kraoc/kernel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Corrections, updates and improved error handling

Browse Source
This commit is contained in:
Olivier 2025-04-15 14:57:05 +02:00
parent 967309123c
commit 7bef4aa309
3 changed files with 122 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -1,12 +1,12 @@
# Compilation de kernel pour VM Debian avec processeur Intel
# Compilation de kernel pour serveur Debian avec processeur Intel
Récupération, décompression des sources du Kernel linux sur kernel.org, optimisation des réglages pour utilisation dans une VM.
Récupération, décompression des sources du Kernel linux sur kernel.org, optimisation des réglages pour utilisation dans une VM ou en serveur.
## Prérequis
- Hyperviseur Proxmox
- (Hyperviseur Proxmox)
- Machine hôte avec processeur Intel
- Système dexploitation pour VM sous Debian
- Système dexploitation sous Debian
- Disposer du fichier de configuration noyeau de type Cloud
## Usage
@ -40,6 +40,11 @@ sudo bash kernel.sh 6.x 6.14.2
## CHANGELOG
### 2025-04-15
- Kernel: 6.14.2
- Corrections, updates and improved error handling
### 2025-04-12
- Kernel: 6.14.1

2
certs/zogg.cnf
View File

@ -13,7 +13,7 @@ L = Zogg
O = Zogg
OU = Zogg
CN = zogg.fr
emailAddress = god@zogg
emailAddress = tech@zogg
[ req_attributes ]
challengePassword = zoggzogg

205
kernel.sh
View File

@ -1,12 +1,10 @@
#!/bin/bash
UPDATED="2025-04-12"
UPDATED="2025-04-15"
DISABLE=1 # disable some options
ENABLE=1 # enable some options
SECURED=1 # enable/disable security
DISABLE=1 # disable options
ENABLE=1 # enable options
PATCHES=1 # enable/disable patch apply
UARCH=0 # apply more uarch patch
CLANG=0 # use Clang compiler (if not, use GCC)
O3=1 # use -O3 vs -O2 (optimisation)
ARCH="native" # target architecture (uarch patch)
CONFIGCLOUD=1 # enable cloud 'from' config
@ -15,8 +13,11 @@ CONFIGMOD=0 # enable all mod config
SCRATCH=0 # perform from scratch (remove preexisting content)
UNCOMPRESS=1 # perform uncompress if already exist
CLEANUP=1 # perform folder cleanup
SECURED=1 # enable/disable security
CLANG=0 # use Clang compiler (if not, use GCC)
O3=1 # use -O3 vs -O2 (optimisation)
ARCH="native" # target architecture (uarch patch)
TESTING=0 # add testing options
NVIDIA=1 # add support for nvidia
#
# Sources:
@ -110,6 +111,16 @@ if [ "$(id -u)" != "0" ]; then
exit 1
fi
# Exit fail with message
doFail() {
result=$1
msg=$2
if [ ! result==0 ]; then
echo ">>> Error in download!"
exit 1
fi
}
LOGNAME=kernel
LOGEXT=log
LOGFILE=""
@ -160,17 +171,36 @@ doTargetAdapt() {
case ${TARGET} in
ubuntu)
doEchoStep "Adaptation for: ${TARGETNAME}"
doEchoStep " - Certificates generation"
openssl req -x509 -newkey rsa:4096 -keyout certs/zogg.pem -out certs/zogg.pem -nodes -days 3650 -config $CERTS/zogg.cnf
result=$? && doFail $result ">>> Error in openssl!"
doEchoStep " - Options override"
./scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/zogg.pem"
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SYSTEM_TRUSTED_KEYRING
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS "certs/zogg.pem"
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SYSTEM_EXTRA_CERTIFICATE
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-val CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SECONDARY_TRUSTED_KEYRING
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SYSTEM_BLACKLIST_KEYRING
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_BLACKLIST_HASH_LIST ""
result=$? && doFail $result ">>> Error in script-config!"
export CC="x86_64-pc-linux-gnu"
;;
*) ;;
@ -220,6 +250,7 @@ doScratch() {
if [ -d $WORKDIR ]; then
doEchoStep "Scratch: remove existing content"
rm -rf $WORKDIR
result=$? && doFail $result ">>> Error!"
else
doEchoStep "Scratch: existing previous content not found"
fi
@ -235,15 +266,14 @@ doDownload() {
cd $WORKDIR
doEchoStep "Download branch '$BRANCH' version '$VERSION'"
wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.sign
wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.xz
doSync
result=$?
if [ ! result==0 ]; then
echo ">>> Error in download!"
exit 1
fi
wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.sign
result=$? && doFail $result ">>> Error in download (sign)!"
wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.xz
result=$? && doFail $result ">>> Error in download (kernel)!"
doSync
fi
}
@ -253,13 +283,9 @@ doPerformUncompress() {
doEchoStep "Uncompress"
rm -rf linux-$VERSION
tar -xaf linux-$VERSION.tar.xz
result=$?
if [ ! result==0 ]; then
echo ">>> Error in uncompress!"
exit 1
fi
tar -xaf linux-$VERSION.tar.xz
result=$? && doFail $result ">>> Error in uncompress!"
}
doUncompress() {
if [ -d $WORKDIR ]; then
@ -283,14 +309,10 @@ doCleanup() {
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" distclean
result=$? && doFail $result ">>> Error in cleanup!"
else
make -j${NPROC} CC="ccache gcc" distclean
fi
result=$?
if [ ! result==0 ]; then
echo ">>> Error in cleanup!"
exit 1
result=$? && doFail $result ">>> Error in cleanup!"
fi
fi
}
@ -303,14 +325,11 @@ doConfigCloud() {
if [ -f .config ]; then
cp .config .config.cloud.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
cp $CONFIGS/cloud-amd64 .config
result=$?
if [ ! result==0 ]; then
echo ">>> Error in cloud kernel .config copy!"
exit 1
fi
cp $CONFIGS/cloud-amd64 .config
result=$? && doFail $result ">>> Error .config copy!"
cp .config .config.cloud.after
fi
@ -324,17 +343,15 @@ doOldOne() {
if [ -f .config ]; then
cp .config .config.old.before
fi
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" olddefconfig
else
make -j${NPROC} CC="ccache gcc" olddefconfig
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
result=$?
if [ ! result==0 ]; then
echo ">>> Error in generate .config!"
exit 1
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" olddefconfig
result=$? && doFail $result ">>> Error in generate .config!"
else
make -j${NPROC} CC="ccache gcc" olddefconfig
result=$? && doFail $result ">>> Error in generate .config!"
fi
cp .config .config.old.after
@ -349,17 +366,15 @@ doAllMods() {
if [ -f .config ]; then
cp .config .config.mod.before
fi
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" allmodconfig
else
make -j${NPROC} CC="ccache gcc" allmodconfig
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
result=$?
if [ ! result==0 ]; then
echo ">>> Error in set all modules not in kernel!"
exit 1
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" allmodconfig
result=$? && doFail $result ">>> Error in set all modules not in kernel!"
else
make -j${NPROC} CC="ccache gcc" allmodconfig
result=$? && doFail $result ">>> Error in set all modules not in kernel!"
fi
cp .config .config.mod.after
@ -371,13 +386,9 @@ doPermissions() {
cd $WORKDIR
doEchoStep "Define user/group"
chown -R 1000:1000 $CURRENT/build/$BRANCH/$VERSION/.
result=$?
if [ ! result==0 ]; then
echo ">>> Error in chown!"
exit 1
fi
# chown -R 1000:1000 $CURRENT/build/$BRANCH/$VERSION/.
chown -R 1000:1000 $CURRENT/build
result=$? && doFail $result ">>> Error in chown!"
doSync
}
@ -389,18 +400,20 @@ doStripSig() {
if [ -f .config ]; then
cp .config .config.stripsig.before
result=$? && doFail $result ">>> Error .config stripsig (before)!"
fi
./scripts/config --disable MODULE_SIG_ALL
./scripts/config --set-str CONFIG_MODULE_SIG_KEY ""
./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEY ""
./scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""
result=$? && doFail $result ">>> Error in script-config!"
result=$?
if [ ! result==0 ]; then
echo ">>> Error in chown!"
exit 1
fi
./scripts/config --set-str CONFIG_MODULE_SIG_KEY ""
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEY ""
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""
result=$? && doFail $result ">>> Error in script-config!"
cp .config .config.stripsig.after
}
@ -412,16 +425,14 @@ doStripDebug() {
if [ -f .config ]; then
cp .config .config.stripdebug.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
./scripts/config --disable DEBUG_INFO
./scripts/config --enable DEBUG_INFO_NONE
result=$? && doFail $result ">>> Error in script-config!"
result=$?
if [ ! result==0 ]; then
echo ">>> Error in chown!"
exit 1
fi
./scripts/config --enable DEBUG_INFO_NONE
result=$? && doFail $result ">>> Error in script-config!"
cp .config .config.stripdebug.after
}
@ -436,14 +447,10 @@ doApplyPatches() {
if [ -f .config ]; then
cp .config .config.uarches.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
patch -p1 <$PATCHES/more-uarches.patch
result=$?
if [ ! result==0 ]; then
echo ">>> Error in 'uarches'!"
exit 1
fi
result=$? && doFail $result ">>> Error in 'uarches'!"
cp .config .config.uarches.after
fi
@ -464,6 +471,7 @@ doScriptsConfigFile() {
# skip when starting with ';' (comment)
./scripts/config --${SWITCH} $option
result=$? && doFail $result ">>> Error in script-config!"
fi
done <"$FILE"
}
@ -475,6 +483,7 @@ doDefaultsDisable() {
if [ -f .config ]; then
cp .config .config.disable.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
doScriptsConfigFile disable $OPTIONS/disable/disable.txt
@ -489,7 +498,9 @@ doDefaultsEnable() {
if [ -f .config ]; then
cp .config .config.enable.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
if [ "$CLANG" == "1" ]; then
doScriptsConfigFile enable $OPTIONS/enable/clang.txt
fi
@ -498,12 +509,15 @@ doDefaultsEnable() {
case ${ARCH} in
"x86-64-v2")
./scripts/config --enable CONFIG_GENERIC_CPU2
result=$? && doFail $result ">>> Error in script-config!"
;;
"x86-64-v3")
./scripts/config --enable CONFIG_GENERIC_CPU3
result=$? && doFail $result ">>> Error in script-config!"
;;
"x86-64-v4")
./scripts/config --enable CONFIG_GENERIC_CPU4
result=$? && doFail $result ">>> Error in script-config!"
;;
esac
@ -515,6 +529,7 @@ doDefaultsEnable() {
doDefaultMitigations() {
if [ -f .config ]; then
cp .config .config.mitigations.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
if [ $SECURED == 0 ]; then
@ -535,8 +550,11 @@ doDefaultsTesting() {
if [ -f .config ]; then
cp .config .config.testing.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
./scripts/config --set-str CONFIG_LOCALVERSION '-test'
result=$? && doFail $result ">>> Error in script-config!"
cp .config .config.testing.after
fi
@ -549,6 +567,7 @@ doDefaultsNvidia() {
if [ -f .config ]; then
cp .config .config.nvidia.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
doEchoStep "Options: NVIDIA disable"
@ -564,6 +583,7 @@ doDefaults() {
if [ -f .config ]; then
cp .config .config.default.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
doApplyPatches
@ -576,8 +596,10 @@ doDefaults() {
doEchoStep "Define options"
if [ "$CLANG" == "1" ]; then
./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-clang"
result=$? && doFail $result ">>> Error in script-config!"
else
./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-gcc"
result=$? && doFail $result ">>> Error in script-config!"
fi
doDefaultsDisable
@ -596,17 +618,15 @@ doEditSettings() {
if [ -f .config ]; then
cp .config .config.edit.before
fi
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" menuconfig
else
make -j${NPROC} CC="ccache gcc" menuconfig
result=$? && doFail $result ">>> Error .config copy (before)!"
fi
result=$?
if [ ! result==0 ]; then
echo ">>> Error in settings edit!"
exit 1
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" menuconfig
result=$? && doFail $result ">>> Error in settings edit!"
else
make -j${NPROC} CC="ccache gcc" menuconfig
result=$? && doFail $result ">>> Error in settings edit!"
fi
cp .config .config.edit.after
@ -649,6 +669,7 @@ apt remove --purge ${PACKAGES}
sudo sync
exit 0
EOF
result=$? && doFail $result ">>> Error generate uninstall.sh!"
# generate install script
cat <<-EOF >${READY}/install.sh
@ -659,9 +680,11 @@ sudo dpkg -i *.deb
sudo sync
exit 0
EOF
result=$? && doFail $result ">>> Error generate install.sh!"
# Set execution attribute
chmod +x $READY/*.sh
result=$? && doFail $result ">>> Error chmod!"
else
echo ">>> No packages have been created!"
@ -670,6 +693,7 @@ EOF
# setup execution rights on packages
chown -R root:root $READY/.
result=$? && doFail $result ">>> Error chown!"
}
# Print compilation end informations
@ -739,6 +763,7 @@ doCompile() {
bindeb-pkg \
LOCALVERSION=-"$(dpkg --print-architecture)" \
KDEB_PKGVERSION="$(make kernelversion)-${REVISION}"
result=$? && doFail $result ">>> Error in 'make bindeb-pkg'!"
else
make \
-j${NPROC} \
@ -746,13 +771,7 @@ doCompile() {
bindeb-pkg \
LOCALVERSION=-"$(dpkg --print-architecture)" \
KDEB_PKGVERSION="$(make kernelversion)-${REVISION}"
fi
result=$?
doEchoStep "make bindeb-pkg: $result"
if [ ! result==0 ]; then
echo ">>> Error in 'make bindeb-pkg'!"
exit 1
result=$? && doFail $result ">>> Error in 'make bindeb-pkg'!"
fi
doGenerateUninstall