View previous topic :: View next topic |
Author |
Message |
Marlo Veteran
Joined: 26 Jul 2003 Posts: 1591
|
Posted: Tue Dec 05, 2017 6:47 pm Post subject: Which rights are necessary to create a kernel? |
|
|
after an "emerge -NDuva @world" sometimes new sources end up in /usr/src/.
For me, the sources always have root: root
Code: | drwxr-xr-x 22 root root 4096 4. Dez 16:23 linux-4.14.2-gentoo
drwxr-xr-x 26 root root 4096 4. Dez 19:29 linux-4.14.3-gentoo |
It is often to read that the kernel sources should not be edited as the user root. Only the last step, that create the kernel with make is supposed to be done as root. But when I go as user in /usr/src/linux and call "make menuconfig" I get an error.
Code: | /usr/src/linux $ make menuconfig
*** Unable to find the ncurses libraries or the
*** required header files.
*** 'make menuconfig' requires the ncurses libraries.
***
*** Install ncurses (ncurses-devel) and try again.
***
make[1]: *** [scripts/kconfig/Makefile:202: scripts/kconfig/dochecklxdialog] error 1
make: *** [Makefile:548: menuconfig] error 2 |
Or:
I like to work with genkernel-next. Everything is created with just one command "genkernel all". The kernel; the initramfs-X.XX.X-gentoo.cpio in the kernel with modules for microcode and amdgpu, the separate initramfs in / boot with all other kernel modules (if you need one). In addition, all third-party modules, e.g. from virtualbox.
And in / boot all symlinks are reset or exchanged too old. My homemade grubbootsplash will be installed and the grub.cfg will be created.
That's a lot of work with just one command.
But, that works only as root or with sudo. As a user I receive the error message:
Code: | $ genkernel all
Genkernel: Could not write to /var/log/genkernel.log.
|
Back to the question: Which rights are necessary at which time to create a new kernel?
Where and how do I set the rights correctly?
Thank you in advance for any hint
Ma _________________ ------------------------------------------------------------------
http://radio.garden/ |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54216 Location: 56N 3W
|
Posted: Tue Dec 05, 2017 7:02 pm Post subject: |
|
|
Marlo,
I you copy the kernel to /home/Marlo/<kernel> you can do a manual configure and build as Marlo.
Root needs to run make modules_install and the cp to /boot.
Root also needs to update grub.cfg.
You can change the permissions on /var/log/genkernel.log or put it into /home/Marlo/ instead.
genkernel will still need to be be run as root to do the install steps and make the initrd. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Marlo Veteran
Joined: 26 Jul 2003 Posts: 1591
|
Posted: Tue Dec 05, 2017 11:13 pm Post subject: |
|
|
thanks NeddySeagoon,
During an emerge process, some programs look for /usr/src/linux to see if there is an appropriate kernel configuration. If not, there is a fatal error and the program stops.
So "/ home/marlo/src/linux" should be copied back to "/usr/src/linux". Then it would be easier to change the rights in /usr/src/. Maybe with a startup script. _________________ ------------------------------------------------------------------
http://radio.garden/ |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54216 Location: 56N 3W
|
Posted: Tue Dec 05, 2017 11:56 pm Post subject: |
|
|
Marlo,
A few programs build against the kernel pointed to by /usr/src/linux
If you set the /usr/src/linux symlink by hand, it can point anywhere, even to /home/Marlo/<kernel>
A chain of symlinks is permitted too, so that /usr/src/linux' which can only be changed by root, can point to /home/Marlo/linux, which user Marlo can change every time a new /home/Marlo/<kernel> appears. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21602
|
Posted: Wed Dec 06, 2017 3:14 am Post subject: |
|
|
My standard practice is to set $KBUILD_OUTPUT so that the kernel's object files are not written under /usr/src. I can then build the kernel as an unprivileged user. Privilege is still required to install it, but that's a much simpler and safer step than compiling the kernel and all its build tools. I don't normally build out-of-tree drivers, so I rarely hit packages that insist on a configured kernel. For those packages that demand it, setting $KBUILD_OUTPUT to point it to the kernel build tree (and making that tree readable to user portage) should be sufficient. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Wed Dec 06, 2017 3:58 pm Post subject: |
|
|
Code: | mkdir $HOME/kbuild
cd $HOME/kbuild
make -C /usr/src/linux O="$PWD" oldconfig |
Now you can do everything from there without needing root at all until the make install phase. |
|
Back to top |
|
|
Etal Veteran
Joined: 15 Jul 2005 Posts: 1931
|
Posted: Thu Dec 07, 2017 2:05 am Post subject: |
|
|
I have a ~/kernel directory which contains this script:
Code: | #!/bin/sh
BUILD_DIR="${PWD}/build"
INST_DIR="${PWD}/install"
SRC_DIR="/usr/src/linux"
mkdir -p "${BUILD_DIR}" "${INST_DIR}"
if [ ! -f "${BUILD_DIR}/.config" ]; then
zcat /proc/config.gz > "${BUILD_DIR}/.config"
fi
exec make -j10 -l8 \
O="${BUILD_DIR}" \
INSTALL_MOD_PATH="${INST_DIR}" \
-C "${SRC_DIR}" \
"$@" |
Code: | $ cd ~/kernel
$ ./kmake oldconfig
$ ./kmake menuconfig
$ ./kmake && ./kmake modules_install |
Just make sure you check permissions when copying modules - you don't want them to be your user's. _________________ “And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.”– Hillary Clinton, Jan. 21, 2010 |
|
Back to top |
|
|
Marlo Veteran
Joined: 26 Jul 2003 Posts: 1591
|
Posted: Thu Dec 07, 2017 4:42 am Post subject: |
|
|
Thank you very much for the concrete suggestions to work with kbuild. I will try the suggestions if I have completed the conversion to the 17-profile on all Gentoo installations. _________________ ------------------------------------------------------------------
http://radio.garden/ |
|
Back to top |
|
|
Marlo Veteran
Joined: 26 Jul 2003 Posts: 1591
|
Posted: Thu Dec 07, 2017 9:56 pm Post subject: |
|
|
Ant P. wrote: | Code: | mkdir $HOME/kbuild
cd $HOME/kbuild
make -C /usr/src/linux O="$PWD" oldconfig |
Now you can do everything from there without needing root at all until the make install phase. |
I try your approach Ant P.:
Code: | @tux ~/kbuild $ make -C /usr/src/linux O="$PWD" oldconfig
make: Verzeichnis „/usr/src/linux-4.14.4-gentoo“ wird betreten
make[1]: Verzeichnis „/home/hajo/kbuild“ wird betreten
HOSTCC scripts/basic/fixdep
HOSTCC scripts/basic/bin2c
GEN ./Makefile
HOSTCC scripts/kconfig/conf.o
HOSTCC scripts/kconfig/zconf.tab.o
HOSTLD scripts/kconfig/conf
scripts/kconfig/conf --oldconfig Kconfig
#
# configuration written to .config
#
|
Thumbs up
Thanks a lot for this
Ma _________________ ------------------------------------------------------------------
http://radio.garden/ |
|
Back to top |
|
|
Marlo Veteran
Joined: 26 Jul 2003 Posts: 1591
|
Posted: Thu Dec 07, 2017 10:13 pm Post subject: |
|
|
the next attempt with the suggestion of Etal:
Etal wrote: | I have a ~/kernel directory which contains this script:
Code: | #!/bin/sh
BUILD_DIR="${PWD}/build"
INST_DIR="${PWD}/install"
SRC_DIR="/usr/src/linux"
mkdir -p "${BUILD_DIR}" "${INST_DIR}"
if [ ! -f "${BUILD_DIR}/.config" ]; then
zcat /proc/config.gz > "${BUILD_DIR}/.config"
fi
exec make -j10 -l8 \
O="${BUILD_DIR}" \
INSTALL_MOD_PATH="${INST_DIR}" \
-C "${SRC_DIR}" \
"$@" |
Code: | $ cd ~/kernel
$ ./kmake oldconfig
$ ./kmake menuconfig
$ ./kmake && ./kmake modules_install |
Just make sure you check permissions when copying modules - you don't want them to be your user's. |
First the script: Code: | ~/kernel $ cat kmake
#!/bin/sh
BUILD_DIR="${PWD}/build"
INST_DIR="${PWD}/install"
SRC_DIR="/usr/src/linux"
mkdir -p "${BUILD_DIR}" "${INST_DIR}"
if [ ! -f "${BUILD_DIR}/.config" ]; then
zcat /proc/config.gz > "${BUILD_DIR}/.config"
fi
exec make -j10 -l8 \
O="${BUILD_DIR}" \
INSTALL_MOD_PATH="${INST_DIR}" \
-C "${SRC_DIR}" \
"$@"
|
Second, the execution:
Code: | ~/kernel $ ./kmake oldconfig
cc -o .o
gcc: fatal error: no input files
compilation terminated.
make: *** [<builtin>: .o] Error 1
|
There must be something missing on my machine. What could that be?
Many thanks for your effort Etal!
Ma _________________ ------------------------------------------------------------------
http://radio.garden/ |
|
Back to top |
|
|
Etal Veteran
Joined: 15 Jul 2005 Posts: 1931
|
Posted: Fri Dec 08, 2017 4:08 am Post subject: |
|
|
Marlo wrote: | Second, the execution:
Code: | ~/kernel $ ./kmake oldconfig
cc -o .o
gcc: fatal error: no input files
compilation terminated.
make: *** [<builtin>: .o] Error 1
|
There must be something missing on my machine. What could that be?
Many thanks for your effort Etal!
Ma |
No idea how that could happen
Is your /usr/src/linux symlink pointing to the correct source directory? Or can you try changing the SRC_DIR line to point to /usr/src/linux-4.14.4-gentoo? _________________ “And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.”– Hillary Clinton, Jan. 21, 2010 |
|
Back to top |
|
|
mv Watchman
Joined: 20 Apr 2005 Posts: 6747
|
Posted: Fri Dec 08, 2017 5:35 am Post subject: |
|
|
What I do is that I have a kbuild directory under /usr/src which is owned by portage.
I set (and export) KBUILD_OUTPUT in the profile of the root user (who is calling emerge) (you might do this in an /etc/env.d file); similarly for KERNEL_DIR.
Then for compiling the kernel, i change permissions from root to portage (keeping KBUILD_OUTPUT and KERNEL_DIR) and compile with permissions of portage.
IMHO, the permissions of portage are just right for this: If the portage account is compromised, he can corrupt the system anyway; the same holds for the one with write access to KBUILD_OUTPUT. On the other hand, portage does not own so many files that an accidental mistake (e.g. a bug in the kernel build system) are likely to cause any severe damage (other than, say, to remove the kbuild directory in the worst case).
For doing the actual permission changing for the various kernel compile/installation phases, I use the "kernel" script (available over the mv overlay) which also contains some cleanup, setting of symlinks, handling of X permissions etc. which might or might not be what you want (but everything is optional). It currently has no support for a ramdisk. |
|
Back to top |
|
|
|