KERNEL-BUILD.ECLASS

Section: eclass-manpages (5)
Updated: May 2025
Index Return to Main Contents

NAME

kernel-build.eclass - Build mechanics for Distribution Kernels

DESCRIPTION

This eclass provides the logic to build a Distribution Kernel from source and install it. Post-install and test logic is inherited from kernel-install.eclass.

The ebuild must take care of unpacking the kernel sources, copying an appropriate .config into them (e.g. in src_prepare()) and setting correct S. The eclass takes care of respecting savedconfig, building the kernel and installing it along with its modules and subset of sources needed to build external modules.

SUPPORTED EAPIS

TRANSITIVELY PROVIDED ECLASSES

kernel-install

FUNCTIONS

kernel-build_pkg_setup

Call python-any-r1 and secureboot pkg_setup

kernel-build_src_configure

Prepare the toolchain for building the kernel, get the .config file, and get build tree configured for modprep.

kernel-build_src_compile

Compile the kernel sources.

kernel-build_src_test

Test the built kernel via qemu. This just wraps the logic from kernel-install.eclass with the correct paths.

kernel-build_src_install

Install the built kernel along with subset of sources into /usr/src/linux-${KV_FULL}. Install the modules. Save the config.

kernel-build_pkg_postinst

Combine postinst from kernel-install and savedconfig eclasses.

kernel-build_merge_configs [distro.config...]

Merge kernel config files. The following is merged onto the '.config' file in the current directory, in order:

1. Config files specified as arguments. 2. Default module signing and compression configuration
(if applicable). 3. Config saved via USE=savedconfig (if applicable). 4. Module signing key specified via MODULES_SIGN_KEY* variables. 5. User-supplied configs from ${BROOT}/etc/kernel/config.d/*.config.

This function must be called by the ebuild in the src_prepare phase.

ECLASS VARIABLES

KV_FULL

A string containing the full kernel release version, e.g. '6.9.6-gentoo-dist'. This is used to ensure consistency between the kernel's release version and Gentoo's tooling. This is set by kernel-build_src_configure() once we have a kernel.release file.

KERNEL_IUSE_MODULES_SIGN (SET BEFORE INHERIT)

If set to a non-null value, inherits secureboot.eclass, adds IUSE=modules-sign and required logic to manipulate the kernel config while respecting the MODULES_SIGN_HASH, MODULES_SIGN_CERT, and MODULES_SIGN_KEY user variables.

MODULES_SIGN_HASH (USER VARIABLE)

Used with USE=modules-sign. Can be set to hash algorithm to use during signature generation (CONFIG_MODULE_SIG_SHA256).

Valid values: sha512,sha384,sha256,sha224,sha1

Default if unset: sha512

MODULES_SIGN_KEY (USER VARIABLE)

Used with USE=modules-sign. Can be set to the path of the private key in PEM format to use, or a PKCS#11 URI (CONFIG_MODULE_SIG_KEY).

If path is relative (e.g. "certs/name.pem"), it is assumed to be relative to the kernel build directory being used.

If the key requires a passphrase or PIN, the used kernel sign-file utility recognizes the KBUILD_SIGN_PIN environment variable. Be warned that the package manager may store this value in binary packages, database files, temporary files, and possibly logs. This eclass unsets the variable after use to mitigate the issue (notably for shared binary packages), but use this with care.

Default if unset: certs/signing_key.pem

MODULES_SIGN_CERT (USER VARIABLE)

Used with USE=modules-sign. Can be set to the path of the public key in PEM format to use. Must be specified if MODULES_SIGN_KEY is set to a path of a file that only contains the private key.

KERNEL_GENERIC_UKI_CMDLINE (USER VARIABLE)

If KERNEL_IUSE_GENERIC_UKI is set, and this variable is not empty, then the contents are used as the first kernel cmdline option of the multi-profile generic UKI. Supplementing the four standard options of: - root=/dev/gpt-auto-root ro - root=/dev/gpt-auto-root ro quiet splash - root=/dev/gpt-auto-root ro lockdown=integrity - root=/dev/gpt-auto-root ro quiet splash lockdown=integrity

AUTHORS

Michał Górny <mgorny@gentoo.org>

MAINTAINERS

Distribution Kernel Project <dist-kernel@gentoo.org>

REPORTING BUGS

Please report bugs via https://bugs.gentoo.org/

FILES

kernel-build.eclass

This document was created by man2html, using the manual pages.
Time: 03:27:01 GMT, May 09, 2025