-
Notifications
You must be signed in to change notification settings - Fork 0
/
build-kernel.sh
executable file
·398 lines (364 loc) · 12.8 KB
/
build-kernel.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
#!/bin/bash
# This script is used to build the kernel and initramfs on Gentoo Linux.
#Required
#The UUID of your disk. systemd-boot needs it. be careful!
# Note: if using LVM, this should be the LVM partition.
ROOT_UUID=""
#Optional
# Any rootflags you wish to set. For example, mine are currently
# "subvol=@ quiet splash intel_pstate=enable".
CMDLINE=""
# Secure boot key and cert
# If you want to sign your kernel with a secure boot key, set this to the path of your key.
# if you added your key and cert to in the make.conf, you can leave it blank.
SECUREBOOT_SIGN_KEY=""
SECUREBOOT_SIGN_CERT=""
# Path to kernel source directory: Default is "/usr/src/linux"
KERNEL_DIR="/usr/src/linux"
die() {
printf '\033[1;31mERROR:\033[0m %s\n' "$@" >&2 # bold red
exit 1
}
einfo() {
printf '\033[1;32mINFO:\033[0m %s\n' "$@" >&2 # bold green
}
ewarn() {
printf '\033[1;33mWARN:\033[0m %s\n' "$@" >&2 # bold yellow
}
# getopts options
while getopts ":hcilsra" opt; do
case $opt in
h)
printf "Usage: %s: [-h] [-c] [-i] [-l] [-s] [-r] [-a] \n" "$0"
printf " -h Show this help message\n"
printf " -c Configure and compile kernel\n"
printf " -i Build, Install kernel and initramfs\n"
printf " -l Update boot system(grub or systemd-boot)\n"
printf " -s Sign kernel with secure boot key and cert\n"
printf " -r Remove old kernel(s) and initramfs(exclude last 2 kernel(s))\n"
printf " -a All of the above(execute all options)\n"
exit 0
;;
c)
COMPILE_KERNEL="true"
;;
i)
INSTALL_KERNEL="true"
;;
l)
UPDATE_BOOT_SYSTEM="true"
;;
s)
SIGN_KERNEL="true"
;;
r)
REMOVE_OLD_KERNEL="true"
;;
a)
COMPILE_KERNEL="true"
INSTALL_KERNEL="true"
UPDATE_BOOT_SYSTEM="true"
SIGN_KERNEL="true"
REMOVE_OLD_KERNEL="true"
;;
\?)
die "Invalid option: -$OPTARG"
;;
esac
done
#check getopts options
if [ "$#" -eq 0 ]; then
die "No options specified. See -h for help."
fi
pushd_quiet() {
pushd "$1" &>/dev/null || die "Failed to enter $1."
}
popd_quiet() {
popd &>/dev/null || die "Failed to leave $1."
}
build_initramfs() {
printf "\n"
einfo "Starting to building initramfs..please wait..."
is_installed "sys-kernel/genkernel"
vendor=$(grep -m 1 vendor_id /proc/cpuinfo | awk '{ printf "%s\n", $3 }')
if [ "$vendor" == "GenuineIntel" ]; then
is_installed "sys-firmware/intel-microcode"
genkernel --install --no-ramdisk-modules --lvm --microcode initramfs || die "Failed to build initramfs"
else
genkernel --install --no-ramdisk-modules --lvm initramfs || die "Failed to build initramfs"
fi
einfo "Initramfs built successfully."
}
is_installed() {
package=$1
package_test=$(equery -q list "$package")
if [ -z "${package_test}" ]; then
install_package "$package"
fi
}
install_package() {
emerge -q "$@"
if [ $? -eq 1 ]; then
etc-update --automode -5
emerge -q "$@" || die "Failed to install $1"
fi
env-update && source /etc/profile
}
compile_kernel () {
printf "\n"
einfo "Cleaning up kernel source tree..."
pushd_quiet "$KERNEL_DIR"
make -s mrproper || die "Failed to clean kernel source tree"
printf "\n"
einfo "Copying kernel config..."
# try to multiple methods to copy the kernel config
if [ -f /etc/kernels/kernel-config-"$(uname -m)" ]; then
cp /etc/kernels/kernel-config-"$(uname -m)" .config || die "Failed to copy kernel config"
elif [ -f /proc/config.gz ]; then
zcat /proc/config.gz > .config || die "Failed to copy kernel config"
elif [ -f /boot/config-"$(uname -r)" ]; then
cp /boot/config-"$(uname -r)" .config || die "Failed to copy kernel config"
else
die "Failed to find kernel config"
fi
printf "\n"
einfo "Starting to compile kernel...please wait..."
if [ -f /etc/portage/make.conf ]; then
source /etc/portage/make.conf
fi
printf "\n"
einfo "Configuring kernel..."
make -s olddefconfig || die "Failed to configure kernel"
printf "\n"
einfo "Compiling kernel..."
make -s ARCH="$(uname -m)" "${MAKEOPTS}" bzImage || die "Failed to compile kernel"
printf "\n"
einfo "Compiling kernel modules..."
make -s ARCH="$(uname -m)" "${MAKEOPTS}" modules || die "Failed to compile kernel modules"
printf "\n"
einfo "Kernel and Modules compiled successfully."
popd_quiet "$KERNEL_DIR"
}
#install kernel and modules
install_kernel() {
printf "\n"
einfo "Installing kernel and modules..."
pushd_quiet "$KERNEL_DIR"
make -s INSTALL_MOD_STRIP=1 modules_install || die "Failed to install kernel modules"
# note: removeing sys-kernel/installkernel package from your system WILL change the way
# kernels are installed by "make install"! Instead of the versioned
# /boot/vmlinuz-x.y.z that you are used to, "make install" will simply
# copy bzImage. So we will need to manually copy the kernel image.
# we will use "/usr/src/linux" symlink to get the kernel version
links=$(readlink -f /usr/src/linux)
version=$(basename "$links" | sed 's/linux-//')
cp -v arch/"$(uname -m)"/boot/bzImage /boot/vmlinuz-"$version" || die "Failed to copy kernel image"
# copy System.map and config
cp -v System.map /boot/System.map-"$version" || die "Failed to copy System.map"
cp -v .config /boot/config-"$version" || die "Failed to copy config"
# emerge @module-rebuild to rebuild modules, if needed. quiet mode
emerge -q @module-rebuild || die "Failed to rebuild modules"
printf "\n"
einfo "Kernel and modules installed successfully."
popd_quiet "$KERNEL_DIR"
}
# this function find installed kernel(s) in /boot and create bash array
find_kernels() {
local KERNELS=()
readarray -t FOUND_KERNEL < <(find /boot -maxdepth 1 -name 'vmlinuz-*' -type f -not -name '*.old' -print0 | xargs -r -0 ls -t | sort -n)
# remove basename from kernel path and add to array
for i in "${FOUND_KERNEL[@]}"; do
KERNEL=("$(basename "$i")")
KERNELS+=("${KERNEL:8}")
done
# return array
echo "${KERNELS[@]}"
}
# this function create systemd-boot entry given kernel version
create_systemd_entry() {
VERSION=$1
FILENAME=$2
cat <<EOF > /boot/loader/entries/"${FILENAME}".conf
title Gentoo Linux ${VERSION}
linux /vmlinuz-${VERSION}
initrd /initramfs-${VERSION}.img
options root=UUID=${ROOT_UUID} ${CMDLINE}
EOF
}
update_grub() {
printf "\n"
einfo "Updating grub..."
# check if boot partition is mounted and
# grub is installed
if ! mount | grep -qs "/boot" ; then
ewarn "Boot partition is not mounted or separate boot partition not found"
elif [ ! -d "/boot/grub" ]; then
die "/boot/grub directory not found. Please emerge sys-boot/grub:2"
else
grub-mkconfig -o /boot/grub/grub.cfg || die "Failed to update grub"
fi
}
update_systemd_boot() {
printf "\n"
einfo "Updating systemd-boot..."
# check if boot partition is mounted and
# systemd-boot is installed
if ! mount | grep -qs "/boot" ; then
ewarn "Boot partition is not mounted or separate boot partition not found"
elif [ ! -d "/boot/loader" ]; then
die "/boot/loader directory not found. Please emerge sys-boot/systemd-boot"
fi
# check if >=systemd-254 is installed with boot use flag(older versions is required to install with gnu-efi use flag)
if ! equery -N -C uses systemd | grep -e '^ + [-+] boot' -e '^ + [-+] gnuefi' -qs; then
die "sys-boot/systemd must be installed with boot use flag"
fi
# create local array from find_kernels function
local KERNELS=()
IFS=" " read -r -a KERNELS <<< "$(find_kernels)"; unset IFS
# check if kernel(s) found
if [ "${#KERNELS[@]}" -eq 0 ]; then
die "No kernel(s) found in /boot"
fi
# create systemd-boot entry for latest kernel
LATEST_KERNEL="${KERNELS[-1]}"
einfo "Creating systemd-boot entry for ${LATEST_KERNEL}"
create_systemd_entry "${LATEST_KERNEL}" "gentoo" || die "Failed to create systemd-boot entry"
# create previous kernel entries
for i in "${!KERNELS[@]}"; do
if [ "$i" -gt 0 ]; then
PREV_KERNEL="${KERNELS[$i-1]}"
einfo "Creating systemd-boot entry for ${PREV_KERNEL}"
create_systemd_entry "${PREV_KERNEL}" "gentoo-${PREV_KERNEL}" || die "Failed to create systemd-boot entry"
fi
done
printf "\n"
einfo "Updating systemd-boot firmware ..."
# disabled below line because 'bootctl update' exit with error code 1
# But It works fine. So, I dont check exit code.
# bootctl update || die "Failed to update systemd-boot firmware"
bootctl -q update
einfo "Systemd-boot updated successfully."
}
# detect and update boot system: systemd-boot or grub
update_boot_system() {
printf "\n"
einfo "Detecting boot system..."
# check if boot partition is mounted
if ! mount | grep -qs "/boot" ; then
ewarn "Boot partition is not mounted or separate boot partition not found"
fi
# check if systemd-boot is installed
if [[ "$(bootctl is-installed)" == "yes" ]]; then
einfo "Systemd-boot detected"
update_systemd_boot
# check if grub is installed, check if /boot/grub/grub.cfg exists
# and check grub-mkconfig is installed (basic check)
# I dont check if grub is installed in MBR or EFI :(
elif [ -f "/boot/grub/grub.cfg" ] && [ -x "/usr/sbin/grub-mkconfig" ]; then
einfo "Grub detected"
update_grub
else
die "Boot system not detected"
fi
}
# sign kernel with secure boot key and cert
sign_kernel () {
printf "\n"
einfo "Signing kernel with secure boot key and cert..."
# check if secure boot key and cert is set
if [ -n "$SECUREBOOT_SIGN_KEY" ] && [ -n "$SECUREBOOT_SIGN_CERT" ]; then
einfo "Secure boot key and cert is set in build-kernel.sh"
elif [ -f /etc/portage/make.conf ]; then
source /etc/portage/make.conf
if [ -n "$SECUREBOOT_SIGN_KEY" ] && [ -n "$SECUREBOOT_SIGN_CERT" ]; then
einfo "Secure boot key and cert is set in make.conf"
else
die "Secure boot key and cert is not set"
fi
fi
# check if sbsign is installed
is_installed "app-crypt/sbsigntools"
# create local array from find_kernels function
local KERNELS=()
IFS=" " read -r -a KERNELS <<< "$(find_kernels)"; unset IFS
# check if kernel(s) found
if [ "${#KERNELS[@]}" -eq 0 ]; then
die "No kernel(s) found in /boot"
fi
# sign kernel(s)
for i in "${!KERNELS[@]}"; do
einfo "Signing kernel ${KERNELS[$i]}"
sbsign --key "$SECUREBOOT_SIGN_KEY" --cert "$SECUREBOOT_SIGN_CERT" --output "/boot/vmlinuz-${KERNELS[$i]}" "/boot/vmlinuz-${KERNELS[$i]}" || die "Failed to sign kernel"
done
}
# remove old kernel(s) and initramfs exclude last 2 kernel(s)
remove_old_kernel() {
# create local array from find_kernels function
local KERNELS=()
IFS=" " read -r -a KERNELS <<< "$(find_kernels)"; unset IFS
# check if kernel(s) found
if [ "${#KERNELS[@]}" -eq 0 ]; then
die "No kernel(s) found in /boot"
fi
# remove old kernel(s) exclude last 2 kernel(s)
for i in "${!KERNELS[@]}"; do
if [ "$i" -lt $((${#KERNELS[@]}-2)) ]; then
einfo "Removing old kernel ${KERNELS[$i]} from /boot"
rm -f "/boot/vmlinuz-${KERNELS[$i]}" || die "Failed to remove kernel"
rm -f "/boot/System.map-${KERNELS[$i]}" || die "Failed to remove System.map"
rm -f "/boot/config-${KERNELS[$i]}" || die "Failed to remove config"
rm -f "/boot/initramfs-${KERNELS[$i]}.img" || die "Failed to remove initramfs"
einfo "Removing old kernel ${KERNELS[$i]} from /lib/modules"
rm -rf "/lib/modules/${KERNELS[$i]}" || die "Failed to remove kernel modules"
einfo "Removing old kernel ${KERNELS[$i]} from /usr/src"
rm -rf "/usr/src/linux-${KERNELS[$i]}" || die "Failed to remove kernel source"
einfo "Removing old kernel systemd-boot entry"
rm -f "/boot/loader/entries/gentoo-${KERNELS[$i]}.conf" || die "Failed to remove systemd-boot entry"
else
einfo "Keeping kernel ${KERNELS[$i]}"
fi
done
}
# control_c()
# Trap Ctrl-C for a quick and clean exit when necessary
control_c() {
echo "Control-c pressed - exiting NOW"
exit 1
}
# Trap any ctrl+c and call control_c function provided through functions.sh
trap control_c SIGINT
banner() {
printf "\n"
printf "============================================================= \n"
printf "Gentoo Linux kernel build \n"
printf "https://github.com/mofm/kernel-build \n"
printf "============================================================= \n"
printf "\n"
printf "If you run into any problems, please open an issue so it can fixed. Thanks! \n"
}
banner
# check if user is root
if [ "$EUID" -ne 0 ]; then
die "Please run as root"
fi
# compile kernel
if [ "$COMPILE_KERNEL" == "true" ]; then
compile_kernel
fi
# install kernel and modules and build initramfs
if [ "$INSTALL_KERNEL" == "true" ]; then
install_kernel
build_initramfs
fi
# sign kernel with secure boot key and cert
if [ "$SIGN_KERNEL" == "true" ]; then
sign_kernel
fi
# update boot system
if [ "$UPDATE_BOOT_SYSTEM" == "true" ]; then
update_boot_system
fi
# remove old kernel(s) and initramfs
if [ "$REMOVE_OLD_KERNEL" == "true" ]; then
remove_old_kernel
fi