I had an earlier post where I described the steps necessary to build new kernel packages from kernel.org sources.
This article shows the bash shell script I wrote to automate the steps. I use Debian Stretch with kernel 4.7 to build a kernel with version 4.85 with the command (if the code is placed in file bld.sh).
bash bld.sh 4.8.5
In the last few days, gcc has been upgraded, which has caused some build issues. I have incorporated fixes for that issue.
#! /usr/bin/bash
if [ 1 != $# ]; then
echo "require kernel version, like: 4.8.5"
else
KERNVER=$1
# remove a file so it doesn't block the installation process
mv /etc/kernel-img.conf /etc/kernel-img.conf.rpb
# Install packages required for building the kernel, and creating a Debian compatible package:
sudo apt-get update
sudo apt-get -y install build-essential fakeroot rsync git
sudo apt-get -y install bc libssl-dev dpkg-dev libncurses5-dev
sudo apt-get -y install kernel-package dirmngr
sudo apt-get -y build-dep linux
NAME=linux-${KERNVER}.tar
if [[ ! -e ${NAME} ]]; then
if [[ -e /vagrant/${NAME}.xz ]]; then
cp /vagrant/${NAME}.xz .
else
wget --no-check-certificate https://cdn.kernel.org/pub/linux/kernel/v4.x/${NAME}.xz
fi
unxz ${NAME}.xz
fi
if [[ ! -e ${NAME}.sign ]]; then
if [[ -e /vagrant/${NAME}.sign ]]; then
cp /vagrant/${NAME}.sign .
else
wget --no-check-certificate https://cdn.kernel.org/pub/linux/kernel/v4.x/${NAME}.sign
fi
fi
# Confirm authenticity of the source:
sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 38DBBDC86092693E
sudo gpg --verify ${NAME}.sign ${NAME}
# Untar the source:
if [[ ! -d linux-${KERNVER} ]]; then
tar xvf ${NAME}
fi
# Copy over an existing Debian configuration file:
cd linux-${KERNVER}
cp /boot/config-$(uname -r) .config
# remove trusted key setting
sed -i 's/CONFIG_SYSTEM_TRUSTED_KEYS=.*/CONFIG_SYSTEM_TRUSTED_KEYS=""/' .config
# update config for new kernel
# A new default .config could be generated with 'make defconfig'.
yes "" | make oldconfig
# make olddefconfig
scripts/config --disable DEBUG_INFO
# possible issue with as of Kernel 4.4
# scripts/config --disable CC_STACKPROTECTOR_STRONG
# examine the KEYS
grep CONFIG_SYSTEM_TRUSTED_KEYRING .config
grep CONFIG_MODULE_SIG_KEY .config
grep CONFIG_SYSTEM_TRUSTED_KEYS .config
# update package maintainer values
sudo sed -i 's/^maintainer.*/maintainer := Raymond Burkholder/' /etc/kernel-pkg.conf
sudo sed -i 's/^email.*/email := raymond@burkholder.net/' /etc/kernel-pkg.conf
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841420
# http://unix.stackexchange.com/questions/319761/cannot-compile-kernel-error-kernel-does-not-support-pic-mode/319830
if [[ "0" == "$(grep -c 'fno-pie' Makefile)" ]]; then
sed -i '/^all: vmlinux/a \
KBUILD_CFLAGS += $(call cc-option, -fno-pie) \
KBUILD_CFLAGS += $(call cc-option, -no-pie) \
KBUILD_AFLAGS += $(call cc-option, -fno-pie) \
KBUILD_CPPFLAGS += $(call cc-option, -fno-pie)' Makefile
fi
# perform build
make clean
rm -rf debian
time make-kpkg --rootcmd fakeroot --initrd --revision=1.0 \
--append-to-version=-rpb kernel_image kernel_headers -j $(grep processor /proc/cpuinfo | wc -l)
if [[ -d /vagrant ]]; then
mv ../linux-headers-${KERNVER}-rpb_1.0_amd64.deb /vagrant/
mv ../linux-image-${KERNVER}-rpb_1.0_amd64.deb /vagrant/
fi
# to do:
# set the UseDNS configuration to no in the SSH server configuration
fi
