From 7e21c0085fec669979039856ea3754ac9573bbf3 Mon Sep 17 00:00:00 2001
From: Silvino Silva
Date: Sat, 10 Mar 2018 14:55:29 +0000
Subject: core linux better config documentation
---
core/index.html | 283 +++++++++++----------
core/linux.html | 731 ++++++++++++++++++++++++++++++++++++++++++++++---------
core/reboot.html | 14 +-
3 files changed, 786 insertions(+), 242 deletions(-)
(limited to 'core')
diff --git a/core/index.html b/core/index.html
index 217ae01..7818109 100644
--- a/core/index.html
+++ b/core/index.html
@@ -1,139 +1,162 @@
-
- c9 Core OS
+
+ c9 Core OS
- Documentation Index
-
- c9 Core OS
-
- c9 Core OS covers installation and configuration of
- basic functionality of Crux 3.3 Gnu\Linux operating system.
- This documentation try's to follow Crux HandBook installation
- method diverges, for example, by only installing and
- documenting gpt and grub2.
-
-
Read Crux HandBook,
- you can ask for help on freenode #crux. Check scripts
- folder the install process is automated and ports
- for extra ports used during the installation.
-
- 1. Install Crux 3.3 Gnu/Linux
-
-
-
- 2. System Administration
-
-
-
- Documentation Index
-
-
- This is part of the c9-doc Manual.
- Copyright (C) 2017
- c9 team.
- See the file Gnu Free Documentation License
- for copying conditions.
+ Documentation Index
+
+ c9 Core OS
+
+ c9 Core OS covers installation and configuration of
+ basic functionality of Crux 3.3 Gnu\Linux operating system.
+ This documentation try's to follow Crux HandBook installation
+ method diverges, for example, by only installing and
+ documenting gpt and grub2.
+
+
Read Crux HandBook,
+ you can ask for help on freenode #crux. Check scripts
+ folder the install process is automated and ports
+ for extra ports used during the installation.
+
+ 1. Install Crux 3.3 Gnu/Linux
+
+
+
+ 2. System Administration
+
+
+
+ Documentation Index
+
+
+ This is part of the c9-doc Manual.
+ Copyright (C) 2017
+ c9 team.
+ See the file Gnu Free Documentation License
+ for copying conditions.
diff --git a/core/linux.html b/core/linux.html
index 3be6d77..de41572 100644
--- a/core/linux.html
+++ b/core/linux.html
@@ -1,4 +1,4 @@
-
+
@@ -16,26 +16,17 @@
Linux Non-Libre pages for more links
and information.
- 2.1.1. Port Linux Libre
-
- Default crux configuration can be obtained from iso,
- kernel port depend on dracut, grub2
- and grub2-efi. You don't need them to build with pkgmk, to install
- boot related tools use prt-get;
-
+ Spectre-meltdown checker;
- $ prt-get depinst linux-gnu
+ https://github.com/speed47/spectre-meltdown-checker/
- 2.1.2. Manual Install
+ 2.1.1. Download Linux Libre
Download Linux Source from
linux libre,
or using the port system;
- Linux-gnu port comes with default config that is a good starting
- point to personalize according to your needs.
-
$ mkdir ~/kernel
$ cd ~/kernel
@@ -75,15 +66,34 @@
$ patch -p1 < ../enable_additional_cpu_optimizations_for_gcc_v4.9%2B_kernel_v3.15%2B.patch
- Configure kernel according to your current kernel
- hardware support;
+ Cleaning targets:
+
+
+ clean - Remove most generated files but keep the config and
+ enough build support to build external modules
+ mrproper - Remove all generated files + config + various backup files
+ distclean - mrproper + remove editor backup and patch files
+
+
+ Prepare sources for configuration;
+
+
+ $ make distclean
+
+
+
+
+ Port linux-gnu port comes with default configuration file that is
+ a good starting point to tune kernel according to your needs. To
+ automatically configure kernel with support to your hardware
+ based on modules loaded by current kernel run.
$ make localmodconfig
- Get information about your hardware, for example information
- about which graphic module (driver) is in use
+
To get more information about the hardware, for example
+ information about which graphic module (driver) is in use
as root run;
@@ -91,101 +101,602 @@
Kernel driver in use: i915
- Before start compiling check configuration;
+ Make configuration targets;
+
+
+ config - Update current config utilising a line-oriented program
+ nconfig - Update current config utilising a ncurses menu based program
+ menuconfig - Update current config utilising a menu based program
+ xconfig - Update current config utilising a Qt based front-end
+ gconfig - Update current config utilising a GTK+ based front-end
+ oldconfig - Update current config utilising a provided .config as base
+ localmodconfig - Update current config disabling modules not loaded
+ localyesconfig - Update current config converting local mods to core
+ silentoldconfig - Same as oldconfig, but quietly, additionally update deps
+ defconfig - New config with default from ARCH supplied defconfig
+ savedefconfig - Save current config as ./defconfig (minimal config)
+ allnoconfig - New config where all options are answered with no
+ allyesconfig - New config where all options are accepted with yes
+ allmodconfig - New config selecting modules when possible
+ alldefconfig - New config with all symbols set to default
+ randconfig - New config with random answer to all options
+ listnewconfig - List new options
+ olddefconfig - Same as silentoldconfig but sets new symbols to their default value
+ kvmconfig - Enable additional options for kvm guest kernel support
+ xenconfig - Enable additional options for xen dom0 and guest kernel support
+ tinyconfig - Configure the tiniest possible kernel
+
+
+ Following configuration try's to be generic about the hardware
+ support while addressing the requirements of applications such as
+ qemu, docker, etc. For more information about hardening options read
+ kernsec.org. Configure kernel
+ using ncurses;
$ make nconfig
+
+ CONFIG_BUG_ON_DATA_CORRUPTION=y
+
+ # Perform extensive checks on reference counting.
+ CONFIG_REFCOUNT_FULL=y
+
+ # Check for memory copies that might overflow a structure in str*() and mem*() functions both at build-time and run-time.
+ CONFIG_FORTIFY_SOURCE=y
+
+
+
+ 2.1.2.1 General Setup
+
+ - CONFIG_POSIX_MQUEUE=y
+ - POSIX Message Queues
+
+ - CONFIG_VMAP_STACK=y
+ - Use a virtually-mapped stack
+ - Adds guard pages to kernel stacks (not all architectures
+ support this yet).
+
+ - CONFIG_CGROUPS=y
+ - Control Group support
+
+ - CONFIG_MEMCG=y
+ - Memory controller
+
+ - CONFIG_MEMCG_SWAP=y
+ - Swap controller
+
+ - CONFIG_MEMCG_SWAP_ENABLED=y
+ - Swap controller enabled by default
+
+ - CONFIG_BLK_CGROUP=y
+ - IO controller
+
+ - CGROUP_SCHED=y
+ - CPU controller
+
+ - FAIR_GROUP_SCHED=y
+ - Group scheduling for SCHED_OTHER
+
+ - CONFIG_CFS_BANDWIDTH=y
+ - CPU bandwidth provisioning for FAIR_GROUP_SCHED
+
+ - CONFIG_RT_GROUP_SCHED=y
+ - Group scheduling for SCHED_RR/FIFO
+
+ - CONFIG_CGROUP_PIDS=y
+ - PIDs controller
+
+ - Freezer controller
+ - HugeTLB controller
+ - Cpuset controller
+ - Include legacy /proc//cpuset file
+ - Device controller
+ - Simple CPU accounting controller
+ - Perf controller
+
+
+ Namespaces support
+
+ - UTS namespace
+ - IPC namespace
+ - User namespace
+ - PID Namespaces
+ - Network namespace
+
+
+
+
+ - CONFIG_COMPAT_BRK=n
+ - Disable heap randomization
+ - Dangerous; enabling this disables brk ASLR.
+
+ - CONFIG_SLAB_FREELIST_RANDOM=y
+ - Randomize allocator freelists, harden metadata.
+
+ - CONFIG_SLAB_FREELIST_HARDENED=y
+ - Randomize allocator freelists, harden metadata.
+
+ - CONFIG_SLUB_DEBUG=y
-
+
- Enable SLUB debugging support
+ - Allow allocator validation checking to be enabled
+ (see "slub_debug=P" below).
+
+ - CONFIG_CC_STACKPROTECTOR=y
+ - Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
+
+ - CONFIG_CC_STACKPROTECTOR_STRONG=y
+ - Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
+
+
+
+ 2.1.2.2 Enable loadable module support
+
+
+ - CONFIG_MODULES=y
+ - Enable loadable module support
+
- Keep root from altering kernel memory via loadable modules.
+ set CONFIG_MODULES=n
+ - But if CONFIG_MODULE=y is needed, at least they must be
+ signed with a per-build key.
-
+
+
- CONFIG_DEBUG_SET_MODULE_RONX=y
+ - (prior to v4.11)
+
+ - CONFIG_STRICT_MODULE_RWX=y
+ - (since v4.11)
+
+ - CONFIG_MODULE_SIG=y
+ - Module signature verification
+
+ - CONFIG_MODULE_SIG_FORCE=y
+ - Require modules to be validly signed
+
+ - CONFIG_MODULE_SIG_ALL=y
+ - Automatically sign all modules
+
+ - CONFIG_MODULE_SIG_SHA512=y
+ - Sign modules with SHA-512
+
+
+ 2.1.2.3 Enable the block layer
+
+ - BLK_DEV_THROTTLING=y
+ - Block layer bio throttling support
+
+ - IOSCHED_CFQ=y
+ - CFQ IO scheduler
+
+ - CONFIG_CFQ_GROUP_IOSCHED=y
+ - CFQ Group Scheduling support
+
+
+ 2.1.2.4 Processor type and features
+
+
+ - CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
+ - Low address space to protect from user allocation
+ - Disallow allocating the first 64k of memory.
+
+ - X86_VSYSCALL_EMULATION=n
+ - Enable vsyscall emulation
+ - Required by programs before 2013, some programs my
+ require.
+ - Remove additional attack surface, unless you really
+ need them.
+
+ - CONFIG_SECCOMP=y
+ - Enable seccomp to safely compute untrusted bytecode
+ - Provide userspace with seccomp BPF API for syscall attack surface reduction.
+
+ - CONFIG_SECCOMP_FILTER=y
+ - Provide userspace with seccomp BPF API for syscall attack surface reduction.
+
+ - CONFIG_KEXEC=n
+ - kexec system call
+ - Dangerous; enabling this allows replacement
+ of running kernel.
+
+ - CONFIG_RANDOMIZE_BASE=y
+ - Randomize the address of the kernel image (KASLR)
+
+ - CONFIG_RANDOMIZE_MEMORY=y
+ - Randomize the kernel memory sections
+
+ - CONFIG_LEGACY_VSYSCALL_NONE=y
+ - vsyscall table for legacy applications (None)
+ - Modern libc no longer needs a fixed-position mapping in userspace, remove it as a possible target.
+
+ - CONFIG_COMPAT_VDSO=n
+ - Disable the 32-bit vDSO (needed for glibc 2.3.3)
+ - Dangerous; enabling this disables VDSO ASLR.
+
+ - CONFIG_MODIFY_LDT_SYSCALL=n
+ - Enable the LDT (local descriptor table)
+ - Remove additional attack surface, unless you really need them.
+
+
+ 2.1.2.5 Power management and ACPI options
+
+
+ - CONFIG_HIBERNATION=n
+ - Hibernation (aka 'suspend to disk')
+ - Dangerous; enabling this allows replacement of running
+ kernel.
+
+ - CONFIG_ACPI_CUSTOM_METHOD=n
+ - Allow ACPI methods to be inserted/replaced at run time
+ - Dangerous; enabling this allows direct physical
+ memory writing.
+
+
+
+ 2.1.2.6 Bus options (PCI etc.)
+ 2.1.2.7 Executable file formats / Emulations
+
+
+ - CONFIG_BINFMT_MISC=n
+ - Kernel support for MISC binaries
+ - Easily confused by misconfigured userspace, keep off.
+
+ - CONFIG_IA32_EMULATION
+ - Remove additional attack surface, unless you really need them.
+ - CONFIG_X86_X32
+ - Remove additional attack surface, unless you really need them.
+
+
+ 2.1.2.8 Networking support
+ Networking options
+
+ - CONFIG_INET_DIAG=m
+ - INET: socket monitoring interface
+ - Support for INET (TCP, DCCP, etc) socket monitoring
+ interface used by native Linux tools such as ss. ss is
+ included in iproute2
+ - Prior to v4.1, assists heap memory attacks;
+ best to keep interface disabled.
+
+ - CONFIG_BRIDGE=y
+ - 802.1d Ethernet Bridging
+
+ - CONFIG_NET_SCHED=y
+ - QoS and/or fair queueing
+
+ - CONFIG_NET_CLS_CGROUP=y
+ - Control Group Classifier
+
+ - CONFIG_VSOCKETS=y
+ - Virtual Socket protocol
+
+ - CONFIG_VIRTIO_VSOCKETS=y
-
+
- virtio transport for Virtual Sockets
+
+ - CONFIG_NET_L3_MASTER_DEV=y
+ - L3 Master device support
+
+ - CONFIG_CGROUP_NET_PRIO=y
+ - Network priority cgroup
+
+ - CGROUP_NET_CLASSID=y
+ - Network classid cgroup
+
+
+
+
+ - CONFIG_NETFILTER=y
+ - Network packet filtering framework (Netfilter)
+
+ - CONFIG_NETFILTER_ADVANCED=y
+ - Advanced netfilter configuration
+
+ - BRIDGE_NETFILTER=y
+ - Bridged IP/ARP packets filtering
+
+ - NF_CONNTRACK=y
+ - Netfilter connection tracking support
+
+ - NETFILTER_XT_MATCH_ADDRTYPE=y
+ - "addrtype" address type match support
+
+ - NETFILTER_XT_MATCH_CONNTRACK=y
+ - "conntrack" connection tracking match support
+
+ - CONFIG_NETFILTER_XT_MATCH_IPVS=y
+ - "ipvs" match support
+
+ - CONFIG_IP_VS=y
+ - IP virtual server support
+
+ - IP_VS_PROTO_TCP=y
+ - TCP load balancing support
+
+ - IP_VS_PROTO_UDP=y
+ - UDP load balancing support
+
+ - IP_VS_RR=y
+ - round-robin scheduling
+
+ - IP_VS_NFCT=y
+ - Netfilter connection tracking
+
+ - CONFIG_NF_CONNTRACK_IPV4=y
+ - IPv4 connection tracking support (required for NAT)
+
+ - NF_NAT_IPV4=y
+ - IPv4 NAT
+
+ - NF_NAT_MASQUERADE_IPV4=y
+ - IPv4 masquerade support
+
+ - IP_NF_IPTABLES=y
+ - IP tables support (required for filtering/masq/NAT)
+
+ - IP_NF_FILTER=y
+ - Packet filtering
+
+ - CONFIG_IP_NF_NAT=y
+ - iptables NAT support
+
+ - IP_NF_TARGET_MASQUERADE=y
+ - MASQUERADE target support
+
+ - IP_NF_TARGET_NETMAP=y
+ - NETMAP target support
+
+ - IP_NF_TARGET_REDIRECT=y
+ - REDIRECT target support
+
+ - CONFIG_SYN_COOKIES=y
+ - IP: TCP syncookie support
+ - Provides some protections against SYN flooding.
+
+
+
+ 2.1.2.9 Device Drivers
+
+ Multiple devices driver support (RAID and LVM)
+
+
+ - CONFIG_MD=y
+ - Multiple devices driver support (RAID and LVM)
+ - CONFIG_BLK_DEV_DM=y
+ - Device mapper support
+ - DM_THIN_PROVISIONING=y
+ - Thin provisioning target
-
+
+
+ Network device support
+
+
+ - CONFIG_NETDEVICES=y
+ - Network device support
+
+ - NET_CORE=y
+ - Network core driver support
+
+ - CONFIG_DUMMY=y
+ - Dummy net driver support
+
+ - CONFIG_MACVLAN=y
+ - MAC-VLAN support
+ - This allows one to create virtual interfaces that map
+ packets to or from specific MAC addresses to a particular
+ interface. Macvlan devices can be added using the "ip" command
+ from the route2 package starting with the iproute2.
+ - ip link add link [ address MAC ] [ NAME ] type macvlan"
+
+ - CONFIG_VXLAN=y
+ - Virtual eXtensible Local Area Network (VXLAN)
+
+ - CONFIG_TUN=y
+ - Universal TUN/TAP device driver support
+
+ - CONFIG_VETH=y
+ - Virtual ethernet pair device
+
+
+ - IPVLAN=n
+ - IP-VLAN support
+ - Requires ipv6
+
+
+ Character devices
+
+ - CONFIG_DEVMEM=n
+ - /dev/mem virtual device support
+ - Do not allow direct physical memory access (but if you must have it, at least enable CONFIG_STRICT_DEVMEM mode...)
+
+ - Enable TTY
+ - Unix98 PTY support
+
+ - CONFIG_LEGACY_PTYS=n
+ - Legacy (BSD) PTY support
+ - Use the modern PTY interface (devpts) only.
+
+ - Support multiple instances of devpts
+
+ - CONFIG_DEVKMEM=n
+ - /dev/kmem virtual device support
+ - Dangerous; enabling this allows direct kernel
+ memory writing.
+
+
+ 2.1.2.10 Firmware Drivers
+ 2.1.2.11 File systems
+
+ - Overlay filesystem support
+
+ - CONFIG_PROC_KCORE=n
+ - /proc/kcore support
+ - Dangerous; exposes kernel text image layout.
+
+ - HugeTLB file system support
+
+
+
+ 2.1.2.12 Kernel hacking
+
+
+ - CONFIG_DEBUG=y
+ - CONFIG_DEBUG_RODATA=y
+
+ - CONFIG_DEBUG_KERNEL=y
+ - Kernel debugging
+ - Make sure kernel page tables have safe permissions.
+
+ - CONFIG_STRICT_KERNEL_RWX=y
+ - since v4.11
+ - Make sure kernel page tables have safe permissions.
+
+ - CONFIG_PANIC_ON_OOPS=y
+ - Panic on Oops
+ - This feature is useful to ensure that the kernel does not do
+ anything erroneous after an oops which could result in data
+ corruption or other issues.
+
+ - CONFIG_PANIC_TIMEOUT=-1
+ - Reboot devices immediately if kernel experiences an Oops.
+
+ - CONFIG_SCHED_STACK_END_CHECK=y
+ - Detect stack corruption on calls to schedule()
+ - Perform additional validation of various commonly targeted structures.
+
+ - CONFIG_DEBUG_LIST=y
+ - Debug linked list manipulation
+ - Perform additional validation of various commonly targeted structures.
+
+ - CONFIG_DEBUG_SG=y
+ - Debug SG table operations
+ - Perform additional validation of various commonly targeted structures.
+
+ - CONFIG_DEBUG_NOTIFIERS=y
+ - Debug notifier call chains
+ - Perform additional validation of various commonly
+ targeted structures.
+
+ - CONFIG_DEBUG_CREDENTIALS=y
+ - Debug credential management
+ - Perform additional validation of various commonly
+ targeted structures.
+
+ - CONFIG_STRICT_DEVMEM=y
+ - Filter access to /dev/mem
+ - Do not allow direct physical memory access (but if you must have it, at least enable STRICT mode...)
+
+ - CONFIG_IO_STRICT_DEVMEM=y
+ - Filter I/O access to /dev/mem
+ - Do not allow direct physical memory access (but if you must have it, at least enable STRICT mode...)
+
+ - CONFIG_DEBUG_WX=y
+ - Warn on W+X mappings at boot
+ - Report any dangerous memory permissions
+ (not available on all archs).
+
+
+
+
+ Compile-time checks and compiler options
+
+ - CONFIG_DEBUG_FS=y
+ - Debug Filesystem
+
+
+
+ Memory Debugging
+
+ - CONFIG_PAGE_POISONING=y
+ - Poison pages after freeing
+ - Wipe higher-level memory allocations when they are freed
+ (needs "page_poison=1" command line below).
+
+ - CONFIG_PAGE_POISONING_NO_SANITY=y
+ - Only poison, don't sanity check
+ - (If you can afford even more performance penalty,
+ leave CONFIG_PAGE_POISONING_NO_SANITY=n)
+
+ - CONFIG_PAGE_POISONING_ZERO=y
+ - Use zero for poisoning instead of random data
+
+
+
+ 2.1.2.13 Security options
+
+
+ - Enable access key retention support
+ - Enable register of persistent per-UID keyrings
+ - ENCRYPTED KEYS
+ - Diffie-Hellman operations on retained keys
+
+ - CONFIG_SECURITY=y
+ - Enable different security models
+ - Provide userspace with ptrace ancestry protections.
+
+ - CONFIG_HARDENED_USERCOPY=y
+ - Harden memory copies between kernel and userspace
+ - Perform usercopy bounds checking.
+
+ - SECURITY_SELINUX=n
+ - NSA SELinux Support
+ - CONFIG_SECURITY_SELINUX_DISABLE=n
+ - NSA SELinux runtime disable
+ - If SELinux can be disabled at runtime, the LSM structures cannot be read-only; keep off.
+
+ - CONFIG_SECURITY_APPARMOR=y
+ - AppArmor support
+ - This enables the AppArmor security module. Rquired userspace
+ tools (if they are not included in your distribution) and further
+ information may be found at AppArmor
+ - CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+ - AppArmor boot parameter default value
+
+ - CONFIG_SECURITY_YAMA=y
+ - Yama support
+ - Provide userspace with ptrace ancestry protections.
+
+
+ 2.1.2.14 Cryptographic API
+ 2.1.2.15 Virtualization
+
+
+ - CONFIG_KVM=y
+ - Kernel-based Virtual Machine (KVM) support
+
+ - CONFIG_KVM_INTEL=y
+ - KVM for Intel processors support
+ - Provides support for KVM on Intel processors equipped with the VT extensions.
+
+ - CONFIG_KVM_AMD=y
+ - KVM for AMD processors support
+ - Provides support for KVM on AMD processors equipped with the
+ AMD-V (SVM) extensions.
+
+ - CONFIG_KVM_DEVICE_ASSIGNMENT=n
+ - KVM legacy PCI device assignment support (DEPRECATED)
+
+ - CONFIG_VHOST_NET=y
+ - Host kernel accelerator for virtio net
-
+
+
- CONFIG_VHOST_VSOCK=y
+ - vhost virtio-vsock driver
+
+ - CONFIG_VHOST_CROSS_ENDIAN_LEGACY=y
+ - Cross-endian support for vhost
+
+
+ 2.1.2.16 Library routines
+
+ 2.1.3. Build
+
Make targets;
- $ make help
- Cleaning targets:
- clean - Remove most generated files but keep the config and
- enough build support to build external modules
- mrproper - Remove all generated files + config + various backup files
- distclean - mrproper + remove editor backup and patch files
-
- Configuration targets:
- config - Update current config utilising a line-oriented program
- nconfig - Update current config utilising a ncurses menu based
- program
- menuconfig - Update current config utilising a menu based program
- xconfig - Update current config utilising a Qt based front-end
- gconfig - Update current config utilising a GTK+ based front-end
- oldconfig - Update current config utilising a provided .config as base
- localmodconfig - Update current config disabling modules not loaded
- localyesconfig - Update current config converting local mods to core
- silentoldconfig - Same as oldconfig, but quietly, additionally update deps
- defconfig - New config with default from ARCH supplied defconfig
- savedefconfig - Save current config as ./defconfig (minimal config)
- allnoconfig - New config where all options are answered with no
- allyesconfig - New config where all options are accepted with yes
- allmodconfig - New config selecting modules when possible
- alldefconfig - New config with all symbols set to default
- randconfig - New config with random answer to all options
- listnewconfig - List new options
- olddefconfig - Same as silentoldconfig but sets new symbols to their
- default value
- kvmconfig - Enable additional options for kvm guest kernel support
- xenconfig - Enable additional options for xen dom0 and guest kernel support
- tinyconfig - Configure the tiniest possible kernel
-
Other generic targets:
all - Build all targets marked with [*]
* vmlinux - Build the bare kernel
* modules - Build all modules
- modules_install - Install all modules to INSTALL_MOD_PATH (default: /)
- firmware_install- Install all firmware to INSTALL_FW_PATH
- (default: $(INSTALL_MOD_PATH)/lib/firmware)
- dir/ - Build all files in dir and below
- dir/file.[ois] - Build specified target only
- dir/file.lst - Build specified mixed source/assembly target only
- (requires a recent binutils and recent build (System.map))
- dir/file.ko - Build module including final link
- modules_prepare - Set up for building external modules
- tags/TAGS - Generate tags file for editors
- cscope - Generate cscope index
- gtags - Generate GNU GLOBAL index
- kernelrelease - Output the release version string (use with make -s)
- kernelversion - Output the version stored in Makefile (use with make -s)
- image_name - Output the image name (use with make -s)
- headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH
(default: ./usr)
- Static analysers
- checkstack - Generate a list of stack hogs
- namespacecheck - Name space analysis on compiled kernel
- versioncheck - Sanity check on version.h usage
- includecheck - Check for duplicate included header files
- export_report - List the usages of all exported symbols
- headers_check - Sanity check on exported headers
- headerdep - Detect inclusion cycles in headers
- coccicheck - Check with Coccinelle.
-
- Kernel selftest
- kselftest - Build and run kernel selftest (run as root)
- Build, install, and boot kernel before
- running kselftest on it
- kselftest-clean - Remove all generated kselftest files
- kselftest-merge - Merge all the config dependencies of kselftest to existed
- .config.
-
- Kernel packaging:
- rpm-pkg - Build both source and binary RPM kernel packages
- binrpm-pkg - Build only the binary kernel RPM package
- deb-pkg - Build both source and binary deb kernel packages
- bindeb-pkg - Build only the binary kernel deb package
- tar-pkg - Build the kernel as an uncompressed tarball
- targz-pkg - Build the kernel as a gzip compressed tarball
- tarbz2-pkg - Build the kernel as a bzip2 compressed tarball
- tarxz-pkg - Build the kernel as a xz compressed tarball
- perf-tar-src-pkg - Build perf-4.9.9-gnu.tar source tarball
- perf-targz-src-pkg - Build perf-4.9.9-gnu.tar.gz source tarball
- perf-tarbz2-src-pkg - Build perf-4.9.9-gnu.tar.bz2 source tarball
- perf-tarxz-src-pkg - Build perf-4.9.9-gnu.tar.xz source tarball
-
Documentation targets:
Linux kernel internal documentation in different formats (Sphinx):
htmldocs - HTML
@@ -210,12 +721,6 @@
installmandocs - install man pages generated by mandocs
cleandocs - clean all generated DocBook files
- make DOCBOOKS="s1.xml s2.xml" [target] Generate only docs s1.xml s2.xml
- valid values for DOCBOOKS are: z8530book.xml kernel-hacking.xml kernel-locking.xml deviceiobook.xml writing_usb_driver.xml networking.xml kernel-api.xml filesystems.xml lsm.xml usb.xml kgdb.xml gadget.xml libata.xml mtdnand.xml librs.xml rapidio.xml genericirq.xml s390-drivers.xml uio-howto.xml scsi.xml debugobjects.xml sh.xml regulator.xml alsa-driver-api.xml writing-an-alsa-driver.xml tracepoint.xml w1.xml writing_musb_glue_layer.xml crypto-API.xml iio.xml
-
- make DOCBOOKS="" [target] Don't generate docs from Docbook
- This is useful to generate only the ReST docs (Sphinx)
-
Architecture specific targets (x86):
* bzImage - Compressed kernel image (arch/x86/boot/bzImage)
install - Install kernel using
@@ -244,15 +749,23 @@
2: warnings which occur quite often but may still be relevant
3: more obscure warnings, can most likely be ignored
Multiple levels can be combined with W=12 or W=123
-
- Execute "make" or "make all" to build all targets marked with [*]
- For further info see the ./README file
- $
$ make -j $(nproc) bzImage modules
+
+
+ 2.1.5. Install
+
+ modules_install - Install all modules to INSTALL_MOD_PATH (default: /)
+ firmware_install- Install all firmware to INSTALL_FW_PATH
+ (default: $(INSTALL_MOD_PATH)/lib/firmware)
+ modules_prepare - Set up for building external modules
+ headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH
+
+
+
$ sudo make modules_install
$ sudo cp arch/x86/boot/bzImage /boot/vmlinuz-4.9.86-gnu
$ sudo cp System.map /boot/System.map-4.9.86-gnu
@@ -264,7 +777,7 @@
# grub-mkconfig -o /boot/grub/grub.cfg
- 2.1.3. Manual Remove
+ 2.1.6. Remove
$ sudo rm -r /lib/modules/4.9.86-gnu
diff --git a/core/reboot.html b/core/reboot.html
index c7e8d9c..ea174a2 100644
--- a/core/reboot.html
+++ b/core/reboot.html
@@ -33,12 +33,20 @@
1.4.1. Kernel
- There is possible to install kernel using a port,
- c9-ports have linux-gnu
- port of linux libre,a true source based kernel that
+
Install linux-gnu port,
+ linux libre kernel is a true source based kernel that
respects your freedoms. Read linux kernel
for more information.
+ Default crux configuration can be obtained from iso,
+ kernel port depend on dracut, grub2
+ and grub2-efi. You don't need them to build with pkgmk, to install
+ boot related tools use prt-get;
+
+
+ $ prt-get depinst linux-gnu
+
+
If you don't have the port binary package build it;
--
cgit 1.4.1-2-gfad0