2024/04/20 - Shortcut? - Debian Linux Kernel Handbook / Chapter 4. Common kernel-related tasks
Download the selected kernel tar and sign files
wget --no-check-certificate https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.8.4.tar.xz
wget --no-check-certificate https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.8.4.tar.sign
Decompress the kernel source
unxz /vagrant/linux-4.8.4.tar.xz
Confirm authenticity of the source:
sudo apt-get install dirmngr
gpg --keyserver hkp://keys.gnupg.net --recv-keys 38DBBDC86092693E
gpg --verify /vagrant/linux-4.8.4.tar.sign linux-4.8.4.tar
Untar the source:
tar xvf linux-4.8.4.tar
Copy over an existing Debian configuration file, in this case I am running Debian Stretch/Testing with the 4.7 kernel:
cd linux-4.8.4
cp /boot/config-4.7.0-1-amd64 .config
Install packages required for building the kernel, and creating a Debian compatible package:
sudo apt-get update
sudo apt-get install build-essential fakeroot rsync git
sudo apt-get install bc
sudo apt-get install libssl-dev
sudo apt-get install dpkg-dev
sudo apt-get install libncurses5-dev
sudo apt-get install kernel-package
sudo apt-get build-dep linux
With a new kernel comes new options. Ensure the options/config are updated for the new kernel, and in this case,
disable debug information, which should improve build time and reduce drive space requirements.
When building with 'make deb-pkg', which is found in kernel-package, I found I had to go into the .config file and set to 'n' for
the ocsf2 file system. Maybe with the 'make-kpkg' build method, this isn't necessary.
Debian signs the kernel. The .config entries for this have to be removed. Before:
CONFIG_MODULE_SIG_KEY=""
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/benh@debian.org.cert.pem"
After:
CONFIG_MODULE_SIG_KEY=""
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS=""
Which results in:
$ grep CONFIG_SYSTEM_TRUSTED_KEYRING .config
CONFIG_SYSTEM_TRUSTED_KEYRING=y
$ grep CONFIG_MODULE_SIG_KEY .config
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
$ grep CONFIG_SYSTEM_TRUSTED_KEYS .config
CONFIG_SYSTEM_TRUSTED_KEYS=""
Use the old config and make sure it is updated for the new build process:
make oldconfig
scripts/config --disable DEBUG_INFO
A new default .config could be generated with 'make defconfig'.
Primary Debian kernel build references suggest using 'make deb-pkg'. On the other hand, other people suggest that
this method is not as well maintained as using 'make-kpkg'. I also found that the
'make deb-pkg' method would always start with a clean, which makes it hard to make incremental changes without having
to rebuild the whole thing again.
The following steps make use of 'make-kpkg'.
More information about 'make-kpkg' can be found in the man pages:
sudo apt-get install man
man make-kpkg
Part of the build process uses a package maintainer name and email address.
The settings are used in 'debian/ruleset/misc/config.mk'. I substitute my name in for the settings:
$ sudo su
$ cp /etc/kernel-pkg.conf /etc/kernel-pkg.conf.original
$ cat <> /etc/kernel-pkg.conf
maintainer := Raymond Burkholder
email := raymond@burkholder.net
EOT
$ diff /etc/kernel-pkg.conf.original /etc/kernel-pkg.conf
11,12c11,12
< maintainer := Unknown Kernel Package Maintainer
< email := unknown@unconfigured.in.etc.kernel-pkg.conf
---
> maintainer := Raymond Burkholder
> email := raymond@burkholder.net
debian/docs/README is a handy file to read.
Start with a clean slate, and perform the build. In a VirtualBox session with three assigned cpus,
on my Win10 laptop, it took 90 minutes to build.
make clean
rm -rf debian
time fakeroot make-kpkg --initrd --revision=1.0 \
--append-to-version=-rpb kernel_image kernel_headers -j 3
The ultimate test: install and reboot:
sudo dpkg -i ../linux-image-4.8.4-rpb_1.0_amd64.deb
sudo reboot
And check:
$ uname -a
Linux vagrant 4.8.4-rpb #3 SMP Sun Oct 23 07:43:03 ADT 2016 x86_64 GNU/Linux
Success!
Documentation used for working through the build process: