Build a custom kernel package for Debian

Last updated on 2022-09-11 • Tagged under  #debian   #linux 

Perhaps it is hardware unsupported by any of the Linux kernels provided by Debian.

Or trying to troubleshoot a kernel's misbehaviour by running the latest and greatest.

Or a desire to try out a brand new kernel capability.

Or simple curiosity!

Whatever the reason, this is how I build a custom kernel package for Debian from the "vanilla" kernel source available on kernel.org.

1. Download build tools

$ sudo apt install build-essential bison flex gnupg libncurses-dev libelf-dev libssl-dev wget

2. Keys

Import crypto signing keys belonging to kernel release developers ...

$ gpg --locate-keys torvalds@kernel.org gregkh@kernel.org

3. Kernel source

Download to my home directory the latest stable kernel source and signature (5.19.8 as of 2022-09-10) from kernel.org ...

$ mkdir ~/kernel; cd ~/kernel
$ wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.8.tar.xz
$ wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.8.tar.sign

Verify signature ...

$ unxz -c linux-5.19.8.tar.xz | gpg --verify linux-5.19.8.tar.sign -
gpg: Signature made Thu 08 Sep 2022 05:25:14 AM EDT
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

Unpack kernel ...

$ tar xvf linux-5.19.8.tar.xz
$ cd linux-5.19.8

4. Configure

Rather than configure everything from scratch, copy the /boot/config-VERSION of the kernel currently in use to the kernel source directory ...

$ cp /boot/config-$(uname -r) .config

Use one of these methods to update .config with any new kernel options:

Method #1

If anything needs to be modified in the configuration, bring up the configuration menu by running ...

$ make nconfig

Method #2

Otherwise, when using a .config file that has been generated with another (older) kernel version, it needs to be updated with any changes that have been been made to the newer kernel.

Run ...

$ make oldconfig

User is prompted to make their choices for the new options.

Method #3

To preemptively accept the default answer to all those questions, run ...

$ make olddefconfig

4.1 System keys

Disable the SYSTEM_TRUSTED_KEYS and SYSTEM_REVOCATION_KEYS settings in .config ...

scripts/config --disable SYSTEM_TRUSTED_KEYS
scripts/config --disable SYSTEM_REVOCATION_KEYS

Otherwise, the build fails with error ...

make[4]: *** No rule to make target 'debian/certs/debian-uefi-certs.pem', needed by 'certs/x509_certificate_list'.  Stop.

4.2 Skip debugging

Disable DEBUG_INFO ...

$ scripts/config --disable DEBUG_INFO

Starting in kernels 5.18+ its also necessary to enable DEBUG_INFO_NONE ...

$ scripts/config --enable DEBUG_INFO_NONE

This will skip building the linux-image-VERSION-dbg package, which contains the debugging symbols for the kernel image and its modules. It's not required unless debugging kernel code and results in a significant savings in compile time and space.

5. Compile

Compile the kernel (LOCALVERSION= parameter appends custom text to the generated package name) ...

$ make clean
$ make deb-pkg LOCALVERSION=-custom

Note: It can take hour(s) to compile a kernel.

6. Install

New .deb packages are built ...

$ ls -l ../*.deb
../linux-headers-5.19.8-custom_5.19.8-custom-1_amd64.deb
../linux-image-5.19.8-custom_5.19.8-custom-1_amd64.deb
../linux-libc-dev_5.19.8-custom-1_amd64.deb

Install packages (linux-libc-dev* can be skipped) ...

$ sudo dpkg -i ../linux-image-5.19.8-custom_5.19.8-custom-1_amd64.deb
$ sudo dpkg -i ../linux-headers-5.19.8-custom_5.19.8-custom-1_amd64.deb

The new kernel and headers are installed, a new initrd is generated, and the bootloader is configured to make this kernel the new default.

Reboot and enjoy!

7. Helpful

• Debian Administrator's Handbook: 8.10. Compiling a Kernel
• Debian Linux Kernel Handbook: 4. Common kernel-related tasks
• Linux kernel releases PGP signatures

» Later: Minimal Debian Bullseye

« Earlier: Create a multiboot Linux USB installer with Ventoy