1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
|
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>2.1. Kernel Linux</title>
</head>
<body>
<a href="index.html">Core OS Index</a>
<h1 id="kernel">2.1. Kernel Linux</h1>
<p>Linux is a monolith kernel, a big one ! Visit
<a href="http://www.fsfla.org/ikiwiki/selibre/linux-libre/">Linux Libre</a>
and
<a href="https://www.kernel.org/">Linux Non-Libre</a> pages for more links
and information.</p>
<h2 id="#linuxlibre">2.1.1. Port Linux Libre</h2>
<p>Default crux configuration can be obtained from iso,
kernel port depends on <a href="reboot.html#dracut">dracut</a> and grub
but is not required to install them. To build and install this port
using prt-get;</p>
<pre>
$ prt-get depinst linux-libre
</pre>
<h2 id="kinstall">2.1.2. Manual Install</h2>
<p>Download Linux Source from
<a href="http://linux-libre.fsfla.org/pub/linux-libre/releases/">linux libre</a>,
or using the port system;</p>
<p>Crux iso comes with config that is more generic than used on
linux-libre port, crux default is a good starting point to
personalize according to your needs (build default, detect modules
needed);</p>
<pre>
$ mkdir ~/kernel
$ cd ~/kernel
$ tar xf /usr/ports/distfiles/linux-libre-4.9.12-grsec.tar.xz
$ cd linux-4.9.12/
</pre>
<p><a href="https://grsecurity.net">Grsecurity</a> patch for
<a href="https://grsecurity.net/test/grsecurity-3.1-4.9.12-201702231830.patch">4.9.12</a>.
Gcc <a href="https://github.com/graysky2/kernel_gcc_patch/">graysky2</a> kernel_gcc_patch (<a href="https://github.com/graysky2/kernel_gcc_patch/archive/master.zip">master.zip</a>)
that adds more cpu options (FLAGS native).
Check <a href="ports/linux-libre/Pkgfile">Pkgfile</a>
for instructions and more patches used on linux-libre port.
Read patching your kernel with
<a href="https://en.wikibooks.org/wiki/Grsecurity/Configuring_and_Installing_grsecurity#Patching_Your_Kernel_with_grsecurity">gresecurity</a>.</p>
<p>Apply grsecurity patch;</p>
<pre>
$ patch -p1 < ../grsecurity-3.1-4.9.12-201702231830.patch
</pre>
<p>Set correct version;</p>
<pre>
$ rm localversion-grsec
</pre>
<p>Edit Makefile and replace EXTRAVERSION;</p>
<pre>
VERSION = 4
PATCHLEVEL = 9
SUBLEVEL = 12
EXTRAVERSION = -grsec
NAME = Roaring Lionus
</pre>
<p>Change cpu optimization patch;</p>
<pre>
depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
</pre>
<p>to;</p>
<pre>
depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
</pre>
<p>Apply additional cpu optimizations patch;</p>
<pre>
$ patch -p1 < ../enable_additional_cpu_optimizations_for_gcc_v4.9%2B_kernel_v3.15%2B.patch
</pre>
<p>Configure kernel according to your current kernel
hardware support;</p>
<pre>
$ make localmodconfig
</pre>
<p>Get information about your hardware, for example information
about which graphic module (driver) is in use
as root run;</p>
<pre>
# lspci -nnk | grep -i vga -A3 | grep 'in use'
Kernel driver in use: i915
</pre>
<p>Before start compiling check configuration;</p>
<pre>
$ make nconfig
</pre>
<p>Make targets;</p>
<pre>
$ make help
Cleaning targets:
clean - Remove most generated files but keep the config and
enough build support to build external modules
mrproper - Remove all generated files + config + various backup files
distclean - mrproper + remove editor backup and patch files
Configuration targets:
config - Update current config utilising a line-oriented program
nconfig - Update current config utilising a ncurses menu based
program
menuconfig - Update current config utilising a menu based program
xconfig - Update current config utilising a Qt based front-end
gconfig - Update current config utilising a GTK+ based front-end
oldconfig - Update current config utilising a provided .config as base
localmodconfig - Update current config disabling modules not loaded
localyesconfig - Update current config converting local mods to core
silentoldconfig - Same as oldconfig, but quietly, additionally update deps
defconfig - New config with default from ARCH supplied defconfig
savedefconfig - Save current config as ./defconfig (minimal config)
allnoconfig - New config where all options are answered with no
allyesconfig - New config where all options are accepted with yes
allmodconfig - New config selecting modules when possible
alldefconfig - New config with all symbols set to default
randconfig - New config with random answer to all options
listnewconfig - List new options
olddefconfig - Same as silentoldconfig but sets new symbols to their
default value
kvmconfig - Enable additional options for kvm guest kernel support
xenconfig - Enable additional options for xen dom0 and guest kernel support
tinyconfig - Configure the tiniest possible kernel
Other generic targets:
all - Build all targets marked with [*]
* vmlinux - Build the bare kernel
* modules - Build all modules
modules_install - Install all modules to INSTALL_MOD_PATH (default: /)
firmware_install- Install all firmware to INSTALL_FW_PATH
(default: $(INSTALL_MOD_PATH)/lib/firmware)
dir/ - Build all files in dir and below
dir/file.[ois] - Build specified target only
dir/file.lst - Build specified mixed source/assembly target only
(requires a recent binutils and recent build (System.map))
dir/file.ko - Build module including final link
modules_prepare - Set up for building external modules
tags/TAGS - Generate tags file for editors
cscope - Generate cscope index
gtags - Generate GNU GLOBAL index
kernelrelease - Output the release version string (use with make -s)
kernelversion - Output the version stored in Makefile (use with make -s)
image_name - Output the image name (use with make -s)
headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH
(default: ./usr)
Static analysers
checkstack - Generate a list of stack hogs
namespacecheck - Name space analysis on compiled kernel
versioncheck - Sanity check on version.h usage
includecheck - Check for duplicate included header files
export_report - List the usages of all exported symbols
headers_check - Sanity check on exported headers
headerdep - Detect inclusion cycles in headers
coccicheck - Check with Coccinelle.
Kernel selftest
kselftest - Build and run kernel selftest (run as root)
Build, install, and boot kernel before
running kselftest on it
kselftest-clean - Remove all generated kselftest files
kselftest-merge - Merge all the config dependencies of kselftest to existed
.config.
Kernel packaging:
rpm-pkg - Build both source and binary RPM kernel packages
binrpm-pkg - Build only the binary kernel RPM package
deb-pkg - Build both source and binary deb kernel packages
bindeb-pkg - Build only the binary kernel deb package
tar-pkg - Build the kernel as an uncompressed tarball
targz-pkg - Build the kernel as a gzip compressed tarball
tarbz2-pkg - Build the kernel as a bzip2 compressed tarball
tarxz-pkg - Build the kernel as a xz compressed tarball
perf-tar-src-pkg - Build perf-4.9.9-gnu.tar source tarball
perf-targz-src-pkg - Build perf-4.9.9-gnu.tar.gz source tarball
perf-tarbz2-src-pkg - Build perf-4.9.9-gnu.tar.bz2 source tarball
perf-tarxz-src-pkg - Build perf-4.9.9-gnu.tar.xz source tarball
Documentation targets:
Linux kernel internal documentation in different formats (Sphinx):
htmldocs - HTML
latexdocs - LaTeX
pdfdocs - PDF
epubdocs - EPUB
xmldocs - XML
cleandocs - clean all generated files
make SPHINXDIRS="s1 s2" [target] Generate only docs of folder s1, s2
valid values for SPHINXDIRS are: development-process media gpu 80211
make SPHINX_CONF={conf-file} [target] use *additional* sphinx-build
configuration. This is e.g. useful to build with nit-picking config.
Linux kernel internal documentation in different formats (DocBook):
htmldocs - HTML
pdfdocs - PDF
psdocs - Postscript
xmldocs - XML DocBook
mandocs - man pages
installmandocs - install man pages generated by mandocs
cleandocs - clean all generated DocBook files
make DOCBOOKS="s1.xml s2.xml" [target] Generate only docs s1.xml s2.xml
valid values for DOCBOOKS are: z8530book.xml kernel-hacking.xml kernel-locking.xml deviceiobook.xml writing_usb_driver.xml networking.xml kernel-api.xml filesystems.xml lsm.xml usb.xml kgdb.xml gadget.xml libata.xml mtdnand.xml librs.xml rapidio.xml genericirq.xml s390-drivers.xml uio-howto.xml scsi.xml debugobjects.xml sh.xml regulator.xml alsa-driver-api.xml writing-an-alsa-driver.xml tracepoint.xml w1.xml writing_musb_glue_layer.xml crypto-API.xml iio.xml
make DOCBOOKS="" [target] Don't generate docs from Docbook
This is useful to generate only the ReST docs (Sphinx)
Architecture specific targets (x86):
* bzImage - Compressed kernel image (arch/x86/boot/bzImage)
install - Install kernel using
(your) ~/bin/installkernel or
(distribution) /sbin/installkernel or
install to $(INSTALL_PATH) and run lilo
fdimage - Create 1.4MB boot floppy image (arch/x86/boot/fdimage)
fdimage144 - Create 1.4MB boot floppy image (arch/x86/boot/fdimage)
fdimage288 - Create 2.8MB boot floppy image (arch/x86/boot/fdimage)
isoimage - Create a boot CD-ROM image (arch/x86/boot/image.iso)
bzdisk/fdimage*/isoimage also accept:
FDARGS="..." arguments for the booted kernel
FDINITRD=file initrd for the booted kernel
i386_defconfig - Build for i386
x86_64_defconfig - Build for x86_64
make V=0|1 [targets] 0 => quiet build (default), 1 => verbose build
make V=2 [targets] 2 => give reason for rebuild of target
make O=dir [targets] Locate all output files in "dir", including .config
make C=1 [targets] Check all c source with $CHECK (sparse by default)
make C=2 [targets] Force check of all c source with $CHECK
make RECORDMCOUNT_WARN=1 [targets] Warn about ignored mcount sections
make W=n [targets] Enable extra gcc checks, n=1,2,3 where
1: warnings which may be relevant and do not occur too often
2: warnings which occur quite often but may still be relevant
3: more obscure warnings, can most likely be ignored
Multiple levels can be combined with W=12 or W=123
Execute "make" or "make all" to build all targets marked with [*]
For further info see the ./README file
$
</pre>
<pre>
$ make -j $(nproc) bzImage modules
$ sudo make modules_install
$ sudo cp arch/x86/boot/bzImage /boot/vmlinuz-4.9.12-grsec
$ sudo cp System.map /boot/System.map-4.9.12-grsec
</pre>
<p>Update grub;</p>
<pre>
# grub-mkconfig -o /boot/grub/grub.cfg
</pre>
<h2 id="kuninstall">2.1.3. Manual Remove</h2>
<pre>
$ sudo rm -r /lib/modules/4.9.12-grsec
$ sudo rm /boot/vmlinuz-4.9.12-grsec
$ sudo rm /boot/System.map-4.9.12-grsec
</pre>
<a href="index.html">Core OS Index</a>
<p>This is part of the c9-doc Manual.
Copyright (C) 2017
c9 team.
See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
for copying conditions.</p>
</body>
</html>
|