KERNEL-BUILD.ECLASS

Section: eclass-manpages (5)
Updated: Apr 2024
Index Return to Main Contents

NAME

kernel-build.eclass - Build mechanics for Distribution Kernels

DESCRIPTION

This eclass provides the logic to build a Distribution Kernel from source and install it. Post-install and test logic is inherited from kernel-install.eclass.

The ebuild must take care of unpacking the kernel sources, copying an appropriate .config into them (e.g. in src_prepare()) and setting correct S. The eclass takes care of respecting savedconfig, building the kernel and installing it along with its modules and subset of sources needed to build external modules.

SUPPORTED EAPIS

TRANSITIVELY PROVIDED ECLASSES

kernel-install

FUNCTIONS

kernel-build_pkg_setup: Call python-any-r1 and secureboot pkg_setup
kernel-build_src_configure: Prepare the toolchain for building the kernel, get the default .config or restore savedconfig, and get build tree configured for modprep.
kernel-build_src_compile: Compile the kernel sources.
kernel-build_src_test: Test the built kernel via qemu. This just wraps the logic from kernel-install.eclass with the correct paths.
kernel-build_src_install: Install the built kernel along with subset of sources into /usr/src/linux-${PV}. Install the modules. Save the config.
kernel-build_pkg_postinst: Combine postinst from kernel-install and savedconfig eclasses.
kernel-build_merge_configs [distro.config...]: Merge the config files specified as arguments (if any) into the '.config' file in the current directory, then merge any user-supplied configs from ${BROOT}/etc/kernel/config.d/*.config. The '.config' file must exist already and contain the base configuration.

ECLASS VARIABLES

KERNEL_IUSE_MODULES_SIGN (SET BEFORE INHERIT)

If set to a non-null value, inherits secureboot.eclass, adds IUSE=modules-sign and required logic to manipulate the kernel config while respecting the MODULES_SIGN_HASH, MODULES_SIGN_CERT, and MODULES_SIGN_KEY user variables.

MODULES_SIGN_HASH (USER VARIABLE)

Used with USE=modules-sign. Can be set to hash algorithm to use during signature generation (CONFIG_MODULE_SIG_SHA256).

Valid values: sha512,sha384,sha256,sha224,sha1

Default if unset: sha512

MODULES_SIGN_KEY (USER VARIABLE)

Used with USE=modules-sign. Can be set to the path of the private key in PEM format to use, or a PKCS#11 URI (CONFIG_MODULE_SIG_KEY).

If path is relative (e.g. "certs/name.pem"), it is assumed to be relative to the kernel build directory being used.

If the key requires a passphrase or PIN, the used kernel sign-file utility recognizes the KBUILD_SIGN_PIN environment variable. Be warned that the package manager may store this value in binary packages, database files, temporary files, and possibly logs. This eclass unsets the variable after use to mitigate the issue (notably for shared binary packages), but use this with care.

Default if unset: certs/signing_key.pem

MODULES_SIGN_CERT (USER VARIABLE)

Used with USE=modules-sign. Can be set to the path of the public key in PEM format to use. Must be specified if MODULES_SIGN_KEY is set to a path of a file that only contains the private key.

KERNEL_GENERIC_UKI_CMDLINE ?= "root=/dev/gpt-auto-root ro" (USER VARIABLE)

If KERNEL_IUSE_GENERIC_UKI is set, this variable allows setting the built-in kernel command line for the UKI. If unset, the default is root=/dev/gpt-auto-root ro

AUTHORS

Michał Górny <mgorny@gentoo.org>

MAINTAINERS

Distribution Kernel Project <dist-kernel@gentoo.org>

REPORTING BUGS

Please report bugs via https://bugs.gentoo.org/

FILES

kernel-build.eclass

This document was created by man2html, using the manual pages.
Time: 03:27:01 GMT, April 26, 2024