Which rights are necessary to create a kernel?

[Marlo]

after an "emerge -NDuva @world" sometimes new sources end up in /usr/src/.
For me, the sources always have root: root

[NeddySeagoon]

Marlo,

I you copy the kernel to /home/Marlo/<kernel> you can do a manual configure and build as Marlo.
Root needs to run make modules_install and the cp to /boot.
Root also needs to update grub.cfg.

You can change the permissions on /var/log/genkernel.log or put it into /home/Marlo/ instead.
genkernel will still need to be be run as root to do the install steps and make the initrd.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[Marlo]

thanks NeddySeagoon,

During an emerge process, some programs look for /usr/src/linux to see if there is an appropriate kernel configuration. If not, there is a fatal error and the program stops.
So "/ home/marlo/src/linux" should be copied back to "/usr/src/linux". Then it would be easier to change the rights in /usr/src/. Maybe with a startup script.
_________________
------------------------------------------------------------------
http://radio.garden/

[NeddySeagoon]

Marlo,

A few programs build against the kernel pointed to by /usr/src/linux
If you set the /usr/src/linux symlink by hand, it can point anywhere, even to /home/Marlo/<kernel>
A chain of symlinks is permitted too, so that /usr/src/linux' which can only be changed by root, can point to /home/Marlo/linux, which user Marlo can change every time a new /home/Marlo/<kernel> appears.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[Hu]

My standard practice is to set $KBUILD_OUTPUT so that the kernel's object files are not written under /usr/src. I can then build the kernel as an unprivileged user. Privilege is still required to install it, but that's a much simpler and safer step than compiling the kernel and all its build tools. I don't normally build out-of-tree drivers, so I rarely hit packages that insist on a configured kernel. For those packages that demand it, setting $KBUILD_OUTPUT to point it to the kernel build tree (and making that tree readable to user portage) should be sufficient.

[Ant P.]

[Etal]

I have a ~/kernel directory which contains this script:

[Marlo]

Thank you very much for the concrete suggestions to work with kbuild. I will try the suggestions if I have completed the conversion to the 17-profile on all Gentoo installations.
_________________
------------------------------------------------------------------
http://radio.garden/

[Marlo]

[Marlo]

the next attempt with the suggestion of Etal:

[Etal]

[mv]

What I do is that I have a kbuild directory under /usr/src which is owned by portage.
I set (and export) KBUILD_OUTPUT in the profile of the root user (who is calling emerge) (you might do this in an /etc/env.d file); similarly for KERNEL_DIR.
Then for compiling the kernel, i change permissions from root to portage (keeping KBUILD_OUTPUT and KERNEL_DIR) and compile with permissions of portage.

IMHO, the permissions of portage are just right for this: If the portage account is compromised, he can corrupt the system anyway; the same holds for the one with write access to KBUILD_OUTPUT. On the other hand, portage does not own so many files that an accidental mistake (e.g. a bug in the kernel build system) are likely to cause any severe damage (other than, say, to remove the kbuild directory in the worst case).

For doing the actual permission changing for the various kernel compile/installation phases, I use the "kernel" script (available over the mv overlay) which also contains some cleanup, setting of symlinks, handling of X permissions etc. which might or might not be what you want (but everything is optional). It currently has no support for a ramdisk.