapper crypt lvm
 +
</console>
 +
</pre>
 +
If you don't have lvm over encrypted LUKS you probably just add the "net" keyword here, or "selinux".
 +
 +
 +
After that we are going to build our packages:
 +
<console>
 +
emerge -av app-portage/gentoolkit sys-kernel/pf-sources sys-kernel/dracut sys-boot/plymouth sys-boot/plymouth-openrc-plugin
 +
</console>
 +
 +
Finished? Well, then let's go on and
 +
== build the kernel ==
 +
 +
We go to the sources directory
 +
<console>
 +
cd /usr/src/linux/
 +
 +
<pre>
 +
root@[~src/linux] # make clean
 +
  CLEAN  .
 +
  CLEAN  arch/x86/kernel/acpi/realmode
 +
  CLEAN  arch/x86/kernel/cpu
 +
  CLEAN  arch/x86/kernel
 +
  CLEAN  arch/x86/vdso
 +
  CLEAN  arch/x86/lib
 +
  CLEAN  drivers/gpu/drm/radeon
 +
  CLEAN  drivers/net/wan
 +
  CLEAN  drivers/scsi/aic7xxx
 +
  CLEAN  drivers/tty/vt
 +
  CLEAN  drivers/video/logo
 +
  CLEAN  firmware
 +
  CLEAN  kernel
 +
  CLEAN  lib/raid6
 +
  CLEAN  lib
 +
  CLEAN  security/apparmor
 +
  CLEAN  security/selinux
 +
  CLEAN  usr
 +
  CLEAN  arch/x86/boot/compressed
 +
  CLEAN  arch/x86/boot
 +
  CLEAN  .tmp_versions
 +
  CLEAN  vmlinux System.map .tmp_kallsyms2.S .tmp_kallsyms1.o .tmp_kallsyms2.o .tmp_kallsyms1.S .tmp_vmlinux1 .tmp_vmlinux2 .tmp_System.map
 +
</pre>
 +
 +
zcat /proc/config.gz > /usr/src/linux/.config
 +
 +
</console>
 +
 +
<pre>
 +
root@[~src/linux] # make localyesconfig
 +
 +
Enable different security models (SECURITY) [Y/n/?] y
 +
Enable the securityfs filesystem (SECURITYFS) [Y/?] y
 +
Socket and Networking Security Hooks (SECURITY_NETWORK) [Y/?] y
 +
Security hooks for pathname based access control (SECURITY_PATH) [Y/?] y
 +
Low address space for LSM to protect from user allocation (LSM_MMAP_MIN_ADDR) [65536] 65536
 +
NSA SELinux Support (SECURITY_SELINUX) [Y/n/?] y
 +
  NSA SELinux boot parameter (SECURITY_SELINUX_BOOTPARAM) [N/y/?] n
 +
  NSA SELinux runtime disable (SECURITY_SELINUX_DISABLE) [N/y/?] n
 +
  NSA SELinux Development Support (SECURITY_SELINUX_DEVELOP) [Y/n/?] y
 +
  NSA SELinux AVC Statistics (SECURITY_SELINUX_AVC_STATS) [Y/n/?] y
 +
  NSA SELinux checkreqprot default value (SECURITY_SELINUX_CHECKREQPROT_VALUE) [1] 1
 +
  NSA SELinux maximum supported policy format version (SECURITY_SELINUX_POLICYDB_VERSION_MAX) [Y/n/?] y
 +
    NSA SELinux maximum supported policy format version value (SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE) [19] 19
 +
TOMOYO Linux Support (SECURITY_TOMOYO) [Y/n/?] y
 +
  Default maximal count for learning mode (SECURITY_TOMOYO_MAX_ACCEPT_ENTRY) [2048] 2048
 +
  Default maximal count for audit log (SECURITY_TOMOYO_MAX_AUDIT_LOG) [1024] 1024
 +
  Activate without calling userspace policy loader. (SECURITY_TOMOYO_OMIT_USERSPACE_LOADER) [Y/n/?] y
 +
AppArmor support (SECURITY_APPARMOR) [Y/n/?] y
 +
  AppArmor boot parameter default value (SECURITY_APPARMOR_BOOTPARAM_VALUE) [1] 1
 +
Integrity Measurement Architecture(IMA) (IMA) [Y/n/?] y
 +
EVM support (EVM) [N/y/?] (NEW)
 +
Default security module
 +
  1. SELinux (DEFAULT_SECURITY_SELINUX)
 +
  2. TOMOYO (DEFAULT_SECURITY_TOMOYO)
 +
  3. AppArmor (DEFAULT_SECURITY_APPARMOR)
 +
> 4. Unix Discretionary Access Controls (DEFAULT_SECURITY_DAC)
 +
choice[1-4?]: 4
 +
warning: (ACPI_HOTPLUG_CPU) selects ACPI_CONTAINER which has unmet direct dependencies (ACPI && EXPERIMENTAL)
 +
warning: (MEDIA_TUNER) selects MEDIA_TUNER_TEA5761 which has unmet direct dependencies (MEDIA_SUPPORT && VIDEO_MEDIA && I2C && EXPERIMENTAL)
 +
#
 +
# configuration written to .config
 +
#
 +
warning: (GFS2_FS) selects DLM which has unmet direct dependencies (EXPERIMENTAL && INET && SYSFS && CONFIGFS_FS && (IPV6 || IPV6=n))
 +
warning: (IMA) selects TCG_TPM which has unmet direct dependencies (HAS_IOMEM && EXPERIMENTAL)
 +
warning: (MEDIA_TUNER) selects MEDIA_TUNER_TEA5761 which has unmet direct dependencies (MEDIA_SUPPORT && VIDEO_MEDIA && I2C && EXPERIMENTAL)
 +
warning: (ACPI_HOTPLUG_CPU) selects ACPI_CONTAINER which has unmet direct dependencies (ACPI && EXPERIMENTAL)
 +
root@[~src/linux] #
 +
 +
</pre>
 +
 +
make -j8  bzImage
 +
make -j8 modules
 +
make modules_install
 +
make install
 +
 +
dracut -f -v "" 3.2.6-pf
 +
 +
<pre>
 +
root@[~src/linux] # nano /etc/boot.conf
 +
 +
boot {
 +
        generate grub
 +
        default "Funtoo Linux"
 +
        timeout 3
 +
}
 +
 +
"Funtoo Linux" {
 +
        kernel vmlinuz[-v]
 +
        initrd initramfs[-v]
 +
        params = doluks crypt_root=/dev/sda3 rootfstype=ext4 dolvm root=/dev/mapper/$
 +
}
 +
</pre>
 +
That's it almost!
 +
<console>
 +
root@[~src/linux] # boot-update -v
 +
</console>

Revision as of 21:27, 4 March 2012

Setting up a proper kernel yourself - tailored to your hardware and this by the funtoo way is somehow a kind of test, with which every funtoo linux user becomes a knight ;-)

Even though many of us are using entreprise ready kernels in the operation centres, there is almost nobody who didn't (tried to) build a kernel for his Laptop / PC.

minimum requirements You should understand the way how things work in a terminal and how to use an editor and tweak config files. This is crucial. You don't need much knowledge about the linux kernel and it's internals. Nevertheless, you have to know at least where the files are located, how they are used and what is the file logic behind the overall structure. Otherwise you should consider using a non source based linux distribution. If you are scared now, don't worry - we are going to build a kernel the funtoo way and you will pick up everthing necessary to accomplish this examination, step by step, so the next time you try it yourself and become a real funtoo buddy!

assumptions You start from an installed funtoo system on the disk, or at least, you are on stage3 in a chrooted environment from a live cd, following somehow the Funto Installation Tutorial.

In this usecase we are building a kernel that is booting root in LVM over encrypted LUKS container. If you don't have this setup, don't worry, you just don't need all modules, but everything else is similar.


Contents

Getting everything in order to start

First there is the decision which linux kernel sources we need. There are plenty of repositories around, often it is not easy to distinct between them.

I would always trust my distribution of choice and take what is has to offer - and funtoo has a lot to offer!

kernel sources

We are going to use kernel sources from the funtoo git reository.

Which sources you like to use is upon you, and your needs. For my laptop or desktop system I am recommending either one of:

sys-kernel/pf-sources sys-kernel/ck-sources sys-kernel/gentoo-sources sys-kernel/git-sources sys-kernel/sysrescue-std-sources sys-kernel/debian-sources

Please, have a look in the ebuild description, look onto their homepage and take the one that suits you best! If you are unsure for now, use sys-kernel/gentoo-sources. That's always a save bet for a general system.

It is not a problem to have various kernels installed parallel, so go on with either one of them.

I am going to use the sys-kernel/pf-sources now, as I already had the gentoo-sources installed.

prerequisites

I don't know which tools you have already installed, so here might some information be redundant. It doesn't harm to just copy and paste and do some steps again.

First, we look into our /etc/make.conf: 

#These compiler flags are just tweaking (optimazation) and NOT necessary:
CFLAGS="-O2 -pipe -march=native -ftracer -fforce-addr"
CXXFLAGS="${CFLAGS} -fpermissive -fomit-frame-pointer"

KDIR=/usr/src/linux

KERNEL="symlink build"
USE="$KERNEL ....here are your use flags...."
## These modules are available:
## DRACUT_MODULES="dracut_modules_biosdevname dracut_modules_btrfs dracut_modules_caps dracut_modules_crypt dracut_modules_crypt-gpg dracut_modules_dmraid dracut_modules_dmsquash-live dracut_modules_gensplash dracut_modules_iscsi dracut_modules_livenet dracut_modules_lvm dracut_modules_mdraid dracut_modules_multipath dracut_modules_nbd dracut_modules_nfs dracut_modules_plymouth dracut_modules_ssh-client dracut_modules_syslog"
## We are using this ones:
DRACUT_MODULES="dracut_modules_crypt dracut_modules_plymouth dracut_modules_dmraid dracut_modules_lvm"

Now we are setting the package keywords: 

/etc/portage/package.use/dracut:
<console>
sys-kernel/dracut dm net device-mapper crypt lvm
</console>

If you don't have lvm over encrypted LUKS you probably just add the "net" keyword here, or "selinux".


After that we are going to build our packages: 

emerge -av app-portage/gentoolkit sys-kernel/pf-sources sys-kernel/dracut sys-boot/plymouth sys-boot/plymouth-openrc-plugin

Finished? Well, then let's go on and

build the kernel

We go to the sources directory 

cd /usr/src/linux/

<pre>
root@[~src/linux] # make clean
  CLEAN   .
  CLEAN   arch/x86/kernel/acpi/realmode
  CLEAN   arch/x86/kernel/cpu
  CLEAN   arch/x86/kernel
  CLEAN   arch/x86/vdso
  CLEAN   arch/x86/lib
  CLEAN   drivers/gpu/drm/radeon
  CLEAN   drivers/net/wan
  CLEAN   drivers/scsi/aic7xxx
  CLEAN   drivers/tty/vt
  CLEAN   drivers/video/logo
  CLEAN   firmware
  CLEAN   kernel
  CLEAN   lib/raid6
  CLEAN   lib
  CLEAN   security/apparmor
  CLEAN   security/selinux
  CLEAN   usr
  CLEAN   arch/x86/boot/compressed
  CLEAN   arch/x86/boot
  CLEAN   .tmp_versions
  CLEAN   vmlinux System.map .tmp_kallsyms2.S .tmp_kallsyms1.o .tmp_kallsyms2.o .tmp_kallsyms1.S .tmp_vmlinux1 .tmp_vmlinux2 .tmp_System.map
</pre>

zcat /proc/config.gz > /usr/src/linux/.config


root@[~src/linux] # make localyesconfig

Enable different security models (SECURITY) [Y/n/?] y
Enable the securityfs filesystem (SECURITYFS) [Y/?] y
Socket and Networking Security Hooks (SECURITY_NETWORK) [Y/?] y
Security hooks for pathname based access control (SECURITY_PATH) [Y/?] y
Low address space for LSM to protect from user allocation (LSM_MMAP_MIN_ADDR) [65536] 65536
NSA SELinux Support (SECURITY_SELINUX) [Y/n/?] y
  NSA SELinux boot parameter (SECURITY_SELINUX_BOOTPARAM) [N/y/?] n
  NSA SELinux runtime disable (SECURITY_SELINUX_DISABLE) [N/y/?] n
  NSA SELinux Development Support (SECURITY_SELINUX_DEVELOP) [Y/n/?] y
  NSA SELinux AVC Statistics (SECURITY_SELINUX_AVC_STATS) [Y/n/?] y
  NSA SELinux checkreqprot default value (SECURITY_SELINUX_CHECKREQPROT_VALUE) [1] 1
  NSA SELinux maximum supported policy format version (SECURITY_SELINUX_POLICYDB_VERSION_MAX) [Y/n/?] y
    NSA SELinux maximum supported policy format version value (SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE) [19] 19
TOMOYO Linux Support (SECURITY_TOMOYO) [Y/n/?] y
  Default maximal count for learning mode (SECURITY_TOMOYO_MAX_ACCEPT_ENTRY) [2048] 2048
  Default maximal count for audit log (SECURITY_TOMOYO_MAX_AUDIT_LOG) [1024] 1024
  Activate without calling userspace policy loader. (SECURITY_TOMOYO_OMIT_USERSPACE_LOADER) [Y/n/?] y
AppArmor support (SECURITY_APPARMOR) [Y/n/?] y
  AppArmor boot parameter default value (SECURITY_APPARMOR_BOOTPARAM_VALUE) [1] 1
Integrity Measurement Architecture(IMA) (IMA) [Y/n/?] y
EVM support (EVM) [N/y/?] (NEW)
Default security module
  1. SELinux (DEFAULT_SECURITY_SELINUX)
  2. TOMOYO (DEFAULT_SECURITY_TOMOYO)
  3. AppArmor (DEFAULT_SECURITY_APPARMOR)
> 4. Unix Discretionary Access Controls (DEFAULT_SECURITY_DAC)
choice[1-4?]: 4
warning: (ACPI_HOTPLUG_CPU) selects ACPI_CONTAINER which has unmet direct dependencies (ACPI && EXPERIMENTAL)
warning: (MEDIA_TUNER) selects MEDIA_TUNER_TEA5761 which has unmet direct dependencies (MEDIA_SUPPORT && VIDEO_MEDIA && I2C && EXPERIMENTAL)
#
# configuration written to .config
#
warning: (GFS2_FS) selects DLM which has unmet direct dependencies (EXPERIMENTAL && INET && SYSFS && CONFIGFS_FS && (IPV6 || IPV6=n))
warning: (IMA) selects TCG_TPM which has unmet direct dependencies (HAS_IOMEM && EXPERIMENTAL)
warning: (MEDIA_TUNER) selects MEDIA_TUNER_TEA5761 which has unmet direct dependencies (MEDIA_SUPPORT && VIDEO_MEDIA && I2C && EXPERIMENTAL)
warning: (ACPI_HOTPLUG_CPU) selects ACPI_CONTAINER which has unmet direct dependencies (ACPI && EXPERIMENTAL)
root@[~src/linux] #

make -j8 bzImage make -j8 modules make modules_install make install

dracut -f -v "" 3.2.6-pf 

root@[~src/linux] # nano /etc/boot.conf

boot {
        generate grub
        default "Funtoo Linux"
        timeout 3
}

"Funtoo Linux" {
        kernel vmlinuz[-v]
        initrd initramfs[-v]
        params = doluks crypt_root=/dev/sda3 rootfstype=ext4 dolvm root=/dev/mapper/$
}

That's it almost! 

root@[~src/linux] # boot-update -v
Retrieved from "http://www.funtoo.org/index.php?title=Building_a_Kernel_from_Source&oldid=6912"
Personal tools
Namespaces

Variants
Actions
Categories
Toolbox
Stuff