Ceci est une ancienne révision du document !
Table des matières
Version : 2022.01
Dernière mise-à-jour : 2022/10/07 10:18
Topic 2: Linux Kernel
Contenu du Module
- Topic 2: Linux Kernel
- Contenu du Module
- Rôle du noyau
- LAB #1 - Modules
- LAB #2 - Compilation et installation du noyau et des modules sous CentOS 8
- 2.1 - Déplacer /home
- 2.2 - Préparer l'Environnement
- 2.3 - Préparer l'Arborescence Source du Noyau
- Le Fichier .config
- Le Fichier Makefile
- 2.4 - Paramétrage du noyau
- 2.5 - Compiler le Noyau
- 2.6 - Installer le Nouveau Noyau
- LAB #3 - Compilation et installation du noyau sous Debian 11
- 1.1 - Déplacer /home
- 1.2 - Télécharger le Code Source du Noyau
- 1.3 - Configurer le Noyau
- 1.4 - Compiler le Noyau
- 1.5 - Installer le Nouveau Noyau
- 1.6 - Désinstaller un Noyau
- LAB #4 - Mise à Jour du Noyau avec le Gestionnaire des Paquets
Rôle du noyau
Le noyau ou kernel est la partie du système d'exploitation qui gère les entrées/sorties avec des périphériques. Dans certains cas il est préférable de recompiler le noyau de Linux. La motivation de cette recompilation peut être :
- la diminution de la taille du noyau,
- la prise en charge de nouveau matériel,
- l'ajout de fonctionnalités,
- l'optimisation du code,
- la correction de bogues,
- le besoin d'une fonctionnalité expérimentale.
Commencez par mettre à jour CentOS 8 :
[root@centos8 ~]# dnf update ... [root@centos8 ~]# reboot
Identifiez ensuite le noyau utilisé par votre machine virtuelle :
[root@centos8 ~]# uname -r 4.18.0-305.7.1.el8_4.x86_64
LAB #1 - Modules
Dans le cas d'une utilisation courante de Linux, il est cependant préférable de faire appel aux modules. Les modules se trouvent dans le répertoire /lib/modules/<version-du-noyau> :
[root@centos8 ~]# ls /lib/modules/`uname -r`/ bls.conf modules.builtin modules.networking System.map build modules.builtin.bin modules.order updates config modules.dep modules.softdep vdso kernel modules.dep.bin modules.symbols vmlinuz modules.alias modules.devname modules.symbols.bin weak-updates modules.alias.bin modules.drm source modules.block modules.modesetting symvers.gz
Les commandes pour manipuler les modules sont :
- insmod
- rmmod
- lsmod
- modprobe
Par exemple :
[root@centos8 ~]# lsmod Module Size Used by xt_CHECKSUM 16384 1 ipt_MASQUERADE 16384 3 xt_conntrack 16384 1 ipt_REJECT 16384 2 nft_compat 20480 16 nf_nat_tftp 16384 0 nft_objref 16384 1 nf_conntrack_tftp 16384 3 nf_nat_tftp nft_counter 16384 33 tun 53248 1 bridge 192512 0 stp 16384 1 bridge llc 16384 2 bridge,stp nft_fib_inet 16384 1 nft_fib_ipv4 16384 1 nft_fib_inet nft_fib_ipv6 16384 1 nft_fib_inet nft_fib 16384 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet nft_reject_inet 16384 5 nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT nf_reject_ipv6 16384 1 nft_reject_inet nft_reject 16384 1 nft_reject_inet nft_ct 20480 19 nf_tables_set 49152 21 nft_chain_nat 16384 12 nf_nat 45056 3 ipt_MASQUERADE,nf_nat_tftp,nft_chain_nat nf_conntrack 172032 6 xt_conntrack,nf_nat,nf_conntrack_tftp,nft_ct,ipt_MASQUERADE,nf_nat_tftp nf_defrag_ipv6 20480 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack ip_set 49152 0 nf_tables 172032 414 nft_ct,nft_compat,nft_reject_inet,nft_fib_ipv6,nft_objref,nft_fib_ipv4,nft_counter,nft_chain_nat,nf_tables_set,nft_reject,nft_fib,nft_fib_inet nfnetlink 16384 4 nft_compat,nf_tables,ip_set sunrpc 540672 1 ext4 761856 1 mbcache 16384 1 ext4 jbd2 131072 1 ext4 virtio_balloon 20480 0 pcspkr 16384 0 i2c_piix4 24576 0 joydev 24576 0 ip_tables 28672 0 xfs 1515520 1 libcrc32c 16384 4 nf_conntrack,nf_nat,nf_tables,xfs sr_mod 28672 0 sd_mod 53248 3 cdrom 65536 1 sr_mod t10_pi 16384 1 sd_mod sg 40960 0 ata_generic 16384 0 bochs_drm 16384 1 drm_vram_helper 28672 1 bochs_drm drm_kms_helper 233472 4 drm_vram_helper,bochs_drm syscopyarea 16384 1 drm_kms_helper sysfillrect 16384 1 drm_kms_helper sysimgblt 16384 1 drm_kms_helper fb_sys_fops 16384 1 drm_kms_helper drm_ttm_helper 16384 1 drm_vram_helper ttm 114688 2 drm_vram_helper,drm_ttm_helper drm 569344 7 drm_kms_helper,drm_vram_helper,bochs_drm,drm_ttm_helper,ttm ahci 40960 2 libahci 40960 1 ahci virtio_net 53248 0 net_failover 24576 1 virtio_net ata_piix 36864 0 serio_raw 16384 0 failover 16384 1 net_failover libata 270336 4 ata_piix,libahci,ahci,ata_generic dm_mirror 28672 0 dm_region_hash 20480 1 dm_mirror dm_log 20480 2 dm_region_hash,dm_mirror dm_mod 151552 8 dm_log,dm_mirror fuse 151552 3
Pour ajouter un module, on peut utiliser la commande insmod ou modprobe. Cette dernière ajoute non seulement le module passé en argument mais également ses dépendances :
[root@centos8 ~]# modprobe bonding [root@centos8 ~]# lsmod | more Module Size Used by bonding 196608 0 xt_CHECKSUM 16384 1 ipt_MASQUERADE 16384 3 xt_conntrack 16384 1 ipt_REJECT 16384 2 nft_compat 20480 16 nf_nat_tftp 16384 0 nft_objref 16384 1 nf_conntrack_tftp 16384 3 nf_nat_tftp nft_counter 16384 33 tun 53248 1 bridge 192512 0 stp 16384 1 bridge llc 16384 2 bridge,stp nft_fib_inet 16384 1 nft_fib_ipv4 16384 1 nft_fib_inet nft_fib_ipv6 16384 1 nft_fib_inet nft_fib 16384 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet nft_reject_inet 16384 5 nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT nf_reject_ipv6 16384 1 nft_reject_inet --More--
Pour supprimer un module, on peut utiliser la commande rmmod ou modprobe -r. Cette dernière essaie de supprimer les dépendances non-utilisées :
[root@centos8 ~]# modprobe -r bonding [root@centos8 ~]# lsmod | more Module Size Used by xt_CHECKSUM 16384 1 ipt_MASQUERADE 16384 3 xt_conntrack 16384 1 ipt_REJECT 16384 2 nft_compat 20480 16 nf_nat_tftp 16384 0 nft_objref 16384 1 nf_conntrack_tftp 16384 3 nf_nat_tftp nft_counter 16384 33 tun 53248 1 bridge 192512 0 stp 16384 1 bridge llc 16384 2 bridge,stp nft_fib_inet 16384 1 nft_fib_ipv4 16384 1 nft_fib_inet nft_fib_ipv6 16384 1 nft_fib_inet nft_fib 16384 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet nft_reject_inet 16384 5 nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT nf_reject_ipv6 16384 1 nft_reject_inet nft_reject 16384 1 nft_reject_inet --More--
Les dépendances des modules sont résolues par la commande modprobe grâce aux fichier /lib/modules/<version-du-noyau>/modules.dep. Ce dernier peut être créé manuellement grâce à la commande depmod :
[root@centos8 ~]# more /lib/modules/`uname -r`/modules.dep kernel/arch/x86/events/amd/power.ko.xz: kernel/arch/x86/events/intel/intel-uncore.ko.xz: kernel/arch/x86/events/intel/intel-cstate.ko.xz: kernel/arch/x86/events/rapl.ko.xz: kernel/arch/x86/kernel/cpu/mce/mce-inject.ko.xz: kernel/arch/x86/crypto/des3_ede-x86_64.ko.xz: kernel/crypto/des_generic.ko.xz kernel/arch/x86/crypto/camellia-x86_64.ko.xz: kernel/arch/x86/crypto/blowfish-x86_64.ko.xz: kernel/crypto/blowfish_common.ko.xz kernel/arch/x86/crypto/twofish-x86_64.ko.xz: kernel/crypto/twofish_common.ko.xz kernel/arch/x86/crypto/twofish-x86_64-3way.ko.xz: kernel/arch/x86/crypto/twofish-x86_64.ko. xz kernel/crypto/twofish_common.ko.xz kernel/arch/x86/crypto/chacha20-x86_64.ko.xz: kernel/crypto/chacha20_generic.ko.xz kernel/arch/x86/crypto/serpent-sse2-x86_64.ko.xz: kernel/crypto/serpent_generic.ko.xz kernel/arch/x86/crypto/ghash-clmulni-intel.ko.xz: kernel/arch/x86/crypto/crc32c-intel.ko.xz: kernel/arch/x86/crypto/crc32-pclmul.ko.xz: kernel/arch/x86/crypto/sha512-ssse3.ko.xz: kernel/crypto/sha512_generic.ko.xz kernel/arch/x86/crypto/crct10dif-pclmul.ko.xz: kernel/arch/x86/crypto/poly1305-x86_64.ko.xz: kernel/crypto/poly1305_generic.ko.xz kernel/arch/x86/crypto/camellia-aesni-avx-x86_64.ko.xz: kernel/arch/x86/crypto/camellia-x86 _64.ko.xz kernel/arch/x86/crypto/cast5-avx-x86_64.ko.xz: kernel/crypto/cast5_generic.ko.xz kernel/cry --More--(0%)
Il est possible d'obtenir des informations sur un module grâce à la commande modinfo :
[root@centos8 ~]# modinfo bonding
filename: /lib/modules/4.18.0-305.7.1.el8_4.x86_64/kernel/drivers/net/bonding/bonding.ko.xz
author: Thomas Davis, tadavis@lbl.gov and many others
description: Ethernet Channel Bonding Driver
license: GPL
alias: rtnl-link-bond
rhelversion: 8.4
srcversion: 445F4CC9A2F7E64E3A87FD0
depends:
intree: Y
name: bonding
vermagic: 4.18.0-305.7.1.el8_4.x86_64 SMP mod_unload modversions
sig_id: PKCS#7
signer: CentOS kernel signing key
sig_key: 3B:5A:0A:B8:8E:4A:51:C0:AA:FF:97:FD:CB:94:D6:B6:D2:46:B8:17
sig_hashalgo: sha256
signature: B2:3A:20:BE:2B:F3:E0:5A:1A:74:0E:69:76:40:2A:D4:80:10:2C:5A:
B7:F1:1E:7A:71:13:29:F0:0A:4A:28:EE:81:33:C8:C2:5C:BD:FF:E4:
3F:A9:15:A3:9A:0E:A7:98:9E:99:06:23:10:47:D3:B2:48:B3:F1:61:
BE:4B:B0:FC:62:B9:3B:D6:64:CC:E3:29:01:4D:91:92:32:FD:EB:54:
44:F1:2C:1B:23:30:F1:3E:EE:69:EA:94:54:D9:A0:8D:16:53:F5:20:
DE:38:A0:13:E8:2F:89:66:CB:11:D7:AA:30:37:7B:EC:DF:A1:69:29:
7F:4E:80:4D:34:6E:F2:07:01:FA:18:23:94:58:10:C6:97:27:68:B9:
D8:08:5E:9D:00:17:F4:1B:48:BE:CA:BF:5C:5A:A8:6D:36:EE:3F:95:
BA:BE:59:82:EE:7B:CA:BB:32:1E:E3:05:ED:C9:C2:C8:10:64:B9:29:
B8:09:4B:79:42:65:1A:FA:99:96:BA:7E:2D:6E:75:F1:91:0E:F4:9A:
8F:11:10:9F:70:BD:35:06:BE:F0:4C:D8:AB:D5:C4:E1:B3:A2:2A:CA:
58:CA:9E:16:1D:0C:BE:9C:37:A1:82:20:6F:24:CD:23:63:F7:F5:BC:
6E:81:14:F0:52:DA:04:0E:9D:CC:17:60:2D:B0:D8:BD:6E:2C:AD:E7:
50:48:49:B6:57:96:AC:FD:A4:29:33:01:43:92:32:88:A2:AC:CB:93:
2F:C3:29:F3:01:77:84:00:AB:AA:C8:59:43:F1:DA:90:7B:5F:9A:A9:
CA:60:97:34:85:5E:98:56:73:03:0D:D7:8D:A6:AB:51:D4:8C:92:91:
0C:0A:BA:6B:92:01:16:FE:8B:86:80:11:5F:8E:21:BD:C2:2F:02:58:
A6:CF:6C:E3:87:28:8B:4D:CE:54:8C:00:B3:F7:AE:9E:01:81:1E:83:
AE:6D:58:B0:10:98:36:D9:69:76:E2:C0:E2:15:94:3B:D4:14:19:D9:
59:86:75:31
parm: max_bonds:Max number of bonded devices (int)
parm: tx_queues:Max number of transmit queues (default = 16) (int)
parm: num_grat_arp:Number of peer notifications to send on failover event (alias of num_unsol_na) (int)
parm: num_unsol_na:Number of peer notifications to send on failover event (alias of num_grat_arp) (int)
parm: miimon:Link check interval in milliseconds (int)
parm: updelay:Delay before considering link up, in milliseconds (int)
parm: downdelay:Delay before considering link down, in milliseconds (int)
parm: use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int)
parm: mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp)
parm: primary:Primary network device to use (charp)
parm: primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp)
parm: lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp)
parm: ad_select:802.3ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp)
parm: min_links:Minimum number of available links before turning on carrier (int)
parm: xmit_hash_policy:balance-alb, balance-tlb, balance-xor, 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3, 3 for encap layer 2+3, 4 for encap layer 3+4, 5 for vlan+srcmac (charp)
parm: arp_interval:arp interval in milliseconds (int)
parm: arp_ip_target:arp targets in n.n.n.n form (array of charp)
parm: arp_validate:validate src/dst of ARP probes; 0 for none (default), 1 for active, 2 for backup, 3 for all (charp)
parm: arp_all_targets:fail on any/all arp targets timeout; 0 for any (default), 1 for all (charp)
parm: fail_over_mac:For active-backup, do not set all slaves to the same MAC; 0 for none (default), 1 for active, 2 for follow (charp)
parm: all_slaves_active:Keep all frames received on an interface by setting active flag for all slaves; 0 for never (default), 1 for always. (int)
parm: resend_igmp:Number of IGMP membership reports to send on link failure (int)
parm: packets_per_slave:Packets to send per slave in balance-rr mode; 0 for a random slave, 1 packet per slave (default), >1 packets per slave. (int)
parm: lp_interval:The number of seconds between instances where the bonding driver sends learning packets to each slaves peer switch. The default is 1. (uint)
Dernièrement, les fichiers dans le repertoire /etc/modprobe.d sont utilisés pour spécifier les options éventuelles à passer aux modules lors de leur chargement ainsi que les alias utilisés pour leur faire référence :
[root@centos8 ~]# ls /etc/modprobe.d firewalld-sysctls.conf lockd.conf nvdimm-security.conf tuned.conf kvm.conf mlx4.conf truescale.conf vhost.conf [root@centos8 ~]# cat /etc/modprobe.d/kvm.conf # Setting modprobe kvm_intel/kvm_amd nested = 1 # only enables Nested Virtualization until the next reboot or # module reload. Uncomment the option applicable # to your system below to enable the feature permanently. # # User changes in this file are preserved across upgrades. # # For Intel #options kvm_intel nested=1 # # For AMD #options kvm_amd nested=1
Compilation et installation du noyau et des modules sous CentOS 8
Activez le dépôt CentOS-Linux-PowerTools en passant la directive enabled à 1 :
[root@centos8 ~]# vi /etc/yum.repos.d/CentOS-Linux-PowerTools.repo [root@centos8 ~]# cat /etc/yum.repos.d/CentOS-Linux-PowerTools.repo # CentOS-Linux-PowerTools.repo # # The mirrorlist system uses the connecting IP address of the client and the # update status of each mirror to pick current mirrors that are geographically # close to the client. You should use this for CentOS updates unless you are # manually picking other mirrors. # # If the mirrorlist does not work for you, you can try the commented out # baseurl line instead. [powertools] name=CentOS Linux $releasever - PowerTools mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra #baseurl=http://mirror.centos.org/$contentdir/$releasever/PowerTools/$basearch/os/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Installez maintenant les paquets nécessaires :
[root@centos8 ~]# dnf groupinstall "Development Tools" ... [root@centos8 ~]# dnf install asciidoc audit-libs-devel bash bc binutils binutils-devel bison diffutils elfutils elfutils-devel elfutils-libelf-devel findutils flex gawk gcc gettext gzip hmaccalc hostname make module-init-tools ncurses-devel net-tools newt-devel numactl-devel openssl patch pciutils-devel perl perl-ExtUtils-Embed pesign redhat-rpm-config rpm-build rpmdevtools sh-utils tar xmlto xz zlib-devel ...
2.1 - Déplacer /home
Important - Il n'est pas conseillé de compiler en tant que root pour des raisons de sécurité. Pour pouvoir utiliser le compte d'un utilisateur pour créer un nouveau noyau, celui-ci doit disposer de plus de 10 Go d'espace libre.
A faire - Déconnectez-vous de votre session CentOS8_SSH_10.0.2.45 et re-connectez-vous à la VM en tant que root en utilisant la connexion CentOS8_ROOT_10.0.2.45.
Créez ensuite une seule partition sur /dev/sdc :
[root@centos8 ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xc321702b.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p):
Using default response p.
Partition number (1-4, default 1):
First sector (2048-41943039, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-41943039, default 41943039):
Created a new partition 1 of type 'Linux' and of size 20 GiB.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
Créez maintenant un système de fichiers ext4 sur /dev/sdc1 :
[root@centos8 ~]# mkfs.ext4 /dev/sdc1
mke2fs 1.45.6 (20-Mar-2020)
Discarding device blocks: done
Creating filesystem with 16776960 4k blocks and 4194304 inodes
Filesystem UUID: dc92c0d7-919b-4fff-8719-53e9e7e628dd
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424
Allocating group tables: done
Writing inode tables: done
Creating journal (65536 blocks): done
Writing superblocks and filesystem accounting information: done
Montez /dev/sdc1 sur /mnt :
[root@centos8 ~]# mount /dev/sdc1 /mnt
Copiez le contenu de /home vers /mnt :
[root@centos8 ~]# cp -a /home/* /mnt
Démontez /dev/sdc1 et déplacez /home vers /root :
[root@centos8 ~]# umount /mnt [root@centos8 ~]# mv /home /root
Identifiez l'UUID de /dev/sdc1 :
[root@centos8 ~]# ls -l /dev/disk/by-uuid/ | grep sdc1 lrwxrwxrwx. 1 root root 10 Jul 19 12:02 f76d6b66-985b-4a91-af9c-4987e8c1443c -> ../../sdc [root@centos8 ~]#
Editez le fichier /etc/fstab et ajoutez une ligne pour /dev/sdc1 :
[root@centos8 ~]# vi /etc/fstab [root@centos8 ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Wed Jun 16 06:21:32 2021 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # /dev/mapper/cl_centos8-root / xfs defaults 0 0 UUID=1c04981e-5317-4b73-9695-3ce25246835d /boot ext4 defaults 1 2 /dev/mapper/cl_centos8-swap swap swap defaults 0 0 UUID=f76d6b66-985b-4a91-af9c-4987e8c1443c /home ext4 defaults 1 2
Créez le point de montage /home :
[root@centos8 ~]# mkdir /home
Montez /dev/sdc1 :
[root@centos8 ~]# mount -a [root@centos8 ~]# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=1882880k,nr_inodes=470720,mode=755) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime,seclabel) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,hugetlb) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,memory) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpu,cpuacct) cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,rdma) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,pids) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpuset) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,perf_event) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,blkio) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,net_cls,net_prio) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,devices) none on /sys/kernel/tracing type tracefs (rw,relatime,seclabel) configfs on /sys/kernel/config type configfs (rw,relatime) /dev/mapper/cl_centos8-root on / type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota) selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime) mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel,pagesize=2M) debugfs on /sys/kernel/debug type debugfs (rw,relatime,seclabel) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=40,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=6022) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) /dev/sda1 on /boot type ext4 (rw,relatime,seclabel) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=382500k,mode=700,uid=1000,gid=1000) tmpfs on /run/user/42 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=382500k,mode=700,uid=42,gid=42) gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=382500k,mode=700) gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0) /dev/sdc1 on /home type ext4 (rw,relatime,seclabel)
Notez la taille de /home :
[root@centos8 ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 1.8G 0 1.8G 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 1.9G 9.4M 1.9G 1% /run tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/mapper/cl_centos8-root 28G 5.2G 23G 19% / /dev/sda1 976M 289M 620M 32% /boot tmpfs 374M 16K 374M 1% /run/user/1000 tmpfs 374M 1.2M 373M 1% /run/user/42 /dev/sdc1 63G 67M 60G 1% /home
A faire - Déconnectez-vous de votre session CentOS8_ROOT_10.0.2.45 et re-connectez-vous à la VM en tant que trainee en utilisant la connexion CentOS8_SSH_10.0.2.45.
2.2 - Préparer l'Environnement
Pour créer l'arborescence de l'environnement de création de paquets dans /home/trainee, utilisez la commande rpmdev-setuptree :
[trainee@centos8 ~]$ rpmdev-setuptree ...> [trainee@centos8 ~]$ ls -laR rpmbuild/ rpmbuild/: total 28 drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 . drwxr-xr-x. 17 trainee trainee 4096 Jul 19 12:10 .. drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 BUILD drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 RPMS drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 SOURCES drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 SPECS drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 SRPMS rpmbuild/BUILD: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/RPMS: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/SOURCES: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/SPECS: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 .. rpmbuild/SRPMS: total 8 drwxrwxr-x. 2 trainee trainee 4096 Jul 19 12:10 . drwxrwxr-x. 7 trainee trainee 4096 Jul 19 12:10 ..
Téléchargez le rpm source du noyau :
[trainee@centos8 ~]$ uname -a Linux centos8.ittraining.loc 4.18.0-305.7.1.el8_4.x86_64 #1 SMP Tue Jun 29 21:55:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux [trainee@centos8 ~]$ cat /etc/centos-release CentOS Linux release 8.4.2105 [trainee@centos8 ~]$ wget https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.7.1.el8_4.src.rpm --2021-07-14 02:54:14-- https://vault.centos.org/8.4.2105/BaseOS/Source/SPackages/kernel-4.18.0-305.7.1.el8_4.src.rpm Resolving vault.centos.org (vault.centos.org)... 81.171.33.194, 2a05:d014:10:7803:4af1:9320:7050:d28e Connecting to vault.centos.org (vault.centos.org)|81.171.33.194|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 123000617 (117M) [application/x-rpm] Saving to: ‘kernel-4.18.0-305.7.1.el8_4.src.rpm’ kernel-4.18.0-305.7.1. 100%[===========================>] 117.30M 1.49MB/s in 79s 2021-07-14 02:55:33 (1.49 MB/s) - ‘kernel-4.18.0-305.7.1.el8_4.src.rpm’ saved [123000617/123000617]
Installez maintenant les dépendances pour le rpm source en tant que root :
[trainee@centos8 ~]$ su - Mot de passe : fenestros [root@centos8 ~]# dnf install yum-utils ... [root@centos8 ~]# yum-builddep /home/trainee/kernel-4.18.0-305.7.1.el8_4.src.rpm ...
Installez maintenant le paquet kernel-4.18.0-305.7.1.el8_4.src.rpm :
[root@centos8 ~]# exit logout [trainee@centos8 ~]$ rpm -Uvh kernel-4.18.0-305.7.1.el8_4.src.rpm Updating / installing... 1:kernel-4.18.0-305.7.1.el8_4 warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root ################################# [100%] warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root
Important - Les erreurs sont sans importance.
2.3 - Préparer l'Arborescence Source du Noyau
Naviguez vers le repertoire ~/rpmbuild/SPECS et utilisez la commande rpmbuild pour préparer l'arborescence source du noyau :
[trainee@centos7 ~]$ cd ~/rpmbuild/SPECS [trainee@centos7 SPECS]$ rpmbuild -bp --target=$(uname -m) kernel.spec ...
A l'issu du processus, examinez l'arborescence :
[trainee@centos8 SPECS]$ ls -la ~/rpmbuild/BUILD/kernel-4.18.0-305.7.1.el8_4/linux-4.18.0-305.7.1.el8.x86_64/ total 812 drwxr-xr-x. 26 trainee trainee 4096 Jul 14 03:13 . drwxr-xr-x. 3 trainee trainee 4096 Jul 14 03:12 .. drwxr-xr-x. 27 trainee trainee 4096 Jul 14 03:13 arch drwxr-xr-x. 3 trainee trainee 4096 Jun 14 10:33 block drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 certs -rw-r--r--. 1 trainee trainee 13079 Jun 14 10:33 .clang-format -rw-r--r--. 1 trainee trainee 59 Jun 14 10:33 .cocciconfig drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 configs -rw-r--r--. 1 trainee trainee 423 Jun 14 10:33 COPYING-4.18.0 -rw-r--r--. 1 trainee trainee 98651 Jun 14 10:33 CREDITS drwxr-xr-x. 4 trainee trainee 4096 Jun 14 10:33 crypto drwxr-xr-x. 119 trainee trainee 4096 Jul 14 03:13 Documentation drwxr-xr-x. 137 trainee trainee 4096 Jun 14 10:33 drivers drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 firmware drwxr-xr-x. 73 trainee trainee 4096 Jun 14 10:33 fs -rw-r--r--. 1 trainee trainee 68 Jun 14 10:33 .get_maintainer.conf -rw-r--r--. 1 trainee trainee 31 Jun 14 10:33 .get_maintainer.ignore -rw-r--r--. 1 trainee trainee 76 Jun 14 10:33 .gitattributes -rw-r--r--. 1 trainee trainee 1639 Jun 14 10:33 .gitlab-ci-private.yml -rw-r--r--. 1 trainee trainee 1668 Jun 14 10:33 .gitlab-ci.yml drwxr-xr-x. 30 trainee trainee 4096 Jun 14 10:33 include drwxr-xr-x. 2 trainee trainee 4096 Jun 14 10:33 init drwxr-xr-x. 2 trainee trainee 4096 Jun 14 10:33 ipc -rw-r--r--. 1 trainee trainee 2245 Jun 14 10:33 Kbuild -rw-r--r--. 1 trainee trainee 575 Jun 14 10:33 Kconfig drwxr-xr-x. 19 trainee trainee 4096 Jul 14 03:13 kernel drwxr-xr-x. 20 trainee trainee 12288 Jul 14 03:13 lib drwxr-xr-x. 5 trainee trainee 4096 Jun 14 10:33 LICENSES -rw-r--r--. 1 trainee trainee 9559 Jun 14 10:33 .mailmap -rw-r--r--. 1 trainee trainee 471696 Jun 14 10:33 MAINTAINERS -rw-r--r--. 1 trainee trainee 61558 Jun 14 10:33 Makefile -rw-r--r--. 1 trainee trainee 1324 Jun 14 10:33 Makefile.rhelver -rw-r--r--. 1 trainee trainee 0 Jul 14 03:13 .mismatches drwxr-xr-x. 3 trainee trainee 4096 Jun 14 10:33 mm drwxr-xr-x. 72 trainee trainee 4096 Jun 14 10:33 net -rw-r--r--. 1 trainee trainee 800 Jun 14 10:33 README drwxr-xr-x. 28 trainee trainee 4096 Jun 14 10:33 samples -rw-r--r--. 1 trainee trainee 0 Jul 14 03:12 .scmversion drwxr-xr-x. 14 trainee trainee 4096 Jul 14 03:13 scripts drwxr-xr-x. 10 trainee trainee 4096 Jun 14 10:33 security drwxr-xr-x. 26 trainee trainee 4096 Jun 14 10:33 sound drwxr-xr-x. 33 trainee trainee 4096 Jun 14 10:33 tools drwxr-xr-x. 2 trainee trainee 4096 Jul 14 03:13 usr drwxr-xr-x. 4 trainee trainee 4096 Jun 14 10:33 virt
Le Fichier .config
Changez de répertoire de travail :
[trainee@centos8 SPECS]$ cd ~/rpmbuild/BUILD/kernel-*/linux-*/
Copiez le fichier configs/kernel-4.18.0-`uname -m`.config vers .config dans le répertoire courant :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cp configs/kernel-4.18.0-`uname -m`.config .config
Mettez à jour le fichier .config par rapport à la configuration actuelle du noyau :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ make oldconfig scripts/kconfig/conf --oldconfig Kconfig # # configuration written to .config #
Important - Cette commande lit le fichier .config du noyau actuel et le compare avec celui des sources du noyau. S'il existent des nouvelles configurations à effectuer dans les sources du noyau, la commande vous pose des questions.
La configuration du noyau se trouve dans un fichier dénommé .config. Le fichier .config est généré par une des trois commandes suivantes et ne doit pas être édité manuellement :
- make config
- make menuconfig
- make xconfig
Exécutez la commande make menuconfig :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ make menuconfig UPD scripts/kconfig/.mconf-cfg HOSTCC scripts/kconfig/mconf.o HOSTCC scripts/kconfig/lxdialog/checklist.o HOSTCC scripts/kconfig/lxdialog/inputbox.o HOSTCC scripts/kconfig/lxdialog/menubox.o HOSTCC scripts/kconfig/lxdialog/textbox.o HOSTCC scripts/kconfig/lxdialog/util.o HOSTCC scripts/kconfig/lxdialog/yesno.o HOSTLD scripts/kconfig/mconf scripts/kconfig/mconf Kconfig # # using defaults found in /boot/config-4.18.0-305.7.1.el8_4.x86_64 #
Dans l'interface, vous pouvez constater la présence de lignes correspondantes à des fonctionalités suivies par une lettre ou une valeur. Dans le cas d'une lettre, la signification est la suivante :
- y,
- la fonctionalité est incluse dans le noyau monolithique ou dans le cas d'une dépendance d'un module, dans le module concerné,
- m,
- la fonctionalité est incluse en tant que module,
- n,
- la fonctionalité n'est pas incluse.
Important - Cette commande permet la modification de la configuration du noyau.
Sauvegardez simplement la configuration actuelle et sortez de l'interface :
*** End of the configuration. *** Execute 'make' to start the build or try 'make help'.
Vérifiez que le fichier .config a été“ créé par l'exécution de makeconfig :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ ls -a . certs configs Documentation .get_maintainer.conf .gitlab-ci.yml Kbuild LICENSES Makefile.rhelver README security virt .. .clang-format COPYING-4.18.0 drivers .get_maintainer.ignore include Kconfig .mailmap .mismatches samples sound arch .cocciconfig CREDITS firmware .gitattributes init kernel MAINTAINERS mm .scmversion tools block .config crypto fs .gitlab-ci-private.yml ipc lib Makefile net scripts usr
Consultez ce fichier :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ more .config # # Automatically generated file; DO NOT EDIT. # Linux/x86 4.18.0 Kernel Configuration # # # Compiler: gcc (GCC) 8.4.1 20200928 (Red Hat 8.4.1-1) # CONFIG_64BIT=y CONFIG_X86_64=y CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y CONFIG_OUTPUT_FORMAT="elf64-x86-64" CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_MMU=y CONFIG_ARCH_MMAP_RND_BITS_MIN=28 CONFIG_ARCH_MMAP_RND_BITS_MAX=32 CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y CONFIG_ARCH_HAS_FILTER_PGPROT=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y CONFIG_ARCH_WANT_GENERAL_HUGETLB=y CONFIG_ZONE_DMA32=y CONFIG_AUDIT_ARCH=y CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y --More--(0%)
Le Fichier Makefile
Le fichier Makefile contient le nom du noyau et spécifie les informations suivantes :
- VERSION,
- PATCHLEVEL,
- SUBLEVEL,
- EXTRAVERSION.
Les trois premières informations sont gérées par kernel.org et Linus Torvalds en personne tandis que l'EXTRAVERSION est gérée par Red Hat :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ more Makefile # SPDX-License-Identifier: GPL-2.0 VERSION = 4 PATCHLEVEL = 18 SUBLEVEL = 0 EXTRAVERSION = NAME = Merciless Moray # # DRM backport version # RHEL_DRM_VERSION = 5 RHEL_DRM_PATCHLEVEL = 9 RHEL_DRM_SUBLEVEL = 14 # *DOCUMENTATION* # To see a list of typical targets execute "make help" # More info can be located in ./README # Comments in this file are targeted only to the developer, do not # expect to learn how to build the kernel reading this file. # That's our default target when none is given on the command line PHONY := _all _all: # o Do not use make's built-in rules and variables # (this increases performance and avoids hard-to-debug behaviour); # o Look for make include files relative to root of kernel src MAKEFLAGS += -rR --include-dir=$(CURDIR) # Avoid funny character set dependencies unexport LC_ALL LC_COLLATE=C LC_NUMERIC=C export LC_COLLATE LC_NUMERIC # Avoid interference with shell env settings unexport GREP_OPTIONS # Set RHEL variables # Use this spot to avoid future merge conflicts include Makefile.rhelver # We are using a recursive build, so we need to do a little thinking --Plus--(2%)
Important - La version 2.6 du noyau a vu le jour en 2003. Les SUBLEVEL se suivaient régulièrement. Avec la version 2.6 du noyau, la valeur paire du PATCHLEVEL indiquait que le noyau était stable. Quand vous recompilez le noyau à partir des sources, vous devez modifier la valeur de l'EXTRAVERSION. Le passage à la version 3.0 fut décidé par Linus Torvalds à l'occasion des 20 ans du noyau Linux. Depuis l'arrivée de la version 3 du noyau, la signification de la valeur de PATCHLEVEL paire et impaire a été abondonnée.
2.4 - Paramétrage du noyau
Insérez la sortie de la commande uname -i sur la première ligne du fichier .config :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ uname -i x86_64 [trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ vi .config [trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ head .config # x86_64 # # Automatically generated file; DO NOT EDIT. # Linux/x86 4.18.0 Kernel Configuration # # # Compiler: gcc (GCC) 8.4.1 20200928 (Red Hat 8.4.1-1) # CONFIG_64BIT=y
Renommez le fichier .config en le plaçant dans le répertoire ~/rpmbuild/SOURCES/ :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cp .config ~/rpmbuild/SOURCES/config-`uname -m`-generic [trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ ls ~/rpmbuild/SOURCES centos-ca-secureboot.der cpupower.config filter-x86_64.sh kernel-s390x.config mod-extra.list Module.kabi_s390x centos-dup.x509 cpupower.service generate_all_configs.sh kernel-s390x-debug.config mod-internal.list Module.kabi_x86_64 centos-kpatch.x509 debrand-rh-i686-cpu.patch generate_bls_conf.sh kernel-s390x-zfcpdump.config mod-sign.sh parallel_xz.sh centos.pem debrand-rh_taint.patch kernel-aarch64.config kernel-x86_64.config Module.kabi_aarch64 process_configs.sh centossecureboot001.der debrand-single-cpu.patch kernel-aarch64-debug.config kernel-x86_64-debug.config Module.kabi_dup_aarch64 x509.genkey centossecureboot201.der filter-aarch64.sh kernel-abi-stablelists-4.18.0-305.tar.bz2 kvm_stat.logrotate Module.kabi_dup_ppc64le centossecurebootca2.der filter-modules.sh kernel-kabi-dw-4.18.0-305.tar.bz2 linux-4.18.0-305.7.1.el8_4.tar.xz Module.kabi_dup_s390x check-kabi filter-ppc64le.sh kernel-ppc64le.config linux-kernel-test.patch Module.kabi_dup_x86_64 config-x86_64-generic filter-s390x.sh kernel-ppc64le-debug.config mod-blacklist.sh Module.kabi_ppc64le
Copiez le contenu du répertoire configs vers le répertoire ~/rpmbuild/SOURCES/ :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cp configs/* ~/rpmbuild/SOURCES/
Editez la directive buildid dans le fichier ~/rpmbuild/SPECS/kernel.spec :
[trainee@centos8 linux-4.18.0-305.7.1.el8.x86_64]$ cd ~/rpmbuild/SPECS
[trainee@centos8 SPECS]$ vi kernel.spec
[trainee@centos8 SPECS]$ head -n 50 kernel.spec
# We have to override the new %%install behavior because, well... the kernel is special.
%global __spec_install_pre %{___build_pre}
# At the time of this writing (2019-03), RHEL8 packages use w2.xzdio
# compression for rpms (xz, level 2).
# Kernel has several large (hundreds of mbytes) rpms, they take ~5 mins
# to compress by single-threaded xz. Switch to threaded compression,
# and from level 2 to 3 to keep compressed sizes close to "w2" results.
#
# NB: if default compression in /usr/lib/rpm/redhat/macros ever changes,
# this one might need tweaking (e.g. if default changes to w3.xzdio,
# change below to w4T.xzdio):
%define _binary_payload w3T.xzdio
# For a kernel released for public testing, released_kernel should be 1.
# For internal testing builds during development, it should be 0.
%global released_kernel 1
%global distro_build 305
# Sign the x86_64 kernel for secure boot authentication
%ifarch x86_64 aarch64
%global signkernel 1
%else
%global signkernel 0
%endif
# Sign modules on all arches
%global signmodules 1
# Compress modules only for architectures that build modules
%ifarch noarch
%global zipmodules 0
%else
%global zipmodules 1
%endif
%if %{zipmodules}
%global zipsed -e 's/\.ko$/\.ko.xz/'
%endif
%define buildid .i2tch
%define rpmversion 4.18.0
%define pkgrelease 305.7.1.el8_4
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 305.7.1%{?dist}
%define pkg_release %{specrelease}%{?buildid}
2.5 - Compiler le Noyau
La compilation du noyau peut prendre beaucoup de temps (~5 heures). La commande utilisée est la suivante :
[trainee@centos7 SPECS]$ rpmbuild -bb --target=`uname -m` kernel.spec 2> build-err.log | tee build-out.log &
Important - La compilation peut prendre des heures. Arrêtez donc le processus avec les touches ^C. Arrêtez ensuite votre VM. Demandez à votre formateur de démarrer la VM contenant le noyau déjà compilé.
A l'issu du processus, les RPMs se trouvent dans le répertoire /home/trainee/rpmbuild/RPMS/x86_64/ :
... Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-cross-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debuginfo-common-x86_64-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/python3-perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/python3-perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-libs-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-libs-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-tools-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/bpftool-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/bpftool-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-selftests-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debug-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Wrote: /home/trainee/rpmbuild/RPMS/x86_64/kernel-ipaclones-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.rkOgfs [1]+ Done rpmbuild -bb --target=`uname -m` kernel.spec 2> build-err.log | tee build-out.log
[trainee@centos8 SPECS]$ cd ../RPMS [trainee@centos8 RPMS]$ ls x86_64 [trainee@centos8 RPMS]$ cd x86_64/ [trainee@centos8 x86_64]$ ls bpftool-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-selftests-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm bpftool-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-libs-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-cross-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-headers-4.18.0-305.7.1.el8.i2tch.x86_64.rpm perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-core-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-ipaclones-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-modules-4.18.0-305.7.1.el8.i2tch.x86_64.rpm python3-perf-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debug-devel-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64.rpm python3-perf-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64.rpm kernel-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64.rpm
Notez que la génération du nouveau noyau peut consommer jusqu'à 21 Go d'espace disque :
[trainee@centos8 x86_64]$ df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 1.8G 0 1.8G 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 1.9G 9.4M 1.9G 1% /run tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/mapper/cl_centos8-root 28G 5.5G 23G 20% / /dev/sda1 976M 289M 620M 32% /boot tmpfs 374M 24K 374M 1% /run/user/1000 tmpfs 374M 1.2M 373M 1% /run/user/42 /dev/sdc1 63G 21G 39G 35% /home
2.6 - Installer le Nouveau Noyau
Installez maintenant les paquets kernel*. L'installation du noyau peut prendre beaucoup de temps (~2 heures). La commande utilisée est la suivante : :
[root@centos8 x86_64]# dnf localinstall kernel-*.rpm Last metadata expiration check: 2:25:32 ago on Tue 20 Jul 2021 08:37:00 EDT. Dependencies resolved. =============================================================================================================================================================================================================== Package Architecture Version Repository Size =============================================================================================================================================================================================================== Installing: kernel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M kernel-core x86_64 4.18.0-305.7.1.el8.i2tch @commandline 36 M kernel-cross-headers x86_64 4.18.0-305.7.1.el8.i2tch @commandline 11 M kernel-debug x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M kernel-debug-core x86_64 4.18.0-305.7.1.el8.i2tch @commandline 63 M kernel-debug-debuginfo x86_64 4.18.0-305.7.1.el8.i2tch @commandline 683 M kernel-debug-devel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 19 M kernel-debug-modules x86_64 4.18.0-305.7.1.el8.i2tch @commandline 54 M kernel-debug-modules-extra x86_64 4.18.0-305.7.1.el8.i2tch @commandline 7.2 M kernel-debug-modules-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.3 M kernel-debuginfo x86_64 4.18.0-305.7.1.el8.i2tch @commandline 570 M kernel-debuginfo-common-x86_64 x86_64 4.18.0-305.7.1.el8.i2tch @commandline 75 M kernel-devel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 18 M kernel-ipaclones-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 20 M kernel-modules x86_64 4.18.0-305.7.1.el8.i2tch @commandline 28 M kernel-modules-extra x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.5 M kernel-modules-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.1 M kernel-selftests-internal x86_64 4.18.0-305.7.1.el8.i2tch @commandline 19 M kernel-tools-debuginfo x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.2 M kernel-tools-libs-devel x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M Downgrading: kernel-headers x86_64 4.18.0-305.7.1.el8.i2tch @commandline 7.1 M kernel-tools x86_64 4.18.0-305.7.1.el8.i2tch @commandline 6.1 M kernel-tools-libs x86_64 4.18.0-305.7.1.el8.i2tch @commandline 5.9 M Transaction Summary =============================================================================================================================================================================================================== Install 20 Packages Downgrade 3 Packages Total size: 1.6 G Is this ok [y/N]: y
A l'issu de l'installation, re-démarrez la VM :
[root@centos7 ~]# reboot
Connectez-vous en tant que trainee et devenez root. Listez ensuite les noyaux installés :
[root@centos8 ~]# rpm -qa | grep kernel kernel-modules-4.18.0-305.3.1.el8.x86_64 kernel-tools-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-headers-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-core-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-modules-4.18.0-305.7.1.el8_4.x86_64 kernel-debug-modules-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-devel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-tools-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-tools-libs-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-modules-internal-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-cross-headers-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-core-4.18.0-305.7.1.el8_4.x86_64 kernel-devel-4.18.0-305.7.1.el8_4.x86_64 kernel-debuginfo-common-x86_64-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-devel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-tools-libs-devel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-modules-extra-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-4.18.0-305.7.1.el8_4.x86_64 kernel-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-core-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-selftests-internal-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-debuginfo-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-debug-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-4.18.0-305.3.1.el8.x86_64 kernel-core-4.18.0-305.3.1.el8.x86_64 kernel-modules-4.18.0-305.7.1.el8.i2tch.x86_64 kernel-ipaclones-internal-4.18.0-305.7.1.el8.i2tch.x86_64
Constatez l'entrée saved-entry du fichier /boot/grub2/grubenv :
[root@centos8 ~]# grep i2tch /boot/grub2/grubenv saved_entry=95bd69e34a7444a7b58cb74fbfb86df2-4.18.0-305.7.1.el8.i2tch.x86_64
Dernièrement, vérifiez l'utilisation du nouveau noyau :
[root@centos8 ~]# uname -r 4.18.0-305.7.1.el8.i2tch.x86_64
LAB #3 - Compilation et installation du noyau sous Debian 11
Commencez par installer les paquets necessaires :
root@debian11:~# apt-get update Hit:1 http://deb.debian.org/debian bullseye InRelease Get:2 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB] Get:3 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB] Fetched 83.5 kB in 1s (158 kB/s) Reading package lists... Done root@debian11:~# apt-get -y install build-essential linux-source bc kmod cpio flex libncurses5-dev libelf-dev libssl-dev dwarves debconf-utils dpkg-dev debhelper ncurses-dev
1.1 - Déplacer /home
Créez une seule partition sur /dev/sdb :
root@debian11:~# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.36.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xa10c368d.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p):
Using default response p.
Partition number (1-4, default 1):
First sector (2048-134217727, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-134217727, default 134217727):
Created a new partition 1 of type 'Linux' and of size 64 GiB.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
Créez maintenant un système de fichiers ext4 sur /dev/sdb1 :
root@debian11:~# mkfs.ext4 /dev/sdb1
mke2fs 1.46.2 (28-Feb-2021)
Discarding device blocks: done
Creating filesystem with 16776960 4k blocks and 4194304 inodes
Filesystem UUID: 24f1821e-1d5b-4256-8ee3-c9ee6b382ddc
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424
Allocating group tables: done
Writing inode tables: done
Creating journal (65536 blocks): done
Writing superblocks and filesystem accounting information: done
Editez le fichier /etc/ssh/sshd_config et modifiez la directive PermitRootLogin :
root@debian11:~# vi /etc/ssh/sshd_config root@debian11:~# cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Include /etc/ssh/sshd_config.d/*.conf #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 ...
Re-démarrez le serveur ssh :
root@debian11:~# systemctl restart sshd
root@debian11:~# systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-05-01 15:35:50 CEST; 6s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 2793 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 2794 (sshd)
Tasks: 1 (limit: 4656)
Memory: 1.1M
CPU: 25ms
CGroup: /system.slice/ssh.service
└─2794 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
May 01 15:35:50 debian11 systemd[1]: Starting OpenBSD Secure Shell server...
May 01 15:35:50 debian11 sshd[2794]: Server listening on 0.0.0.0 port 22.
May 01 15:35:50 debian11 sshd[2794]: Server listening on :: port 22.
May 01 15:35:50 debian11 systemd[1]: Started OpenBSD Secure Shell server.
A Faire - Déconnectez-vous en ssh. Connectez-vous directement en tant que root en ssh.
Montez /dev/sdb1 sur /mnt :
root@debian11:~# mount /dev/sdb1 /mnt
Copiez le contenu de /home vers /mnt :
root@debian11:~# cp -a /home/* /mnt
Démontez /dev/sdb1 :
root@debian11:~# umount /mnt
Identifiez l'UUID de /dev/sdb1 :
root@debian11:~# ls -l /dev/disk/by-uuid/ | grep sdb1 lrwxrwxrwx 1 root root 10 May 1 15:31 24f1821e-1d5b-4256-8ee3-c9ee6b382ddc -> ../../sdb1
Editez le fichier /etc/fstab en ajoutant la ligne pour le montage de /home :
root@debian11:~# vi /etc/fstab root@debian11:~# cat /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # systemd generates mount units based on this file, see systemd.mount(5). # Please run 'systemctl daemon-reload' after making changes here. # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=9887a74f-a680-4bde-8f04-db5ae9ea186e / ext4 errors=remount-ro 0 1 UUID=24f1821e-1d5b-4256-8ee3-c9ee6b382ddc /home ext4 defaults 0 0 # swap was on /dev/sda5 during installation UUID=1f9439f5-4b19-49b1-b292-60c2c674cee9 none swap sw 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
Créez le point de montage /home :
root@debian11:~# rm -rf /home root@debian11:~# mkdir /home
Montez /dev/sdb1 :
root@debian11:~# mount -a root@debian11:~# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=1986968k,nr_inodes=496742,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=402560k,mode=755) /dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11732) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime) configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime) fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=402556k,nr_inodes=100639,mode=700) /dev/sdb1 on /home type ext4 (rw,relatime)
Notez la taille de /home :
root@debian11:~# df -h Filesystem Size Used Avail Use% Mounted on udev 1.9G 0 1.9G 0% /dev tmpfs 394M 892K 393M 1% /run /dev/sda1 31G 4.1G 25G 14% / tmpfs 2.0G 0 2.0G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 394M 36K 394M 1% /run/user/0 /dev/sdb1 63G 1.4M 60G 1% /home
A Faire - Fermez la session de root et connectez-vous en tant que trainee en ssh.
1.2 - Télécharger le Code Source du Noyau
Le code source est disponible sur le site www.kernel.org :
trainee@debian11:~$ wget https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.11.1.tar.gz --2022-05-01 15:46:58-- https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.11.1.tar.gz Resolving www.kernel.org (www.kernel.org)... 145.40.68.75, 2604:1380:4601:e00::1 Connecting to www.kernel.org (www.kernel.org)|145.40.68.75|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/linux-5.11.1.tar.gz [following] --2022-05-01 15:46:58-- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/linux-5.11.1.tar.gz Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)... 147.75.101.1, 2604:1380:2001:3900::1 Connecting to mirrors.edge.kernel.org (mirrors.edge.kernel.org)|147.75.101.1|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 186370882 (178M) [application/x-gzip] Saving to: ‘linux-5.11.1.tar.gz’ linux-5.11.1.tar.gz 100%[====================================================================================================================>] 177.74M 83.4MB/s in 2.1s 2022-05-01 15:47:01 (83.4 MB/s) - ‘linux-5.11.1.tar.gz’ saved [186370882/186370882]
Désarchivez le tar.xz que vous avez téléchargé :
trainee@debian8:~$ tar xf linux-5.11.1.tar.gz
Notez que l'occupation disque du code source du noyau linux-5.11.1 est de 1.2 Go :
trainee@debian11:~$ du -hs ./linux-5.11.1 1.2G ./linux-5.11.1
1.3 - Configurer le Noyau
Le fichier Makefile contient le nom du noyau et spécifie les informations suivantes :
- VERSION,
- PATCHLEVEL,
- SUBLEVEL,
- EXTRAVERSION.
Les trois premières informations sont gérées par kernel.org et Linus Torvalds en personne tandis que l'EXTRAVERSION est gérée par Debian :
trainee@debian11:~$ cat ./linux-5.11.1/Makefile | head # SPDX-License-Identifier: GPL-2.0 VERSION = 5 PATCHLEVEL = 11 SUBLEVEL = 1 EXTRAVERSION = NAME = 💕 Valentine's Day Edition 💕 # *DOCUMENTATION* # To see a list of typical targets execute "make help" # More info can be located in ./README
Important - La version 2.6 du noyau a vu le jour en 2003. Les SUBLEVEL se suivaient régulièrement. Avec la version 2.6 du noyau, la valeur paire du PATCHLEVEL indiquait que le noyau était stable. Quand vous recompilez le noyau à partir des sources, vous devez modifier la valeur de l'EXTRAVERSION. Le passage à la version 3.0 fut décidé par Linus Torvalds à l'occasion des 20 ans du noyau Linux.
Utilisez maintenant la commande make defconfig pour créer le fichier de configuration .config :
trainee@debian11:~$ su - Password: fenestros root@debian11:~# cd /home/trainee/linux-5.11.1/ root@debian11:/home/trainee/linux-5.11.1# make defconfig HOSTCC scripts/basic/fixdep HOSTCC scripts/kconfig/conf.o HOSTCC scripts/kconfig/confdata.o HOSTCC scripts/kconfig/expr.o LEX scripts/kconfig/lexer.lex.c YACC scripts/kconfig/parser.tab.[ch] HOSTCC scripts/kconfig/lexer.lex.o HOSTCC scripts/kconfig/parser.tab.o HOSTCC scripts/kconfig/preprocess.o HOSTCC scripts/kconfig/symbol.o HOSTCC scripts/kconfig/util.o HOSTLD scripts/kconfig/conf *** Default configuration is based on 'x86_64_defconfig' # # configuration written to .config #
Ce fichier est configuré par une des trois commandes suivantes :
- make config
- make menuconfig
- make xconfig
Dans ce fichier, vous pouvez constater la présence de lignes correspondantes à des fonctionalités suivies par une lettre ou une valeur. Dans le cas d'une lettre, la signification est la suivante :
- y
- la fonctionalité est incluse dans le noyau monolithique ou dans le cas d'une dépendance d'un module, dans le module concerné,
- m
- la fonctionalité est incluse en tant que module,
- n
- la fonctionalité n'est pas incluse. Cette option est rarement visible car dans bien les cas, la fonctionalité est simplement commentée dans le fichier lui-même.
root@debian11:/home/trainee/linux-5.11.1# more .config # # Automatically generated file; DO NOT EDIT. # Linux/x86 5.11.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Debian 10.2.1-6) 10.2.1 20210110" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=100201 CONFIG_LD_VERSION=235020000 CONFIG_CLANG_VERSION=0 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y # # General setup # CONFIG_INIT_ENV_ARG_LIMIT=32 # CONFIG_COMPILE_TEST is not set CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_BUILD_SALT="" CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y CONFIG_HAVE_KERNEL_LZMA=y CONFIG_HAVE_KERNEL_XZ=y CONFIG_HAVE_KERNEL_LZO=y CONFIG_HAVE_KERNEL_LZ4=y CONFIG_HAVE_KERNEL_ZSTD=y CONFIG_KERNEL_GZIP=y # CONFIG_KERNEL_BZIP2 is not set # CONFIG_KERNEL_LZMA is not set # CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_LZO is not set # CONFIG_KERNEL_LZ4 is not set # CONFIG_KERNEL_ZSTD is not set CONFIG_DEFAULT_INIT="" CONFIG_DEFAULT_HOSTNAME="(none)" CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y # CONFIG_WATCH_QUEUE is not set CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_USELIB=y CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_AUDITSYSCALL=y # # IRQ subsystem # CONFIG_GENERIC_IRQ_PROBE=y --More--(1%) [q]
1.4 - Compiler le Noyau
La compilation du noyau peut prendre beaucoup de temps. La commande utilisée est la suivante :
root@debian11:/home/trainee/linux-5.11.1# make deb-pkg clean ... dpkg-buildpackage: info: full upload (original source is included) CLEAN arch/x86/entry/vdso CLEAN arch/x86/kernel/cpu CLEAN arch/x86/kernel CLEAN arch/x86/realmode/rm CLEAN arch/x86/lib CLEAN certs CLEAN drivers/firmware/efi/libstub CLEAN drivers/scsi CLEAN drivers/tty/vt CLEAN drivers/video/logo CLEAN lib CLEAN net/wireless CLEAN security/selinux CLEAN usr/include CLEAN usr CLEAN arch/x86/boot/compressed CLEAN arch/x86/boot CLEAN arch/x86/tools CLEAN vmlinux.symvers modules.builtin modules.builtin.modinfo
A l'issu du processus, les paquets du nouveau noyau se trouvent dans le répertoire /home/trainee :
root@debian11:/home/trainee/linux-5.11.1# cd .. root@debian11:/home/trainee# ls Desktop linux-5.11.1 linux-5.11.1_5.11.1-1.diff.gz linux-5.11.1.tar.gz linux-libc-dev_5.11.1-1_amd64.deb Public Documents linux-5.11.1_5.11.1-1_amd64.buildinfo linux-5.11.1_5.11.1-1.dsc linux-headers-5.11.1_5.11.1-1_amd64.deb Music Templates Downloads linux-5.11.1_5.11.1-1_amd64.changes linux-5.11.1_5.11.1.orig.tar.gz linux-image-5.11.1_5.11.1-1_amd64.deb Pictures Videos
1.5 - Installer le Noyau
Installez maintenant les paquets deb :
root@debian11:/home/trainee# dpkg -i /home/trainee/linux*.deb
Constatez la création d'un nouveau grub.cfg :
root@debian11:/home/trainee# grep 5.11.1 /boot/grub/grub.cfg
echo 'Loading Linux 5.11.1 ...'
linux /boot/vmlinuz-5.11.1 root=UUID=9887a74f-a680-4bde-8f04-db5ae9ea186e ro quiet
initrd /boot/initrd.img-5.11.1
menuentry 'Debian GNU/Linux, with Linux 5.11.1' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.1-advanced-9887a74f-a680-4bde-8f04-db5ae9ea186e' {
echo 'Loading Linux 5.11.1 ...'
linux /boot/vmlinuz-5.11.1 root=UUID=9887a74f-a680-4bde-8f04-db5ae9ea186e ro quiet
initrd /boot/initrd.img-5.11.1
menuentry 'Debian GNU/Linux, with Linux 5.11.1 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.1-recovery-9887a74f-a680-4bde-8f04-db5ae9ea186e' {
echo 'Loading Linux 5.11.1 ...'
linux /boot/vmlinuz-5.11.1 root=UUID=9887a74f-a680-4bde-8f04-db5ae9ea186e ro single
initrd /boot/initrd.img-5.11.1
1.6 - Désinstaller un Noyau
Lister les noyaux installés :
root@debian11:/home/trainee# dpkg -l | grep -i "linux-image*" | awk '{print $2}'
linux-image-5.10.0-13-amd64
linux-image-5.11.1
linux-image-amd64
Le noyau se désinstalle comme tout autre paquet :
root@debian11:/home/trainee# apt-get -y purge "linux-image-5.11.1" Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages will be REMOVED: linux-image-5.11.1* 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. After this operation, 15.1 MB disk space will be freed. (Reading database ... 118012 files and directories currently installed.) Removing linux-image-5.11.1 (5.11.1-1) ... update-initramfs: Deleting /boot/initrd.img-5.11.1 Generating grub configuration file ... Found background image: /usr/share/images/desktop-base/desktop-grub.png Found linux image: /boot/vmlinuz-5.10.0-13-amd64 Found initrd image: /boot/initrd.img-5.10.0-13-amd64 done (Reading database ... 117967 files and directories currently installed.) Purging configuration files for linux-image-5.11.1 (5.11.1-1) ...
Vérifiez que le fichier grub.cfg a été modifié :
root@debian11:/home/trainee# grep 5.11.1 /boot/grub/grub.cfg root@debian11:/home/trainee#
Dernièrement, listez les noyaux disponibles :
root@debian11:/home/trainee# dpkg -l | grep -i "linux-image*" | awk '{print $2}'
linux-image-5.10.0-13-amd64
linux-image-amd64
LAB #4 - Mise à Jour du Noyau avec le Gestionnaire des Paquets
Afin d'obtenir la dernière version du noyau pré-compliée par Debian, il convient d'ajouter les dépôts unstable :
root@debian11:/home/trainee# echo "deb http://deb.debian.org/debian unstable main contrib non-free" | sudo tee -a /etc/apt/sources.list deb http://deb.debian.org/debian unstable main contrib non-free root@debian11:/home/trainee# echo "deb-src http://deb.debian.org/debian unstable main contrib non-free" | sudo tee -a /etc/apt/sources.list deb-src http://deb.debian.org/debian unstable main contrib non-free
Afin de ne faire que des mises à jour du noyau à partir de ce dépôt, créez le fichier /etc/apt/preferences :
root@debian11:/home/trainee# vi /etc/apt/preferences root@debian11:/home/trainee# cat /etc/apt/preferences Package: * Pin: release a=bullseye Pin-Priority: 500 Package: linux-image-amd64 Pin: release a=unstable Pin-Priority: 1000 Package: * Pin: release a=unstable Pin-Priority: 100
Mettez à jour apt :
root@debian11:/home/trainee# apt update Hit:1 http://security.debian.org/debian-security bullseye-security InRelease Hit:2 http://deb.debian.org/debian bullseye InRelease Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB] Get:4 http://deb.debian.org/debian unstable InRelease [165 kB] Get:5 http://deb.debian.org/debian unstable/contrib Sources [57.6 kB] Get:6 http://deb.debian.org/debian unstable/main Sources [9,700 kB] Get:7 http://deb.debian.org/debian unstable/non-free Sources [89.6 kB] Get:8 http://deb.debian.org/debian unstable/main amd64 Packages [9,154 kB] Get:9 http://deb.debian.org/debian unstable/main Translation-en [6,780 kB] Get:10 http://deb.debian.org/debian unstable/contrib amd64 Packages [65.4 kB] Get:11 http://deb.debian.org/debian unstable/contrib Translation-en [55.9 kB] Get:12 http://deb.debian.org/debian unstable/non-free amd64 Packages [112 kB] Get:13 http://deb.debian.org/debian unstable/non-free Translation-en [103 kB] Fetched 26.3 MB in 5s (4,955 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 2 packages can be upgraded. Run 'apt list --upgradable' to see them.
Installez ensuite les mises-à-jour du noyau :
root@debian11:/home/trainee# apt -y upgrade
Re-démarrez votre VM :
root@debian11:/home/trainee# reboot
Connectez-vous de nouveau à la VM et contrôlez la version du noyau :
trainee@debian11:~$ uname -a Linux debian11 5.17.0-1-amd64 #1 SMP PREEMPT Debian 5.17.3-1 (2022-04-18) x86_64 GNU/Linux
Déconnectez-vous et re-connectez-vous directement en tant que root.
LAB #3 - Gestion des Quotas
Sous Linux il est possible de mettre en place des quotas par utilisateur et par groupe. Ceci étant, Linux ne sait pas gérer des quotas par répertoire, uniquement des quotas par partition. L'administrateur met souvent des quotas en place sur l'arborescence de /home pour limiter l'espace de stockage occupé par les utilisateurs.
Commencez par vérifiez que le paquet quota est bien installé :
root@debian11:~# dpkg --get-selections | grep quota root@debian11:~# apt -y install quota
Editez le fichier /etc/fstab en ajoutant les options usrquota et grpquota à la ligne /home :
root@debian11:~# vi /etc/fstab root@debian11:~# cat /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # systemd generates mount units based on this file, see systemd.mount(5). # Please run 'systemctl daemon-reload' after making changes here. # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=9887a74f-a680-4bde-8f04-db5ae9ea186e / ext4 errors=remount-ro 0 1 UUID=24f1821e-1d5b-4256-8ee3-c9ee6b382ddc /home ext4 defaults,usrquota,grpquota 0 0 # swap was on /dev/sda5 during installation UUID=1f9439f5-4b19-49b1-b292-60c2c674cee9 none swap sw 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
Démontez puis remontez /home :
root@debian11:~# umount /home root@debian11:~# mount -a
Vérifiez ensuite que les options soient prises en compte :
root@debian11:~# cat /etc/mtab sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 udev /dev devtmpfs rw,nosuid,relatime,size=1976600k,nr_inodes=494150,mode=755,inode64 0 0 devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=402384k,mode=755,inode64 0 0 /dev/sda1 / ext4 rw,relatime,errors=remount-ro 0 0 securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0 tmpfs /dev/shm tmpfs rw,nosuid,nodev,inode64 0 0 tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,inode64 0 0 cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0 pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0 bpf /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0 systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=13172 0 0 mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0 hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0 tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0 debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0 configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0 fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0 tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=402380k,nr_inodes=100595,mode=700,inode64 0 0 /dev/sdb1 /home ext4 rw,relatime,quota,usrquota,grpquota 0 0
Copyright © 2022 Hugh Norris.
