├── LICENSE └── readme.md /LICENSE: -------------------------------------------------------------------------------- 1 | Attribution 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More_considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution 4.0 International Public License 58 | 59 | By exercising the Licensed Rights (defined below), You accept and agree 60 | to be bound by the terms and conditions of this Creative Commons 61 | Attribution 4.0 International Public License ("Public License"). To the 62 | extent this Public License may be interpreted as a contract, You are 63 | granted the Licensed Rights in consideration of Your acceptance of 64 | these terms and conditions, and the Licensor grants You such rights in 65 | consideration of benefits the Licensor receives from making the 66 | Licensed Material available under these terms and conditions. 67 | 68 | 69 | Section 1 -- Definitions. 70 | 71 | a. Adapted Material means material subject to Copyright and Similar 72 | Rights that is derived from or based upon the Licensed Material 73 | and in which the Licensed Material is translated, altered, 74 | arranged, transformed, or otherwise modified in a manner requiring 75 | permission under the Copyright and Similar Rights held by the 76 | Licensor. For purposes of this Public License, where the Licensed 77 | Material is a musical work, performance, or sound recording, 78 | Adapted Material is always produced where the Licensed Material is 79 | synched in timed relation with a moving image. 80 | 81 | b. Adapter's License means the license You apply to Your Copyright 82 | and Similar Rights in Your contributions to Adapted Material in 83 | accordance with the terms and conditions of this Public License. 84 | 85 | c. Copyright and Similar Rights means copyright and/or similar rights 86 | closely related to copyright including, without limitation, 87 | performance, broadcast, sound recording, and Sui Generis Database 88 | Rights, without regard to how the rights are labeled or 89 | categorized. For purposes of this Public License, the rights 90 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 91 | Rights. 92 | 93 | d. Effective Technological Measures means those measures that, in the 94 | absence of proper authority, may not be circumvented under laws 95 | fulfilling obligations under Article 11 of the WIPO Copyright 96 | Treaty adopted on December 20, 1996, and/or similar international 97 | agreements. 98 | 99 | e. Exceptions and Limitations means fair use, fair dealing, and/or 100 | any other exception or limitation to Copyright and Similar Rights 101 | that applies to Your use of the Licensed Material. 102 | 103 | f. Licensed Material means the artistic or literary work, database, 104 | or other material to which the Licensor applied this Public 105 | License. 106 | 107 | g. Licensed Rights means the rights granted to You subject to the 108 | terms and conditions of this Public License, which are limited to 109 | all Copyright and Similar Rights that apply to Your use of the 110 | Licensed Material and that the Licensor has authority to license. 111 | 112 | h. Licensor means the individual(s) or entity(ies) granting rights 113 | under this Public License. 114 | 115 | i. Share means to provide material to the public by any means or 116 | process that requires permission under the Licensed Rights, such 117 | as reproduction, public display, public performance, distribution, 118 | dissemination, communication, or importation, and to make material 119 | available to the public including in ways that members of the 120 | public may access the material from a place and at a time 121 | individually chosen by them. 122 | 123 | j. Sui Generis Database Rights means rights other than copyright 124 | resulting from Directive 96/9/EC of the European Parliament and of 125 | the Council of 11 March 1996 on the legal protection of databases, 126 | as amended and/or succeeded, as well as other essentially 127 | equivalent rights anywhere in the world. 128 | 129 | k. You means the individual or entity exercising the Licensed Rights 130 | under this Public License. Your has a corresponding meaning. 131 | 132 | 133 | Section 2 -- Scope. 134 | 135 | a. License grant. 136 | 137 | 1. Subject to the terms and conditions of this Public License, 138 | the Licensor hereby grants You a worldwide, royalty-free, 139 | non-sublicensable, non-exclusive, irrevocable license to 140 | exercise the Licensed Rights in the Licensed Material to: 141 | 142 | a. reproduce and Share the Licensed Material, in whole or 143 | in part; and 144 | 145 | b. produce, reproduce, and Share Adapted Material. 146 | 147 | 2. Exceptions and Limitations. For the avoidance of doubt, where 148 | Exceptions and Limitations apply to Your use, this Public 149 | License does not apply, and You do not need to comply with 150 | its terms and conditions. 151 | 152 | 3. Term. The term of this Public License is specified in Section 153 | 6(a). 154 | 155 | 4. Media and formats; technical modifications allowed. The 156 | Licensor authorizes You to exercise the Licensed Rights in 157 | all media and formats whether now known or hereafter created, 158 | and to make technical modifications necessary to do so. The 159 | Licensor waives and/or agrees not to assert any right or 160 | authority to forbid You from making technical modifications 161 | necessary to exercise the Licensed Rights, including 162 | technical modifications necessary to circumvent Effective 163 | Technological Measures. For purposes of this Public License, 164 | simply making modifications authorized by this Section 2(a) 165 | (4) never produces Adapted Material. 166 | 167 | 5. Downstream recipients. 168 | 169 | a. Offer from the Licensor -- Licensed Material. Every 170 | recipient of the Licensed Material automatically 171 | receives an offer from the Licensor to exercise the 172 | Licensed Rights under the terms and conditions of this 173 | Public License. 174 | 175 | b. No downstream restrictions. You may not offer or impose 176 | any additional or different terms or conditions on, or 177 | apply any Effective Technological Measures to, the 178 | Licensed Material if doing so restricts exercise of the 179 | Licensed Rights by any recipient of the Licensed 180 | Material. 181 | 182 | 6. No endorsement. Nothing in this Public License constitutes or 183 | may be construed as permission to assert or imply that You 184 | are, or that Your use of the Licensed Material is, connected 185 | with, or sponsored, endorsed, or granted official status by, 186 | the Licensor or others designated to receive attribution as 187 | provided in Section 3(a)(1)(A)(i). 188 | 189 | b. Other rights. 190 | 191 | 1. Moral rights, such as the right of integrity, are not 192 | licensed under this Public License, nor are publicity, 193 | privacy, and/or other similar personality rights; however, to 194 | the extent possible, the Licensor waives and/or agrees not to 195 | assert any such rights held by the Licensor to the limited 196 | extent necessary to allow You to exercise the Licensed 197 | Rights, but not otherwise. 198 | 199 | 2. Patent and trademark rights are not licensed under this 200 | Public License. 201 | 202 | 3. To the extent possible, the Licensor waives any right to 203 | collect royalties from You for the exercise of the Licensed 204 | Rights, whether directly or through a collecting society 205 | under any voluntary or waivable statutory or compulsory 206 | licensing scheme. In all other cases the Licensor expressly 207 | reserves any right to collect such royalties. 208 | 209 | 210 | Section 3 -- License Conditions. 211 | 212 | Your exercise of the Licensed Rights is expressly made subject to the 213 | following conditions. 214 | 215 | a. Attribution. 216 | 217 | 1. If You Share the Licensed Material (including in modified 218 | form), You must: 219 | 220 | a. retain the following if it is supplied by the Licensor 221 | with the Licensed Material: 222 | 223 | i. identification of the creator(s) of the Licensed 224 | Material and any others designated to receive 225 | attribution, in any reasonable manner requested by 226 | the Licensor (including by pseudonym if 227 | designated); 228 | 229 | ii. a copyright notice; 230 | 231 | iii. a notice that refers to this Public License; 232 | 233 | iv. a notice that refers to the disclaimer of 234 | warranties; 235 | 236 | v. a URI or hyperlink to the Licensed Material to the 237 | extent reasonably practicable; 238 | 239 | b. indicate if You modified the Licensed Material and 240 | retain an indication of any previous modifications; and 241 | 242 | c. indicate the Licensed Material is licensed under this 243 | Public License, and include the text of, or the URI or 244 | hyperlink to, this Public License. 245 | 246 | 2. You may satisfy the conditions in Section 3(a)(1) in any 247 | reasonable manner based on the medium, means, and context in 248 | which You Share the Licensed Material. For example, it may be 249 | reasonable to satisfy the conditions by providing a URI or 250 | hyperlink to a resource that includes the required 251 | information. 252 | 253 | 3. If requested by the Licensor, You must remove any of the 254 | information required by Section 3(a)(1)(A) to the extent 255 | reasonably practicable. 256 | 257 | 4. If You Share Adapted Material You produce, the Adapter's 258 | License You apply must not prevent recipients of the Adapted 259 | Material from complying with this Public License. 260 | 261 | 262 | Section 4 -- Sui Generis Database Rights. 263 | 264 | Where the Licensed Rights include Sui Generis Database Rights that 265 | apply to Your use of the Licensed Material: 266 | 267 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 268 | to extract, reuse, reproduce, and Share all or a substantial 269 | portion of the contents of the database; 270 | 271 | b. if You include all or a substantial portion of the database 272 | contents in a database in which You have Sui Generis Database 273 | Rights, then the database in which You have Sui Generis Database 274 | Rights (but not its individual contents) is Adapted Material; and 275 | 276 | c. You must comply with the conditions in Section 3(a) if You Share 277 | all or a substantial portion of the contents of the database. 278 | 279 | For the avoidance of doubt, this Section 4 supplements and does not 280 | replace Your obligations under this Public License where the Licensed 281 | Rights include other Copyright and Similar Rights. 282 | 283 | 284 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 285 | 286 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 287 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 288 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 289 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 290 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 291 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 292 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 293 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 294 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 295 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 296 | 297 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 298 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 299 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 300 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 301 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 302 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 303 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 304 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 305 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 306 | 307 | c. The disclaimer of warranties and limitation of liability provided 308 | above shall be interpreted in a manner that, to the extent 309 | possible, most closely approximates an absolute disclaimer and 310 | waiver of all liability. 311 | 312 | 313 | Section 6 -- Term and Termination. 314 | 315 | a. This Public License applies for the term of the Copyright and 316 | Similar Rights licensed here. However, if You fail to comply with 317 | this Public License, then Your rights under this Public License 318 | terminate automatically. 319 | 320 | b. Where Your right to use the Licensed Material has terminated under 321 | Section 6(a), it reinstates: 322 | 323 | 1. automatically as of the date the violation is cured, provided 324 | it is cured within 30 days of Your discovery of the 325 | violation; or 326 | 327 | 2. upon express reinstatement by the Licensor. 328 | 329 | For the avoidance of doubt, this Section 6(b) does not affect any 330 | right the Licensor may have to seek remedies for Your violations 331 | of this Public License. 332 | 333 | c. For the avoidance of doubt, the Licensor may also offer the 334 | Licensed Material under separate terms or conditions or stop 335 | distributing the Licensed Material at any time; however, doing so 336 | will not terminate this Public License. 337 | 338 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 339 | License. 340 | 341 | 342 | Section 7 -- Other Terms and Conditions. 343 | 344 | a. The Licensor shall not be bound by any additional or different 345 | terms or conditions communicated by You unless expressly agreed. 346 | 347 | b. Any arrangements, understandings, or agreements regarding the 348 | Licensed Material not stated herein are separate from and 349 | independent of the terms and conditions of this Public License. 350 | 351 | 352 | Section 8 -- Interpretation. 353 | 354 | a. For the avoidance of doubt, this Public License does not, and 355 | shall not be interpreted to, reduce, limit, restrict, or impose 356 | conditions on any use of the Licensed Material that could lawfully 357 | be made without permission under this Public License. 358 | 359 | b. To the extent possible, if any provision of this Public License is 360 | deemed unenforceable, it shall be automatically reformed to the 361 | minimum extent necessary to make it enforceable. If the provision 362 | cannot be reformed, it shall be severed from this Public License 363 | without affecting the enforceability of the remaining terms and 364 | conditions. 365 | 366 | c. No term or condition of this Public License will be waived and no 367 | failure to comply consented to unless expressly agreed to by the 368 | Licensor. 369 | 370 | d. Nothing in this Public License constitutes or may be interpreted 371 | as a limitation upon, or waiver of, any privileges and immunities 372 | that apply to the Licensor or You, including from the legal 373 | processes of any jurisdiction or authority. 374 | 375 | 376 | ======================================================================= 377 | 378 | Creative Commons is not a party to its public 379 | licenses. Notwithstanding, Creative Commons may elect to apply one of 380 | its public licenses to material it publishes and in those instances 381 | will be considered the "Licensor." The text of the Creative Commons 382 | public licenses is dedicated to the public domain under the CC0 Public 383 | Domain Dedication. Except for the limited purpose of indicating that 384 | material is shared under a Creative Commons public license or as 385 | otherwise permitted by the Creative Commons policies published at 386 | creativecommons.org/policies, Creative Commons does not authorize the 387 | use of the trademark "Creative Commons" or any other trademark or logo 388 | of Creative Commons without its prior written consent including, 389 | without limitation, in connection with any unauthorized modifications 390 | to any of its public licenses or any other arrangements, 391 | understandings, or agreements concerning use of licensed material. For 392 | the avoidance of doubt, this paragraph does not form part of the 393 | public licenses. 394 | 395 | Creative Commons may be contacted at creativecommons.org. 396 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # TL;DR 2 | 3 | Git-managed kernels from kernel.org, with fully-automated configuration that's 4 | better than `make oldconfig`: 5 | 6 | ``` 7 | ./scripts/config --enable IKCONFIG 8 | ./scripts/config --module SENSORS_NCT6775 9 | ./scripts/config --disable AUDIT 10 | ./scripts/config --set-val SND_HDA_PREALLOC_SIZE 2048 11 | ./scripts/config --set-str UEVENT_HELPER_PATH "" 12 | ``` 13 | 14 | and various tips. No more blind copying of 4,000+ line `.config` files, no 15 | unnecessary code, no bullshit. 16 | 17 | # About 18 | 19 | This repo explains how I download, configure, and install kernels on my Gentoo 20 | Linux machines. 21 | 22 | I claim that my methodology is better than 90% of the workflows described 23 | online, including the official Gentoo documentation. Criticism welcome :) 24 | 25 | Advantages of my approach (summary; see below for full explanation): 26 | 27 | * Obtaining the kernel: 28 | * git > tarballs: faster updates and patching; built-in changelog viewer; git-bisect is possible 29 | * access to more releases, from ancient releases to latest release candidates 30 | * easier to get support upstream 31 | * simplicity & transparency 32 | * Configuration: 33 | * Fully automated, comment- and git-friendly configuration. Better than 34 | kernel seeds or copying `.config` files around 35 | * Proper handling of changed default values when upgrading kernels 36 | * No extra code/complexity -- `scripts/config` is part of the kernel 37 | * Building and installing the kernel 38 | * compilation is not done as root 39 | * `-march=native` is used 40 | 41 | Disadvantages of my approach: 42 | 43 | * ~1.5 GB extra space for `.git` (fixed cost if not using shallow clones, regardless of number of kernels) 44 | * You don't get any patches from the Gentoo kernel team (e.g. aufs, grsecurity, small fixes/improvements) 45 | 46 | # Required reading 47 | 48 | I won't go over the basics of kernel configuration here -- that's already 49 | described here: 50 | 51 | * https://wiki.gentoo.org/wiki/Handbook:X86/Installation/Kernel 52 | * https://wiki.gentoo.org/wiki/Kernel 53 | * https://wiki.gentoo.org/wiki/Kernel/Configuration 54 | * https://wiki.gentoo.org/wiki/Kernel/Upgrade 55 | 56 | There's no need to duplicate documentation, so go and at least skim through those 57 | pages if you haven't read them already. 58 | 59 | # Guide 60 | 61 | ## Obtaining the kernel 62 | 63 | How kernel development works: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/2.Process.rst . 64 | 65 | TL;DR: 66 | 67 | * `linux-next`: integration repo; might not even compile 68 | * `mainline`: "official" kernel, managed by Linus himself 69 | * `stable`: contains backported fixes 70 | 71 | Distros such as Ubuntu and RHEL have their own forks of the kernel (e.g. 72 | [here's Ubuntu's Xenial 73 | repo](http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/)). They also 74 | backport fixes to certain "stable" and supported versions. It's possible to use 75 | those with Gentoo, but I fail to see the appeal of doing that. 76 | 77 | On Gentoo you have several "official" options, with various amounts of extra 78 | patches and support available: 79 | 80 | * `sys-kernel/gentoo-sources` -- default, slightly patched sources 81 | * `sys-kernel/vanilla-sources` -- upstream kernel with no modifications 82 | * `sys-kernel/hardened-sources` -- [rest in peace](https://www.gentoo.org/support/news-items/2017-08-19-hardened-sources-removal.html) 83 | * several others -- browse the [sys-kernel category](https://packages.gentoo.org/categories/sys-kernel/) 84 | 85 | If you use `gentoo-sources` you get: 86 | 87 | * A bunch of required settings [automatically 88 | enabled](https://dev.gentoo.org/~mpagano/genpatches/trunk/4.12/4567_distro-Gentoo-Kconfig.patch) 89 | for you if you enable `CONFIG_GENTOO_LINUX`. 90 | * Various patches. For example, you can find all the 4.12 patches here: 91 | https://dev.gentoo.org/~mpagano/genpatches/trunk/4.12/ . For a concrete 92 | example: without `1500_XATTR_USER_PREFIX.patch` portage will spit out a lot of 93 | `Failed to set XATTR_PAX markings` errors if your `/var/tmp/portage` is on a 94 | `tmpfs` mount. 95 | 96 | The Gentoo kernel team is really good. 97 | They definitely add value and are more knowledgable than I am. However, I'd 98 | rather get my kernel from [kernel.org](https://www.kernel.org/) directly with 99 | `git`. 100 | 101 | Why? 102 | 103 | * I can `git pull` and get the latest kernel without having to wait for the 104 | Gentoo kernel team to release an ebuild. 105 | * Obtaining support is easier. kernel.org 106 | [states](https://www.kernel.org/category/releases.html): "[If using a distro 107 | kernel,] Please use the support channels offered by your distribution vendor to 108 | obtain kernel support". 109 | * Applying patches is trivial regardless of which approach you take, but I find 110 | it easier to track and cherry-pick patches with git. 111 | * It's trivial to switch to the mainline/linux-next kernels if needed, or any 112 | other tree, without changing my workflow. 113 | * I get access to more versions. `linux-stable` + `mainline` have 2,500+ tags, 114 | while `vanilla-sources` currently only has 7 ebuilds. 115 | * `git-pull` is faster than `emerge`. Portage has to parse ebuilds, 116 | `/var/db/pkg`, etc. It also has to download a 90+ MB tarball for every new 117 | major release. I also don't have to disable `FEATURES=buildpkg` through 118 | `package.env` -- `git-pull` is simply less annoying. 119 | 120 | Which kernel version to use? 121 | 122 | Open https://www.kernel.org/ . Pick a longterm release if you want to stick 123 | with a certain major version (e.g. `4.9`) for a long time, or instead use the 124 | latest stable version. 125 | 126 | Finally, the actual guide. I like having 1 "master" bare repo per remote tree: 127 | 128 | ```bash 129 | george@george:/usr/src$ sudo mkdir -p linux-stable-git-bare && sudo chown "$(id -un):$(id -gn)" linux-stable-git-bare 130 | george@george:/usr/src$ git clone --mirror --bare 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git' linux-stable-git-bare 131 | ``` 132 | 133 | Then we pick 1+ versions: 134 | 135 | ```bash 136 | george@george:/usr/src$ git -C linux-stable-git-bare fetch --all --tags 137 | george@george:/usr/src$ git -C linux-stable-git-bare tag --sort=-creatordate # you can also consult https://www.kernel.org/ 138 | 139 | # Example with v4.12.8: 140 | george@george:/usr/src$ v="4.12.8" 141 | ``` 142 | 143 | Create a folder per version: 144 | 145 | ``` 146 | george@george:/usr/src$ sudo mkdir "linux-stable-git-$v" && sudo chown "$(id -un):$(id -gn)" "linux-stable-git-$v" 147 | george@george:/usr/src$ git clone --single-branch --branch "v$v" linux-stable-git-bare/ "linux-stable-git-$v" 148 | ``` 149 | 150 | The `.git` folders will use hardlinks (until someone/something runs `git-gc`), 151 | so it should be pretty space efficient. 152 | 153 | Once you no longer need the Gentoo kernels: 154 | 155 | ```bash 156 | george@george:~$ sudo mkdir -p /etc/portage/profile/ 157 | george@george:~$ echo 'sys-kernel/vanilla-sources-4.12.8' | sudo tee --append /etc/portage/profile/package.provided 158 | george@george:~$ sudo emerge -aC gentoo-sources vanilla-sources # ... 159 | ``` 160 | 161 | This is possibly a bad idea, because now `depclean` could uninstall some required packages: 162 | 163 | george@george:~$ equery depgraph '=gentoo-sources-4.12.8' 164 | * dependency graph for sys-kernel/gentoo-sources-4.12.8 165 | `-- sys-kernel/gentoo-sources-4.12.8 [~amd64 keyword] 166 | `-- sys-apps/sed-4.2.2 (sys-apps/sed) amd64 167 | `-- sys-devel/binutils-2.28-r2 (>=sys-devel/binutils-2.11.90.0.31) amd64 168 | `-- sys-libs/ncurses-6.0-r1 (>=sys-libs/ncurses-5.2) amd64 169 | `-- sys-devel/make-4.2.1 (sys-devel/make) amd64 170 | `-- dev-lang/perl-5.24.1-r2 (dev-lang/perl) amd64 171 | `-- sys-devel/bc-1.06.95-r1 (sys-devel/bc) amd64 172 | 173 | You should probably add those to `@world`. 174 | 175 | ### Ebuild alternative 176 | 177 | If you want to stick to ebuilds, yet automatically configure your kernels, I suggest looking at https://github.com/jollheef/jollheef-overlay/blob/3a59396be2cbbdb1202e30ac577c3676fa5d9a85/sys-kernel/linux/linux-4.17.4.ebuild for inspiration. 178 | 179 | ## Configuring the kernel 180 | 181 | Downloading, compiling, and installing the kernel is trivial: you (roughly) do 182 | `git pull && make all install`. Kernel configuration is the most challenging 183 | part of running your own kernel. Depending on how far you want to deviate from 184 | the defaults, it can take you up to several hours to manually configure a 185 | kernel. 186 | 187 | We can split configuration into hardware and software. 188 | 189 | ### Hardware support and options 190 | 191 | You will likely end up with a non-fully working computer if you just use `make 192 | defconfig`. 193 | 194 | It's also easy to end up with partial hardware support -- perhaps 195 | there's a hardware sensor that's available but whose support hasn't been 196 | enabled. How do you know you have enabled everything necessary? 197 | 198 | Options for configuring hardware support: 199 | 200 | * Easy: 201 | * genkernel 202 | * `make allmodconfig` 203 | * Copy `.config` from Ubuntu/Fedora/etc. Example: http://kernel.ubuntu.com/~kernel-ppa/configs/xenial/linux/ . 204 | * Boot a Linux live CD with the kernel version you care about. Then use `make localmodconfig` and save the config. 205 | * Kernel seeds. E.g. http://www.elilabs.com/~pappy/ (untested; not recommended) 206 | * [AutoKernConf](https://cateee.net/autokernconf/) (untested; not recommended) 207 | * Time-consuming: 208 | * Go over `lspci` / `lsusb` and use the device/vendor numbers to find the relevant configs 209 | * Go over all options in `make menuconfig` and enable whatever you think is relevant 210 | 211 | genkernel, `allmodconfig`, and `localmodconfig` are useful and I recommend them 212 | if you don't want to bother figuring out what hardware support you need 213 | enabled. 214 | 215 | On the other hand, I think kernel seeds are an anti-pattern. Their proponents 216 | claim that "Seeds are a sane 'make defconfig' for the real world". I'd rather 217 | trust upstream with my defaults and expend energy on changing said defaults 218 | upstream if they really are suboptimal for most users of $ARCH. I think the 219 | defaults are fine and there's no need for kernel seeds. 220 | 221 | The few advantages of a "from-scratch" config: 222 | 223 | * 5-10x faster compilation (depending on selections). E.g. `make -j4` on a 224 | quad-core Intel i7 7700K CPU @ 4.5 GHz, Linux 4.12, gcc 5.4.0, with 225 | everything on a ramdisk: 226 | * `allnoconfig`: 55s user, 6s system, 20s wall 227 | * `defconfig`: 472s user, 38s system, 145s wall 228 | * `defconfig` + minor changes: 624s user, 47s system, 190s wall 229 | * [random Ubuntu config](http://kernel.ubuntu.com/~kernel-ppa/configs/xenial/linux/4.4.0-93.116/amd64-config.flavour.generic): 3950s user, 312s system, 1166s wall 230 | * You save up to 200 MB of disk space (no unnecessary modules) 231 | * You save a few milliseconds/seconds when booting up 232 | * Reduced attack surface 233 | * Tiny memory savings 234 | * Good learning experience 235 | 236 | I'd argue that most folks would be better off sticking with gentoo-sources + 237 | [genkernel](https://wiki.gentoo.org/wiki/Genkernel) or any of the popular 238 | distro kernels. 239 | 240 | ### Software support and options 241 | 242 | Software like systemd requires certain kernel features to work properly. 243 | 244 | As a Gentoo user you've probably seen messages like this one: 245 | 246 | ERROR: setup 247 | CONFIG_AUDITSYSCALL: is not set when it should be. 248 | 249 | Again, `make defconfig` won't cut it. 250 | 251 | The traditional approach is to generate a `.config` and then keep doing `make 252 | oldconfig` or `make olddefconfig`. `.config` files have thousands of lines. 253 | Options that were explicitly enabled/disabled are mixed together with default 254 | settings. 255 | 256 | Problem 1: If defaults change (like in this [famous Linus 257 | rant](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4b8cbf679c4866a523a35d1454884a31bd5d8dc)) 258 | then the new defaults won't come into effect -- you'll be stuck in the past. 259 | 260 | Don't believe me? 261 | 262 | ```bash 263 | george@george:~/linux$ git checkout 'b4b8cbf679c4866a523a35d1454884a31bd5d8dc^' # note caret 264 | george@george:~/linux$ make mrproper defconfig 265 | george@george:~/linux$ grep CNN55XX .config 266 | CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m 267 | george@george:~/linux$ git checkout 'b4b8cbf679c4866a523a35d1454884a31bd5d8dc' 268 | george@george:~/linux$ make oldconfig 269 | george@george:~/linux$ grep CNN55XX .config 270 | CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m 271 | ``` 272 | 273 | Problem 2: Adding comments like `CONFIG_TUN is required by openvpn` is hard and 274 | as a result almost nobody documents their `.config` files. 275 | 276 | Some strong opinions: 277 | 278 | * Configuration should be fully automated. Life is short, try to automate what you can. 279 | * Configuration should be version controlled. 280 | * Configuration should be documented (*why* is option X enabled?). 281 | 282 | Here's what I do: 283 | 284 | 1. `emerge` the packages you need (e.g. systemd, docker, openvpn) 285 | 2. Gather all the error/warning messages 286 | 3. Use the kernel's `scripts/config` script to enable all the settings I need. 287 | Because I handle hardware configuration myself, my script looks like this: 288 | 289 | ```bash 290 | # per-machine hardware config 291 | "$(dirname "$0")/hardware/$(hostname).sh" 292 | 293 | # /proc/config.gz 294 | ./scripts/config --enable IKCONFIG # tristate 295 | ./scripts/config --enable IKCONFIG_PROC # boolean 296 | 297 | # gentoo-sources ( https://gitweb.gentoo.org/proj/linux-patches.git/tree/4567_distro-Gentoo-Kconfig.patch ): 298 | ./scripts/config --enable DEVTMPFS # boolean 299 | ./scripts/config --enable TMPFS # boolean 300 | ./scripts/config --enable UNIX # tristate 301 | ./scripts/config --enable SHMEM # boolean 302 | 303 | # gentoo/portage: 304 | ./scripts/config --enable CGROUPS # boolean 305 | ./scripts/config --enable NAMESPACES # boolean 306 | ./scripts/config --enable IPC_NS # boolean 307 | ./scripts/config --enable NET_NS # boolean 308 | ./scripts/config --enable SYSVIPC # boolean 309 | 310 | # openrc/runit support 311 | ./scripts/config --enable BINFMT_SCRIPT # tristate 312 | 313 | # Recommended by the Gentoo Handbook: "Also select Maintain a devtmpfs file 314 | # system to mount at /dev so that critical device files are already available 315 | # early in the boot process (CONFIG_DEVTMPFS and DEVTMPFS_MOUNT)": 316 | ./scripts/config --enable DEVTMPFS # boolean 317 | ./scripts/config --enable DEVTMPFS_MOUNT # boolean 318 | 319 | # required for CHECKPOINT_RESTORE 320 | ./scripts/config --enable EXPERT # boolean 321 | 322 | # systemd -- gentoo ebuild: 323 | ./scripts/config --enable AUTOFS4_FS # tristate 324 | ./scripts/config --enable BLK_DEV_BSG # boolean 325 | ./scripts/config --enable CGROUPS # boolean 326 | ./scripts/config --enable CHECKPOINT_RESTORE # boolean 327 | ./scripts/config --enable CRYPTO_HMAC # tristate 328 | ./scripts/config --enable CRYPTO_SHA256 # tristate 329 | ./scripts/config --enable CRYPTO_USER_API_HASH # tristate 330 | # ./scripts/config --enable DEVPTS_MULTIPLE_INSTANCES # removed -- https://github.com/torvalds/linux/commit/eedf265aa003 331 | ./scripts/config --enable DMIID # boolean 332 | ./scripts/config --enable EPOLL # boolean 333 | ./scripts/config --enable FANOTIFY # boolean 334 | ./scripts/config --enable FHANDLE # boolean 335 | ./scripts/config --enable INOTIFY_USER # boolean 336 | ./scripts/config --enable IPV6 # tristate 337 | ./scripts/config --enable NET # boolean 338 | ./scripts/config --enable NET_NS # boolean 339 | ./scripts/config --enable PROC_FS # boolean 340 | ./scripts/config --enable SECCOMP # boolean 341 | ./scripts/config --enable SECCOMP_FILTER # boolean 342 | ./scripts/config --enable SIGNALFD # boolean 343 | ./scripts/config --enable SYSFS # boolean 344 | ./scripts/config --enable TIMERFD # boolean 345 | ./scripts/config --enable TMPFS_POSIX_ACL # boolean 346 | ./scripts/config --enable TMPFS_XATTR # boolean 347 | ./scripts/config --enable ANON_INODES # boolean 348 | ./scripts/config --enable BLOCK # boolean 349 | ./scripts/config --enable EVENTFD # boolean 350 | ./scripts/config --enable FSNOTIFY # boolean 351 | ./scripts/config --enable INET # boolean 352 | ./scripts/config --enable NLATTR # boolean 353 | 354 | # systemd -- extra things from https://cgit.freedesktop.org/systemd/systemd/tree/README 355 | ./scripts/config --enable DEVTMPFS # boolean 356 | ./scripts/config --disable SYSFS_DEPRECATED # boolean 357 | ./scripts/config --set-str UEVENT_HELPER_PATH "" 358 | ./scripts/config --disable FW_LOADER_USER_HELPER # boolean 359 | ./scripts/config --enable EXT4_FS_POSIX_ACL # boolean 360 | ./scripts/config --enable BTRFS_FS_POSIX_ACL # boolean 361 | ./scripts/config --enable CGROUP_SCHED # boolean 362 | ./scripts/config --enable FAIR_GROUP_SCHED # boolean 363 | ./scripts/config --enable CFS_BANDWIDTH # boolean 364 | ./scripts/config --enable SCHEDSTATS # boolean 365 | ./scripts/config --enable SCHED_DEBUG # boolean 366 | ./scripts/config --enable EFIVAR_FS # tristate 367 | ./scripts/config --enable EFI_PARTITION # boolean 368 | # ./scripts/config --disable RT_GROUP_SCHED # boolean, docker wants this 369 | # ./scripts/config --disable AUDIT # boolean, conflicts with consolekit 370 | 371 | # chromium 372 | ./scripts/config --enable PID_NS # boolean 373 | ./scripts/config --enable NET_NS # boolean 374 | ./scripts/config --enable SECCOMP_FILTER # boolean 375 | ./scripts/config --enable USER_NS # boolean 376 | ./scripts/config --enable ADVISE_SYSCALLS # boolean 377 | ./scripts/config --disable COMPAT_VDSO # boolean 378 | 379 | # qemu for kernel dev 380 | ./scripts/config --module VIRTIO_PCI # tristate 381 | ./scripts/config --module VIRTIO_BLK # tristate 382 | ./scripts/config --module VIRTIO_NET # tristate 383 | ./scripts/config --module 9P_FS # tristate 384 | ./scripts/config --module NET_9P # tristate 385 | ./scripts/config --module NET_9P_VIRTIO # tristate 386 | 387 | # lm_sensors 388 | ./scripts/config --enable I2C_CHARDEV # tristate 389 | 390 | # cryptsetup, luks (according to gentoo wiki page) 391 | ./scripts/config --enable BLK_DEV_DM # tristate 392 | ./scripts/config --enable DM_CRYPT # tristate 393 | ./scripts/config --enable CRYPTO_AES_X86_64 # tristate 394 | ./scripts/config --enable CRYPTO_XTS # tristate 395 | ./scripts/config --enable CRYPTO_SHA256 # tristate 396 | ./scripts/config --enable CRYPTO_USER_API_SKCIPHER # tristate 397 | 398 | # openvpn 399 | ./scripts/config --module TUN # tristate 400 | 401 | # cups 402 | ./scripts/config --module USB_PRINTER # tristate 403 | 404 | # pulseaudio 405 | ./scripts/config --set-val SND_HDA_PREALLOC_SIZE 2048 406 | 407 | # Docker (useful: contrib/check-config.sh) 408 | # "Generally Necessary" 409 | ./scripts/config --enable NAMESPACES # boolean 410 | ./scripts/config --enable NET_NS # boolean 411 | ./scripts/config --enable PID_NS # boolean 412 | ./scripts/config --enable IPC_NS # boolean 413 | ./scripts/config --enable UTS_NS # boolean 414 | ./scripts/config --enable CGROUPS # boolean 415 | ./scripts/config --enable CGROUP_CPUACCT # boolean 416 | ./scripts/config --enable CGROUP_DEVICE # boolean 417 | ./scripts/config --enable CGROUP_FREEZER # boolean 418 | ./scripts/config --enable CGROUP_SCHED # boolean 419 | ./scripts/config --enable CPUSETS # boolean 420 | ./scripts/config --enable MEMCG # boolean 421 | ./scripts/config --enable KEYS # boolean 422 | ./scripts/config --module VETH # tristate 423 | ./scripts/config --module BRIDGE # tristate 424 | ./scripts/config --module NETFILTER_ADVANCED # boolean, implicit requirement for BRIDGE_NETFILTER 425 | ./scripts/config --module BRIDGE_NETFILTER # tristate 426 | ./scripts/config --module NF_NAT_IPV4 # tristate 427 | ./scripts/config --module IP_NF_FILTER # tristate 428 | ./scripts/config --module IP_NF_TARGET_MASQUERADE # tristate 429 | ./scripts/config --module NETFILTER_XT_MATCH_ADDRTYPE # tristate 430 | ./scripts/config --module NETFILTER_XT_MATCH_CONNTRACK # tristate 431 | ./scripts/config --module NETFILTER_XT_MATCH_IPVS # tristate 432 | ./scripts/config --module IP_NF_NAT # tristate 433 | ./scripts/config --module NF_NAT # tristate 434 | ./scripts/config --enable NF_NAT_NEEDED # boolean 435 | ./scripts/config --enable POSIX_MQUEUE # boolean 436 | # "Optional Features" 437 | ./scripts/config --enable USER_NS # boolean 438 | ./scripts/config --enable SECCOMP # boolean 439 | ./scripts/config --enable CGROUP_PIDS # boolean 440 | ./scripts/config --enable MEMCG_SWAP # boolean 441 | ./scripts/config --enable MEMCG_SWAP_ENABLED # boolean 442 | ./scripts/config --enable LEGACY_VSYSCALL_EMULATE # boolean 443 | ./scripts/config --enable BLK_CGROUP # boolean 444 | ./scripts/config --enable BLK_DEV_THROTTLING # boolean 445 | ./scripts/config --module IOSCHED_CFQ # tristate 446 | ./scripts/config --enable CFQ_GROUP_IOSCHED # boolean 447 | ./scripts/config --enable CGROUP_PERF # boolean 448 | ./scripts/config --enable CGROUP_HUGETLB # boolean 449 | ./scripts/config --module NET_CLS_CGROUP # tristate 450 | ./scripts/config --enable CGROUP_NET_PRIO # boolean 451 | ./scripts/config --enable CFS_BANDWIDTH # boolean 452 | ./scripts/config --enable FAIR_GROUP_SCHED # boolean 453 | ./scripts/config --enable RT_GROUP_SCHED # boolean 454 | ./scripts/config --module IP_VS # tristate 455 | ./scripts/config --enable IP_VS_NFCT # boolean 456 | ./scripts/config --module IP_VS_RR # tristate 457 | ./scripts/config --enable EXT4_FS # tristate 458 | ./scripts/config --enable EXT4_FS_POSIX_ACL # boolean 459 | ./scripts/config --enable EXT4_FS_SECURITY # boolean 460 | # "Network Drivers/overlay" 461 | ./scripts/config --module VXLAN # tristate 462 | # "Network Drivers/overlay/Optional (for encrypted networks)": 463 | ./scripts/config --enable CRYPTO # tristate 464 | ./scripts/config --enable CRYPTO_AEAD # tristate 465 | ./scripts/config --enable CRYPTO_GCM # tristate 466 | ./scripts/config --enable CRYPTO_SEQIV # tristate 467 | ./scripts/config --enable CRYPTO_GHASH # tristate 468 | ./scripts/config --enable XFRM # boolean 469 | ./scripts/config --enable XFRM_USER # tristate 470 | ./scripts/config --enable XFRM_ALGO # tristate 471 | ./scripts/config --module INET_ESP # tristate 472 | ./scripts/config --enable INET_XFRM_MODE_TRANSPORT # tristate 473 | # "Network Drivers/ipvlan" 474 | ./scripts/config --enable NET_L3_MASTER_DEV # boolean, required for IPVLAN 475 | ./scripts/config --module IPVLAN # tristate 476 | # macvlan 477 | ./scripts/config --module MACVLAN # tristate 478 | ./scripts/config --module DUMMY # tristate 479 | # "ftp,tftp client in container" 480 | # ./scripts/config --module NF_NAT_FTP # tristate 481 | # ./scripts/config --module NF_CONNTRACK_FTP # tristate 482 | # ./scripts/config --module NF_NAT_TFTP # tristate 483 | # ./scripts/config --module NF_CONNTRACK_TFTP # tristate 484 | # "Storage Drivers" 485 | ./scripts/config --enable BTRFS_FS # tristate 486 | ./scripts/config --enable BTRFS_FS_POSIX_ACL # boolean 487 | ./scripts/config --enable BLK_DEV_DM # tristate 488 | ./scripts/config --enable DM_THIN_PROVISIONING # tristate 489 | ./scripts/config --module OVERLAY_FS # tristate 490 | # From the gentoo ebuild 491 | ./scripts/config --enable SYSVIPC # boolean 492 | ./scripts/config --enable IP_VS_PROTO_TCP # boolean 493 | ./scripts/config --enable IP_VS_PROTO_UDP # boolean 494 | 495 | # libvirt 496 | ./scripts/config --module MACVTAP # tristate 497 | 498 | # sys-auth/consolekit-1.1.2 499 | ./scripts/config --enable AUDIT # boolean, required for AUDITSYSCALL 500 | ./scripts/config --enable AUDITSYSCALL # boolean 501 | 502 | # SCSI disk support 503 | ./scripts/config --enable BLK_DEV_SD # tristate 504 | 505 | ./scripts/config --enable EXT2_FS # tristate 506 | ./scripts/config --disable EXT3_FS # tristate, "This config option is here only for backward compatibility. ext3 filesystem is now handled by the ext4 driver" 507 | ./scripts/config --enable EXT4_FS # tristate 508 | ./scripts/config --enable VFAT_FS # tristate 509 | ./scripts/config --module REISERFS_FS # tristate 510 | ./scripts/config --enable XFS_FS # tristate 511 | ./scripts/config --enable BTRFS_FS # tristate 512 | ./scripts/config --enable FUSE_FS # tristate 513 | ./scripts/config --enable ISO9660_FS # tristate 514 | ./scripts/config --enable PROC_FS # boolean 515 | ./scripts/config --enable TMPFS # boolean 516 | 517 | # USB input devices 518 | ./scripts/config --enable HID_GENERIC # tristate 519 | ./scripts/config --enable USB_HID # tristate 520 | ./scripts/config --enable USB_SUPPORT # boolean 521 | ./scripts/config --enable USB_XHCI_HCD # tristate 522 | ./scripts/config --enable USB_EHCI_HCD # tristate 523 | ./scripts/config --enable USB_OHCI_HCD # tristate 524 | ./scripts/config --enable USB_UAS # tristate, "USB attached SCSI" 525 | 526 | # support 32-bit executables 527 | ./scripts/config --enable IA32_EMULATION # boolean 528 | 529 | # GPT, EFI, UEFI 530 | ./scripts/config --enable PARTITION_ADVANCED # boolean 531 | ./scripts/config --enable EFI_PARTITION # boolean 532 | ./scripts/config --enable EFI # boolean 533 | ./scripts/config --enable EFI_STUB # boolean 534 | ./scripts/config --enable EFI_MIXED # boolean 535 | ./scripts/config --enable EFI_VARS # tristate 536 | ./scripts/config --disable OSF_PARTITION # boolean, Alpha servers 537 | ./scripts/config --disable AMIGA_PARTITION # boolean 538 | ./scripts/config --disable SGI_PARTITION # boolean 539 | ./scripts/config --disable SUN_PARTITION # boolean 540 | ./scripts/config --disable KARMA_PARTITION # boolean 541 | ./scripts/config --enable MAC_PARTITION # boolean 542 | 543 | ./scripts/config --enable MAGIC_SYSRQ # boolean 544 | 545 | # app-emulation/qemu 546 | ./scripts/config --module KVM # tristate 547 | ./scripts/config --module VHOST_NET # tristate 548 | 549 | # https://lwn.net/Articles/680989/ 550 | # https://lwn.net/Articles/681763/ 551 | ./scripts/config --enable BLK_WBT # boolean 552 | ./scripts/config --enable BLK_WBT_SQ # boolean 553 | ./scripts/config --enable BLK_WBT_MQ # boolean 554 | 555 | # http://algo.ing.unimo.it/people/paolo/disk_sched/ 556 | ./scripts/config --module IOSCHED_BFQ # tristate 557 | 558 | # https://www.youtube.com/watch?v=y5KPryOHwk8 559 | # https://en.wikipedia.org/wiki/Active_queue_management 560 | # https://lwn.net/Articles/616241/ 561 | ./scripts/config --enable NET_SCHED # boolean 562 | ./scripts/config --module IFB # tristate 563 | ./scripts/config --module NET_SCH_HTB # tristate 564 | ./scripts/config --module NET_SCH_CBQ # tristate 565 | ./scripts/config --module NET_SCH_HFSC # tristate 566 | ./scripts/config --module NET_SCH_FQ # tristate 567 | ./scripts/config --module NET_SCH_FQ_CODEL # tristate 568 | ./scripts/config --module NET_SCH_SFB # tristate 569 | ./scripts/config --module NET_SCH_INGRESS # tristate 570 | ./scripts/config --module NET_CLS_U32 # tristate 571 | 572 | # https://lwn.net/Articles/758353/ 573 | ./scripts/config --module NET_SCH_CAKE # tristate 574 | ./scripts/config --module NET_ACT_MIRRED # tristate 575 | ./scripts/config --module NET_SCH_PIE # tristate 576 | 577 | # https://news.ycombinator.com/item?id=14813723 578 | ./scripts/config --module TCP_CONG_BBR # tristate 579 | 580 | # IP ECMP 581 | ./scripts/config --enable IP_ROUTE_MULTIPATH # boolean 582 | 583 | # source-based IP routing 584 | ./scripts/config --enable IP_MULTIPLE_TABLES # boolean 585 | 586 | # bridging 587 | ./scripts/config --module BRIDGE # tristate 588 | # multicast 589 | ./scripts/config --enable BRIDGE_IGMP_SNOOPING # boolean 590 | 591 | # speed up tcpdump 592 | ./scripts/config --enable BPF_JIT # boolean 593 | 594 | # timing packets / ptp (Precision Time Protocol) 595 | ./scripts/config --enable NETWORK_PHY_TIMESTAMPING # boolean 596 | 597 | ./scripts/config --module IP_VS # tristate 598 | ./scripts/config --module BONDING # tristate 599 | 600 | # boot_delay=X support 601 | ./scripts/config --enable BOOT_PRINTK_DELAY # boolean 602 | 603 | # thp, compaction 604 | ./scripts/config --enable TRANSPARENT_HUGEPAGE 605 | ./scripts/config --enable TRANSPARENT_HUGEPAGE_ALWAYS 606 | 607 | # dev-util/bcc 608 | ./scripts/config --enable BPF_SYSCALL # boolean 609 | ./scripts/config --module NET_CLS_BPF # tristate 610 | ./scripts/config --module NET_ACT_BPF # tristate 611 | ./scripts/config --enable BPF_EVENTS # boolean 612 | ./scripts/config --enable DEBUG_INFO # boolean 613 | ./scripts/config --enable FUNCTION_TRACER # boolean 614 | ./scripts/config --enable KALLSYMS_ALL # boolean 615 | 616 | # https://lwn.net/Articles/759781/ 617 | ./scripts/config --enable PSI # bool 618 | ./scripts/config --enable PSI_DEFAULT_DISABLED # bool 619 | 620 | # https://www.phoronix.com/scan.php?page=article&item=linux_2637_video&num=1 621 | ./scripts/config --enable SCHED_AUTOGROUP # boolean 622 | 623 | # and so on 624 | ``` 625 | 626 | Applying my config: 627 | 628 | ``` 629 | george@george:/usr/src/linux-stable-git-4.12.8$ make mrproper defconfig 630 | george@george:/usr/src/linux-stable-git-4.12.8$ ~/kernel-config.sh 631 | george@george:/usr/src/linux-stable-git-4.12.8$ make olddefconfig 632 | ``` 633 | 634 | **Pitfall 1**: Some configs are implicit -- they are enabled by other configs: 635 | 636 | Symbol: TAP [=n] 637 | Type : tristate 638 | Defined at drivers/net/Kconfig:304 639 | Depends on: NETDEVICES [=y] && NET_CORE [=y] 640 | Selected by: MACVTAP [=n] && NETDEVICES [=y] && NET_CORE [=y] && MACVLAN [=n] && INET [=y] || IPVTAP [=n] && NETDEVICES [=y] && NET_CORE [=y] && IPVLAN [=n] && INET [=y] 641 | 642 | You have to satisfy the "Selected by" expression if you want `CONFIG_TAP` to be 643 | enabled. `./scripts/config --enable TAP` will appear to work, but `make 644 | olddefconfig` will nuke it. 645 | 646 | **Pitfall 2**: Some configs depend on others: 647 | 648 | Symbol: BRIDGE_NETFILTER [=n] 649 | Type : tristate 650 | Prompt: Bridged IP/ARP packets filtering 651 | Location: 652 | -> Networking support (NET [=y]) 653 | -> Networking options 654 | -> Network packet filtering framework (Netfilter) (NETFILTER [=y]) 655 | (1) -> Advanced netfilter configuration (NETFILTER_ADVANCED [=n]) 656 | Defined at net/Kconfig:187 657 | Depends on: NET [=y] && BRIDGE [=n] && NETFILTER [=y] && INET [=y] && NETFILTER_ADVANCED [=n] 658 | 659 | Similarly if e.g. `NET=n`, `./scripts/config --enable BRIDGE_NETFILTER` will 660 | not enable `NET` and you'll end up with `NET=n` and `BRIDGE_NETFILTER=n`. 661 | 662 | Workaround for detecting broken dependencies: 663 | 664 | george@george:/usr/src/linux-stable-git-4.12.8$ grep -Po '(?<=--enable )[^# ]+' ~/kernel-config.sh | sed 's/^CONFIG_//' | while read kconf; do if ! grep -q "^CONFIG_$kconf=y" .config; then echo "$kconf not set"; fi; done 665 | 666 | TODO: write a script that checks everything. 667 | 668 | Don't forget to update your microcode. E.g. for Intel CPUs: 669 | 670 | ```bash 671 | ./scripts/config --enable FIRMWARE_IN_KERNEL 672 | ./scripts/config --set-str EXTRA_FIRMWARE "$(iucode_tool -L /lib/firmware/intel-ucode | grep "$(iucode_tool -S 2>&1 | grep -Po '(?<=signature ).*$')" -B 1 | grep -Po '(?<=/lib/firmware/)intel-ucode/.*')" 673 | ./scripts/config --set-str EXTRA_FIRMWARE_DIR "/lib/firmware" 674 | ``` 675 | 676 | ## Building and installing the kernel 677 | 678 | `make install` requires `sys-apps/debianutils`. 679 | 680 | ```bash 681 | george@george:/usr/src$ eselect kernel list 682 | george@george:/usr/src$ sudo eselect kernel set "linux-stable-git-4.12.8" 683 | george@george:/usr/src$ cd linux 684 | george@george:/usr/src/linux$ git am -3 ~/kernel-patches/*.patch 685 | george@george:/usr/src/linux$ nice /usr/bin/time -v make KCFLAGS="-march=native" -j "$(nproc)" olddefconfig all 686 | 687 | root@george:/usr/src/linux# (mountpoint -q /boot || mount /boot) && make install modules_install 688 | root@george:/usr/src/linux# emerge -avtq '@module-rebuild' 689 | 690 | # if you need an initrd: 691 | root@george:/usr/src/linux# dracut -a crypt -o zfs "/boot/initramfs-$(make kernelrelease).img" --kver "$(make kernelrelease)" 692 | 693 | # optional cleanup: 694 | root@george:/usr/src/linux# eclean-kernel --list-kernels && eclean-kernel --ask --destructive --exclude config 695 | 696 | root@george:/usr/src/linux# grub-mkconfig -o /boot/grub/grub.cfg 697 | 698 | # optional tools: 699 | george@george:/usr/src/linux$ make KCFLAGS="-march=native" -j "$(nproc)" -C ./tools/power/x86/turbostat 700 | george@george:/usr/src/linux$ make KCFLAGS="-march=native" -j "$(nproc)" -C ./tools/perf 701 | ``` 702 | 703 | # Plans for the future 704 | 705 | * A better `scripts/config` application, with proper dependency management 706 | (e.g. by utilising 707 | [`ulfalizer/Kconfiglib`](https://github.com/ulfalizer/Kconfiglib)). 708 | 709 | # Derivative projects 710 | 711 | * [Korean translation](https://whjeon.com/gentoo-vanilla-kernel/) by @devwhjeon 712 | --------------------------------------------------------------------------------