Which rights are necessary to create a kernel?

Message

Marlo · Post by **Marlo** » Tue Dec 05, 2017 6:47 pm

after an "emerge -NDuva @world" sometimes new sources end up in /usr/src/.
For me, the sources always have root: root

drwxr-xr-x 22 root root   4096  4. Dez 16:23 linux-4.14.2-gentoo
drwxr-xr-x 26 root root   4096  4. Dez 19:29 linux-4.14.3-gentoo

It is often to read that the kernel sources should not be edited as the user root. Only the last step, that create the kernel with make is supposed to be done as root. But when I go as user in /usr/src/linux and call "make menuconfig" I get an error.

Code: Select all

/usr/src/linux $ make menuconfig
 *** Unable to find the ncurses libraries or the
 *** required header files.
 *** 'make menuconfig' requires the ncurses libraries.
 *** 
 *** Install ncurses (ncurses-devel) and try again.
 *** 
make[1]: *** [scripts/kconfig/Makefile:202: scripts/kconfig/dochecklxdialog] error 1
make: *** [Makefile:548: menuconfig] error 2

Or:
I like to work with genkernel-next. Everything is created with just one command "genkernel all". The kernel; the initramfs-X.XX.X-gentoo.cpio in the kernel with modules for microcode and amdgpu, the separate initramfs in / boot with all other kernel modules (if you need one). In addition, all third-party modules, e.g. from virtualbox.
And in / boot all symlinks are reset or exchanged too old. My homemade grubbootsplash will be installed and the grub.cfg will be created.
That's a lot of work with just one command.

But, that works only as root or with sudo. As a user I receive the error message:

Code: Select all

 $ genkernel all
Genkernel: Could not write to /var/log/genkernel.log.

Back to the question: Which rights are necessary at which time to create a new kernel?
Where and how do I set the rights correctly?

Thank you in advance for any hint
Ma

Post by **NeddySeagoon** » Tue Dec 05, 2017 7:02 pm

Marlo,

I you copy the kernel to /home/Marlo/<kernel> you can do a manual configure and build as Marlo.
Root needs to run make modules_install and the cp to /boot.
Root also needs to update grub.cfg.

You can change the permissions on /var/log/genkernel.log or put it into /home/Marlo/ instead.
genkernel will still need to be be run as root to do the install steps and make the initrd.

Marlo · Post by **Marlo** » Tue Dec 05, 2017 11:13 pm

thanks NeddySeagoon,

During an emerge process, some programs look for /usr/src/linux to see if there is an appropriate kernel configuration. If not, there is a fatal error and the program stops.
So "/ home/marlo/src/linux" should be copied back to "/usr/src/linux". Then it would be easier to change the rights in /usr/src/. Maybe with a startup script.

Post by **NeddySeagoon** » Tue Dec 05, 2017 11:56 pm

Marlo,

A few programs build against the kernel pointed to by /usr/src/linux
If you set the /usr/src/linux symlink by hand, it can point anywhere, even to /home/Marlo/<kernel>
A chain of symlinks is permitted too, so that /usr/src/linux' which can only be changed by root, can point to /home/Marlo/linux, which user Marlo can change every time a new /home/Marlo/<kernel> appears.

Post by Hu » Wed Dec 06, 2017 3:14 am

My standard practice is to set $KBUILD_OUTPUT so that the kernel's object files are not written under /usr/src. I can then build the kernel as an unprivileged user. Privilege is still required to install it, but that's a much simpler and safer step than compiling the kernel and all its build tools. I don't normally build out-of-tree drivers, so I rarely hit packages that insist on a configured kernel. For those packages that demand it, setting $KBUILD_OUTPUT to point it to the kernel build tree (and making that tree readable to user portage) should be sufficient.

Ant P. · Post by **Ant P.** » Wed Dec 06, 2017 3:58 pm

Code: Select all

mkdir $HOME/kbuild
cd $HOME/kbuild
make -C /usr/src/linux O="$PWD" oldconfig

Now you can do everything from there without needing root at all until the make install phase.

Etal · Post by **Etal** » Thu Dec 07, 2017 2:05 am

I have a ~/kernel directory which contains this script:

Code: Select all

#!/bin/sh

BUILD_DIR="${PWD}/build"
INST_DIR="${PWD}/install"
SRC_DIR="/usr/src/linux"

mkdir -p "${BUILD_DIR}" "${INST_DIR}"

if [ ! -f "${BUILD_DIR}/.config" ]; then
    zcat /proc/config.gz > "${BUILD_DIR}/.config"
fi

exec make -j10 -l8 \
    O="${BUILD_DIR}" \
    INSTALL_MOD_PATH="${INST_DIR}" \
    -C "${SRC_DIR}" \
    "$@"

Code: Select all

$ cd ~/kernel
$ ./kmake oldconfig
$ ./kmake menuconfig
$ ./kmake && ./kmake modules_install

Just make sure you check permissions when copying modules - you don't want them to be your user's.

Marlo · Post by **Marlo** » Thu Dec 07, 2017 4:42 am

Thank you very much for the concrete suggestions to work with kbuild. I will try the suggestions if I have completed the conversion to the 17-profile on all Gentoo installations.

Marlo · Post by **Marlo** » Thu Dec 07, 2017 9:56 pm

Ant P. wrote:
Code: Select all
mkdir $HOME/kbuild
cd $HOME/kbuild
make -C /usr/src/linux O="$PWD" oldconfig
Now you can do everything from there without needing root at all until the make install phase.

I try your approach Ant P.:

Code: Select all

@tux ~/kbuild $ make -C /usr/src/linux O="$PWD" oldconfig                                                                                                                      
make: Verzeichnis „/usr/src/linux-4.14.4-gentoo“ wird betreten
make[1]: Verzeichnis „/home/hajo/kbuild“ wird betreten
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/basic/bin2c
  GEN     ./Makefile
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --oldconfig Kconfig
#
# configuration written to .config
#

Thumbs up

Thanks a lot for this
Ma

Marlo · Post by **Marlo** » Thu Dec 07, 2017 10:13 pm

the next attempt with the suggestion of Etal:

Etal wrote:I have a ~/kernel directory which contains this script:
Code: Select all
#!/bin/sh

BUILD_DIR="${PWD}/build"
INST_DIR="${PWD}/install"
SRC_DIR="/usr/src/linux"

mkdir -p "${BUILD_DIR}" "${INST_DIR}"

if [ ! -f "${BUILD_DIR}/.config" ]; then
    zcat /proc/config.gz > "${BUILD_DIR}/.config"
fi

exec make -j10 -l8 \
    O="${BUILD_DIR}" \
    INSTALL_MOD_PATH="${INST_DIR}" \
    -C "${SRC_DIR}" \
    "$@"
Code: Select all
$ cd ~/kernel
$ ./kmake oldconfig
$ ./kmake menuconfig
$ ./kmake && ./kmake modules_install
Just make sure you check permissions when copying modules - you don't want them to be your user's.

First the script:

Code: Select all

 ~/kernel $ cat kmake 
#!/bin/sh 

BUILD_DIR="${PWD}/build" 
INST_DIR="${PWD}/install" 
SRC_DIR="/usr/src/linux" 

mkdir -p "${BUILD_DIR}" "${INST_DIR}" 

if [ ! -f "${BUILD_DIR}/.config" ]; then 
    zcat /proc/config.gz > "${BUILD_DIR}/.config" 
fi 

exec make -j10 -l8 \ 
    O="${BUILD_DIR}" \ 
    INSTALL_MOD_PATH="${INST_DIR}" \ 
    -C "${SRC_DIR}" \ 
    "$@"

Second, the execution:

Code: Select all

~/kernel $ ./kmake oldconfig 
cc      -o .o
gcc: fatal error: no input files
compilation terminated.
make: *** [<builtin>: .o] Error 1

There must be something missing on my machine. What could that be?
Many thanks for your effort Etal!
Ma

Etal · Post by **Etal** » Fri Dec 08, 2017 4:08 am

Marlo wrote:Second, the execution:
Code: Select all
~/kernel $ ./kmake oldconfig 
cc      -o .o
gcc: fatal error: no input files
compilation terminated.
make: *** [<builtin>: .o] Error 1
There must be something missing on my machine. What could that be?
Many thanks for your effort Etal!
Ma

No idea how that could happen

Is your /usr/src/linux symlink pointing to the correct source directory? Or can you try changing the SRC_DIR line to point to /usr/src/linux-4.14.4-gentoo?

mv · Post by mv » Fri Dec 08, 2017 5:35 am

What I do is that I have a kbuild directory under /usr/src which is owned by portage.
I set (and export) KBUILD_OUTPUT in the profile of the root user (who is calling emerge) (you might do this in an /etc/env.d file); similarly for KERNEL_DIR.
Then for compiling the kernel, i change permissions from root to portage (keeping KBUILD_OUTPUT and KERNEL_DIR) and compile with permissions of portage.

IMHO, the permissions of portage are just right for this: If the portage account is compromised, he can corrupt the system anyway; the same holds for the one with write access to KBUILD_OUTPUT. On the other hand, portage does not own so many files that an accidental mistake (e.g. a bug in the kernel build system) are likely to cause any severe damage (other than, say, to remove the kbuild directory in the worst case).

For doing the actual permission changing for the various kernel compile/installation phases, I use the "kernel" script (available over the mv overlay) which also contains some cleanup, setting of symlinks, handling of X permissions etc. which might or might not be what you want (but everything is optional). It currently has no support for a ramdisk.