Building a Kernel from Source
Setting up a proper kernel yourself - tailored to your hardware and this by the funtoo way is somehow a kind of test, with which every funtoo linux user becomes a knight ;-)
Even though many of us are using entreprise ready kernels in the operation centres, there is almost nobody who didn't (tried to) build a kernel for his Laptop / PC.
minimum requirements You should understand the way how things work in a terminal and how to use an editor and tweak config files. This is crucial. You don't need much knowledge about the linux kernel and it's internals. Nevertheless, you have to know at least where the files are located, how they are used and what is the file logic behind the overall structure. Otherwise you should consider using a non source based linux distribution. If you are scared now, don't worry - we are going to build a kernel the funtoo way and you will pick up everthing necessary to accomplish this examination, step by step, so the next time you try it yourself and become a real funtoo buddy!
assumptions You start from an installed funtoo system on the disk, or at least, you are on stage3 in a chrooted environment from a live cd, following somehow the Funto Installation Tutorial.
In this usecase we are building a kernel that is booting root in LVM over encrypted LUKS container. If you don't have this setup, don't worry, you just don't need all modules, but everything else is similar.
Contents |
Getting everything in order to start
First there is the decision which linux kernel sources we need. There are plenty of repositories around, often it is not easy to distinct between them.
I would always trust my distribution of choice and take what is has to offer - and funtoo has a lot to offer!
kernel sources
We are going to use kernel sources from the funtoo git reository.
Which sources you like to use is upon you, and your needs. For my laptop or desktop system I am recommending either one of:
sys-kernel/pf-sources sys-kernel/ck-sources sys-kernel/gentoo-sources sys-kernel/git-sources sys-kernel/sysrescue-std-sources sys-kernel/debian-sources
Please, have a look in the ebuild description, look onto their homepage and take the one that suits you best! If you are unsure for now, use sys-kernel/gentoo-sources. That's always a save bet for a general system.
It is not a problem to have various kernels installed parallel, so go on with either one of them.
I am going to use the sys-kernel/pf-sources now, as I already had the gentoo-sources installed.
prerequisites
I don't know which tools you have already installed, so here might some information be redundant. It doesn't harm to just copy and paste and do some steps again.
First, we look into our /etc/make.conf:
#These compiler flags are just tweaking (optimazation) and NOT necessary:
CFLAGS="-O2 -pipe -march=native -ftracer -fforce-addr"
CXXFLAGS="${CFLAGS} -fpermissive -fomit-frame-pointer"
KDIR=/usr/src/linux
KERNEL="symlink build"
USE="$KERNEL ....here are your use flags...."
## These modules are available:
## DRACUT_MODULES="dracut_modules_biosdevname dracut_modules_btrfs dracut_modules_caps dracut_modules_crypt dracut_modules_crypt-gpg dracut_modules_dmraid dracut_modules_dmsquash-live dracut_modules_gensplash dracut_modules_iscsi dracut_modules_livenet dracut_modules_lvm dracut_modules_mdraid dracut_modules_multipath dracut_modules_nbd dracut_modules_nfs dracut_modules_plymouth dracut_modules_ssh-client dracut_modules_syslog"
## We are using this ones:
DRACUT_MODULES="dracut_modules_crypt dracut_modules_plymouth dracut_modules_dmraid dracut_modules_lvm"
Now we are setting the package keywords:
/etc/portage/package.use/dracut: <console> sys-kernel/dracut dm net device-mapper crypt lvm </console>
If you don't have lvm over encrypted LUKS you probably just add the "net" keyword here, or "selinux".
After that we are going to build our packages:
emerge -av app-portage/gentoolkit sys-kernel/pf-sources sys-kernel/dracut sys-boot/plymouth sys-boot/plymouth-openrc-plugin
Finished? Well, then let's go on and
build the kernel
We go to the sources directory
cd /usr/src/linux/ <pre> root@[~src/linux] # make clean CLEAN . CLEAN arch/x86/kernel/acpi/realmode CLEAN arch/x86/kernel/cpu CLEAN arch/x86/kernel CLEAN arch/x86/vdso CLEAN arch/x86/lib CLEAN drivers/gpu/drm/radeon CLEAN drivers/net/wan CLEAN drivers/scsi/aic7xxx CLEAN drivers/tty/vt CLEAN drivers/video/logo CLEAN firmware CLEAN kernel CLEAN lib/raid6 CLEAN lib CLEAN security/apparmor CLEAN security/selinux CLEAN usr CLEAN arch/x86/boot/compressed CLEAN arch/x86/boot CLEAN .tmp_versions CLEAN vmlinux System.map .tmp_kallsyms2.S .tmp_kallsyms1.o .tmp_kallsyms2.o .tmp_kallsyms1.S .tmp_vmlinux1 .tmp_vmlinux2 .tmp_System.map </pre> zcat /proc/config.gz > /usr/src/linux/.config
root@[~src/linux] # make localyesconfig
Enable different security models (SECURITY) [Y/n/?] y
Enable the securityfs filesystem (SECURITYFS) [Y/?] y
Socket and Networking Security Hooks (SECURITY_NETWORK) [Y/?] y
Security hooks for pathname based access control (SECURITY_PATH) [Y/?] y
Low address space for LSM to protect from user allocation (LSM_MMAP_MIN_ADDR) [65536] 65536
NSA SELinux Support (SECURITY_SELINUX) [Y/n/?] y
NSA SELinux boot parameter (SECURITY_SELINUX_BOOTPARAM) [N/y/?] n
NSA SELinux runtime disable (SECURITY_SELINUX_DISABLE) [N/y/?] n
NSA SELinux Development Support (SECURITY_SELINUX_DEVELOP) [Y/n/?] y
NSA SELinux AVC Statistics (SECURITY_SELINUX_AVC_STATS) [Y/n/?] y
NSA SELinux checkreqprot default value (SECURITY_SELINUX_CHECKREQPROT_VALUE) [1] 1
NSA SELinux maximum supported policy format version (SECURITY_SELINUX_POLICYDB_VERSION_MAX) [Y/n/?] y
NSA SELinux maximum supported policy format version value (SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE) [19] 19
TOMOYO Linux Support (SECURITY_TOMOYO) [Y/n/?] y
Default maximal count for learning mode (SECURITY_TOMOYO_MAX_ACCEPT_ENTRY) [2048] 2048
Default maximal count for audit log (SECURITY_TOMOYO_MAX_AUDIT_LOG) [1024] 1024
Activate without calling userspace policy loader. (SECURITY_TOMOYO_OMIT_USERSPACE_LOADER) [Y/n/?] y
AppArmor support (SECURITY_APPARMOR) [Y/n/?] y
AppArmor boot parameter default value (SECURITY_APPARMOR_BOOTPARAM_VALUE) [1] 1
Integrity Measurement Architecture(IMA) (IMA) [Y/n/?] y
EVM support (EVM) [N/y/?] (NEW)
Default security module
1. SELinux (DEFAULT_SECURITY_SELINUX)
2. TOMOYO (DEFAULT_SECURITY_TOMOYO)
3. AppArmor (DEFAULT_SECURITY_APPARMOR)
> 4. Unix Discretionary Access Controls (DEFAULT_SECURITY_DAC)
choice[1-4?]: 4
warning: (ACPI_HOTPLUG_CPU) selects ACPI_CONTAINER which has unmet direct dependencies (ACPI && EXPERIMENTAL)
warning: (MEDIA_TUNER) selects MEDIA_TUNER_TEA5761 which has unmet direct dependencies (MEDIA_SUPPORT && VIDEO_MEDIA && I2C && EXPERIMENTAL)
#
# configuration written to .config
#
warning: (GFS2_FS) selects DLM which has unmet direct dependencies (EXPERIMENTAL && INET && SYSFS && CONFIGFS_FS && (IPV6 || IPV6=n))
warning: (IMA) selects TCG_TPM which has unmet direct dependencies (HAS_IOMEM && EXPERIMENTAL)
warning: (MEDIA_TUNER) selects MEDIA_TUNER_TEA5761 which has unmet direct dependencies (MEDIA_SUPPORT && VIDEO_MEDIA && I2C && EXPERIMENTAL)
warning: (ACPI_HOTPLUG_CPU) selects ACPI_CONTAINER which has unmet direct dependencies (ACPI && EXPERIMENTAL)
root@[~src/linux] #
make -j8 bzImage make -j8 modules make modules_install make install
dracut -f -v "" 3.2.6-pf
root@[~src/linux] # nano /etc/boot.conf
boot {
generate grub
default "Funtoo Linux"
timeout 3
}
"Funtoo Linux" {
kernel vmlinuz[-v]
initrd initramfs[-v]
params = doluks crypt_root=/dev/sda3 rootfstype=ext4 dolvm root=/dev/mapper/$
}
That's it almost!
root@[~src/linux] # boot-update -v
