Code: Select all
#! /usr/bin/env bash
#
# All output is stored in the current working directory. It is strongly
# recommended to run it in an empty directory.
#
# This script by default does the following:
# - download the upstream sources of the linux kernel
# - verify they are signed with a trusted GPG-key
# - use the configuration of your currently running kernel
# - build a Debian-kernel package with
#
# Each step is called as function at the end of the script. You can
# easily comment them out to skip them or to run manual steps (for
# example changing the kernel configuration with "make menuconfig").
#
#
# Packages required to build the kernel package:
# kernel-package fakeroot build-essential devscripts
#
# If you want to change the configuration manually you need
# for make gconfig: libgtk2.0-dev libglade2-dev
# for make menuconfig: libncurses5-dev
set -e
# -------------------- setup --------------------
# Fingerprint of a trusted key the kernel is signed with.
# See http://www.kernel.org/signature.html
# http://lwn.net/Articles/461647/
# ATTENTION: Make sure you really trust it!
TRUSTED_FINGERPRINT='ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886'
# The upstream kernel version to downloaded and build.
KERNEL_VERSION=3.8
# A string that is appended to the version. For restrictions see the --append-to-version option of make-kpg.
VERSION_POSTFIX=-upstream
# URL where the archive and sources are located.
SOURCE_URL_BASE=http://www.kernel.org/pub/linux/kernel/v3.x
# Server used to get the trusted key from.
KEYSERVER=hkp://pool.sks-keyservers.net
# Set to yes if you want to build only the modules that are currently
# loaded Speeds up the build. But modules that are not currently
# loaded will be missing! Only usefull if you really have to speed up
# the build time and the kernel is intended for the running system and
# the hardware is not expected to change.
BUILD_ONLY_LOADED_MODULES=no
# -----------------------------------------------
# Remove spaces from the fingerprint to get a "long key ID" (see gpg manpage)
TRUSTEDLONGID=`echo $TRUSTED_FINGERPRINT | sed "s/ //g"`
# Directory that is used by this script to store the trusted GPG-Key (not your personal GPG directory!)
export GNUPGHOME=./kernelkey
# Downloads the trsuted key from a keyserver. Uses the trusted fingerprint to find the key.
function RecvKey()
{
echo "Recieving key $TRUSTED_FINGERPRINT from the keyserver..."
[ ! -d $GNUPGHOME ] || rm -rf $GNUPGHOME # makes sure no stale keys are hanging around
mkdir $GNUPGHOME
chmod og-rwx $GNUPGHOME
gpg --keyserver $KEYSERVER --recv-keys $TRUSTEDLONGID
}
# Downloads the sources and their signature file.
function DownloadSources()
{
wget $SOURCE_URL_BASE/linux-$KERNEL_VERSION.tar.xz
wget $SOURCE_URL_BASE/linux-$KERNEL_VERSION.tar.sign
}
# Verifies the downloaded sources are signed with the trusted key and extracts them.
function VerifyExtract()
{
echo "Extracting downloaded sources to tar..."
[ -f linux-$KERNEL_VERSION.tar ] || unxz --keep linux-$KERNEL_VERSION.tar.xz
echo "Verifying tar is signed with the trusted key..."
gpg -v --trusted-key 0x${TRUSTEDLONGID:24} --verify linux-$KERNEL_VERSION.tar.sign
[ ! -d linux-$KERNEL_VERSION ] || rm -rf linux-$KERNEL_VERSION
echo "Extracting tar..."
tar -xf linux-$KERNEL_VERSION.tar
rm linux-$KERNEL_VERSION.tar
}
# Copies the configuration of the running kernel and applies defaults to all settings that are new in the upstream version.
function SetCurrentConfig()
{
pushd ./linux-$KERNEL_VERSION
# Copy settings of the currently running kernel
cp /boot/config-$(uname -r) ./.config
# Use the copied configuration and apply defaults to all new settings
yes "" | make oldconfig
if [ yes == $BUILD_ONLY_LOADED_MODULES ]
then
echo "Disabling modules that are not loaded by the running system..."
make localmodconfig
fi
popd
}
function Build()
{
pushd ./linux-$KERNEL_VERSION
# See the following links for more information:
# http://www.debian.org/doc/manuals/debian-faq/ch-kernel.en.html
# http://www.debian.org/releases/stable/amd64/ch08s06.html.en
time fakeroot make-kpkg --jobs `getconf _NPROCESSORS_ONLN` --append-to-version "$VERSION_POSTFIX" --initrd kernel_image
popd
echo "Congratulations! You just build a linux kernel."
echo "Use the following command to install it: dpkg -i linux-image-${KERNEL_VERSION}${VERSION_POSTFIX}*.deb"
}
RecvKey
DownloadSources
VerifyExtract
SetCurrentConfig
Build
After installing the wheezy beta my system froze multiple days in a row multiple times per day (but that is another thread). So I decided to try an upstream kernel. It took me a while to search for documentation and to find a good way to build the kernel package. The result is the script you see above. I post it here to spare you from repeating all the steps I (and a few thousand other debian users) already did. I am a big fan of automating things that are needed repeatedly
EDIT: Fixed some minor problems.
EDIT: Added an option to build only loaded modules.
EDIT Feb 24 2013: Updated for kernel Version 3.8, GPG key updated, got rid of GPG warning, corrected some comments