Build a custom kernel package for Debian
Perhaps it is hardware unsupported by any of the Linux kernels provided by Debian.
Or trying to troubleshoot a kernel's misbehaviour by running the latest and greatest.
Or a desire to try out a brand new kernel capability.
Or simple curiosity!
Whatever the reason, this is how I build a custom kernel package for Debian from the "vanilla" kernel source available on kernel.org.
1. Download build tools
$ sudo apt install build-essential bison flex gnupg libncurses-dev libelf-dev libssl-dev wget
Import crypto signing keys belonging to kernel release developers ...
$ gpg --locate-keys email@example.com firstname.lastname@example.org
3. Kernel source
Download to my home directory the latest stable kernel source and signature (
5.19.8 as of 2022-09-10) from kernel.org ...
$ mkdir ~/kernel; cd ~/kernel $ wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.8.tar.xz $ wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.8.tar.sign
Verify signature ...
$ unxz -c linux-5.19.8.tar.xz | gpg --verify linux-5.19.8.tar.sign - gpg: Signature made Thu 08 Sep 2022 05:25:14 AM EDT gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E gpg: Good signature from "Greg Kroah-Hartman <email@example.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
Unpack kernel ...
$ tar xvf linux-5.19.8.tar.xz $ cd linux-5.19.8
Rather than configure everything from scratch, copy the
/boot/config-VERSION of the kernel currently in use to the kernel source directory ...
$ cp /boot/config-$(uname -r) .config
Use one of these methods to update
.config with any new kernel options:
If anything needs to be modified in the configuration, bring up the configuration menu by running ...
$ make nconfig
Otherwise, when using a
.config file that has been generated with another (older) kernel version, it needs to be updated with any changes that have been been made to the newer kernel.
$ make oldconfig
User is prompted to make their choices for the new options.
To preemptively accept the default answer to all those questions, run ...
$ make olddefconfig
4.1 System keys
SYSTEM_REVOCATION_KEYS settings in
scripts/config --disable SYSTEM_TRUSTED_KEYS scripts/config --disable SYSTEM_REVOCATION_KEYS
Otherwise, the build fails with error ...
make: *** No rule to make target 'debian/certs/debian-uefi-certs.pem', needed by 'certs/x509_certificate_list'. Stop.
4.2 Skip debugging
$ scripts/config --disable DEBUG_INFO
Starting in kernels 5.18+ its also necessary to enable
$ scripts/config --enable DEBUG_INFO_NONE
This will skip building the
linux-image-VERSION-dbg package, which contains the debugging symbols for the kernel image and its modules. It's not required unless debugging kernel code and results in a significant savings in compile time and space.
Compile the kernel (
LOCALVERSION= parameter appends custom text to the generated package name) ...
$ make clean $ make deb-pkg LOCALVERSION=-custom
Note: It can take hour(s) to compile a kernel.
.deb packages are built ...
$ ls -l ../*.deb ../linux-headers-5.19.8-custom_5.19.8-custom-1_amd64.deb ../linux-image-5.19.8-custom_5.19.8-custom-1_amd64.deb ../linux-libc-dev_5.19.8-custom-1_amd64.deb
Install packages (
linux-libc-dev* can be skipped) ...
$ sudo dpkg -i ../linux-image-5.19.8-custom_5.19.8-custom-1_amd64.deb $ sudo dpkg -i ../linux-headers-5.19.8-custom_5.19.8-custom-1_amd64.deb
The new kernel and headers are installed, a new initrd is generated, and the bootloader is configured to make this kernel the new default.
Reboot and enjoy!
- Debian Administrator's Handbook: 8.10. Compiling a Kernel
- Debian Linux Kernel Handbook: 4. Common kernel-related tasks
- Linux kernel releases PGP signatures
» Later: Minimal Debian Bullseye
« Earlier: Create a multiboot Linux USB installer with Ventoy