From 7bef4aa309afce0ca0cb127a833ade75c975ea2e Mon Sep 17 00:00:00 2001 From: kraoc Date: Tue, 15 Apr 2025 14:57:05 +0200 Subject: [PATCH] Corrections, updates and improved error handling --- README.md | 13 +++- certs/zogg.cnf | 2 +- kernel.sh | 205 +++++++++++++++++++++++++++---------------------- 3 files changed, 122 insertions(+), 98 deletions(-) diff --git a/README.md b/README.md index 93d6a82..d4ccb6e 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -# Compilation de kernel pour VM Debian avec processeur Intel +# Compilation de kernel pour serveur Debian avec processeur Intel -Récupération, décompression des sources du Kernel linux sur kernel.org, optimisation des réglages pour utilisation dans une VM. +Récupération, décompression des sources du Kernel linux sur kernel.org, optimisation des réglages pour utilisation dans une VM ou en serveur. ## Prérequis -- Hyperviseur Proxmox +- (Hyperviseur Proxmox) - Machine hôte avec processeur Intel -- Système d’exploitation pour VM sous Debian +- Système d’exploitation sous Debian - Disposer du fichier de configuration noyeau de type Cloud ## Usage @@ -40,6 +40,11 @@ sudo bash kernel.sh 6.x 6.14.2 ## CHANGELOG +### 2025-04-15 + +- Kernel: 6.14.2 +- Corrections, updates and improved error handling + ### 2025-04-12 - Kernel: 6.14.1 diff --git a/certs/zogg.cnf b/certs/zogg.cnf index 1b30f3a..a7c062c 100644 --- a/certs/zogg.cnf +++ b/certs/zogg.cnf @@ -13,7 +13,7 @@ L = Zogg O = Zogg OU = Zogg CN = zogg.fr -emailAddress = god@zogg +emailAddress = tech@zogg [ req_attributes ] challengePassword = zoggzogg diff --git a/kernel.sh b/kernel.sh index 48166ed..7d9e5d8 100644 --- a/kernel.sh +++ b/kernel.sh @@ -1,12 +1,10 @@ #!/bin/bash -UPDATED="2025-04-12" +UPDATED="2025-04-15" -DISABLE=1 # disable some options -ENABLE=1 # enable some options -SECURED=1 # enable/disable security +DISABLE=1 # disable options +ENABLE=1 # enable options PATCHES=1 # enable/disable patch apply UARCH=0 # apply more uarch patch -CLANG=0 # use Clang compiler (if not, use GCC) O3=1 # use -O3 vs -O2 (optimisation) ARCH="native" # target architecture (uarch patch) CONFIGCLOUD=1 # enable cloud 'from' config @@ -15,8 +13,11 @@ CONFIGMOD=0 # enable all mod config SCRATCH=0 # perform from scratch (remove preexisting content) UNCOMPRESS=1 # perform uncompress if already exist CLEANUP=1 # perform folder cleanup +SECURED=1 # enable/disable security +CLANG=0 # use Clang compiler (if not, use GCC) +O3=1 # use -O3 vs -O2 (optimisation) +ARCH="native" # target architecture (uarch patch) TESTING=0 # add testing options -NVIDIA=1 # add support for nvidia # # Sources: @@ -110,6 +111,16 @@ if [ "$(id -u)" != "0" ]; then exit 1 fi +# Exit fail with message +doFail() { + result=$1 + msg=$2 + if [ ! result==0 ]; then + echo ">>> Error in download!" + exit 1 + fi +} + LOGNAME=kernel LOGEXT=log LOGFILE="" @@ -160,17 +171,36 @@ doTargetAdapt() { case ${TARGET} in ubuntu) doEchoStep "Adaptation for: ${TARGETNAME}" + doEchoStep " - Certificates generation" openssl req -x509 -newkey rsa:4096 -keyout certs/zogg.pem -out certs/zogg.pem -nodes -days 3650 -config $CERTS/zogg.cnf + result=$? && doFail $result ">>> Error in openssl!" + doEchoStep " - Options override" ./scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/zogg.pem" + result=$? && doFail $result ">>> Error in script-config!" + ./scripts/config --enable CONFIG_SYSTEM_TRUSTED_KEYRING + result=$? && doFail $result ">>> Error in script-config!" + ./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS "certs/zogg.pem" + result=$? && doFail $result ">>> Error in script-config!" + ./scripts/config --enable CONFIG_SYSTEM_EXTRA_CERTIFICATE + result=$? && doFail $result ">>> Error in script-config!" + ./scripts/config --set-val CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 + result=$? && doFail $result ">>> Error in script-config!" + ./scripts/config --enable CONFIG_SECONDARY_TRUSTED_KEYRING + result=$? && doFail $result ">>> Error in script-config!" + ./scripts/config --enable CONFIG_SYSTEM_BLACKLIST_KEYRING + result=$? && doFail $result ">>> Error in script-config!" + ./scripts/config --set-str CONFIG_SYSTEM_BLACKLIST_HASH_LIST "" + result=$? && doFail $result ">>> Error in script-config!" + export CC="x86_64-pc-linux-gnu" ;; *) ;; @@ -220,6 +250,7 @@ doScratch() { if [ -d $WORKDIR ]; then doEchoStep "Scratch: remove existing content" rm -rf $WORKDIR + result=$? && doFail $result ">>> Error!" else doEchoStep "Scratch: existing previous content not found" fi @@ -235,15 +266,14 @@ doDownload() { cd $WORKDIR doEchoStep "Download branch '$BRANCH' version '$VERSION'" - wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.sign - wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.xz - doSync - result=$? - if [ ! result==0 ]; then - echo ">>> Error in download!" - exit 1 - fi + wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.sign + result=$? && doFail $result ">>> Error in download (sign)!" + + wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.xz + result=$? && doFail $result ">>> Error in download (kernel)!" + + doSync fi } @@ -253,13 +283,9 @@ doPerformUncompress() { doEchoStep "Uncompress" rm -rf linux-$VERSION - tar -xaf linux-$VERSION.tar.xz - result=$? - if [ ! result==0 ]; then - echo ">>> Error in uncompress!" - exit 1 - fi + tar -xaf linux-$VERSION.tar.xz + result=$? && doFail $result ">>> Error in uncompress!" } doUncompress() { if [ -d $WORKDIR ]; then @@ -283,14 +309,10 @@ doCleanup() { if [ "$CLANG" == "1" ]; then make -j${NPROC} LLVM=1 CC="ccache clang" distclean + result=$? && doFail $result ">>> Error in cleanup!" else make -j${NPROC} CC="ccache gcc" distclean - fi - - result=$? - if [ ! result==0 ]; then - echo ">>> Error in cleanup!" - exit 1 + result=$? && doFail $result ">>> Error in cleanup!" fi fi } @@ -303,14 +325,11 @@ doConfigCloud() { if [ -f .config ]; then cp .config .config.cloud.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi - cp $CONFIGS/cloud-amd64 .config - result=$? - if [ ! result==0 ]; then - echo ">>> Error in cloud kernel .config copy!" - exit 1 - fi + cp $CONFIGS/cloud-amd64 .config + result=$? && doFail $result ">>> Error .config copy!" cp .config .config.cloud.after fi @@ -324,17 +343,15 @@ doOldOne() { if [ -f .config ]; then cp .config .config.old.before - fi - if [ "$CLANG" == "1" ]; then - make -j${NPROC} LLVM=1 CC="ccache clang" olddefconfig - else - make -j${NPROC} CC="ccache gcc" olddefconfig + result=$? && doFail $result ">>> Error .config copy (before)!" fi - result=$? - if [ ! result==0 ]; then - echo ">>> Error in generate .config!" - exit 1 + if [ "$CLANG" == "1" ]; then + make -j${NPROC} LLVM=1 CC="ccache clang" olddefconfig + result=$? && doFail $result ">>> Error in generate .config!" + else + make -j${NPROC} CC="ccache gcc" olddefconfig + result=$? && doFail $result ">>> Error in generate .config!" fi cp .config .config.old.after @@ -349,17 +366,15 @@ doAllMods() { if [ -f .config ]; then cp .config .config.mod.before - fi - if [ "$CLANG" == "1" ]; then - make -j${NPROC} LLVM=1 CC="ccache clang" allmodconfig - else - make -j${NPROC} CC="ccache gcc" allmodconfig + result=$? && doFail $result ">>> Error .config copy (before)!" fi - result=$? - if [ ! result==0 ]; then - echo ">>> Error in set all modules not in kernel!" - exit 1 + if [ "$CLANG" == "1" ]; then + make -j${NPROC} LLVM=1 CC="ccache clang" allmodconfig + result=$? && doFail $result ">>> Error in set all modules not in kernel!" + else + make -j${NPROC} CC="ccache gcc" allmodconfig + result=$? && doFail $result ">>> Error in set all modules not in kernel!" fi cp .config .config.mod.after @@ -371,13 +386,9 @@ doPermissions() { cd $WORKDIR doEchoStep "Define user/group" - chown -R 1000:1000 $CURRENT/build/$BRANCH/$VERSION/. - - result=$? - if [ ! result==0 ]; then - echo ">>> Error in chown!" - exit 1 - fi + # chown -R 1000:1000 $CURRENT/build/$BRANCH/$VERSION/. + chown -R 1000:1000 $CURRENT/build + result=$? && doFail $result ">>> Error in chown!" doSync } @@ -389,18 +400,20 @@ doStripSig() { if [ -f .config ]; then cp .config .config.stripsig.before + result=$? && doFail $result ">>> Error .config stripsig (before)!" fi ./scripts/config --disable MODULE_SIG_ALL - ./scripts/config --set-str CONFIG_MODULE_SIG_KEY "" - ./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEY "" - ./scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS "" + result=$? && doFail $result ">>> Error in script-config!" - result=$? - if [ ! result==0 ]; then - echo ">>> Error in chown!" - exit 1 - fi + ./scripts/config --set-str CONFIG_MODULE_SIG_KEY "" + result=$? && doFail $result ">>> Error in script-config!" + + ./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEY "" + result=$? && doFail $result ">>> Error in script-config!" + + ./scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS "" + result=$? && doFail $result ">>> Error in script-config!" cp .config .config.stripsig.after } @@ -412,16 +425,14 @@ doStripDebug() { if [ -f .config ]; then cp .config .config.stripdebug.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi ./scripts/config --disable DEBUG_INFO - ./scripts/config --enable DEBUG_INFO_NONE + result=$? && doFail $result ">>> Error in script-config!" - result=$? - if [ ! result==0 ]; then - echo ">>> Error in chown!" - exit 1 - fi + ./scripts/config --enable DEBUG_INFO_NONE + result=$? && doFail $result ">>> Error in script-config!" cp .config .config.stripdebug.after } @@ -436,14 +447,10 @@ doApplyPatches() { if [ -f .config ]; then cp .config .config.uarches.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi patch -p1 <$PATCHES/more-uarches.patch - - result=$? - if [ ! result==0 ]; then - echo ">>> Error in 'uarches'!" - exit 1 - fi + result=$? && doFail $result ">>> Error in 'uarches'!" cp .config .config.uarches.after fi @@ -464,6 +471,7 @@ doScriptsConfigFile() { # skip when starting with ';' (comment) ./scripts/config --${SWITCH} $option + result=$? && doFail $result ">>> Error in script-config!" fi done <"$FILE" } @@ -475,6 +483,7 @@ doDefaultsDisable() { if [ -f .config ]; then cp .config .config.disable.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi doScriptsConfigFile disable $OPTIONS/disable/disable.txt @@ -489,7 +498,9 @@ doDefaultsEnable() { if [ -f .config ]; then cp .config .config.enable.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi + if [ "$CLANG" == "1" ]; then doScriptsConfigFile enable $OPTIONS/enable/clang.txt fi @@ -498,12 +509,15 @@ doDefaultsEnable() { case ${ARCH} in "x86-64-v2") ./scripts/config --enable CONFIG_GENERIC_CPU2 + result=$? && doFail $result ">>> Error in script-config!" ;; "x86-64-v3") ./scripts/config --enable CONFIG_GENERIC_CPU3 + result=$? && doFail $result ">>> Error in script-config!" ;; "x86-64-v4") ./scripts/config --enable CONFIG_GENERIC_CPU4 + result=$? && doFail $result ">>> Error in script-config!" ;; esac @@ -515,6 +529,7 @@ doDefaultsEnable() { doDefaultMitigations() { if [ -f .config ]; then cp .config .config.mitigations.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi if [ $SECURED == 0 ]; then @@ -535,8 +550,11 @@ doDefaultsTesting() { if [ -f .config ]; then cp .config .config.testing.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi + ./scripts/config --set-str CONFIG_LOCALVERSION '-test' + result=$? && doFail $result ">>> Error in script-config!" cp .config .config.testing.after fi @@ -549,6 +567,7 @@ doDefaultsNvidia() { if [ -f .config ]; then cp .config .config.nvidia.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi doEchoStep "Options: NVIDIA disable" @@ -564,6 +583,7 @@ doDefaults() { if [ -f .config ]; then cp .config .config.default.before + result=$? && doFail $result ">>> Error .config copy (before)!" fi doApplyPatches @@ -576,8 +596,10 @@ doDefaults() { doEchoStep "Define options" if [ "$CLANG" == "1" ]; then ./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-clang" + result=$? && doFail $result ">>> Error in script-config!" else ./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-gcc" + result=$? && doFail $result ">>> Error in script-config!" fi doDefaultsDisable @@ -596,17 +618,15 @@ doEditSettings() { if [ -f .config ]; then cp .config .config.edit.before - fi - if [ "$CLANG" == "1" ]; then - make -j${NPROC} LLVM=1 CC="ccache clang" menuconfig - else - make -j${NPROC} CC="ccache gcc" menuconfig + result=$? && doFail $result ">>> Error .config copy (before)!" fi - result=$? - if [ ! result==0 ]; then - echo ">>> Error in settings edit!" - exit 1 + if [ "$CLANG" == "1" ]; then + make -j${NPROC} LLVM=1 CC="ccache clang" menuconfig + result=$? && doFail $result ">>> Error in settings edit!" + else + make -j${NPROC} CC="ccache gcc" menuconfig + result=$? && doFail $result ">>> Error in settings edit!" fi cp .config .config.edit.after @@ -649,6 +669,7 @@ apt remove --purge ${PACKAGES} sudo sync exit 0 EOF + result=$? && doFail $result ">>> Error generate uninstall.sh!" # generate install script cat <<-EOF >${READY}/install.sh @@ -659,9 +680,11 @@ sudo dpkg -i *.deb sudo sync exit 0 EOF + result=$? && doFail $result ">>> Error generate install.sh!" # Set execution attribute chmod +x $READY/*.sh + result=$? && doFail $result ">>> Error chmod!" else echo ">>> No packages have been created!" @@ -670,6 +693,7 @@ EOF # setup execution rights on packages chown -R root:root $READY/. + result=$? && doFail $result ">>> Error chown!" } # Print compilation end informations @@ -739,6 +763,7 @@ doCompile() { bindeb-pkg \ LOCALVERSION=-"$(dpkg --print-architecture)" \ KDEB_PKGVERSION="$(make kernelversion)-${REVISION}" + result=$? && doFail $result ">>> Error in 'make bindeb-pkg'!" else make \ -j${NPROC} \ @@ -746,13 +771,7 @@ doCompile() { bindeb-pkg \ LOCALVERSION=-"$(dpkg --print-architecture)" \ KDEB_PKGVERSION="$(make kernelversion)-${REVISION}" - fi - - result=$? - doEchoStep "make bindeb-pkg: $result" - if [ ! result==0 ]; then - echo ">>> Error in 'make bindeb-pkg'!" - exit 1 + result=$? && doFail $result ">>> Error in 'make bindeb-pkg'!" fi doGenerateUninstall