kraoc/kernel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Corrections, updates and improved error handling

Browse Source
This commit is contained in:
Olivier 2025-04-15 14:57:05 +02:00
parent 967309123c
commit 7bef4aa309
3 changed files with 122 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -1,12 +1,12 @@
# Compilation de kernel pour VM Debian avec processeur Intel # Compilation de kernel pour serveur Debian avec processeur Intel
Récupération, décompression des sources du Kernel linux sur kernel.org, optimisation des réglages pour utilisation dans une VM. Récupération, décompression des sources du Kernel linux sur kernel.org, optimisation des réglages pour utilisation dans une VM ou en serveur.
## Prérequis ## Prérequis
- Hyperviseur Proxmox - (Hyperviseur Proxmox)
- Machine hôte avec processeur Intel - Machine hôte avec processeur Intel
- Système dexploitation pour VM sous Debian - Système dexploitation sous Debian
- Disposer du fichier de configuration noyeau de type Cloud - Disposer du fichier de configuration noyeau de type Cloud
## Usage ## Usage
@ -40,6 +40,11 @@ sudo bash kernel.sh 6.x 6.14.2
## CHANGELOG ## CHANGELOG
### 2025-04-15
- Kernel: 6.14.2
- Corrections, updates and improved error handling
### 2025-04-12 ### 2025-04-12
- Kernel: 6.14.1 - Kernel: 6.14.1

2
certs/zogg.cnf
View File

@ -13,7 +13,7 @@ L = Zogg
O = Zogg O = Zogg
OU = Zogg OU = Zogg
CN = zogg.fr CN = zogg.fr
emailAddress = god@zogg emailAddress = tech@zogg
[ req_attributes ] [ req_attributes ]
challengePassword = zoggzogg challengePassword = zoggzogg

205
kernel.sh
View File

@ -1,12 +1,10 @@
#!/bin/bash #!/bin/bash
UPDATED="2025-04-12" UPDATED="2025-04-15"
DISABLE=1 # disable some options DISABLE=1 # disable options
ENABLE=1 # enable some options ENABLE=1 # enable options
SECURED=1 # enable/disable security
PATCHES=1 # enable/disable patch apply PATCHES=1 # enable/disable patch apply
UARCH=0 # apply more uarch patch UARCH=0 # apply more uarch patch
CLANG=0 # use Clang compiler (if not, use GCC)
O3=1 # use -O3 vs -O2 (optimisation) O3=1 # use -O3 vs -O2 (optimisation)
ARCH="native" # target architecture (uarch patch) ARCH="native" # target architecture (uarch patch)
CONFIGCLOUD=1 # enable cloud 'from' config CONFIGCLOUD=1 # enable cloud 'from' config
@ -15,8 +13,11 @@ CONFIGMOD=0 # enable all mod config
SCRATCH=0 # perform from scratch (remove preexisting content) SCRATCH=0 # perform from scratch (remove preexisting content)
UNCOMPRESS=1 # perform uncompress if already exist UNCOMPRESS=1 # perform uncompress if already exist
CLEANUP=1 # perform folder cleanup CLEANUP=1 # perform folder cleanup
SECURED=1 # enable/disable security
CLANG=0 # use Clang compiler (if not, use GCC)
O3=1 # use -O3 vs -O2 (optimisation)
ARCH="native" # target architecture (uarch patch)
TESTING=0 # add testing options TESTING=0 # add testing options
NVIDIA=1 # add support for nvidia
# #
# Sources: # Sources:
@ -110,6 +111,16 @@ if [ "$(id -u)" != "0" ]; then
exit 1 exit 1
fi fi
# Exit fail with message
doFail() {
result=$1
msg=$2
if [ ! result==0 ]; then
echo ">>> Error in download!"
exit 1
fi
}
LOGNAME=kernel LOGNAME=kernel
LOGEXT=log LOGEXT=log
LOGFILE="" LOGFILE=""
@ -160,17 +171,36 @@ doTargetAdapt() {
case ${TARGET} in case ${TARGET} in
ubuntu) ubuntu)
doEchoStep "Adaptation for: ${TARGETNAME}" doEchoStep "Adaptation for: ${TARGETNAME}"
doEchoStep " - Certificates generation" doEchoStep " - Certificates generation"
openssl req -x509 -newkey rsa:4096 -keyout certs/zogg.pem -out certs/zogg.pem -nodes -days 3650 -config $CERTS/zogg.cnf openssl req -x509 -newkey rsa:4096 -keyout certs/zogg.pem -out certs/zogg.pem -nodes -days 3650 -config $CERTS/zogg.cnf
result=$? && doFail $result ">>> Error in openssl!"
doEchoStep " - Options override" doEchoStep " - Options override"
./scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/zogg.pem" ./scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/zogg.pem"
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SYSTEM_TRUSTED_KEYRING ./scripts/config --enable CONFIG_SYSTEM_TRUSTED_KEYRING
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS "certs/zogg.pem" ./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS "certs/zogg.pem"
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SYSTEM_EXTRA_CERTIFICATE ./scripts/config --enable CONFIG_SYSTEM_EXTRA_CERTIFICATE
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-val CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096 ./scripts/config --set-val CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SECONDARY_TRUSTED_KEYRING ./scripts/config --enable CONFIG_SECONDARY_TRUSTED_KEYRING
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --enable CONFIG_SYSTEM_BLACKLIST_KEYRING ./scripts/config --enable CONFIG_SYSTEM_BLACKLIST_KEYRING
result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_BLACKLIST_HASH_LIST "" ./scripts/config --set-str CONFIG_SYSTEM_BLACKLIST_HASH_LIST ""
result=$? && doFail $result ">>> Error in script-config!"
export CC="x86_64-pc-linux-gnu" export CC="x86_64-pc-linux-gnu"
;; ;;
*) ;; *) ;;
@ -220,6 +250,7 @@ doScratch() {
if [ -d $WORKDIR ]; then if [ -d $WORKDIR ]; then
doEchoStep "Scratch: remove existing content" doEchoStep "Scratch: remove existing content"
rm -rf $WORKDIR rm -rf $WORKDIR
result=$? && doFail $result ">>> Error!"
else else
doEchoStep "Scratch: existing previous content not found" doEchoStep "Scratch: existing previous content not found"
fi fi
@ -235,15 +266,14 @@ doDownload() {
cd $WORKDIR cd $WORKDIR
doEchoStep "Download branch '$BRANCH' version '$VERSION'" doEchoStep "Download branch '$BRANCH' version '$VERSION'"
wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.sign
wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.xz
doSync
result=$? wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.sign
if [ ! result==0 ]; then result=$? && doFail $result ">>> Error in download (sign)!"
echo ">>> Error in download!"
exit 1 wget --compression=auto --show-progress --no-verbose --inet4-only https://cdn.kernel.org/pub/linux/kernel/v$BRANCH/linux-$VERSION.tar.xz
fi result=$? && doFail $result ">>> Error in download (kernel)!"
doSync
fi fi
} }
@ -253,13 +283,9 @@ doPerformUncompress() {
doEchoStep "Uncompress" doEchoStep "Uncompress"
rm -rf linux-$VERSION rm -rf linux-$VERSION
tar -xaf linux-$VERSION.tar.xz
result=$? tar -xaf linux-$VERSION.tar.xz
if [ ! result==0 ]; then result=$? && doFail $result ">>> Error in uncompress!"
echo ">>> Error in uncompress!"
exit 1
fi
} }
doUncompress() { doUncompress() {
if [ -d $WORKDIR ]; then if [ -d $WORKDIR ]; then
@ -283,14 +309,10 @@ doCleanup() {
if [ "$CLANG" == "1" ]; then if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" distclean make -j${NPROC} LLVM=1 CC="ccache clang" distclean
result=$? && doFail $result ">>> Error in cleanup!"
else else
make -j${NPROC} CC="ccache gcc" distclean make -j${NPROC} CC="ccache gcc" distclean
fi result=$? && doFail $result ">>> Error in cleanup!"
result=$?
if [ ! result==0 ]; then
echo ">>> Error in cleanup!"
exit 1
fi fi
fi fi
} }
@ -303,14 +325,11 @@ doConfigCloud() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.cloud.before cp .config .config.cloud.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
cp $CONFIGS/cloud-amd64 .config
result=$? cp $CONFIGS/cloud-amd64 .config
if [ ! result==0 ]; then result=$? && doFail $result ">>> Error .config copy!"
echo ">>> Error in cloud kernel .config copy!"
exit 1
fi
cp .config .config.cloud.after cp .config .config.cloud.after
fi fi
@ -324,17 +343,15 @@ doOldOne() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.old.before cp .config .config.old.before
fi result=$? && doFail $result ">>> Error .config copy (before)!"
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" olddefconfig
else
make -j${NPROC} CC="ccache gcc" olddefconfig
fi fi
result=$? if [ "$CLANG" == "1" ]; then
if [ ! result==0 ]; then make -j${NPROC} LLVM=1 CC="ccache clang" olddefconfig
echo ">>> Error in generate .config!" result=$? && doFail $result ">>> Error in generate .config!"
exit 1 else
make -j${NPROC} CC="ccache gcc" olddefconfig
result=$? && doFail $result ">>> Error in generate .config!"
fi fi
cp .config .config.old.after cp .config .config.old.after
@ -349,17 +366,15 @@ doAllMods() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.mod.before cp .config .config.mod.before
fi result=$? && doFail $result ">>> Error .config copy (before)!"
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" allmodconfig
else
make -j${NPROC} CC="ccache gcc" allmodconfig
fi fi
result=$? if [ "$CLANG" == "1" ]; then
if [ ! result==0 ]; then make -j${NPROC} LLVM=1 CC="ccache clang" allmodconfig
echo ">>> Error in set all modules not in kernel!" result=$? && doFail $result ">>> Error in set all modules not in kernel!"
exit 1 else
make -j${NPROC} CC="ccache gcc" allmodconfig
result=$? && doFail $result ">>> Error in set all modules not in kernel!"
fi fi
cp .config .config.mod.after cp .config .config.mod.after
@ -371,13 +386,9 @@ doPermissions() {
cd $WORKDIR cd $WORKDIR
doEchoStep "Define user/group" doEchoStep "Define user/group"
chown -R 1000:1000 $CURRENT/build/$BRANCH/$VERSION/. # chown -R 1000:1000 $CURRENT/build/$BRANCH/$VERSION/.
chown -R 1000:1000 $CURRENT/build
result=$? result=$? && doFail $result ">>> Error in chown!"
if [ ! result==0 ]; then
echo ">>> Error in chown!"
exit 1
fi
doSync doSync
} }
@ -389,18 +400,20 @@ doStripSig() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.stripsig.before cp .config .config.stripsig.before
result=$? && doFail $result ">>> Error .config stripsig (before)!"
fi fi
./scripts/config --disable MODULE_SIG_ALL ./scripts/config --disable MODULE_SIG_ALL
./scripts/config --set-str CONFIG_MODULE_SIG_KEY "" result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEY ""
./scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""
result=$? ./scripts/config --set-str CONFIG_MODULE_SIG_KEY ""
if [ ! result==0 ]; then result=$? && doFail $result ">>> Error in script-config!"
echo ">>> Error in chown!"
exit 1 ./scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEY ""
fi result=$? && doFail $result ">>> Error in script-config!"
./scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""
result=$? && doFail $result ">>> Error in script-config!"
cp .config .config.stripsig.after cp .config .config.stripsig.after
} }
@ -412,16 +425,14 @@ doStripDebug() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.stripdebug.before cp .config .config.stripdebug.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
./scripts/config --disable DEBUG_INFO ./scripts/config --disable DEBUG_INFO
./scripts/config --enable DEBUG_INFO_NONE result=$? && doFail $result ">>> Error in script-config!"
result=$? ./scripts/config --enable DEBUG_INFO_NONE
if [ ! result==0 ]; then result=$? && doFail $result ">>> Error in script-config!"
echo ">>> Error in chown!"
exit 1
fi
cp .config .config.stripdebug.after cp .config .config.stripdebug.after
} }
@ -436,14 +447,10 @@ doApplyPatches() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.uarches.before cp .config .config.uarches.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
patch -p1 <$PATCHES/more-uarches.patch patch -p1 <$PATCHES/more-uarches.patch
result=$? && doFail $result ">>> Error in 'uarches'!"
result=$?
if [ ! result==0 ]; then
echo ">>> Error in 'uarches'!"
exit 1
fi
cp .config .config.uarches.after cp .config .config.uarches.after
fi fi
@ -464,6 +471,7 @@ doScriptsConfigFile() {
# skip when starting with ';' (comment) # skip when starting with ';' (comment)
./scripts/config --${SWITCH} $option ./scripts/config --${SWITCH} $option
result=$? && doFail $result ">>> Error in script-config!"
fi fi
done <"$FILE" done <"$FILE"
} }
@ -475,6 +483,7 @@ doDefaultsDisable() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.disable.before cp .config .config.disable.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
doScriptsConfigFile disable $OPTIONS/disable/disable.txt doScriptsConfigFile disable $OPTIONS/disable/disable.txt
@ -489,7 +498,9 @@ doDefaultsEnable() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.enable.before cp .config .config.enable.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
if [ "$CLANG" == "1" ]; then if [ "$CLANG" == "1" ]; then
doScriptsConfigFile enable $OPTIONS/enable/clang.txt doScriptsConfigFile enable $OPTIONS/enable/clang.txt
fi fi
@ -498,12 +509,15 @@ doDefaultsEnable() {
case ${ARCH} in case ${ARCH} in
"x86-64-v2") "x86-64-v2")
./scripts/config --enable CONFIG_GENERIC_CPU2 ./scripts/config --enable CONFIG_GENERIC_CPU2
result=$? && doFail $result ">>> Error in script-config!"
;; ;;
"x86-64-v3") "x86-64-v3")
./scripts/config --enable CONFIG_GENERIC_CPU3 ./scripts/config --enable CONFIG_GENERIC_CPU3
result=$? && doFail $result ">>> Error in script-config!"
;; ;;
"x86-64-v4") "x86-64-v4")
./scripts/config --enable CONFIG_GENERIC_CPU4 ./scripts/config --enable CONFIG_GENERIC_CPU4
result=$? && doFail $result ">>> Error in script-config!"
;; ;;
esac esac
@ -515,6 +529,7 @@ doDefaultsEnable() {
doDefaultMitigations() { doDefaultMitigations() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.mitigations.before cp .config .config.mitigations.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
if [ $SECURED == 0 ]; then if [ $SECURED == 0 ]; then
@ -535,8 +550,11 @@ doDefaultsTesting() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.testing.before cp .config .config.testing.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
./scripts/config --set-str CONFIG_LOCALVERSION '-test' ./scripts/config --set-str CONFIG_LOCALVERSION '-test'
result=$? && doFail $result ">>> Error in script-config!"
cp .config .config.testing.after cp .config .config.testing.after
fi fi
@ -549,6 +567,7 @@ doDefaultsNvidia() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.nvidia.before cp .config .config.nvidia.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
doEchoStep "Options: NVIDIA disable" doEchoStep "Options: NVIDIA disable"
@ -564,6 +583,7 @@ doDefaults() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.default.before cp .config .config.default.before
result=$? && doFail $result ">>> Error .config copy (before)!"
fi fi
doApplyPatches doApplyPatches
@ -576,8 +596,10 @@ doDefaults() {
doEchoStep "Define options" doEchoStep "Define options"
if [ "$CLANG" == "1" ]; then if [ "$CLANG" == "1" ]; then
./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-clang" ./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-clang"
result=$? && doFail $result ">>> Error in script-config!"
else else
./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-gcc" ./scripts/config --set-str CONFIG_LOCALVERSION "${SEC}-gcc"
result=$? && doFail $result ">>> Error in script-config!"
fi fi
doDefaultsDisable doDefaultsDisable
@ -596,17 +618,15 @@ doEditSettings() {
if [ -f .config ]; then if [ -f .config ]; then
cp .config .config.edit.before cp .config .config.edit.before
fi result=$? && doFail $result ">>> Error .config copy (before)!"
if [ "$CLANG" == "1" ]; then
make -j${NPROC} LLVM=1 CC="ccache clang" menuconfig
else
make -j${NPROC} CC="ccache gcc" menuconfig
fi fi
result=$? if [ "$CLANG" == "1" ]; then
if [ ! result==0 ]; then make -j${NPROC} LLVM=1 CC="ccache clang" menuconfig
echo ">>> Error in settings edit!" result=$? && doFail $result ">>> Error in settings edit!"
exit 1 else
make -j${NPROC} CC="ccache gcc" menuconfig
result=$? && doFail $result ">>> Error in settings edit!"
fi fi
cp .config .config.edit.after cp .config .config.edit.after
@ -649,6 +669,7 @@ apt remove --purge ${PACKAGES}
sudo sync sudo sync
exit 0 exit 0
EOF EOF
result=$? && doFail $result ">>> Error generate uninstall.sh!"
# generate install script # generate install script
cat <<-EOF >${READY}/install.sh cat <<-EOF >${READY}/install.sh
@ -659,9 +680,11 @@ sudo dpkg -i *.deb
sudo sync sudo sync
exit 0 exit 0
EOF EOF
result=$? && doFail $result ">>> Error generate install.sh!"
# Set execution attribute # Set execution attribute
chmod +x $READY/*.sh chmod +x $READY/*.sh
result=$? && doFail $result ">>> Error chmod!"
else else
echo ">>> No packages have been created!" echo ">>> No packages have been created!"
@ -670,6 +693,7 @@ EOF
# setup execution rights on packages # setup execution rights on packages
chown -R root:root $READY/. chown -R root:root $READY/.
result=$? && doFail $result ">>> Error chown!"
} }
# Print compilation end informations # Print compilation end informations
@ -739,6 +763,7 @@ doCompile() {
bindeb-pkg \ bindeb-pkg \
LOCALVERSION=-"$(dpkg --print-architecture)" \ LOCALVERSION=-"$(dpkg --print-architecture)" \
KDEB_PKGVERSION="$(make kernelversion)-${REVISION}" KDEB_PKGVERSION="$(make kernelversion)-${REVISION}"
result=$? && doFail $result ">>> Error in 'make bindeb-pkg'!"
else else
make \ make \
-j${NPROC} \ -j${NPROC} \
@ -746,13 +771,7 @@ doCompile() {
bindeb-pkg \ bindeb-pkg \
LOCALVERSION=-"$(dpkg --print-architecture)" \ LOCALVERSION=-"$(dpkg --print-architecture)" \
KDEB_PKGVERSION="$(make kernelversion)-${REVISION}" KDEB_PKGVERSION="$(make kernelversion)-${REVISION}"
fi result=$? && doFail $result ">>> Error in 'make bindeb-pkg'!"
result=$?
doEchoStep "make bindeb-pkg: $result"
if [ ! result==0 ]; then
echo ">>> Error in 'make bindeb-pkg'!"
exit 1
fi fi
doGenerateUninstall doGenerateUninstall