On Wed September 30 2009, Michael S. Zick wrote:
> On Wed September 30 2009, Eugen Leitl wrote:
> > On Wed, Sep 30, 2009 at 03:17:05PM +0200, Laurent Spagnol wrote:
> >
> > > In fact, we don't have to run after the latest kernel releases, and in
> > > most of the cases the security holes comes from userland applications ...
> > >
> > > So:
> > > - i build my own kernels (IPv6, 'pseudo' loopback, and some new
> > > features that are usefull for me),
> > > - i take stability and updates from Debian,
> > > - and i continue to use my favorite distribution ;)
> >
> > Do you have this SOP documented somewhere? I'm afraid I have
> > to do it myself (currently using stock Debian vserver kernels
> > and stock vserver-utils, which kinda, sorta work, but do suck)
> > in future.
> >
>
> The kernel build system has a deb-pkg make target.
>
> The result will be a 'generic' debian kernel package, installable by dpkg -i ...
>
> Now, the fun part - -
> Where I quoted 'generic' above, I mean without the initial ramFS (a.k.a: initrd)
> creation.
> The kernel package is the same across the systems using the *.deb packaging -
> The creation, scripting included and use at boot time of the initrd varies -
> both by distribution and by local options.
>
> But I presume that the end-user has the update-initramfs set of script tools installed.
> All of the *.deb based distributions have such an animal, although perhaps with a name change.
>
> So installing the kernel from the package made by the deb-pkg target is a two step process:
> 1) dpkg -i <package name here>
> 2) update-initramfs -c -k <kernel version name here> (this is the same name found under /lib/modules)
>
> It is step 2 that builds the initrd with the distribution specific included scripting
> and the user's local options.
>
> Although not a Linux-VServer patched kernel, here is a worked example of the end-user directions:
> http://forum.netbookuser.com/viewtopic.php?id=907
>
> Mike
>
>
Ah, and you where asking about the build side magic:
It is 99% the same as building for yourself.
On (host):
wolf-c2q ~ # uname -a
Linux wolf-c2q 2.6.27.10-vs2.3.0.36.2 #2 SMP PREEMPT Tue Apr 7 11:37:56 CDT 2009 x86_64 Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz GenuineIntel GNU/Linux
Running:
wolf-c2q ~ # vserver-stat
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
14156 2 7.5M 1.6M 0m00s35 0m00s63 33m54s43 deb-wolf
14158 5 20M 7.4M 0m01s60 0m01s78 33m54s43 gen2-32
Do the usual preliminaries:
ssh gen2-32
download or 'git' the kernel source of your choice
download the Linux-Vserver patch of your choice
apply the patch (adjusting the release string as required)
copy your /boot/config-whatever file of choice to .config
make oldconfig
adjust configuration to suit with menuconfig
make -j5 deb-pkg
That will produce both the kernel and firmware *.deb packages -
It is my habit to also post, with similar names, the configuration
file, a tar-ball of any patches applied.
That way an end-user can either use the binaries produced as-is or
can download what I used to produce them (patch-set and config) so
that they can make any local changes required.
A worked example of such a posting announcement:
http://forum.netbookuser.com/viewtopic.php?id=950
Along with any end-user specific directions:
http://forum.netbookuser.com/viewtopic.php?pid=7520#p7520
= = = =
I follow the KISS standard of kernel packaging - -
But this is how I support multiple *.deb based distributions (Debian, Ubuntu)
with a single kernel build / package.
Mike
Received on Wed Sep 30 15:34:29 2009