Build a Custom Kernel Package for Debian
Perhaps it is hardware unsupported by any of the Linux kernels provided by Debian.
Or trying to troubleshoot a kernel's misbehaviour by running the latest and greatest.
Or a desire to try out a brand new kernel capability.
Or simple curiosity!
Whatever the reason, this is how I build a custom kernel package for Debian from the "vanilla" kernel source available on kernel.org.
1. Download build tools
$ sudo apt install build-essential bison flex gnupg libncurses-dev libelf-dev libssl-dev wget
2. Keys
Import crypto signing keys belonging to kernel release developers ...
$ gpg --locate-keys torvalds@kernel.org gregkh@kernel.org
3. Kernel source
Download to my home directory the latest stable kernel source and signature (5.19.8 as of 2022-09-10) from kernel.org ...
$ mkdir ~/kernel; cd ~/kernel
$ wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.8.tar.xz
$ wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.8.tar.sign
Verify signature ...
$ unxz -c linux-5.19.8.tar.xz | gpg --verify linux-5.19.8.tar.sign -
gpg: Signature made Thu 08 Sep 2022 05:25:14 AM EDT
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
Unpack kernel ...
$ tar xvf linux-5.19.8.tar.xz
$ cd linux-5.19.8
4. Configure
Rather than configure everything from scratch, copy the /boot/config-VERSION of the kernel currently in use to the kernel source directory ...
$ cp /boot/config-$(uname -r) .config
Use one of these methods to update .config with any new kernel options:
Method #1
If anything needs to be modified in the configuration, bring up the configuration menu by running ...
$ make nconfig
Method #2
Otherwise, when using a .config file that has been generated with another (older) kernel version, it needs to be updated with any changes that have been been made to the newer kernel.
Run ...
$ make oldconfig
User is prompted to make their choices for the new options.
Method #3
To preemptively accept the default answer to all those questions, run ...
$ make olddefconfig
4.1 System keys
Disable the SYSTEM_TRUSTED_KEYS and SYSTEM_REVOCATION_KEYS settings in .config ...
scripts/config --disable SYSTEM_TRUSTED_KEYS
scripts/config --disable SYSTEM_REVOCATION_KEYS
Otherwise, the build fails with error ...
make[4]: *** No rule to make target 'debian/certs/debian-uefi-certs.pem', needed by 'certs/x509_certificate_list'. Stop.
4.2 Skip debugging
Disable DEBUG_INFO ...
$ scripts/config --disable DEBUG_INFO
Starting in kernels 5.18+ its also necessary to enable DEBUG_INFO_NONE ...
$ scripts/config --enable DEBUG_INFO_NONE
This will skip building the linux-image-VERSION-dbg package, which contains the debugging symbols for the kernel image and its modules. It's not required unless debugging kernel code and results in a significant savings in compile time and space.
5. Compile
Compile the kernel (LOCALVERSION= parameter appends custom text to the generated package name) ...
$ make clean
$ make deb-pkg LOCALVERSION=-custom
Note: It can take hour(s) to compile a kernel.
6. Install
New .deb packages are built ...
$ ls -l ../*.deb
../linux-headers-5.19.8-custom_5.19.8-custom-1_amd64.deb
../linux-image-5.19.8-custom_5.19.8-custom-1_amd64.deb
../linux-libc-dev_5.19.8-custom-1_amd64.deb
Install packages (linux-libc-dev* can be skipped) ...
$ sudo dpkg -i ../linux-image-5.19.8-custom_5.19.8-custom-1_amd64.deb
$ sudo dpkg -i ../linux-headers-5.19.8-custom_5.19.8-custom-1_amd64.deb
The new kernel and headers are installed, a new initrd is generated, and the bootloader is configured to make this kernel the new default.
Reboot and enjoy!
7. Helpful
» Next: DoH and Custom DNS Servers with OpenWrt
« Previous: BTRFS Snapshots and System Rollbacks on Arch Linux