WIP: Notes

custom_kernel.sh

@@ -0,0 +1,65 @@
+### Set variables
+export arch=x86_64
+export ver=6.0
+export minrel=15
+export pkgrel=300
+export subver=$minrel-$pkgrel
+export fedver=fc37
+export name=$(hostname)
+
+### Custom Machine owner key for secure boot
+# Allow kernel signing
+sudo /usr/libexec/pesign/pesign-authorize
+# Create key
+openssl req -new -x509 -newkey rsa:2048 -keyout "key.pem" -outform DER -out "cert.der" -nodes -days 36500 -subj "/CN=$name"
+# Import key to UEFI database.
+sudo mokutil --import "cert.der"
+# You have to reboot the system after importing the key with "mokutil" to import the key via UEFI system
+# After rebooting create PKCS #12 key file and import it into the nss database
+openssl pkcs12 -export -out key.p12 -inkey key.pem -in cert.der
+sudo csudo ertutil -A -i cert.der -n "$name" -d /etc/pki/pesign/ -t "Pu,Pu,Pu"
+sudo pk12util -i key.p12 -d /etc/pki/pesign
+
+### Setup build system
+rpmdev-setuptree
+koji download-build --arch=src kernel-$ver.$subver.$fedver
+rpm -Uvh kernel-$ver.$subver.$fedver.src.rpm
+cd ~/rpmbuild/SPECS
+
+### Apply patches and customize kernel configuration
+# Get patch to enable hibernate in lockdown mode (secure boot)
+wget https://gist.githubusercontent.com/kelvie/917d456cb572325aae8e3bd94a9c1350/raw/74516829883c7ee7b2216938550d55ebcb7be609/0001-Add-a-lockdown_hibernate-parameter.patch -O ~/rpmbuild/SOURCES/0001-Add-a-lockdown_hibernate-parameter.patch
+# Define patch in kernel.spec for building the rpms
+# Patch2: 0001-Add-a-lockdown_hibernate-parameter.patch
+sed -i '/^Patch999999/i Patch2: 0001-Add-a-lockdown_hibernate-parameter.patch' kernel.spec
+# Add patch as ApplyOptionalPatch
+sed -i '/^ApplyOptionalPatch linux-kernel-test.patch/i ApplyOptionalPatch 0001-Add-a-lockdown_hibernate-parameter.patch' kernel.spec
+# Add custom kernel name
+sed -i "s/# define buildid .local/%define buildid .$name/g" kernel.spec
+# Add machine owner key
+sed -i "s/.$name/.$name\n%define pe_signing_cert $name/g" kernel.spec
+# Install necessary dependencies for compiling hte kernel
+rpmbuild -bp kernel.spec
+
+### Optional steps
+# Create own configuration file from fedora config file
+# You find my "minimized" configuration for a 6.0.11 kernel here.
+cp ~/rpmbuild/SOURCES/kernel-$arch-fedora.config ~/rpmbuild/BUILD/kernel-$ver.$minrel/linux-$ver.$subver.$name.$fedver.$arch/.config
+cd ~/rpmbuild/BUILD/kernel-$ver.$minrel/linux-$ver.$subver.$name.$fedver.$arch/
+make menuconfig
+# Copy custom menuconfig kernel configuration to kernel-local
+cp ~/rpmbuild/BUILD/kernel-$ver.$minrel/linux-$ver.$subver.$name.$fedver.$arch/.config ~/rpmbuild/SOURCES/kernel-local
+# ... or copy kernel config from running kernel to kernel-local
+#cp /boot/config-$(uname -r) ~/rpmbuild/SOURCES/kernel-local
+# Remove build infos from custom config
+sed -i '0,/^#\ General\ setup$/d' ~/rpmbuild/SOURCES/kernel-local
+sed -i '1i # x86_64' ~/rpmbuild/SOURCES/kernel-local
+### End optional steps ###
+
+# Compile kernel
+cd ~/rpmbuild/SPECS
+time rpmbuild -bb --with baseonly --without debuginfo --target=$arch kernel.spec | tee ~/build-kernel.log
+
+# Install kernel
+cd ~/rpmbuild/RPMS/$arch/
+sudo dnf install *.rpm